(Amazon) Silk or a spider web?

51 Comments

Updated on Sept 29 at 9.20 am PST: Of all the announcements from Amazon today, the most audacious one is the one that involves Silk, a hybrid browser that essentially pre-fetches the web, caches it and then serves it up to Fire owners. I was pretty intrigued by it the moment I read about it. It reminded me of Skyfire. However, it was later when reading this post by Chris Espinosa, I realized the implications of it:

…what this means is that Amazon will capture and control every Web transaction performed by Fire users. Every page they see, every link they follow, every click they make, every ad they see is going to be intermediated by one of the largest server farms on the planet. People who cringe at the privacy and data-mining implications of the Facebook Timeline ought to be just floored by the magnitude of Amazon’s opportunity here. Amazon now has what every storefront lusts for: the knowledge of what other stores your customers are shopping in and what prices they’re being offered there.

Woah! That is a pretty big deal. I tried to get more clarification from Amazon’s spokesperson, who emailed me back that “Usage data is collected anonymously and stored in aggregate, thus protecting user privacy” and pointed me to the FAQ page. I still don’t get it, and I am waiting to chat with Amazon (tomorrow) to get further information.

Updated on Sept 29 at 9.20 am PST: A spokesperson for Amazon just pinged me back:

“Is Amazon able to peer into its customer usage behavior and use that to offer services based on that data. For instance if you see thousands of your customers going to buy SeeVees shoes from say a store like James Perse at a certain price, can you guys use that data to specifically tailor the Amazon store and offer up deals on those very same pair of shoes?” – the answer is no, as you can see in our terms and conditions, URLs are used to troubleshoot and diagnose Amazon Silk technical issues.  Moreover, you can also choose to operate Amazon Silk in basic or “off-cloud” mode.  Off-cloud mode allows web pages generally to go directly to your computer rather than pass through our servers. As a reminder, usage data is collected anonymously and stored in aggregate, and no personal identifiable information is stored. It’s also possible to completely turn off the split-browsing mode and use Amazon Silk like a conventional Web browser.

I asked David Ulevitch, founder and CEO of OpenDNS, an Internet security and managed DNS service, for his impressions. Here is what he had to say.

I think it’s brilliant. Not sure if people are wary of Amazon doing it since they will see all your traffic but SOMEONE should be doing this. Performance is one reason, but security benefits could be added too. Ultimately I think the idea of decoupled browsing makes a lot of sense. I’d rather a remote exploit run in a VM in the cloud instead of compromising my mobile device and rooting my phone.

But the caveat is that this is Amazon. People hand over all the cards to Google but they feel the exchange of value is worth it. But it took nearly a decade for people to even recognize they were giving something of value to Google. Armed with that savvy that exists now, consumers now know they are giving something to Amazon — so the burden is on Amazon to say how it will use the data or make the benefits so compelling that consumers don’t care just as Google does. It’s worth remembering that Google is open in many areas, but none of their openness is in the areas that matter.

So what do you guys make of Silk? Is the privacy concern for real or overblown? Love to get your thoughts.

51 Comments

Stephen

Terms and Conditions, Section 11: “Amazon reserves the right to make changes to the Agreement at any time by…”

Dave

Overblown? I think the privacy implications are understaed if anything!

Amazon Silk is downright scary! This company will snoop on ALL OF YOUR TRAFFIC no matter WHERE YOU ARE and under which law you’re under. That means that with a US warrant, it will allow all US agencies to spy on you. Yes, including SSL/HTTPS traffic because Silk is intercepting those as well!

Amazon will have your reading habits, your passwords, your cookies and even your bank account information.

DOWNRIGHT SCARY!

Brian Gillespie

Was this in fact what Google was doing when they were collecting data with the Google streetview vehicles? I seem to recall they were collecting data from open wireless networks.

alexandronov

I have a tangental question about the new system. Amazon says it will preventively load pages in the background based on this aggregation. From the way this is described this is different from caching where they already would have a copy of the page, but would be more like you having clicked on the page.

