How Amazon’s Silk Will Treat Your Privacy
Debates in tech land all too often degenerate quickly into name-calling cat fights among partisans. So it’s rare, and gratifying to see two sides naturally skeptical of each other engage in a dialogue that actually enlightens rather than inflames.
The Electronic Frontier Foundation, reflecting the views of many privacy advocates, raised concerns about the amount of personal information Amazon.com might capture from users of the Silk browser in the new Kindle Fire. Amazon has responded in detail and the analysis of the response by EFF not only goes a long way toward allaying those fears but serves as a model of how this sort of dialog should work.
Silk bothered privacy (and security) advocates because everything entered into the browser in its default mode passes through Amazon’s servers, allowing Amazon to capture vast amounts of personal information. This is done to let most of the heavy lifting of rendering web pages be done on Amazon’s servers, allowing a much faster browsing experience.
In its response to EFF, Amazon made several key points:
- A setting on the first page of Silk preferences will let users bypass Amazon;s servers, trading privacy for performance.
- All encrypted sessions (anything with an HTTPS address) will link Silk directly to the remote server, bypassing Amazon. This means that Amazon will not see usernames, passwords, and other sensitive information from secure sessions.
- The amount of user information logged will be limited and logs will be retained for only 30 days. Amazon told EFF that there is no way to associate logged information with a specific Amazon account.