Amazon Silk offers users a choice between fast browsing and privacy, not both

Privacy issues relating to Amazon's Silk service.

One of the most interesting announcements to come out of Amazon announcement yesterday wasn't new hardware but a software/cloud feature - Amazon Silk.

Amazon Silk is an implementation of Amazon's Elastic Compute Cloud (EC2) that allows the company's vast cloud presence to act as an intelligent proxy server for the Kindle Fire Android tablet. The EC2 will be used to fetch (and pre-fetch) web pages and compress objects such as images for delivery to the tablet, minimizing bandwidth usage, reduce latency and improving speed.

Here's a video explaining what Amazon Silk is.

Good idea ... but ...

The problem is that everything you do will go through Amazon's EC2 cloud, and Amazon will have a record of everything you do on the web. Here's what Amazon's Silk T&Cs say:

Amazon Silk also temporarily logs web addresses known as uniform resource locators ("URLs") for the web pages it serves and certain identifiers, such as IP or MAC addresses, to troubleshoot and diagnose Amazon Silk technical issues. We generally do not keep this information for longer than 30 days.

But what about secure SSL/HTTPS connections? The T&Cs say nothing but there is this in the Silk FAQ:

What about handling secure (https) connections?

We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g.

Amazon Silk will facilitate a direct connection between your device and that site. Any security provided by these particular sites to their users would still exist.

What does this mean? According to Chester Wisniewski, Senior Security Advisor at Sophos Canada, it means that Amazon will install a trusted certificate in the Silk browser allowing them to provide a man-in-the-middle (MITM) SSL proxy to accelerate SSL browsing too. This means that Amazon will have a record on these communications too (although not the content, as this would still be encrypted).

Also: Amazon's Kindle Fire Silk browser has serious security concerns | Amazon's Kindle Fire: The ultimate integration, services channelMicrosoft and Amazon: Two browsers, two clouds and two different paths takenAmazon Silk - The biggest Kindle innovation is not hardware, it's software

There's more being sent to Amazon. First are crash logs, but you do get the choice not to send these. Another is search queries. All text you enter in Amazon Silk's address bar is sent to a default search engine. The default search engine is chosen by Amazon Silk, and may change. You can, however, choose to use a different search provider as your default search engine. The privacy policy of the selected default search engine applies to information sent to it.

Don't want Amazon's SkyNet EC2 watching your every move? Your only choice is to switch to basic or "off-cloud" mode. This from the T&Cs:

You can also choose to operate Amazon Silk in basic or "off-cloud" mode. Off-cloud mode allows web pages generally to go directly to your computer rather than pass through our servers. As such, it does not take advantage of Amazon's cloud computing services to speed-up web content delivery.

So, if you get your hands on a Kindle Fire, will you be using Silk, or switching to 'off-cloud' mode?

[poll id="686"]