Amazon Silk’s cloud-based privacy conundrum


The ado around the privacy settings of the Amazon Silk web browser is probably deserved, but it didn’t have to be this way. Had Amazon understood the difference between running a web site and selling devices, and had it anticipated the paranoia that the mere presence of the word “cloud” would invoke, Amazon could have saved itself a lot of trouble.

The big problems came over the weekend, when a couple of U.S. congressmen publicly (and ham-handedly) questioned how Silk, the browser that makes Amazon’s new Kindle Fire run, will collect and store customer data. Texas Representative Joe Barton stated the following in a Friday hearing:

My staff yesterday told me that one of our leading Internet companies, Amazon, is going to create their own server and their own system and they’re going to force everybody that uses Amazon to go through their server and they’re going to collect all this information on each person who does that without that person’s knowledge. Enough is enough.

Massachussets Representative Ed Markey sent Amazon a list of questions about its practices, demanding answers by Nov. 4. He could probably find them himself by reading the Amazon Silk Terms and Conditions and general Privacy Notice.

However, Congress is just responding to a spate of concerns that arose almost immediately after Amazon announced how Silk operates. Om covered a couple of them, including whether consumers will actually trust Amazon with their information like they (arguably) trust Google, and whether Silk’s caching model will keep private information private. This is absolutely a good discussion to have, but it’s easy to get the issues confused, as Reps. Barton and Markey seem to have done.

The cloud is our friend

That Amazon is going to run part of Silk on its own servers is absolutely not the problem. This type of application is actually one of the best use cases for cloud computing. Performing certain tasks on a cloud backend frees users’ devices from having to perform those tasks, thus improving performance if the network connection is up to par. Amazon happens to have a cloud computing subsidiary called Amazon Web Services, on whose infrastructure Silk is running, but architecture-wise Silk isn’t that different from the countless other non-Amazon applications also running on the AWS cloud.

As OpenDNS Founder and CEO David Ulevitch told Om, running Silk in the cloud might even make it safer for users: “Performance is one reason, but security benefits could be added too. … I’d rather a remote exploit run in a VM in the cloud instead of compromising my mobile device and rooting my phone.”

Perhaps Amazon overreached on data

But Amazon might have overreached with its split-browser model that relies on the cloud only for tasks that also require user-data collection. Silk analyzes browsing data in order to speed pageload times and troubleshoot technical issues. That is a great use of Amazon’s big data algorithms but it is also sure to offput some privacy-sensitive types despite Amazon’s promises of anonymity. Sure, Kindle Fire users can turn off the cloud-powered mode to avoid any privacy concerns, but then they lose the performance benefits. It’s kind of an unfair tradeoff.

Amazon’s biggest privacy problem with Silk might be that the company appears to be treating it as an extension of its web presence rather than a browser for a much more general-purpose device. Even if users are cool with Silk collecting certain information to improve performance, they might not be so cool with the Amazon Silk Terms and Conditions incorporating the Privacy Notice. That document gives Amazon certain rights to personally identifiable information, including collecting it, providing it to third parties and even requesting some interesting information about customers from third parties.

Even if users aren’t concerned with the authorities demanding information from Amazon about your profile and browsing history that it stores on its servers, they might just be turned off by the possibility of Amazon having any irrelevant information about them. The Kindle Fire is a physical device for surfing the web and, if users want, downloading e-books and other content. It’s tough to tell how Amazon is applying the Privacy Notice to Silk, but the only fair interpretation seems to be that anything involving is fair game, but anything from any other web site stays between the user and his physical device. Just like with any other browser running on any other web-connected device.

As I’ve explained before, it’s important that issues such as Silk’s potential privacy shortcomings are carried out in public, so that we can keep companies in check but also so that we can educate consumers on the pros and cons of any given policy. I think Amazon is in a strong position to inform the greater world on the benefits of Silk’s cloud-optimized architecture, but it might also consider a mea culpa — and a strategic overhaul — with regard to how aggressively it appears to be going after user data.


Comments have been disabled for this post