Privacy Issues with Kindle Fire’s Silk Browser
Almost as soon as Amazon unveiled their new Kindle Fire tablet last Wednesday,
Naked Security raised some privacy concerns about the device’s browser, called Silk. It seems the browser, in order to offer a quicker user experience, does most of it’s heavy lifting in the cloud:
“All web connections from your tablet will connect directly to Amazon, rather than the destination web page. Amazon will keep this connection between your Kindle Fire and EC2 open indefinitely while you are actively surfing, reducing the latency and connection times to retrieve web pages.”
Amazon’s terms and conditions state that URLs, IP addresses and MAC addresses will be logged and can be retained for as long as 30 days. Most problematic, however, is how the browser handles a secure HTTPS connection:
“It sounds as if Amazon will install a trusted certificate in the Silk browser allowing them to provide a man-in-the-middle (MITM) SSL proxy to accelerate your SSL browsing as well.
“As Amazon is a US based company this would enable a US court order to intercept and record your secure communications.”
The good news is that there is a mode available in the browser that bypasses the cloud and lets users connect directly with web sites. Although Amazon promises they’re collecting no identifyable user date with their logging, I would still recommend this mode, especially for secure connections.
