Amazon's Silk browser may not be smooth with privacy
- 29 September, 2011 23:57
The most interesting feature on Amazon’s newly announced Kindle Fire tablet may be its Silk web browser. The browser promises to improve webpage loading performance by using Amazon’s servers to help render pages. But this performance boost may come at a cost: Security experts have already voiced concern about Silk, and what it might mean for your privacy and security.
Since Silk offloads a portion of the work required to draw a webpage to Amazon's servers, you’d connect to Amazon instead of directly to a website to use this "split browser" feature. The concern, according to security firm Sophos, is that Amazon will have a complete record of your Web browsing history. In fact, Silk’s terms and conditions say that Amazon will log Web addresses, along with and IP and MAC addresses, and that they can store this information for up to 30 days.
Worse still, even theoretically secure HTTPS connections will go through Amazon. While this raises some security concerns (since it breaks the chain of end-to-end security between you and the site you visit), Sophos is more concerned about the privacy implications. Since Amazon is based in the United States, the company may be forced to turn over your stored browsing history to the US government in the event of an investigation.
Of course, it’s important to keep in mind that we’ve barely gotten our first look at the Kindle Fire. While Amazon demonstrated the Fire after its announcement Wednesday morning, members of the press weren’t allowed to try it out for themselves, And the tablet won’t even ship until mid-November, so there are still a lot of unanswered questions when it comes to potential security and privacy issues. For instance, as one tweet shows, security experts aren’t even totally sure what kind of warrants the US Government would need to access your data.
We can, however, make some educated guesses about Silk's security and privacy since Silk isn’t the first browser to use the split browsing model. Opera Mini, the mobile version of Opera developed in conjunction with Google, also faced scrutiny, since it too sends traffic through a "middleman" server that lies between you and the site you're visiting. Because of this, you may want to steer clear of Opera Mini for tasks such as online banking where security is paramount.
Presumably, these concerns also apply to Silk, but it’s possible that Amazon has addressed this in Fire's security settings. But for now, if you're concerned about security and privacy, you will probably want to take the performance hit and turn off cloud browsing, just to be safe.
Related Slideshow: Meet Amazon's Four New Kindles
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Amazon Announces $199 Kindle Fire Tablet, Clutch of New Kindle E-Readers : PCWorld
- Amazon's New Silk Browser Explained : PCWorld
- Amazon Kindle Fire’s Silk browser sounds privacy alarm bells : Naked Security
- as one tweet shows
- also faced
- Security Concerns with Opera Mini Browser for iPhone : PCWorld Business Center
- Meet Amazon's Four New Kindles : PCWorld
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Benefits of Deploying Microsoft Exchange Server 2010 on Dell Compellent with Data Progression
Messaging and collaboration platforms have emerged as mission critical applications, consuming a large portion of IT spending for organisations. The rich features in these applications have significantly changed the messaging requirements and needs of today’s information from anywhere with any device, the result is an ever increasing demand on storage systems both in terms of capacity and bandwidth. Many organisations are rethinking their storage strategies to meet the demanding criteria and to handle the future requirements. Read more.
Staying Ahead of the Data Explosion
The total volume of data being processed and stored by businesses is rising exponentially. IDC has estimated that the size of the "digital universe" will increase 29 fold between 2010 and 2020. Data storage technology has undergone a steady increase in capacity, along with a steady decline in the cost per unit to store information. Unfortunately, data storage capacity is not keeping pace with data growth and necessitating greater intelligence in the storage infrastructure. Read more.
Spear-Phishing Email: Most Favored APT Attack Bait
This research paper presents findings on APT-related spear phishing from February to September 2012. We analysed APT-related spear-phishing emails collected throughout this period to understand and mitigate attacks. The information we gathered not only allowed us to obtain specific details on spear phishing but also on targeted attacks. We found, for instance, that 91% of targeted attacks involve spear-phishing emails, reinforcing the belief that spear phishing is a primary means by which APT attackers infiltrate target networks.