Amazon's Kindle Fire Silk browser has serious security concerns

Silk looks to be very fast and about as private as a bathroom stall without a door.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

OK, here's the good stuff about the new Silk Web browser, which Amazon will be embedding in its new Amazon Kindle Fire tablets: From all reports it makes Web-browsing amazing fast on relatively low-end hardware. The bad news? It does it by watching all, and I mean all, of your Web activity through Amazon's cloud-based Amazon Web Services.

You don't have to take my word for it. Amazon states that, "All of the browser subsystems are present on your Kindle Fire as well as on the AWS cloud computing platform. Each time you load a web page, Silk makes a dynamic decision about which of these subsystems will run locally and which will execute remotely. In short, Amazon Silk extends the boundaries of the browser, coupling the capabilities and interactivity of your local device with the massive computing power, memory, and network connectivity of our cloud."

And to think I was worried because Facebook was tracking you on the Web whenever you were on a site with a Facebook like button on it! That, while sneaky and underhanded, was nothing. When you'll be using your Kindle Fire's Silk Web browser everything you do on the Web will be made part of your permanent record.

To be more precise what Amazon will be doing is using the Amazon Elastic Compute Cloud (EC2) to Web proxy. Thus, when you "go" to a site you're not actually connecting to the site. Instead you're viewing an EC2-based copy of the site. Local networks use proxy caches all the time to improve local Website performance of commonly accesses sites. While uncommon as a Web browser feature, Silk isn't the first to use this approach. The credit for this goes to the Opera Web browser.

In addition, and this is one of the neat things about Silk, whenever you visit the site, its content has been optimized for the Kindle Fire. This means you'll get better video and game performance from Silk than you would with another Web browser on a tablet with the same CPU horses. Last, but not least, so long as you're on the Web with Silk, Amazon keeps the connection between your Kindle Fire and EC2 open. The net effect of this is to reduce latency and improve connection times.

And, all you have to get all this is to let Amazon see every site you visit on the Web and watch over your ever move. What a deal!

Amazon Silk's terms and conditions state that Amazon will keep your the Web addresses you visit, the IP addresses you use, and your Kindle Fire's unique media access control (MAC) addresses for 30 days. With that information, Amazon can track your every Web move.

On top of that, when you lock into a site that uses Secure-Socket Layer (SSL) or HTTPS for security, EC2 will handle that for you as well. According to the Silk FAQ, "We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com). Amazon Silk will facilitate a direct connection between your device and that site. Any security provided by these particular sites to their users would still exist."

Amazon will do this by acting as man-in-the-middle (MTM) SSL proxy. That's fine if you trust Amazon. I'm not sure I do. I'm not crazy about extending my trust to any large corporation. I have to trust my ISP, they connect me with the net, I don't want to extend my trust much farther than my ISP.

Besides even if you did trust Amazon, you have to ask yourself, "Do you trust the U.S. government?" Since Amazon is a U.S. company with American data centers, any data kept on that site would be subject to American law.

As ZDNet's own Zack Whittaker has reported in detail, thanks to the U.S. Patriot Act, even if you're a European Amazon user your U.S. cloud-based records are subject to be grabbed by American legal authorities. Or, more mundanely, if your soon-to-be ex-wife, former business partner, whoever wants to check out your Web browsing habits and can get a court order, your EC2 Web history will be opened for their snooping.

If you're concerned with online privacy, I simply wouldn't use the Silk browser in its full mode. To Amazon's credit, you can opt out of Silk's cloud-enhanced mode. To quote Amazon, "You can also choose to operate Amazon Silk in basic or 'off-cloud' mode. Off-cloud mode allows web pages generally to go directly to your computer rather than pass through our servers. As such, it does not take advantage of Amazon's cloud computing services to speed-up web content delivery."

That's all well and good, but maybe it's just me, but I'd preferred it if Amazon had Silk's cloud mode off by default. Then, it would be up to you and me if we thought saving a few milliseconds here and there was worth the price of giving Amazon a chance to play Big Brother.

Related Stories:

Biggest story from the Kindle Fire presser: Silk browser

Microsoft and Amazon: Two browsers, two clouds and two different paths taken

Amazon Silk - The biggest Kindle innovation is not hardware, it's software

Amazon's Kindle Fire: The ultimate integration, services channel

The Amazon Kindle Fire is no iPad Killer

Editorial standards