Amazon’s Silk Browser tracks users' visited URLs

[eli]

EFF has previously examined silk and concluded, "We are generally satisfied with the privacy design of Silk, and happy that the end user has control over whether to use cloud acceleration..."

https://www.eff.org/2011/october/amazon-fire%E2%80%99s-new-b...

I don't think showing sites that are trending in aggregate changes anything. This seems like a nonstory.

[chimeracoder]

Also, it's possible the concept of 'trending now' may not impact user privacy - the whole point of Silk is that pages are partly pre-rendered on Amazon's servers, so it could be implemented as simply as seeing which parts of the cache are being hit frequently.

I don't really know much about how Silk is actually implemented, but it seems like all we know so far is that they're doing at least as much tracking as your ISP already is (and frankly, I find that much more concerning).

[RexRollman]

Agreed, and if I recall correct, you can turn that feature off and call websites directly.

[indygreg2]

Chrome's sync (i.e. sign in to Chrome) uploads the cleartext of your full browsing history to Google by default: http://gregoryszorc.com/blog/2012/04/08/comparing-the-securi...

From a privacy perspective Chrome and Silk sound the same.

Now, maybe Amazon is more actively using that data and doesn't provide means to change privacy settings (Chrome allows you to locally encrypt). I dunno.

[sp332]

At least you're not signed in by default like you are on the Kindle.

[selectout]

The real key to look at here is whether or not they are associating your visited URLs with your amazon account (or whatever account you need to be logged into. not a Kindle owner).

They mention they don't collect PII which doesn't mean it isn't being associated to PII though.

[Steko]

As long as the data is anonymized and aggregated properly and links with less then thousands of hits are never shown then there shouldn't be any problem.

One other interesting thing they could do with the data is if they started Amazon Search (they're caching a lot of the web as is) they could use their tracking of Google results to goose Amazon Search the way Bing did with IE tracking data.

[luser001]

Does Silk also kick in for SSL websites (the previous version did, iirc)?

I hope they had the decency to disable it for SSL connections.

[sp332]

Back when Silk first came out, they told the EFF that they don't send HTTPS traffic through their server. https://www.eff.org/2011/october/amazon-fire%E2%80%99s-new-b... But HTTPS obscures everything but the destination server. Even the rest of the URL should be invisible, so if Amazon is still tracking URLs, they are at least partly circumventing SSL protections.

[sswezey]

I don't think you understand Silk entirely, it's a web browser - it doesn't 'kick in,' it's how you connect to any web site.

[luser001]

Just trying to be succinct: what I meant is the "render on the server" concept, which the thing that differentiates Silk from every other browser.

[alexchamberlain]

Does it really render on the server? Doesn't it just proxy over SPDY?

[RexRollman]

When Silk is set to fetch everything through Amazon, the default, do all DNS queries go through Amazon as well?

[talmand]

So I guess this will be brought up every time a new Kindle tablet is announced. I suppose it's useful for those who haven't heard this before.