Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Amazon's Silk browser may not be smooth with privacy

Amazon’s new Silk browser may compromise your security by passing your private data through Amazon's servers.

The most interesting feature on Amazon’s newly announced Kindle Fire tablet may be its Silk web browser. The browser promises to improve webpage loading performance by using Amazon’s servers to help render pages. But this performance boost may come at a cost: Security experts have already voiced concern about Silk, and what it might mean for your privacy and security.

[Read: Amazon’s New Silk Browser Explained]

Since Silk offloads a portion of the work required to draw a webpage to Amazon's servers, you’d connect to Amazon instead of directly to a website to use this "split browser" feature. The concern, according to security firm Sophos, is that Amazon will have a complete record of your Web browsing history. In fact, Silk’s terms and conditions say that Amazon will log Web addresses, along with and IP and MAC addresses, and that they can store this information for up to 30 days.

Worse still, even theoretically secure HTTPS connections will go through Amazon. While this raises some security concerns (since it breaks the chain of end-to-end security between you and the site you visit), Sophos is more concerned about the privacy implications. Since Amazon is based in the United States, the company may be forced to turn over your stored browsing history to the US government in the event of an investigation.

Of course, it’s important to keep in mind that we’ve barely gotten our first look at the Kindle Fire. While Amazon demonstrated the Fire after its announcement Wednesday morning, members of the press weren’t allowed to try it out for themselves, And the tablet won’t even ship until mid-November, so there are still a lot of unanswered questions when it comes to potential security and privacy issues. For instance, as one tweet shows, security experts aren’t even totally sure what kind of warrants the US Government would need to access your data.

We can, however, make some educated guesses about Silk's security and privacy since Silk isn’t the first browser to use the split browsing model. Opera Mini, the mobile version of Opera developed in conjunction with Google, also faced scrutiny, since it too sends traffic through a "middleman" server that lies between you and the site you're visiting. Because of this, you may want to steer clear of Opera Mini for tasks such as online banking where security is paramount.

Presumably, these concerns also apply to Silk, but it’s possible that Amazon has addressed this in Fire's security settings. But for now, if you're concerned about security and privacy, you will probably want to take the performance hit and turn off cloud browsing, just to be safe.

Related Slideshow: Meet Amazon's Four New Kindles

Tags sophosonline securityapplicationsamazon.comsecuritybrowserssoftwareKindle Fire

More about AmazonGoogleSophos

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Comments

Comments are now closed

Computerworld
ARN
Techworld
CMO