How Amazon’s Silk Will Treat Your Privacy

by Steve Wildstrom   |   October 19th, 2011

Debates in tech land all too often degenerate quickly into name-calling cat fights among partisans. So it’s rare, and gratifying to see two sides naturally skeptical of each other engage in a dialogue that actually enlightens rather than inflames.

The Electronic Frontier Foundation,  reflecting the views of many privacy advocates, raised concerns about the amount of personal information Amazon.com might capture from users of the Silk browser in the new Kindle Fire. Amazon has responded  in detail and the analysis of the response by EFF not only goes a long way toward allaying those fears but serves as a model of how this sort of dialog should work.

Silk bothered privacy (and security) advocates because everything entered into the browser in its default mode passes through Amazon’s servers, allowing Amazon to capture vast amounts of personal information. This is done to let most of the heavy lifting of rendering web pages be done on Amazon’s servers, allowing   a much faster browsing experience.

In its response to EFF, Amazon made several key points:

  • A setting on the first page of Silk preferences will let users bypass Amazon;s servers, trading privacy for performance.
  • All encrypted sessions  (anything with an HTTPS address) will link Silk directly to the remote server, bypassing Amazon. This means that Amazon will not see usernames, passwords, and other sensitive information from secure sessions.
  • The amount of user information logged will be limited and logs will be retained for only 30 days. Amazon told EFF that there is no way to associate logged information with a specific Amazon account.
EFF still has some concerns about the amount of data Amazon can collect and the danger that aggregated data might still be linked to specific individuals. But, EFF said in its conclusion, “We are generally satisfied with the privacy design of Silk, and happy that the end user has control over whether to use cloud acceleration. But this new technology highlights the need for better online privacy protections. As companies continue to innovate in ways that make novel uses of–and expose much more personal data to–the internet cloud, it’s critical that the legal protections for that data keep up with changes technology.”
Amazon could have saved itself a bit of trouble by releasing this information earlier, but since Fire won’t ship until next month, no damage has been done. Kudos to both Amazon and EFF  for bringing out this important clarification.
Tags: ,

Steve Wildstrom

Steve Wildstrom is veteran technology reporter, writer, and analyst based in the Washington, D.C. area. He created and wrote BusinessWeek’s Technology & You column for 15 years. Since leaving BusinessWeek in the fall of 2009, he has written his own blog, Wildstrom on Tech and has contributed to corporate blogs, including those of Cisco and AMD and also consults for major technology companies.