Amazon’s Silk Browser Awaits Privacy Assurances
Amazon recently unveiled a new entrant to the tablet marketplace — the Kindle Fire. One of its notable features is a new “cloud-assisted” web browser, Silk, which promises to improve web browsing by funneling web traffic through Amazon’s powerful cloud computing servers. Silk’s design should help render web pages more quickly. However, this cloud-assisted browsing could give Amazon access to a tremendous amount of new information. Amazon has yet to formally answer some important privacy questions.
Silk works its magic by positioning Amazon’s servers between its users and the web. Amazon’s servers then optimize and accelerate the delivery of web content. For example, if you visit a news website, Amazon might have many of the images and other assets cached and ready for immediate delivery, speeding up the loading of the page. Amazon’s servers will even make predictions based on the sites it renders to predict where users might go next.
This technology may well improve web browsing performance. However, it requires users to trust Amazon to be the gateway for all of their web traffic. In its Silk Terms and Conditions, Amazon likens itself to “Internet service providers and similar services that enable you to access the Web.” Given Amazon’s significant computing capacity and familiarity with sophisticated machine learning algorithms, the company could conceivably gain even more insight into your online behavior than your ISP.
This is a sea change in Amazon’s relationship with its users, one which demands great transparency about its practices.
Amazon’s official, public policies do not yet clearly answer important privacy questions. In its Silk-specific Terms & Conditions, Amazon promises that it will usually delete addresses of visited websites and certain identifiers (such as IP or MAC addresses) within 30 days. Beyond these terms, Silk’s data collection and usage is governed under the Amazon.com Privacy Notice, which states that your personal information can be used for customizing offers, improving Amazon’s stores, and making promotional offers.
These policies leave important questions unanswered. For example, is personally identifiable information collected or stored through Silk? How is information aggregated and anonymized? How does Amazon plan to use any collected information, if at all? How will Amazon’s cloud mediate secure HTTPS connections?
We reached out to Amazon and had an informative conversation that left us with the impression Amazon is taking privacy and security seriously. For example, we were assured that Silk will not log browsing history by IP address or other individual identifier, except when the user consents in order to send Amazon a crash report. Secure web page requests (SSL) are routed directly from the Kindle Fire to the origin server and do not pass through Amazon’s servers. Using the SPDY protocol, Silk even encrypts all web pages in transit, providing much needed additional security on public networks.
Amazon will also provide its customers with choice: Silk users will be able to switch off cloud-assisted browsing and access the web without Amazon mediation.
This is all good news, but we encourage Amazon to publicize and formalize these commitments in its Terms of Use and Privacy Policy. Unofficial assurances are helpful, but they don’t provide accountability, and users won’t know if Amazon changes their data usage practices in the future. Amazon’s customers deserve clear assurances before Silk launches.