September 24, 2016

Will the Kindle Fire be Safe for Web Browsing?

(LiveHacking.Com) – Amazon has just announced its new 7 inch Android based tablet which includes what Amazon are calling “Revolutionary Cloud-Accelerated” web browsing. Amazon Silk, as it is known, splits web browsing into two domains – the things that run on the tablet and the things that run on the Amazon Elastic Compute Cloud (Amazon EC2).

As some of the world’s top web sites are hosted on EC2, Amazon say that web surfing will be faster as “many web requests will never leave the extended infrastructure of AWS, reducing transit times to only a few milliseconds.”

However the real worry is that with Silk all fetching, and probably some form of optimization and compression, will be performed on the cloud and the result send to the Kindle. Amazon explain it like this:

Silk uses the power and speed of the EC2 server fleet to retrieve all of the components of a website simultaneously, and delivers them to Kindle Fire in a single, fast stream. Transferring computing-intensive tasks to EC2 helps to conserve your Kindle Fire battery life.

To do all this Amazon needs to keep a record of what web sites you have been using. The FAQ explains it like this:

Amazon Silk optimizes and accelerates the delivery of web content by using Amazon’s cloud computing services.  To do this, the content of web pages you visit using Amazon Silk may be cached to improve performance and certain web address information will be collected to help troubleshoot and diagnose Amazon Silk technical issues.

So what about secure connections like https:

We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g.https://siteaddress.com). Amazon Silk will facilitate a direct connection between your device and that site.  Any security provided by these particular sites to their users would still exist.

A look in the terms and conditions reveals that Amazon will keep a log of your websites for “generally” no more than 30 days:

Amazon Silk also temporarily logs web addresses  known as uniform resource locators (“URLs”)  for the web pages it serves and certain identifiers, such as IP or MAC addresses, to troubleshoot and diagnose Amazon Silk technical issues.  We generally do not keep this information for longer than 30 days.

Obviously the privacy implications are enormous. It is very likely that a court order can be issued to Amazon to hand over the details of all your browsing.

There is one good bit of news however:

You can also choose to operate Amazon Silk in basic or “off-cloud” mode.  Off-cloud mode allows web pages generally to go directly to your computer rather than pass through our servers.  As such, it does not take advantage of Amazon’s cloud computing services to speed-up web content delivery.