Kindle Under Fire: New Tablet Heats Up Privacy Debate
Amazon's new Kindle Fire tablet is already setting off some privacy alarms in the security community.
Announced yesterday (Sept. 28) and set for a Nov. 15 release, the Kindle Fire, a full-color, 8GB, 7-inch multi-touch tablet, stands poised to go head-to-head with the iPad. The Kindle Fire's competitive standing, however, is already hampered by what some security experts see as a troubling invasion of privacy on Amazon's part.
The concern lies in the Kindle Fire's Web browser, called Silk, and specifically in how Silk promises to speed up surfing and increase battery life. Silk routes all Web connections through Amazon's Elastic Compute Cloud (EC2), so rather than directing traffic from the Kindle Fire to the desired Web page, transmissions will connect first through the cloud.
"When you use Silk, without thinking about it or doing anything explicit, you're calling on the computing speed and power of the Amazon Web Services cloud," reads Amazon's product description. By accessing the cloud, the Kindle Fire promises to increase battery life and increase Web connection speeds.
However, harnessing the power of the cloud could leave the privacy of the Kindle Fire's users up in the air, says Chester Wisniewski from the security firm Sophos.
In a blog post, Wisniewski wrote: "All of your Web surfing habits will transit Amazon's cloud. If you think that Google AdWords and Facebook are watching you, this service is guaranteed to have a record of everything you do on the Web."
In the "Terms and Conditions" for Silk, Amazon writes that URLs, as well as "certain identifiers, such as IP or MAC addresses," will be stored on its servers for 30 days.
This doesn't sit well with researcher Chris Espinosa, a senior employee at Apple, who took to his blog to vent about the mine of private data that Amazon will have access to with the Kindle Fire.
"Amazon will capture and control every Web transaction performed by Fire users," Espinosa wrote. "Every page they see, every link they follow, every click they make, every ad they see is going to be intermediated by one of the largest server farms on the planet. People who cringe at the data-mining implications of the Facebook Timeline ought to be just floored by the magnitude of Amazon's opportunity here."
Fortunately, Wisniewski notes, Amazon will enable Fire tablet owners to use Silk without routing traffic through the cloud. Connection speeds will be slower, but Wisniewski said it's a sacrifice well worth making.
"While most of us roll our eyes when confronted with long privacy policies and pages of legalese, privacy risks lurk around every corner," he wrote. "If you buy a Fire device, think carefully as to whether your privacy is worth trading for a few milliseconds faster Web surfing experience."
Amazon did not return a call for comment.