EFF Gets Straight Privacy Answers From Amazon About New "Silk" Tablet Browser
Amazon recently announced that the new Kindle Fire tablet will ship with a brand new browser called Silk. The Silk browser works in “cloud acceleration” mode by routing most webpage requests through servers controlled by Amazon. The idea is to capitalize on Amazon’s powerful AWS cloud servers to parallelize and hence speed up downloading web page elements, and then pass that information back to the tablet through a persistent connection using the SPDY protocol. This protocol is generally faster than the standard HTTP protocol. This split-browser idea, not unique to Amazon, is a departure from the way major browsers work today.
Following the announcement, security experts as well as lawmakers have raised privacy questions and concerns about Silk. After all, while in cloud acceleration mode, the user is trusting Amazon with an incredible amount of information. This is because Amazon is sitting in the middle of most communications between a user's Fire tablet on the one hand, and the website she chooses to visit on the other. This puts Amazon in a position to track a user's browsing habits and possibly sensitive content. As there were a lot of questions that the Silk announcement left unresolved, we decided to follow up with Amazon to learn more about the privacy implications.
Our conversation with Amazon allayed many of our major concerns. Cloud acceleration mode is the default setting, but Amazon has assured us it will be easy to turn off on the first page of the browser settings menu. When turned off, Silk operates as a normal web browser, sending the requests directly to the web sites you are visiting. Regarding cloud acceleration mode, here is what we found out:
Amazon does not intercept encrypted traffic, so your communications over HTTPS would not be accelerated or tracked. According to Jon Jenkins, director of Silk development, “secure web page requests (SSL) are routed directly from the Kindle Fire to the origin server and do not pass through Amazon’s EC2 servers.” In other words, no HTTPS requests will ever use cloud acceleration mode. Given the prevalence of web pages served over HTTPS, this gives Amazon good incentive to make Silk fast and usable even when cloud acceleration is off. Turning it off completely should be a viable option for users.
For the persistent SPDY connection between the device and Amazon’s servers, Amazon assures us that the only pieces of information from the device that are regularly logged are:
- URL of the resource being requested
- Token identifying a session
This data is logged for 30 days. The token has no identifying information about a device or user and is only used to identify a particular session. Indeed, Jenkins said, “individual identifiers like IP and MAC addresses are not associated with browsing history, and are only collected for technical troubleshooting.” We repeatedly asked if there was any way to associate the logged information with a particular user or Amazon account, and we were told that there was not, and that Amazon is not in a position to track users. No information about the outgoing requests from the AWS servers is logged. With respect to caching, Amazon follows caching headers, which offers some protection against caching sensitive information sent over HTTP.
It is good that Amazon does not receive your encrypted traffic, and does not record any identifying information about your device. And there are other benefits to user privacy that can result from cloud acceleration mode. For one, the persistent SPDY connection between the user’s tablet and Amazon’s servers is always encrypted. Accordingly, if you are using your tablet on an open Wifi network, other users on that network will not be able to spy on your browsing behavior.
Amazon does not act like an anonymizing proxy, because it does not shield your IP address from the websites you visit or strip unnecessary information out of the outgoing request. Indeed, because the XFF header is set for HTTP requests, your IP is still passed through to the websites you visit. Other headers, such as the HTTP referer header, are set as normal. Thus, the website you are visiting using Silk has access to the exact same information that it would if you were using a normal browser.
Remaining Privacy Concerns
Though we are happy about some of the ways the browser protects the end user's privacy, a couple of serious privacy concerns remain that are worth pointing out.
First of all, Amazon stores URLs you visit, and these sometimes contain identifying information. To pick a prominent example, there is an opportunity to identify people through their search history with some degree of accuracy. Indeed, given the common practice employed by search engines of putting query terms in the URL as parameters, Amazon will effectively have a database of user search histories across many different search engines. As evidenced by the AOL search history debacle, there is always a chance that search queries--even if they are unlinkable to otherwise uniquely identifying data--can effectively identify individuals. It is worth noting that unlike that AOL data set, Amazon will only be able to link a set of queries to a given browsing session, not an anonymized user that persists indefinitely over time. Second, in addition to URLs, the content of the EC2 servers' cache might in some instances might contain information that could identify an individual.
Moreover, the data collected by Amazon provides a ripe source of users' collective browsing habits, which could be an attractive target for law enforcement. For users who are worried about these privacy issues and about putting a lot of trust in Amazon to keep their data safe, we recommend turning off cloud acceleration.
We are generally satisfied with the privacy design of Silk, and happy that the end user has control over whether to use cloud acceleration. But this new technology highlights the need for better online privacy protections. As companies continue to innovate in ways that make novel uses of--and expose much more personal data to--the internet cloud, it's critical that the legal protections for that data keep up with changes technology. That's why we have teamed up with groups like the ACLU and companies like Google and Facebook as well as Amazon to push for a digital upgrade to the Electronic Communications Privacy Act, which was signed into law 25 years ago this week. Please get involved by signing our petition and sharing it with others.