This seems cool, because my version of “My Profile” is different than anyone elses but people usually do click on “My profile” so you want the browser to preload my version of the page just in case. But what if you were on, for example, the flickr page for a picture and silk determines that a lot of users click “delete this picture” next, so clever Silk preloads the “delete this picture” link in the background just in case you want to do that later.

I would love to know how they’ll stop their site from following “actiony” links.

Marc Marshall

I already have very little trust in Amazon, and them having direct explicit access to every single bit of data that I view on the web is way, way past the level of trust I’m willing to put in any company. By necessity, of course, my ISP has access to all the same data (except for SSH encrypted data, which Amazon could well view in remote rendering), but my ISP is not trying to sell me everything in the world.

My wife is creeped out enough when she shops for something on Amazon and gets an email two hours later suggesting products. This could be paranoia and coincidence, but they seem to even be doing that with ads on 3rd party sites.

I wouldn’t trust Google with all that information, either. At least they can only track what I’m doing 3/4 of the time via Adsense and my searching.

Jim H

I think I trust them to keep my data private. They’ve done so since about 1998. I think that, if they do it right, this is a more secure way of browsing, as long at they don’t peek at your name, credit card, or whatever. As long as they don’t, I think it’s fine. An honest retailer works on you trusting his firm. If they give a single moment of distrust, then the jig’s up. But the fact that a retailer sells this to you so you can buy stuff, and so he can figure out what to show to someone with your click-profile. One of the best things about Apple is that I trust them to keep my credit info and so on — because they make money on the iPad. They don’t need the income from selling you. Amazon will be decent about it, but when they practically gave you the tablet and they need more sales to make money, that’s a seller’s tablet.

Steven

The fact that the data is used in aggregate does not lessen its value. In fact, it provides a level of deniability that Google doesn’t enjoy. But don’t let Amazon convince you that this is not purpose number 1a for this browser. For a company whose job it is to sell stuff, it would actually be criminal to have access to such info and not use it.

John

This is the same reason I don’t use opera mobile unless I NEED to browse something when my connection is poor. From Amazons answer above, there is nothing stopping them from looking at the data, it just isn’t their “policy” to do so. you just have to trust them on that if you use their service, and hope they police themselves internally on that.

MattF

I’d feel more comfortable about it if I felt I understood Amazon’s business plan here. What does the ‘monetization’ PowerPoint slide say? Why, exactly, is Amazon offering this service?

fivetonsflax

Ask them whether users are truly anonymous, or have a “static pseudonym”. Can they tell that two transactions were generated by the same user? If so, that’s a very different ballgame.

Matt Johnston

I’m not concerned by this because Amazon already stores the location I ship to and has my card details. I only trust three Interwebz companies with that data. Amazon, Apple and my hosting company :)

James Gowan

I think the fact that it’s opt-in is what matters. Personally, I would never use it IF I were doing a transaction, but for casual surfing, I can see how the speed boost would make it well worth my time. If AMZN has an easy way to turn it on and off, I think it’s fine. It’s all anonymous so if it can benefit them, I say the trade off is worth it.

David O

You are right to raise the security concerns and the potential value of the information they gain by being a pipeline to the internet. My concern is the future potential of this resource. We have seen Google taking its information resources in directions way beyond their original search-email-ads purposes. A company wanting to please Wall Street by having significantly increasing income may make decisions to “rule the world.” What Amazon says today is acceptable to me as what Google said years ago was acceptable to me. But now I find Google going every direction using their monopoly search income to purchase content, get into hardware manufacture, become a bankcard replacement and so on.

