[LINK] RFI: Amazon One-Click Feature

Marius Coomans mcoomans at gmail.com
Thu Aug 3 17:46:13 AEST 2006 

Roger,

Whenever I've done a transaction with Amazon, it has always asked me for my
password. It's One Click and a bit of typing...

Cheers,

Marius Coomans
Active Web Communications

On 8/3/06, Roger Clarke <Roger.Clarke at xamax.com.au> wrote:
>
> Here's a request for info. to users of Amazon's One-Click feature:
>
> http://www.amazon.com/gp/help/customer/display.html/102-0840596-8877722?nodeId=468480
> (and, of course, to linkers who are knowledgeable about it, whether
> or not they're also users)
>
>
> Where more than one human being utilises a device, does the Amazon
> One-Click service automatically detect which human being it is?
>
>
> Discussion:
>
> My understanding is that Amazon One-Click depends on cookies.  That's
> supported by the statements at:
>
> http://www.amazon.com/gp/help/customer/display.html/102-0840596-8877722?ie=UTF8&nodeId=598258
>
> When a browser sends a request for a URL to a web-server, it sends
> along all cookies that match to that domain.  That's just how cookies
> work (isn't it?!).
>
> So I'm having trouble working out how the Amazon server could possibly
> divine:
> (a)  which human's finger was on the key;  or even
> (b)  whether two or more humans ever use that device.
>
>
> Note that I'm not talking about genuinely multi-user operating
> systems like *nix and (very) recent Windows.  I'm making the
> assumption that, in those circumstances, cookies are within the
> user-space, and hence the browser picks up whatever cookies are in
> *that* user-space and not others.  But genuine multi-user use is far
> from the mainstream in Windows-land.
>
> I also wonder whether Amazon One-Click considers IP-address as part
> of its processing.  That would tend to conflate multiple users who
> appear to the server to be at the same IP-address.  My in-house
> router's IP-address changes infrequently, even though I'm only on
> ADSL and haven't paid the requisite extra for a fixed IP-address.  So
> it might be used as a proxy for {my device, me, all users of my
> device, (if I'm running NAT) all users of all devices that are within
> my sub-network};  or it could be used as part of a more complex
> algorithm in an attempt to infer user-identity.
>
> --
> Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/
>
> Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
>                    Tel: +61 2 6288 1472, and 6288 6916
> mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/
>
> Visiting Professor in Info Science & Eng  Australian National University
> Visiting Professor in the eCommerce Program      University of Hong Kong
> Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>

More information about the Link mailing list