People who pre-ordered an Amazon Fire Android tablet began receiving their units today. There are many reviews out there, so if that is what you are looking for I will leave you to read them at Wired, ars technica or elsewhere.
Now that Amazon has launched the Kindle Fire I wanted to revisit the privacy concerns I raised when they announced that their embedded browser, Silk, would use the SPDY protocol to proxy web traffic through Amazon’s servers.
Fortunately after my criticism and many others, Amazon sat down with the Electronic Frontier Foundation (EFF) and other privacy watchdogs to answer some of our questions.
The EFF asked Amazon whether Silk, when in cloud mode, will intercept SSL connections and redirect them through Amazon’s infrastructure. Amazon insists that HTTPS connections will go direct from the tablet and not redirect through Amazon.
This is in direct contradiction to their Silk browser FAQ which clearly states “We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL.”
Perhaps the FAQ is out of date, hopefully what they told the EFF is true.
The second issue concerned the logging of your web surfing by Amazon and how your data was being retained.
Amazon insists they are only logging the URL, a timestamp and a session identifier token. Yet, their terms and conditions also say they are logging IP addresses and MAC addresses, only for troubleshooting purposes.
Which is it? Whether Amazon intends to disclose the MAC and IP address or not, by possessing it they could be compelled to disclose it without notification.
If you read the EFF’s post, it sounds like they may be keeping the browsing logs separate from the IPs and MACs, more clarification from Amazon would be helpful.
There is a silver lining in the Silk cloud. The SPDY protocol itself is SSL encrypted between your Amazon Kindle Fire tablet and the Amazon cloud.
This means you actually gain some privacy and security when using unecrypted public WiFi at the airport, cafe or hotel.
Each user will need to decide for themselves whether to enable or disable this technology. There are risks and benefits, like most choices in life, and the trust you have in Amazon will determine whether you choose to take advantage of the performance improvements.
Amazon’s statements to the EFF contradict their own poorly written FAQ and Terms and Conditions.
If they are sincere in the information they have provided the EFF, it would be great if they were to update these public documents so all of us can have a clear understanding of what information Amazon is collecting about our surfing.
One comment on “Amazon Kindle Fire launches, a second look at Silk privacy”
The security and privacy settings for the Kindle Fire are going to change over time. Amazon is driven by data, and they want to get as much as possible on their customers. Amazon is no different than the other companies out there. When they miss earnings targets, customer privacy is the first thing that goes. Anything to make another buck.