Archive for Amazon

Amazon Slapped With $887 Million Fine By European Privacy Watchdog

Posted in Commentary with tags on July 30, 2021 by itnerd

Amazon can likely afford this. Though they won’t be happy about cutting this cheque. Amazon has been issued with a fine of 746 million euros ($887 million) by a European privacy watchdog for breaching the bloc’s data protection laws:

The fine, disclosed by Amazon on Friday in a securities filing, was issued two weeks ago by Luxembourg’s privacy regulator. The Luxembourg National Commission for Data Protection said Amazon’s processing of personal data did not comply with the EU’s General Data Protection Regulation. It has ordered Amazon to revise certain undisclosed business practices.

Amazon, which has its European headquarters in Luxembourg, denied that there had been any kind of breach that would violate the GDPR rules. “Maintaining the security of our customers’ information and their trust are top priorities,” an Amazon spokesperson told CNBC. “There has been no data breach, and no customer data has been exposed to any third party,” they added.

When I see any of these words:

  • maintaining
  • protecting
  • upholding

In a sentence with any of these words:

  • our customers’
  • clients’
  • users’

That includes any of these words:

  • trust
  • safety
  • information

Combined with any of these words:

  • is our top priority
  • duty
  • first thought

My first thought is they must have done something really bad. And the company knows it. Thus while nobody is saying what Amazon did to get slapped with this fine, you can bet that it wasn’t trivial.

Amazon Web Services Takes Out NSO Group Linked Accounts

Posted in Commentary with tags , on July 20, 2021 by itnerd

Hot on the heels of the report of the NSO Group selling spyware to nation states to allow those countries to go after a journalists and activists on a massive scale, the news is out via Motherboard that Amazon Web Services is cutting ties with the NSO Group by taking down any accounts associated with them:

The move comes as a group of media outlets and activist organizations published new research into NSO’s malware and phone numbers potentially selected for targeting by NSO’s government clients.

“When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts,” an AWS spokesperson told Motherboard in an email.

Amazon and The Washington Post are owned by Jeff Bezos. And The Washington Post was part or the report of the spyware that the NSO Group was using. So I am sure that this is no coincidence. Also, while I am sure that this will hurt the NSO Group, I doubt this is fatal to them. But it will be interesting to see if this alters how NSO spyware is delivered to its targets.

Amazon Wants To Monitor You In Your Sleep… Ok… Sure… Right

Posted in Commentary with tags on July 12, 2021 by itnerd

Amazon is a pretty invasive company when it comes to monitoring your activities. And it looks like they’re going next level on that front. They have won U.S. permission to use radar to monitor consumers’ sleep habits:

The Federal Communications Commission on Friday granted Amazon.com Inc. approval to use a radar sensor to sense motion and “enable contactless sleep tracing functionalities.” Amazon on June 22 asked the FCC, which regulates airwave uses, for permission to market a device that uses radar. The technology captures movement in three dimensions, enabling a user to control its features through simple gestures and movements, the company said in a filing. The capability, according to Amazon, could help people with “with mobility, speech, or tactile impairments,” and it could monitor sleep with a high degree of precision.

Do I really want Amazon monitoring my sleep? Yes there is sleep monitoring from Apple for example. But I know that my sleep data from my Apple Watch stays with me. Where is the data that Amazon is gathering going? What is Amazon going to do with it? It’s likely too early to answer that question. But I think we should be asking that question now seeing as you are likely to be seeing products with this tech coming soon from Amazon. And by that point it may be too late to have that conversation.

Do You Have An Amazon Alexa Or Echo? You’re Part Of Amazon’s Massive ‘Sidewalk’ Mesh Network By Default

Posted in Commentary with tags on May 17, 2021 by itnerd

A couple of weeks ago, I spoke about Tile signing a deal to utilize Amazon’s ‘Sidewalk’ network so that it could better compete agains Apple’s Find My network. At the time I didn’t think it was going to do much for Tile. But it now appears that I might have wrong about that as more details about Amazon’s ‘Sidewalk’ network are starting to surface. And not all of those details are good:

The idea behind is actually really smart–make it possible for smart home devices to serve as a sort of bridge between your WiFi connection and one another. That way, if your Ring doorbell, for example, isn’t located close to your WiFi router, but it happens to near an Echo Dot, it can use Sidewalk to stay connected.

The same is true if your internet connection is down. Your smart devices can connect to other smart devices, even if they aren’t in your home. The big news on this front is that Tile is joining the Sidewalk network on June 14. That means that if you lose a Tile tracker, it can connect to any of the millions of Echo or Ring devices in your neighborhood and send its location back to you.