Alexphil

I have long ceased to believe in any privacy on the Web. Just be aware and be careful.

cloudpropel

@Jazz, may be Google did not advertise how they do it. May be because Amazon advertised how it works in the back end, it raises privacy and security issues. I wont compromise these two just for a faster browsing though I appreciate the innovation. For more on this topic, please visit http://www.cloudpropel.com/amazon_silk_browser.html

Ragu

@Jazz, Google may be using the same technique for faster browsing already but they never advertised how it works. May be because Amazon has not advertised with how it works in the the back end, we wont talk about privacy and security here. Anyway, I wont compromise privacy and security just for a faster browsing though I like the innovation. I have written more on my blog. If interested please visit this link: http://www.cloudpropel.com/amazon_silk_browser.html

LALeVasseur

Is it an interesting browser architecture? Sure. Is it novel? Not by a long shot. It’s odd to me [from the video] that this team of experts seems to ignore the fact that this type of browser architecture has been around in the mobile space for 9+ years.

Sachin Mehra

Multiple mobile browsers have done this for years. In fact the good old WAP days used to transcode all mobile content to fit the device and in theory could have cached and tagged user session content. So nothing new if Amazon promises to tag my session content to John Doe…

I wonder how and what they will do with SSL content? Perhaps bypass that? And if bypass, then I can obscure all of the really important stuff.

The advantages of not having multiple TCP sessions from the Fire to the web server is a big one. TCP over lossy links (ie. mobile) causes excessive re-transmissions and poor experience. If the Fire is indeed using some form of an optimized IP tunnel to the EC2 to reduce retransmissions and transcode content to an optimal level for the target device, the user experience could be spectacular compared to Chrome or Safari.

And this kind of solution wouldn’t be new either… CMDA 1x, EVDO & 3G dongle vendors have used solutions like Venturi Wireless to deliver a similar experience, albeit not the split browsing but certainly the tunnel optimization & transcoding content has been there improving browsing quality by as much as 5X.

Makes sense!

LALeVasseur

Oops–I should have read through all the comments first! :) Well-said, Sachin.

Paul

What would be interesting to understand is whether or not Amazon is passing the Fire user’s credentials to the page that the user is requesting. If they are not (and I suspect that they won’t), think about the impact that this will have on behavioral targeted advertising. It will be the “Cloud” surfing on behalf of the Kindle Fire users. This could be devastating to digital advertising.

From an end user privacy perspective, Silk will be seen as a privacy invasion. On the other hand, it could offer some protection as well. Who do you trust more, Amazon or all other web sites out there trying to get a piece of you.

John McSherry

Agree with Mike Cerm, so long as there’s a way to opt out and its relatively easy to do, that’s fine. Google makes it a pain in the butt for mere mortals to opt out of things built into Chrome (you can do it but you have to be aware of it to figure it out). Meanwhile, Jeff Bezos exudes brilliance! Bezos / Amazon is becoming a big part of what Marc Porat / General Magic had envisioned in the 1990s (Andy Hertzfeld what are you doing working at Google? Head north to Seattle!). Even Apple’s iCloud is alleged to be based on AWS. Let’s see now if Apple can execute on other part of the General Magic vision which was digital agentry (i.e., iCloud + Siri) on iOS 5 … Apple has more engineering talent to pull off the second part of the General Magic grand vision. Life is suddenly getting very interesting and exciting!

tim jones

It’s better that it’s not the vindictive, paranoid, secretive Apple that’s doing it

New

Actually we should feel far, far more comfortable trusting our private information to a company that is secretive and paranoid like apple. They have denied access to their iTunes customers details whilst incurring the wrath of the publishers. Compare that to google whose primary aim is to sell that information.

J.C

Always a Apple hater that has no clue at all what they are talking about

Pengles

Sounds like the standard BlackBerry BES/BIS system, which caches and compresses data, plus pre-scales images for your device. It *was* ground-breaking technology, circa 2001.

tedr

Is this any different than Google making the Chrome browser and having the ability to legally track every page visited?

Nicholas

Yep, I likened this to Opera yesterday.

All browsers particularly Safari with iTunes, could do this, but are in many ways prevented from doing so. Do the licenses state that this behavior observation will happen?

