Have you heard about this One? At least three United States senators have, and they want to know what Amazon plans to do with all the biometric data collected by the Amazon One program. It’s their new contactless payment method that uses your unique palm print instead of cards or phones to make purchases, gain access to venues of work and play, and enter or pay in whatever other spaces Amazon can invade down the line. The idea is that one day, we’ll all be able to leave our homes without any form of money or ID of any kind, because we’ll all be stored away in Bezos’ big biometric file cabinet.
We tossed this one around in the writer’s room back when the Amazon One concept was nothing but a pile of buzzwords and a render or two, but these kiosks are now active in 50+ Whole Foods and Amazon 4-Star locations across the US. Here’s the deal: you can only sign up at a participating store that has a kiosk, because they have to scan your palms into the system. We were worried that the signup kiosk could easily take fingerprint scans at the same time, but according to the gifs in Morning Brew’s review, it just uses another of their point-of-sale palm scanners along with a touch screen and a card reader. But you still have to hover your entire hand over it, so who’s to say that the scan ends where the fingers begin?
Your Biometrics Are Worth More than $10
So then you give it your phone number and insert whatever credit or debit card you want to
tie your hands with tie to your hands, and the thing scans both of your palms in the name of convenience. See, this way, you don’t have to remember which palm you signed up with, and going forward, you can pay for stuff with either hand if you happen to be holding a wiggly toddler or a big bag of dog food under one arm or something.
And then voila, in exchange for a measly $10 in Amazon credit, they have a copy of both of your palm prints forever more. You know, that unique pair of bio-identifiers that can’t be swapped, only maimed or destroyed. Oh, but according to the Help page, palm prints are not stored in the kiosks, they can be deleted whenever you want to cancel your account, and they’ll automatically disappear from the database if you don’t make an Amazon One purchase for two years. Right.
So, how much is relative anonymity worth to you? Would you give it up for the convenience of paying for things by scanning your palm? Plenty of people use their fingerprint to unlock their phone, not that they’re the type to read Hackaday. Is having both of your palm prints on file with Amazon any creepier than storing your fingerprint on your phone to unlock it? Of course it is, because your phone (presumably) is not sending your fingerprint to, say, Samsung. But let’s be clear: using your biometric fingerprint is still not great — as Elliot Williams wrote years ago, finger prints aren’t secret, they’re not hashable, and you can never change them.
Go Ahead, You Know You Need That Coffee
We think it’s telling that Amazon is using a cartoon woman and a cartoon world on their landing page to sell this idea, because it detracts from the seriousness of the issue of having a database of people’s palm prints. Just what is Amazon planning to do with this handy database? The mind reels.
What do you think, Hackaday? Shouldn’t we be trying harder to keep corporations at arm’s length? They’re already trying to scan in our bodies so they can create the perfect custom t-shirt. Does any of this make your skin crawl?