Domain: siteaddress.com
Stories and comments across the archive that link to siteaddress.com.
Comments · 8
-
Kindle does this too
This seems like it will be common place as cloud based web rendering becomes popular to save people "bandwidth".
Kindle: http://www.zdnet.com/blog/networking/amazons-kindle-fire-silk-browser-has-serious-security-concerns/1516
Amazon Silk's terms and conditions state that Amazon will keep your the Web addresses you visit, the IP addresses you use, and your Kindle Fire's unique media access control (MAC) addresses for 30 days. With that information, Amazon can track your every Web move.
On top of that, when you lock into a site that uses Secure-Socket Layer (SSL) or HTTPS for security, EC2 will handle that for you as well. According to the Silk FAQ, "We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com./ Amazon Silk will facilitate a direct connection between your device and that site. Any security provided by these particular sites to their users would still exist."
Amazon will do this by acting as man-in-the-middle (MTM) SSL proxy. That's fine if you trust Amazon. I'm not sure I do. I'm not crazy about extending my trust to any large corporation. I have to trust my ISP, they connect me with the net, I don't want to extend my trust much farther than my ISP. -
Re:It is SAD....
Silk does MITM of HTTPS connections. My ISP doesn't.
We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com./
Emphasis mine.
-
Re:Amazon Silk + SSL = MITM?
Cross posting from my old comment. As per their help:
What about handling secure (https) connections? We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com/ ).
So essentially, they become the man-in-the-middle so they can better cache your HTTPS content? And their browser is programmed to show this is acceptable/secure... What kind of privacy implications does this introduce? Even if their privacy policy says they won't use the data maliciously, cloud computing isn't a bullet-proof system (i.e., leaks, hacking incidents, etc.). Call me paranoid, but if I read this right, this sounds like a frightening idea.
Iif they put themselves as a man in the middle that sees your banking account credentials, credit card numbers, etc, all their servers that are involved in this should be subject to the kind of security standards and regulations that are required of sites that handle credit card numbers...
-
Mixed message on SSLThe FAQ says, confusingly,
We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com./
Amazon Silk will facilitate a direct connection between your device and that site. Any security provided by these particular sites to their users would still exist.Which is it?
-
Re:Potential privacy nightmare
From Amazon's own FAQ on Silk:
What about handling secure (https) connections?
We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com./Still a bit vague, but not the part about "from the cloud to the site owner on your behalf". But in this case nothing can be assumed - it's their browser, so they can implement the client to cloud connection however they want. Let's just hope they do it securely (even if, unlike real HTTPS, there is no way to guarantee a point to point secure connection, which is enough for me never to trust it enough for my online banking...)
-
Amazon Silk + SSL = MITM?Cross posting from my old comment. As per their help:
What about handling secure (https) connections?
We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com/ ).So essentially, they become the man-in-the-middle so they can better cache your HTTPS content? And their browser is programmed to show this is acceptable/secure... What kind of privacy implications does this introduce? Even if their privacy policy says they won't use the data maliciously, cloud computing isn't a bullet-proof system (i.e., leaks, hacking incidents, etc.). Call me paranoid, but if I read this right, this sounds like a frightening idea.
-
Amazon Silk + SSL = MITM?As per their help:
What about handling secure (https) connections?
We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com/ ).So essentially, they become the man-in-the-middle so they can better cache your HTTPS content? And their browser is programmed to show this is acceptable/secure... What kind of privacy implications does this introduce? Even if their privacy policy says they won't use the data maliciously, cloud computing isn't a bullet-proof system (i.e., leaks, hacking incidents, etc.). Call me paranoid, but if I read this right, this sounds like a frightening idea.
-
Re:Silk Browser
http://www.amazon.com/gp/help/customer/display.html/ref=hp_rel_topic?ie=UTF8&nodeId=200775440/
What about handling secure (https) connections?
We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com./
Amazon Silk will facilitate a direct connection between your device and that site. Any security provided by these particular sites to their users would still exist.
I dunno about you but I'm not entirely thrilled by Silk here.