How Amazon is raising mega-proxy spectre

The arrival of Amazon's Silk browser and Google's Page Speed Service could amount to the return of mega-proxy — with unwanted effects on website security and metrics, says Lori MacVittie.

An interesting thing happened to my requests on the way to a website. They were intercepted and proxied by Amazon because I was using its recently announced browser, Silk.

Hundreds and thousands — perhaps millions — of requests are funnelled in this way through Amazon's cloud presence, albeit transparently, as a means to speed up what might be an otherwise lack-lustre mobile client experience.

"Silk uses the power and speed of the EC2 server fleet to retrieve all the components of a website simultaneously, and delivers them to Kindle Fire in a single, fast stream." — 's="" so="" fast"="" "="">

However, Amazon isn't the only one playing the proxy game. This summer's announcement by Google of its Page Speed Service includes similar capabilities.

Both Google and Amazon purport to improve the end-user experience by exploiting a vast network of resources in their cloud-computing datacentres, essentially turning considerable compute power into a giant internet cache.

Because both companies' datacentres are effectively sitting on the shoulder of the internet superhighway, both can make and deliver on promises about improving the end-user experience in terms of website performance.

"Google serves requests received for your serving domain by fetching content from your reference domain and rewriting it." — Google Page Speed Service FAQ

If the proxy game sounds eerily familiar, it should. It wasn't all that long ago — in real years, not technology years — that AOL and CompuServe, among others, were the mega-proxies on the block. And while their service to consumers as the gateway to the internet promised not performance but access, the ramifications this time are likely to be all too familiar.

Mega-proxy, the sequel?

It is perhaps heartening to consumers that any issues arising from mega-proxies — or cloud masquerading as modern incarnations — rarely affect them.

Conversely, it is disheartening to recognise that it is almost always the organisation responsible for the origin website or application that suffers from both a technical and a business perspective when mega-proxies are in play.

Proxies inherently obscure information — such as IP addresses, identity, credentials and environment — in a way that can render enterprise security measures useless, as well as impair much of the information analysed by businesses trying to understand their audience.

While one assumes implementations such as those from Amazon and Google are not feckless in their understanding of such issues, there is the potential for...

...loss of data fidelity due to the inherent nature of a proxy-based architecture.

Without giving careful consideration to the impact of such architecture — and a thorough understanding of the operational and business needs of website and application providers — that loss of data fidelity can be highly damaging to corporate efforts.

In no situation is this more concerning than when it involves secured content with highly restricted access based on a variety of client-specific variables, such as client or geographic location. Such data may be lost or moved by the cloud before it is fetched from the originating site, rendering such policies ineffectual.

To ignore the past...

Amazon's Silk and Google's Page Speed Services are clearly designed to provide a performance boost for the consumer, which in turn has definite benefits for website owners. But speed that sacrifices security and trumps policies may turn out to have as many negatives for cloud-enabled clients as mega-proxies have had in the past.

In recognising the similarities of these cloud-based services to past technological implementations, we can hopefully avoid or at least quickly address many of the challenges the web has faced in the past from such deployments.

Organisations should examine the benefits and potential pitfalls of such cloud-based computing assistance, and inform cloud providers of any unintended consequences of that technology.

Today it may be only Amazon and Google, but both are leading innovators in the use of cloud-computing to enhance the internet experience. As such, one can be sure that others will follow in their footsteps.

Lori MacVittie is responsible for application services education and evangelism at application delivery firm F5 Networks. Her role includes producing technical materials and participating in community-based forums and industry standards organisations. MacVittie has extensive programming experience as an application architect, as well as in network and systems development and administration.