Lucian Constantin reports that Amazon Silk, a cloud-based browser developed by Amazon to support its new Kindle Fire tablet, is raising privacy concerns. Although there is non-cloud option that would not share data with Amazon, the default settings do, and users’ data might be subject to access by the government under provisions of the PATRIOT Act. Lucian explains:
“The content of web pages you visit using Amazon Silk passes through our servers and may be cached to improve performance on subsequent page loads,” Amazon says in the Silk Terms & Conditions.
“Amazon Silk also temporarily logs web addresses known as uniform resource locators (‘URLs’) for the web pages it serves and certain identifiers, such as IP or MAC addresses, to troubleshoot and diagnose Amazon Silk technical issues. We generally do not keep this information for longer than 30 days,” it adds.
Moreover, because its servers will act as a man-in-the-middle proxy for HTTPS requests, the company will be in a position to intercept secure communications. “We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL,” the company notes in its FAQ.
Read more on The Inquirer.
Chester Wisniewski of Sophos was one of the first to sound the alarm bells. You can read his commentary on Naked Security.