The first is to state clearly that we are not aiming to be a privacy/anonymity tool -- a la TOR -- for end users. The idea behind developing Silo was to create a secure browsing environment that is physically separate from the users device and local network. Most of our customers are businesses looking to contain the risks of accessing the web.
Having said that, there are attributes of using our service that might seem like they cater to those looking for privacy/anonymity. For instance, we present websites with our IP, not that of the user. We also filter various forms of scripts and active web content to deliver a clean page to our users and keep the user’s device free of typical browsing footprints like history and cookies.
We also have a configuration of our service that is specifically designed for InfoSec researchers looking to misattribute their location and browser fingerprint for the purposes of forensic investigation. So it’s perhaps understandable that we’ll get compared to things that aren’t quite equivalent.
As with any cloud service, we do collect some data in order to give customers roll up reporting of their users’ activity. We purge this data on a 90-day basis and retain only anonymized traffic statistics for internal capacity planning. We also allow a customer to encrypt all their data within our service using their own encryption key. If customers choose to do this, only they will have the ability to extract and access their data.
Here’s our intention: We believe your data is your data, no one else’s. We have no intention of sharing it with others for monetary gain or any other reason. What we do capture is disclosed, and as stated above, we provide a mechanism for you to encrypt all your data if you want. At the same time, we don’t want people using our service for things that are clearly illegal, and we defer to the legislators and the courts to determine that standard. We want to cooperate with law enforcement if they are investigating someone’s activity and release that data (if we have it). But it needs to be a formal request against a specific user.