Amazon’s Silk – security by sniffing?  2.10.11

Om Malik asks David Ulevitch, CEO of OpenDNS and facilitator of phishtank.com, about his view Amazon’s Silk browser. Next to the optional classic end-to-end browsing mode, the browser can route all the traffic via Amazon’s cloud machines to “optimize and accelerate the delivery of web content” (Amazon Silk FAQ), to “troubleshoot and diagnose Amazon Silk technical issues” (Amazon Silk Terms and Conditions). David replies:

I think it’s brilliant. Not sure if people are wary of Amazon doing it since they will see all your traffic but SOMEONE should be doing this. Performance is one reason, but security benefits could be added too. Ultimately I think the idea of decoupled browsing makes a lot of sense. I’d rather a remote exploit run in a VM in the cloud instead of compromising my mobile device and rooting my phone.

While there is some ambiguity in Ulevtich’s wording, my interpretation is that he supports the idea of centralised access points for web surfing end users, which function as kind of content washing machines deleting malware, phishing sites and similarly insecure web content.

Will the sanitizers coalesce with the privatizers? Chris Espinoza:

The “split browser” notion is that Amazon will use its EC2 back end to pre-cache user web browsing, using its fat back-end pipes to grab all the web content at once so the lightweight Fire-based browser has to only download one simple stream from Amazon’s servers. But what this means is that Amazon will capture and control every Web transaction performed by Fire users. Every page they see, every link they follow, every click they make, every ad they see is going to be intermediated by one of the largest server farms on the planet.

Fire isn’t a noun, it’s a verb, and it’s what Amazon has done in the targeted direction of Google. This is the first shot in the new war for replacing the Internet with a privatized merchant data-aggregation network.

And what does this from Amazon’s Silk FAQ mean:

What about handling secure (https) connections?
We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://example.com).