That’s definitely a nice benefit, but it’s also where things get a little murky from a privacy standpoint. That’s because other people’s devices, like your neighbor’s, can also connect to your network.

Amazon is pretty clear that Sidewalk uses three layers of encryption so that no data is shared between say, someone’s Tile tracker and your network. The signal from the Tile is encrypted all the way back to the Tile app on your iPhone or Android smartphone.

Still, a feature like this seems like the type of thing you’d want some control over. If suddenly my devices are going to start connecting to my neighbor’s WiFi, or theirs to mine, it seems like you’d have to opt-in, right?

Nope.

That’s because Amazon has enabled Sidewalk on every capable device by default. Whether or not you want your device connecting to other devices, or want your neighbors connecting to your WiFi, Amazon went ahead and made Sidewalk opt-out.

I can see why Amazon went this route. It needs all the devices that it can to make ‘Sidewalk’ work. But options like this should be opt-in rather than opt-out. Especially since I don’t exactly trust Amazon with my data. So if this bothers you, here’s how you can opt-out using the Alexa app’s More tab (at the bottom): Settings > Account Settings > Amazon Sidewalk > Enabled.

So this will lead to the inevitable question about whether Apple’s Find My functionality is on by default. From what I recall it isn’t and during the setup process of an iDevice you have to turn it on. But I would love confirmation of that. If you happen to know for sure, drop me a comment or leave a note and let me know.

Tile Teams Up With Amazon To Try And Fight Apple AirTag… And In My Mind It’s A #Fail

Posted in Commentary with tags , on May 8, 2021 by itnerd

Clearly Tile is feeling the pressure from Apple AirTag. So much so that according to CNBC, Tile has cut a deal with Amazon:

Amazon’s partnership will allow it beef up its tracking network, called Sidewalk, by letting Tile and Level devices tap into the Bluetooth networks created by millions of its Echo products. Tile will start working with Amazon’s network beginning June 14.

It needs the help because from what I can tell, Tile has a network of roughly has sold 30 million users Tile trackers, but their actual network size isn’t known. Compared to the billion or so Apple devices out there, it leaves Tile at a significant disadvantage. Amazon will sort of help with that. I say sort of because:

Amazon said Sidewalk will also strengthen Tile’s existing in-home finding experience with Alexa. Customers can say, “Alexa, find my keys” and their Tile tracker will start ringing from a coat pocket or from under the bed signaling where to find their lost item.

Amazon also said users with multiple Echo devices connected to Sidewalk will be able to find misplaced items around their homes even faster. Alexa can tell users which Echo device their Tiled item is closer to, whether it is the kitchen speaker or their bedroom speaker and the day and time it was last seen near that device.

In other words, this won’t help you find your keys in Downtown Toronto. Which means Apple likely still has the advantage here. But I guess Tile had to do something to stay in the game. And this qualifies as something. So let’s see how far this deal gets them.

BREAKING: Parler Sues Amazon For Site Takedown…. Alleges Antitrust Violations

Posted in Commentary with tags , on January 11, 2021 by itnerd

Let the games begin.

Alternative social networking service Parler has sued Amazon accusing its web hosting service of breaking anti-trust laws in taking off the platform that is popular with many right-leaning social media users. You can read the court document here. But here’s the reasons why they will lose. First of all, and most important of all, Parler violated Amazon’s terms of service because unlike Facebook and Twitter, Parler doesn’t crack down on hate speech. And you combine that with the fact that people on its platform plotted the events of last Wednesday that left five dead, Amazon was well within its rights to toss them off AWS. Second, Amazon has really deep pockets and will simply throw lawyers at this to make Parler either go away, or run them out of money.

Here’s the counterpoint. If you read their court document, they make some somewhat interesting arguments. Specifically:

4. AWS’s decision to effectively terminate Parler’s account is apparently
motivated by political animus. It is also apparently designed to reduce competition
in the microblogging services market to the benefit of Twitter.

And:

5. Thus, AWS is violating Section 1 of the Sherman Antitrust Act in
combination with Defendant Twitter. AWS is also breaching it contract with
Parler, which requires AWS to provide Parler with a thirty-day notice before
terminating service, rather than the less than thirty-hour notice AWS actually
provided. Finally, AWS is committing intentional interference with prospective
economic advantage given the millions of users expected to sign up in the near
future.

I would be interested to see if Parler can prove that there was a political motive behind this, and that Amazon is trying to hurt them. But remember on both parts of this, I’m a computer geek and not a lawyer.

This will be fun to watch.

