Following up to the privacy concerns about Amazon’s “Silk” browser, the EFF spoke with Amazon and asked some questions about privacy-related matters. The EFF’s Dan Auerbach reports coming away from the conversation mostly satisfied with Amazon’s measures, with only a couple of major privacy concerns remaining.
Amazon explained that Silk does not intercept encrypted traffic—HTTPS browsing sessions go directly from the Kindle Fire to the website without passing through Amazon’s EC2 servers. As for logging of requests that do pass through EC2, Amazon explains it only logs the URL of the page, a timestamp, and a session-identification token. There is no way to associate this information with any particular user, and it is discarded after 30 days.
The EFF is still concerned that logged URLs could contain identifying information about users, such as search queries encapsulated in the URLs, and that collected data could be an attractive target for law enforcement subpoenas, but on the whole credits Amazon with taking a reasonable amount of care to protect user privacy in the new browsing model.
