Privacy: EFF Gets Straight Privacy Answers From Amazon About New "Silk" Tablet Browser
From the EFF:
Amazon recently announced that the new Kindle Fire tablet will ship with a brand new browser called Silk. The Silk browser works in “cloud acceleration” mode by routing most webpage requests through servers controlled by Amazon. The idea is to capitalize on Amazon’s powerful AWS cloud servers to parallelize and hence speed up downloading web page elements, and then pass that information back to the tablet through a persistent connection using the SPDY protocol. This protocol is generally faster than the standard HTTP protocol. This split-browser idea, not unique to Amazon, is a departure from the way major browsers work today.
Our conversation with Amazon allayed many of our major concerns. Cloud acceleration mode is the default setting, but Amazon has assured us it will be easy to turn off on the first page of the browser settings menu. When turned off, Silk operates as a normal web browser, sending the requests directly to the web sites you are visiting
Though we are happy about some of the ways the browser protects the end user’s privacy, a couple of serious privacy concerns remain that are worth pointing out.
First of all, Amazon stores URLs you visit, and these sometimes contain identifying information. To pick a prominent example, there is an opportunity to identify people through their search history with some degree of accuracy. Indeed, given the common practice employed by search engines of putting query terms in the URL as parameters, Amazon will effectively have a database of user search histories across many different search engines. As evidenced by the AOL search history debacle, there is always a chance that search queries–even if they are unlinkable to otherwise uniquely identifying data–can effectively identify individuals. It is worth noting that unlike that AOL data set, Amazon will only be able to link a set of queries to a given browsing session, not an anonymized user that persists indefinitely over time. Second, in addition to URLs, the content of the EC2 servers’ cache might in some instances might contain information that could identify an individual.
Moreover, the data collected by Amazon provides a ripe source of users’ collective browsing habits, which could be an attractive target for law enforcement. For users who are worried about these privacy issues and about putting a lot of trust in Amazon to keep their data safe, we recommend turning off cloud acceleration.
About Gary Price
Gary Price (email@example.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. He earned his MLIS degree from Wayne State University in Detroit. Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com. Gary is also the co-founder of infoDJ an innovation research consultancy supporting corporate product and business model teams with just-in-time fact and insight finding.