Saturday, October 22, 2011

Privacy on Kindle Fire's Silk Browser

On September 28, Amazon CEO Jeff Bezos introduced Kindle Fire. A very interesting feature of this device is the Silk browser.

Silk is a split browser that runs off of the tablet but the fetching and compilation of the web page happens at the Amazon cloud, known as "cloud acceleration" mode. Based on predictive analytics on where the user is going to navigate next, it can prefetch web pages on the cloud thus providing extremely fast browsing experience as the data is to be fetched from one source (Amazon cloud) which can deliver the content to the tablet using the fast SPDY protocol.

On one hand it seems like the right technological step in the evolution of browsing but on the other hand it raises severe privacy concerns as Amazon acts as the proxy thus being in a unique position to predict consumer patterns.

Electronic Frontier Foundation recently released a report that eases some of these concerns. First and foremost users will be able to turn off the cloud mode easily using the browser settings which will make the Silk browser act as a normal browser thus sending the requests directly to the website without Amazon acting as the middleman. Encrypted (HTTPS) traffic will not be intercepted by Amazon and will be directly routed to the origin server. This is good news as many popular websites including Google are making SSL as the default mode. The persistent SPDY connection that Amazon uses to transfer the content from it's servers to tablet is secured and does not contain any user identifying information. The only information that is stored is URL of the resource being requested, timestamp and session token. The information is only persisted for 30 days. The use of secure SPDY information is seen as a positive development which would thwart snooping on unsecured network.

Although most of the common concerns are addressed the report did highlight some concerns. First is the storing of URLs visited, including search queries, which can sometimes contain identifying information. Second, the content of the EC2 servers' cache might in some instances might contain information that could identify an individual. Other concerns include attractiveness of collective browsing data of Amazon's users for law enforcement agencies.

EFF recommends disabling the cloud acceleration mode to users who are concerned about privacy. I think users could alternately use HTTPS browsing wherever available, like Google Search, Facebook and Twitter.

No comments:

Post a Comment