Amazon Sets the Record Straight on Silk's Security

Silk, Amazon's new "cloud accelerated" browser, has already drawn the ire of security experts and politicians alike since it funnels most of the tablet's traffic through Amazon-controlled servers. Now, Amazon is providing additional details as to how Silk handles your data.

Silk operates by utilizing Amazon's AWS cloud servers to download of web page elements in parallel, then funnel this info back into the tablet using a persistent connection and the SPDY protocol. This works significantly faster than HTTP protocols but does have to run through Amazon's servers. What's to keep Amazon from sniffing, intercepting or logging all of that traffic?

For one thing, the Amazon system doesn't touch secure communications—anything with an Https don't run through the Amazon system. Conversely, secure communications aren't accelerated either. Second, the SPDY protocol only logs three pieces of information: URL of the resource being requested, the request Timestamp, and session token—and only retains that information for 30 days. "Individual identifiers like IP and MAC addresses are not associated with browsing history, and are only collected for technical troubleshooting," Jon Jenkins, director of Silk development, told the EFF. And finally, since the SPDY connection is itself encrypted, it prevents third-party sniffing on open networks.

These are some pretty solid reassurances, but it's not like a company is going to tell you up-front that they're using your information for nefarious purposes—they wait until they're found out (see Apple). [EFF]


You can keep up with Andrew Tarantola, the author of this post, on Twitter, Facebook, or Google+.