07-13-2013, 07:12 PM | #1 |
Connoisseur
Posts: 91
Karma: 2129612
Join Date: Dec 2007
Location: Vienna, Austria
Device: Sony PRS-650, Sony PRS-T1, Sony PRS 505, Sony PRS T2, Kindle PW
|
Amazon outdoing PRISM
So Amazon's 1Button App for Chrome and Firefox not only sends each and every website you visit to Amazon servers, it also reports your Google searches (plus results) to Amazon and Alexa.
And despite what their privacy statement says, because this data is sent to an Amazon URL your browser automatically and very helpfully includes the cookies Amazon uses to identify your account, so this information is everything but anonymous -- in fact, it allows Amazon to store your entire browsing history, Google searches (and, as a bonus, execute arbitrary Javascript code on any third party website). Now, I'm not getting into the whole Is-Amazon-Evil-Or-Not Debate (in fact, I think very highly of their customer service and have been a loyal customer for years), but whichever way you look at it, this is just wrong. The apologists might say that Amazon doesn't make use of this data, but why does it then collect it in the first place? And by doing so compromises its customers privacy and security since the 1Button App can easily be modified to allow third parties to spy on you (and even read the content of your SSL encrypted HTTPS webtraffic) as shown here: http://blog.kotowicz.net/2013/07/jea...-1-button.html Matt |
07-13-2013, 07:17 PM | #2 | |
Grand Sorcerer
Posts: 27,549
Karma: 193191846
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Quote:
|
|
07-13-2013, 07:23 PM | #3 |
Grand Sorcerer
Posts: 11,732
Karma: 128354696
Join Date: May 2009
Location: 26 kly from Sgr A*
Device: T100TA,PW2,PRS-T1,KT,FireHD 8.9,K2, PB360,BeBook One,Axim51v,TC1000
|
|
07-13-2013, 07:27 PM | #4 |
Connoisseur
Posts: 91
Karma: 2129612
Join Date: Dec 2007
Location: Vienna, Austria
Device: Sony PRS-650, Sony PRS-T1, Sony PRS 505, Sony PRS T2, Kindle PW
|
|
07-13-2013, 08:14 PM | #5 |
Wizard
Posts: 2,145
Karma: 11174187
Join Date: Jan 2011
Device: Sony 350, K3-3G, K4SO, KPW
|
does the Do Not Track add-in for Firefox negate this?
|
07-13-2013, 08:43 PM | #6 |
Connoisseur
Posts: 91
Karma: 2129612
Join Date: Dec 2007
Location: Vienna, Austria
Device: Sony PRS-650, Sony PRS-T1, Sony PRS 505, Sony PRS T2, Kindle PW
|
Probably not. If it did, that would mean that one extension could control the behaviour of another.
The 1Button App even undercuts a website's CSP (protection against XSS, i.e. malicious third party java scripts), because the 1Button App Javascript code gets executed by the browser directly without checking security limitations (the thinking behind this is that the user trusts the extension because he has installed it). Matt |
07-13-2013, 09:01 PM | #7 |
Wizard
Posts: 1,806
Karma: 13399999
Join Date: Aug 2007
Location: US
Device: Nook Simple Touch, Kobo Glo HD, Kobo Clara HD, Kindle 4
|
I would not install this app in the first place, but in many ways this is no different from the ever present javascript from Google, Facebook, Pinterest, Twitter, etc. Every time you go to a site with that social networking and/or advertising crap javascript on it, it's phoning home especially if you have clicked to keep your browser logged in to those sites unless you use something like noscript to disable all javascript. I usually disable almost every source of javascript unless the page won't render.
Last edited by bgalbrecht; 07-13-2013 at 09:06 PM. |
07-13-2013, 09:28 PM | #8 |
Omnivorous
Posts: 3,281
Karma: 27978909
Join Date: Feb 2008
Location: Rural NW Oregon
Device: Kindle Voyage, Kindle Fire HD, Kindle 3, KPW1
|
Old news... Don't like it? Don't install it.
I know we've been down this path before, but this is why I've got AdBlock, Ghostery and BetterPrivacy loaded. Ain't a perfect solution (should be blocking Javascript), but it's better than nothing. Privacy on the Internet has been gone for a long time. Get used to it. |
07-13-2013, 10:27 PM | #9 | |
Cynical Old Curmudgeon
Posts: 1,085
Karma: 8495696
Join Date: Jul 2011
Location: Halifax, Canada
Device: Kobo Mini, Kobo Arc, HTC Desire C
|
Quote:
And it's just a browser toolbar, really, the type of thing we've been quietly and gently asking our less tech-savvy relatives to STOP INSTALLING THAT CRAP EVERY TIME I TURN MY BACK!!!!!, er, sorry 'bout that, for the last 15+ years. At least it has one positive aspect, unlike Yahoo, Google, Ask.com, etc., toolbars - I don't think Amazon have been scummy enough to bundle their toolbar with other software and make it a very easy-to-miss opt-out. |
|
07-13-2013, 10:59 PM | #10 |
Treachery of images ...
Posts: 4,069
Karma: 91561091
Join Date: May 2012
Location: Australia
Device: Blackberry Playbook, Sony 650, Kobo Glo, H2O, Aura One, Forma, Libra 2
|
Add me to the 'it sux' mob!
When an employee (or ex emp) bellows out loud about this and other intrusive/invasive/snooping etc conduct, be it by companies or governments, they get called names, even 'traitor'. Yeah right .... If companies and governments want the info on a person or a population in their own country or another country then why not be up front about it. Why hide or try to hide their conduct. Yeah ... it sux!! PS Carrier pigeons have never been better placed to make a comeback, lol |
07-14-2013, 01:17 AM | #11 |
Are you gonna eat that?
Posts: 1,633
Karma: 23215128
Join Date: Jun 2011
Location: Phillipsburg, NJ
Device: Kindle 3, Nook STG
|
Until Amazon has the power to arrest and indefinitely detain me for things I buy, I'm not too worried about targeted advertising and the like.
|
07-14-2013, 01:34 AM | #12 |
Wizard
Posts: 4,465
Karma: 6900052
Join Date: Dec 2009
Location: The Heart of Texas
Device: Boox Note2, AuraHD, PDA,
|
I would say that the real answer is to make improper use of the data a Felony and have very high civil penalties awarded, if/when anyone gets caught misusing the data collected. The same for ignoring an opt out or lack of opt in violation. Additional penalties for any corporate coverup.
Luck; Ken |
07-14-2013, 03:23 AM | #13 |
Basculocolpic
Posts: 4,356
Karma: 20181319
Join Date: Jul 2010
Location: Sweden
Device: Kindle 3 WiFi, Kindle 4SO, Kindle for Android, Sony PRS-350 and PRS-T1
|
Forgive my stupidity but what is Amazon's 1Button app? Is it an iOS app?
|
07-14-2013, 03:50 AM | #14 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
I've never heard of it, either, so you're not alone .
|
07-14-2013, 04:04 AM | #15 |
Wizard
Posts: 3,388
Karma: 14190103
Join Date: Jun 2009
Location: Berlin
Device: Cybook, iRex, PB, Onyx
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
today only: Amazon Local free voucher for $4 off Amazon mp3 album $7.99 or more | sufue | Deals and Resources (No Self-Promotion or Affiliate Links) | 6 | 06-13-2012 07:31 PM |
Elgan: Here comes Amazon's 'Kindle for movies' I predict that Amazon will ship a vide | GeoffC | News | 15 | 05-23-2011 01:40 AM |
Mozilla Prism | DMcCunney | Lounge | 2 | 06-28-2008 08:32 AM |