Blog Post

Amazon Silk’s cloud-based privacy conundrum

The ado around the privacy settings of the Amazon Silk web browser (S AMZN) is probably deserved, but it didn’t have to be this way. Had Amazon understood the difference between running a web site and selling devices, and had it anticipated the paranoia that the mere presence of the word “cloud” would invoke, Amazon could have saved itself a lot of trouble.

The big problems came over the weekend, when a couple of U.S. congressmen publicly (and ham-handedly) questioned how Silk, the browser that makes Amazon’s new Kindle Fire run, will collect and store customer data. Texas Representative Joe Barton stated the following in a Friday hearing:

My staff yesterday told me that one of our leading Internet companies, Amazon, is going to create their own server and their own system and they’re going to force everybody that uses Amazon to go through their server and they’re going to collect all this information on each person who does that without that person’s knowledge. Enough is enough.

Massachussets Representative Ed Markey sent Amazon a list of questions about its practices, demanding answers by Nov. 4. He could probably find them himself by reading the Amazon Silk Terms and Conditions and general Privacy Notice.

However, Congress is just responding to a spate of concerns that arose almost immediately after Amazon announced how Silk operates. Om covered a couple of them, including whether consumers will actually trust Amazon with their information like they (arguably) trust Google (s goog), and whether Silk’s caching model will keep private information private. This is absolutely a good discussion to have, but it’s easy to get the issues confused, as Reps. Barton and Markey seem to have done.

The cloud is our friend

That Amazon is going to run part of Silk on its own servers is absolutely not the problem. This type of application is actually one of the best use cases for cloud computing. Performing certain tasks on a cloud backend frees users’ devices from having to perform those tasks, thus improving performance if the network connection is up to par. Amazon happens to have a cloud computing subsidiary called Amazon Web Services, on whose infrastructure Silk is running, but architecture-wise Silk isn’t that different from the countless other non-Amazon applications also running on the AWS cloud.

As OpenDNS Founder and CEO David Ulevitch told Om, running Silk in the cloud might even make it safer for users: “Performance is one reason, but security benefits could be added too. … I’d rather a remote exploit run in a VM in the cloud instead of compromising my mobile device and rooting my phone.”

Perhaps Amazon overreached on data

But Amazon might have overreached with its split-browser model that relies on the cloud only for tasks that also require user-data collection. Silk analyzes browsing data in order to speed pageload times and troubleshoot technical issues. That is a great use of Amazon’s big data algorithms but it is also sure to offput some privacy-sensitive types despite Amazon’s promises of anonymity. Sure, Kindle Fire users can turn off the cloud-powered mode to avoid any privacy concerns, but then they lose the performance benefits. It’s kind of an unfair tradeoff.

Amazon’s biggest privacy problem with Silk might be that the company appears to be treating it as an extension of its web presence rather than a browser for a much more general-purpose device. Even if users are cool with Silk collecting certain information to improve performance, they might not be so cool with the Amazon Silk Terms and Conditions incorporating the Privacy Notice. That document gives Amazon certain rights to personally identifiable information, including collecting it, providing it to third parties and even requesting some interesting information about customers from third parties.

Even if users aren’t concerned with the authorities demanding information from Amazon about your profile and browsing history that it stores on its servers, they might just be turned off by the possibility of Amazon having any irrelevant information about them. The Kindle Fire is a physical device for surfing the web and, if users want, downloading e-books and other content. It’s tough to tell how Amazon is applying the Privacy Notice to Silk, but the only fair interpretation seems to be that anything involving is fair game, but anything from any other web site stays between the user and his physical device. Just like with any other browser running on any other web-connected device.

As I’ve explained before, it’s important that issues such as Silk’s potential privacy shortcomings are carried out in public, so that we can keep companies in check but also so that we can educate consumers on the pros and cons of any given policy. I think Amazon is in a strong position to inform the greater world on the benefits of Silk’s cloud-optimized architecture, but it might also consider a mea culpa — and a strategic overhaul — with regard to how aggressively it appears to be going after user data.

9 Responses to “Amazon Silk’s cloud-based privacy conundrum”

  1. I think Amazon needs to do a better job in communicating the workings of Kindle Fire. For example users can switch off the cloud acceleration mode. Encrypted traffic in HTTPS mode is directly fetched without going through the Amazon EC2 server, so users could access websites using HTTPS mode which all major websites including Google Search, Facebook and Twitter.

  2. Consider points below before buying Kindle Fire:
    – Amazon confirmed that you cannot download anything to Kindle Fire when traveling outside US.
    – Kindle Fire (or any other Kindle) doesn’t have microSD (or any other) card slot thus it is stuck with 6 GB USABLE internal storage unlike other tablets/ereaders that can get up to 32 GB card in to increase content capacity. Kindles are made to make sure you’re tied up to Amazon’s storage on the web (for which you need Wi-Fi connection to
    get to) and you can only store content you get from Amazon there, not other files. Quoting Amazon on Kindle Fire: “Free cloud storage for all Amazon content”. Get it, Amazon content?
    – The stats of how long the battery can last (Kindle Fire theory is 7.5 hours) are taken with Wi-Fi off. It will last about 3 hours if you use it to access content from their Cloud storage over Wi-Fi.
    – Amazon can spy on your web activity through their new cloud-integrated web browser of Kindle Fire.
    – VERY IMPORTANT – lack of microSD slot means that if you decide to”root” your Kindle Fire (or any other Kindle) you’ll have to “root” the actual device thus there will be no coming back. On other devices you can make it boot from a “rooted” microSD card and if you want to get back to the
    original Operating System you can just take out the card and reboot, and you can go back and forth between different images of various OS’s.
    – Kindle Fire doesn’t have a camera.
    – Kindle Fire has about 70% less usable screen area than iPad 2.
    – Kindle doesn’t support eBooks in ePub format that is the most used format in the world.
    – Kindle app store contains only Amazon approved apps and it does not include (and will not include) Netflix app that other tablets/ereaders have thus again you’re stuck with Amazon content only.
    – Amazon says it will review every app in its Appstore for Fire compatibility, as part of an automated process. Rejected apps will include those that rely on a gyroscope, camera, WAN module, Bluetooth, microphone, GPS, or micro SD. Apps are also forbidden from using Google’s Mobile Services (and in-app billing), which, if included, will have to be “gracefully” removed. In terms of actual content, Amazon has outlawed all apps that change the tablet’s UI in any way (including theme- or wallpaper-based tools), as well as any that demand root access (it remains to be seen how the company will treat the root-dependent apps already in its store) – this is what “rooting” can help with.

  3. mike widrick

    Pay attention, small business owners. Amazon doesn’t pay sales taxes in most states. Now they’re going to collect all online retail data. If you can’t outspend Amazon in lobbying, you better not vote Republican. Capitalism is supposed to be about competitive free trade, right? Not competition for politicians. Last time I read Adam Smith, anyway.

  4. David Ulevitch

    I’d make myself available to Barton’s staff to explain what’s up. There are pros and cons, and as long as users are clearly informed, there is nothing to be up in arms about.

    • Derrick Harris

      I almost totally agree, although I’m a little leery about how the privacy terms come into play. But that has precious little to do with the browser running in the cloud, which does seem largely benign.

    • Derrick Harris

      Hah. I didn’t think it worth mentioning that, re: Barton’s statement, pretty much every web transaction is carried out on a company’s servers, which subsequently store user data.