Remember when Gmail came out? Sheesh…

Dwayne Winseck's Media Blog

Just realized after reading cdeponosa’s blog that you used as inspiration that one good thing about ‘underlying architecture of Amazon’s plan is that it will be relying on its own “Content Distribution Network” (CDN), EC@. By doing so, Amazon is offloading traffic from cablecos and telcos. In Canada this is important because it undermines claims of congestion on networks, and thus need for bandwidth caps, net throttling, etc. Bill St. Arnaud, former Chief Knowledge Officer at Canarie did great paper on this for Netflix. http://dwmw.files.wordpress.com/2011/04/st-arnaud-myths-and-facts-re-ubb.pdf

Anyway, just food for thought. cheers DW

Mike Cerm

I can see how there are some privacy/security concerns, but I don’t think they’re really all that big of a deal, considering what the users are getting in return. Browsing with Silk will be anywhere from 2 to 10 times faster than with other browsers, and will use significantly less data. In an era of spotty 4G coverage, and shrinking bandwidth caps, that’s HUGE. There will also be pretty sizable benefits for battery-life, as well.

All they need to do to put the concerns to bed is give users a “privacy” toggle, which bypasses Amazon’s proxy, or allow users to install and use other web browsers, like Dolphin HD (which is already available in their app store).

Frrank

The majority of the unwashed masses using the Fire will have no clue of the implications, and will most likely not know how to disable/bypass silk.

Dwayne Winseck's Media Blog

Nice pointer to the privacy and surveillance implications of Fire/Silk combo, Matthew.

I think, though, that is also necessary to point to concrete examples of Amazon’s dubious uses of this “intermediary” power, notably in the case of Wikileaks. Using it’s power over “the cloud” to function as tool of the state. Also notion that Amazon, like every other US web-based outfit, is covered by Patriot Act. Canadian sites like Blacksun.ca base one of their strengths as being on CDN soil, and beyond reach of Patriot Act.

My point is basically this: why not illustrate the ‘hypothetical’ scenario set out in your first quote — “Amazon has the largest server farms on the planet — with these real cases. Do we want Amazon to have this “intermediary” power, I think is your really good, and fundamental question? Illustrating it better with concrete cases I think punctuates the point.

Oh ya, what about that name, “Fire”? Free riding on Firefox browser as antidote to Safari/Bing/Google triopoly? Just wondering . . . ? Cheers, and thanks for good question and nice pointer to important issue. DW

Westacular

“Fire” is a play off “Kindle”; the name of the tablet device is “Kindle Fire”. The browser’s (internal?) name is Silk. I think it unlikely that people will confound any of that with Firefox.

Also, what do you mean by “Safari/Bing/Google triopoly”? Safari is Apple’s browser. Bing is Microsoft’s search engine service. Google is a company. Firefox can hardly be said to be an “antidote” to any of them.

The three companies are so adversarial with each other that it’s hard to imagine them forming mutual power block under any circumstances. And Apple, in its own way, is as strong an advocate for safeguarding user privacy as Mozilla / Firefox.

Ganon

“Oh ya, what about that name, “Fire”? Free riding on Firefox browser..”

More like: burn your dead tree books

AC

Desktop version possibilities? ads with one click buy buttons? people who viewed this webpage bought this?

Lucas

During the presentation it was mentioned that services such as Netflix are hosted on Amazon’s EC2 cloud servers. There’s no telling how many other websites host their servers there. Furthermore, a webhost such as GoDaddy or 1&1 could easily be hosting instances on Amazon’s servers, leased out to another website.

JQP123

A web site hosted on EC2 is not a privacy concern since Amazon lacks the means and ability to track the data traffic all the way into your hands.

This changes with Fire.

Frank

The crucial point, I think, is that they *aren’t* tracking usage data back to you — according to them, at least. They’re tracking your usage in aggregate, with the implication that you’re browsing relatively anonymously.

Jazz

Dear Om, would it be OK if Google did this? Doesn’t Google already have possibly the largest trove of information, including perosnally identifiable information, about its visitors and users of its services?

eric

I don’t think anyone can beat Facebook in terms of personally identifiable information. how many people have Fb accounts vs how many have google accounts? Google just have a lots of search data, they’re anonymised after 90 days anyway.

Comments are closed.