I recently stumbled across an interesting browser called skyfire. I’d caught an old review of it on LifeHacker, via Gizmodo, at Laptop Mag blog. It detailed some rather impressive numbers for the browser, showing skyfire walked all over the competition1. So I figured it would be worth a shot…
The install was painless, as is pretty much any install on a Windows Mobile device. The start time was a little slow, but it still beat Opera for loading. This is where I discovered skyfire’s secret, and a concern they don’t specifically target on their website, but wrapped up in legal jargon.
When accessing a URL, it appears the requests are fed through their proxy servers. What’s passed back doesn’t appear to be the actual page, but an image of the page, and any URLs are made as image URLs.
I didn’t really pay a huge amount of attention to this until I attempted to acknowledge a server alert on our monitoring software Nagios. It refused to prompt for the username and password, which is setup with basic authentication. This struck me as unusual, until I started thinking how the browser was actually working. Going back over the numbers on the reviews, and the application performance, it made sense that the proxy server couldn’t handle the authentication.
This leads to the privacy concern. Looking at the LifeHacker post which appeared recently detailing a new feature the skyfire folks had added, there are plenty of comments on it, hinting the browser is pretty popular now.
Looking at their privacy statement, it’s relatively clear, even through the legal jargon that they store everything they want, but don’t seem to provide an “out” of the data stored. They provide the “usual” suspect of items, such as setting a cookie if you visit their site for tracking, and similar items about receiving “automatic logs” containing your IP. The interesting bit is the section detailing what they collect when using the browser.
Skyfire Labs might maintain usage data to assist Skyfire Labs in debugging its system or addressing other problems in its products or services. This usage data may include such information as your web request, web response, IP address, the date and time of your request, size of the communication, and cookies as well as client side data such as connect times, connect failures and performance problems.
The interesting section of that clause is the “web request, web response”. That’s basically saying, any information you send to, and receive from, a site, we “might” record. So do we need to worry about accessing your personal websites? It’s probably all good for accessing your every day sites, like news, sports, and the likes, but I think until further information is disclosed, I’d be wary of using it for anything else.
That being said, I love the speed of the browser. Being able to look at a zoomed out image of a site is quite nifty, especially as you can pan over to just the area you want to look at, and zoom in. And having the speed to navigate around is really good, especially if you’re just trying to catch up on some quick info (news at lunch).
I’m not saying skyfire will fall victim to a hack, such as those of several security websites recently, but I think I’d rather not have my private information shacked up on servers I know very little about. If they disclosed more information about the workings, and how they use, and store the data, I might feel a little better… until then, I’ll stick to my slightly sluggish Opera.
As always, the wonderful disclaimer.
In this case, the competition is Opera 9.5.1, and Safari ↩