Amazon made a giant leap into a new field this month, introducing its low-priced, iPad-challenging tablet, the Kindle Fire. The reception was warm, to say the least, with about 250,000 pre-orders in the first five days they were available, and the company appeared to have pulled off a flawless product introduction.
Except for one red flag – security. Making the jump from e-readers to tablets involved incorporating web browsing tools, for which Amazon developed its own. Named Silk, the new web browser largely elicited concerns from the Internet security community, if more from unfamiliarity than anything else.
For some, these concerns appear to be waning. The Electronics Frontier Foundation (EFF), a nonprofit coalition of lawyers, analysts, activists and technology experts, took the industry's security questions regarding Silk straight to the source, and spoke with Amazon officials about how it will operate. After clearing much of the smoke around the Kindle Fire, the EFF found that the new device and web browser may turn out to be relatively secure.
Much of the mystique around Silk was its "cloud acceleration" mode, the EFF said. This leveraged Amazon's cloud servers to route webpage requests through its servers, a move made to boost web browsing performance on the tablet. Because of the implications of a cloud-accelerated web browser, the EFF was intrigued by Amazon's involvement in the information that was transferred through its servers.
"[W]hile in cloud acceleration mode, the user is trusting Amazon with an incredible amount of information," the EFF wrote in a recent blog post. "This is because Amazon is sitting in the middle of most communications between a user's Fire tablet on the one hand, and the website she chooses to visit on the other. This puts Amazon in a position to track a user's browsing habits and possibly sensitive content."
Amazon looks as though it was prepared for the questions that would follow the release of a cloud-accelerated web browser. According to the EFF's blog post, the company had sufficient answers for all of its security questions, mostly because Amazon thought to enable an off switch for the cloud service.
"Our conversation with Amazon allayed many of our major concerns. Cloud acceleration mode is the default setting, but Amazon has assured us it will be easy to turn off on the first page of the browser settings menu," the blog post reads. "When turned off, Silk operates as a normal web browser, sending the requests directly to the web sites you are visiting."
According to the EFF, Amazon's Internet privacy standards remained high with the release of Silk, as the browser met the security requirements of SSL traffic and logging. The only remaining concerns were those that the EFF and other privacy analysts have noted with other web browsers, such as collecting URLs visited by users and storing a database of user information in its servers.
With this in mind, the organization did advise those who were particularly concerned with their information.
"Moreover, the data collected by Amazon provides a ripe source of users' collective browsing habits, which could be an attractive target for law enforcement," the blog post reads. "For users who are worried about these privacy issues and about putting a lot of trust in Amazon to keep their data safe, we recommend turning off cloud acceleration."
In general, the endorsement is a good one for both Amazon and the cloud computing security industry. Even with the warning, the EFF's overall analysis of the cloud acceleration feature was positive, suggesting that many in the industry are warming up to security in the cloud – a hot-button issue in the tech industry as of late.