[LINK] RFI: Amazon One-Click Feature

Roger Clarke Roger.Clarke at xamax.com.au
Thu Aug 3 16:26:22 AEST 2006 

Here's a request for info. to users of Amazon's One-Click feature:
http://www.amazon.com/gp/help/customer/display.html/102-0840596-8877722?nodeId=468480
(and, of course, to linkers who are knowledgeable about it, whether 
or not they're also users)


Where more than one human being utilises a device, does the Amazon 
One-Click service automatically detect which human being it is?


Discussion:

My understanding is that Amazon One-Click depends on cookies.  That's 
supported by the statements at:
http://www.amazon.com/gp/help/customer/display.html/102-0840596-8877722?ie=UTF8&nodeId=598258

When a browser sends a request for a URL to a web-server, it sends 
along all cookies that match to that domain.  That's just how cookies 
work (isn't it?!).

So I'm having trouble working out how the Amazon server could possibly divine:
(a)  which human's finger was on the key;  or even
(b)  whether two or more humans ever use that device.


Note that I'm not talking about genuinely multi-user operating 
systems like *nix and (very) recent Windows.  I'm making the 
assumption that, in those circumstances, cookies are within the 
user-space, and hence the browser picks up whatever cookies are in 
*that* user-space and not others.  But genuine multi-user use is far 
from the mainstream in Windows-land.

I also wonder whether Amazon One-Click considers IP-address as part 
of its processing.  That would tend to conflate multiple users who 
appear to the server to be at the same IP-address.  My in-house 
router's IP-address changes infrequently, even though I'm only on 
ADSL and haven't paid the requisite extra for a fixed IP-address.  So 
it might be used as a proxy for {my device, me, all users of my 
device, (if I'm running NAT) all users of all devices that are within 
my sub-network};  or it could be used as part of a more complex 
algorithm in an attempt to infer user-identity.

-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list