EFF: "We are generally satisfied with the privacy design of Silk"

The Electronic Frontier Foundation has been investigating Silk, the web browser built into Amazon's new Android-derived Kindle Fire. Silk is billed as being a very fast browser, thanks to acceleration achieved by funneling all requests through Amazon's cloud servers. This may speed up network sessions, but it creates many privacy questions, since it means Amazon gets a view into your network sessions that it wouldn't otherwise have -- a copy of all the web-pages you receive.

But as Dan Auerbach reports, Amazon made some very good privacy choices in the design of Silk. First, the "acceleration" is user-configurable, and you can just turn it off if you're worried. Further, SSL connections are never intercepted, and Amazon only lightly logs your network sessions, and expires those logs after 30 days. The service isn't perfect, but it's got a lot to recommend it.

It is good that Amazon does not receive your encrypted traffic, and does not record any identifying information about your device. And there are other benefits to user privacy that can result from cloud acceleration mode. For one, the persistent SPDY connection between the user’s tablet and Amazon’s servers is always encrypted. Accordingly, if you are using your tablet on an open Wifi network, other users on that network will not be able to spy on your browsing behavior.

Amazon does not act like an anonymizing proxy, because it does not shield your IP address from the websites you visit or strip unnecessary information out of the outgoing request. Indeed, because the XFF header is set for HTTP requests, your IP is still passed through to the websites you visit. Other headers, such as the HTTP referer header, are set as normal. Thus, the website you are visiting using Silk has access to the exact same information that it would if you were using a normal browser.