Privacy on Kindle Fire's Silk Browser

On September 28, Amazon CEO Jeff Bezos introduced Kindle Fire. A very interesting feature of this device is the Silk browser. Silk is a split browser that runs off of the tablet but the fetching and compilation of the web page happens at the Amazon cloud, known as "cloud acceleration" mode. Based on predictive analytics on where the user is going to navigate next, it can prefetch web pages on the cloud thus providing extremely fast browsing experience as the data is to be fetched from one source (Amazon cloud) which can deliver the content to the tablet using the fast SPDY protocol.

On one hand it seems like the right technological step in the evolution of browsing but on the other hand it raises severe privacy concerns as Amazon acts as the proxy thus being in a unique position to predict consumer patterns.

Electronic Frontier Foundation recently released a report that eases some of these concerns. First and foremost users will be able to turn off the cloud mode easily using the browser settings which will make the Silk browser act as a normal browser thus sending the requests directly to the website without Amazon acting as the middleman. Encrypted (HTTPS) traffic will not be intercepted by Amazon and will be directly routed to the origin server. This is good news as many popular websites including Google are making SSL as the default mode. The persistent SPDY connection that Amazon uses to transfer the content from it's servers to tablet is secured and does not contain any user identifying information. The only information that is stored is URL of the resource being requested, timestamp and session token. The information is only persisted for 30 days. The use of secure SPDY information is seen as a positive development which would thwart snooping on unsecured network.

Although most of the common concerns are addressed the report did highlight some concerns. First is the storing of URLs visited, including search queries, which can sometimes contain identifying information. Second, the content of the EC2 servers' cache might in some instances might contain information that could identify an individual. Other concerns include attractiveness of collective browsing data of Amazon's users for law enforcement agencies.

EFF recommends disabling the cloud acceleration mode to users who are concerned about privacy. I think users could alternately use HTTPS browsing wherever available, like Google Search, Facebook and Twitter.

Secure Google Search

Recently Google announced that its encrypting the search queries and the corresponding results page for users signed into their Google Account. Secured search is not new, in fact Google launched a secured search service at https://encrypted.google.com last year, the difference is this will now become the default behavior.


Why this change? Google says that it is just following the broader industry initiative like those of Twitter and Facebook. Google explains "As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we’re enhancing our default search experience for signed-in users." For users who are not signed into Google Account can navigate to https://www.google.com.

How will it impact the users? This will protect the users against unwanted eavesdropping particularly when using unsecured Internet connection in a public setting. Since there is an additional step of encrypting the data, the browsing experience can be slower.

Not everyone is excited about this announcement. The Search Engine Optimization (SEO) industry experts argue that this is Google's attempt to sideline them. By securing the connection, digital marketers will no longer be able to see what search results lead users to a website. This is an important metric for them to improving a website attractiveness. The information however is available to Adwords advertisers who will see this data irrespective of the connection used, giving them the edge over the SEO firms.

As an end user I am very pleased with this announcement. Hopefully it will reduce some of those annoying ads that seem to follow me based on my prior searches.

Online Privacy is a Myth

Online privacy has become a major concern. With the rapid growth of social media and mobile devices people are spending considerable time on the internet. According to comScore Media Metrix average American net surfers spent 32 hours per month in 2010.

According to the recent Nielsen report, 80% of active internet users visit social networks and blogs. Facebook is the most visited U.S. website. Nearly 40% mobile owners use their mobile phones to access social media content.

The norms of privacy have changed over years. A few years back people were scared to have an online presence but now have gotten savvy enough to put frequent status updates. We have become comfortable sharing our geographic location, associations, education, work history and pictures of ourselves and our loved ones. Friendship is not just limited to people but even to brands. Such information is key to online advertisers who can then target customized ads.

In October 2010, Wall Street Journal broke a story on Facebook how most of the popular Facebook apps had been transmitting people's names and in some cases their friends names to at least 25 advertising and data firms that track online activities of users. RapLeaf was one of such tracking companies that compiles and sells information on users online activities. The company had linked Facebook user ID information obtained from apps to its own database of Internet users, which it sells.

Wall Street Journal recently reported that Facebook is nearing a settlement with Federal Trade Commission (FTC) if approved would require Facebook to get explicit consent from its 800 million users before making privacy changes. The probe started when Facebook made changes to users account that exposed their names, pictures and other personal information which the user had specifically confined to specific people. As part of the proposed settlement, Facebook would also submit to government reviews of its privacy practices for 20 years.

Google has had similar issues with its soon to be shut down Google Buzz service where they exposed the users contacts to general public through their profile page without consent. Google entered into a similar pact with FTC on the issue.

Klout, a startup, that integrates with Twitter, Facebook, LinkedIn, Instagram, and many more to measure just how effective one's online presence is also ran into a privacy issue. Klout was creating auto-profiles for users including children who never registered for one with them. After the huge uproar Klout is no longer creating auto-profiles for anyone and user can delete existing profiles.

In the age of social networks its hard to keep yourself off of one so it is critical to understand the impact of information you share online. Understand the privacy settings of your online accounts to adopt tighter privacy control. Here's the disheartening part, even with such settings there is no guarantee. Even though you may not disclose personal information, but your online friends may unknowingly do it, referring to your school or employer, gender, location and interests. Computing power has grown exponentially to correlate all this information to produce a social signature of you which can be quite accurate.

The best advice is to realize that your online activities are more public than you may think and so act accordingly.