BREAKING: Parler Is Being Suspended From AWS…. Possibly Killing The Social Media Platform

Posted in Commentary with tags , on January 9, 2021 by itnerd

Well. Who knew that Jeff Bezos who is the CEO of Amazon had Thanos like powers? I say that because news is breaking that Parler who has been punted from the Google Play Store and the Apple App Store now is in very deep trouble as it is being suspended from Amazon Web Services:

Amazon suspended the pro-Trump social-networking site Parler from its web-hosting service this weekend, a move that threatens to darken the site indefinitely after its users glorified the recent riot at the U.S. Capitol.

The e-commerce and web hosting giant said Parler had violated its terms of service given its inadequate content-moderation practices, adding in a letter to the social network that it would implement its punishment just before midnight Pacific time Monday.

What that means is that unless Parler changes course on the moderation issues that have led to these bans, Jeff Bezos has effectively Thanos snapped Parler off the Internet. Now it seems like Parler has some sort of “plan b” to get back on line based on this:

Parler also did not respond to a request for comment. But its chief executive, John Matze, said in a post on the site that Parler could be “unavailable on the Internet for up to a week as we rebuild from scratch.”

I question if that’s viable to be honest. AWS is the big boy on the block when it comes to hosting sites the scale of Parler. I am not sure who would be capable of doing the same thing at a similar scale. Not to mention who would be willing to have Parler as a customer. Thus I think that we may be watching the endgame when it comes to Parler. But I am free to be surprised.

EU Files Antitrust Charges Against Amazon For Unfair Business Practices

Posted in Commentary with tags on November 10, 2020 by itnerd

European Union regulators have filed antitrust charges against Amazon, accusing the e-commerce giant of using data to gain an unfair advantage over merchants using its platform:

The EU’s executive commission, the bloc’s top antitrust enforcer, said Tuesday that the charges have been sent to the company. The commission said it takes issue with Amazon’s systematic use of non-public business data to avoid “the normal risks of competition and to leverage its dominance” for e-commerce services in France and Germany, the company’s two biggest markets in the EU. The EU started looking into Amazon in 2018 and has been focusing on its dual role as a marketplace and retailer. In addition to selling its own products, the U.S. company allows third-party retailers to sell their own goods through its site. Last year, more than half of the items sold on Amazon worldwide were from these outside merchants. Executive Vice President Margrethe Vestager, the EU commissioner in charge of competition, said it’s not a problem that Amazon is a successful business but “our concern is very specific business conduct which appears to distort genuine competition.” Amazon faces a possible fine of up to 10% of its annual worldwide revenue, which could amount to billions of dollars. The company rejected the accusations.

Well, this isn’t good news for Amazon as this could be the start of a number of countries looking into the way that Amazon does business as the EU tends to be the bellwether for this sort of thing. Hopefully for Amazon’s sake, they have all their ducks in a row. Because this is going to get rocky.

Check Point Security Report Says That Amazon Alexa Were Subject To Extensive Levels Of Pwnage

Posted in Commentary with tags , on August 17, 2020 by itnerd

A report from Check Point Security researchers paints a pretty scary picture of how secure smart home devices are. Specifically Amazon Alexa products:

Our findings show that certain Amazon/Alexa subdomains were vulnerable to Cross-Origin Resource Sharing (CORS) misconfiguration and Cross Site Scripting. Using the XSS we were able to get the CSRF token and perform actions on the victim’s behalf.

These vulnerabilities would have allowed an attacker to:

  • Silently install skills (apps) on a user’s Alexa account
  • Get a list of all installed skills on the user’s Alexa account
  • Silently remove an installed skill
  • Get the victim’s voice history with their Alexa
  • Get the victim’s personal information

In effect, these exploits could have allowed an attacker to remove/install skills on the targeted victim’s Alexa account, access their voice history and acquire personal information through skill interaction when the user invokes the installed skill.

Successful exploitation would have required just one click on an Amazon link that has been specially crafted by the attacker.

Now all of those issues have been fixed. But it really makes one think twice about having these devices in their homes as it seems really wrong that a third party company is doing the sort of due diligence that the makers of this gear should be doing. The thing is that companies who create these devices have to have security as the top priority if these companies want consumers to buy their gear. Thus the best way for you to get the most secure smart home gear is to demand and expect better from these companies.

Tech CEOs To Get Grilled By Congress Today…. Here’s How To Watch

Posted in Commentary with tags , , , on July 29, 2020 by itnerd

Apple, Amazon, Google, and Facebook are set to be grilled by Congress today. Specifically the Judiciary Committee. The hearing is to find out if tech companies are using their dominant market positions to stifle competition which would be harmful to consumers. It will be interesting to see how this plays out as this is an election year which means that you might see some things might happen for no other reason than to increase the chances of re-election for some politician. If you’re interested in watching the “fun”, here’s a link to watch it live starting at noon ET:

Expect some feedback from yours truly once this is over.