Amazon’s Silk Browser is raising security concerns

At the Noisecast, we’re all about safe computing. We want you to be aware of what can compromise your system, and what to do about it. So it’s fairly logical that we’d like to warn you about the possible concerns with the Amazon Kindle Fire’s fancy-pants new web browser: Silk. The browser claims to load faster, and it does this by retrieving web content from Amazon’s Elastic Compute Cloud (EC2) which will shrink pictures and streamline the data for loading on a tablet.

This means that none of your connections will be directly to the desired web page, but rather through Amazon’s servers. And as long as you’re browsing, that connection between your Fire and EC2 will stay open, in order to deliver your webernets as fast as computerly possible. In fact, your secure connections are handled by EC2, as they will serve as a proxy (with certificate) to handle your SSL connections.

What does this mean to you? First, that since this is all based in the US, your data is at the whim of US court orders. Second, if someone manages to get a foot in the door of EC2 security suites, they will have access to a lot of data, including your “secured” connections.

But don’t freak out and cancel your order! Amazon is offering an “off-cloud” option, wherein you opt out of the web site optimization that EC2 provides. This may slow down your browsing, but you also gain security, in that your Fire will connect directly to the desired web page, and secure connections will be between the two of you, instead of the awkward three-some that EC2 is offering.

Source: Naked Security