Amazon Silk

Bruce Morton

Amazon announced last month that it is entering the tablet market with the Kindle Fire. The Fire will be based on the Android operating system and will use the new Amazon Silk browser. Silk will use an innovative architecture called dynamic split browsing. In order to improve performance, content will be made available through the Amazon EC2 cloud.

The Silk/EC2 combination will provide many benefits: machine-learning, persistent connections, image compression, optimized last-mile connection, advanced caching, page indexes, predictive rendering, massive EC2 server fleet, encrypted delivery and SSL security.

Arguably, this architecture is more secure than typical browser server configurations. The Amazon EC2 cloud will proxy traffic to the Kindle and may be able to filter malicious code. On the flip side, the architecture has privacy issues. Amazon states that usage data is collected anonymously and stored in aggregate, and no personal identifiable information is stored. As an alternative, it is possible to turn off the split-browsing and use Amazon Silk like a conventional Web browser.

The EFF was so concerned about privacy that it went to get straight answers directly from Amazon. They discovered that Amazon does not intercept encrypted traffic and that secure Web page requests are routed directly from the Kindle Fire to the origin server.

With regards to logging, the only information logged is the URL of the resource being requested, the timestamp and the session token. The one concern is that Amazon stores the URLs visited and these may contain identifying information. The EFF concluded that they were generally satisfied with the privacy design of Silk and are happy that the end-user has control over whether to use cloud acceleration.

Bruce Morton
Bruce Morton
Director, Certificate Technology & Standards

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.


Add to the Conversation