Ask Hackaday: What Is Amazon Thinking By Entering The Palm-Reading Business?

Have you heard about this One? At least three United States senators have, and they want to know what Amazon plans to do with all the biometric data collected by the Amazon One program. It’s their new contactless payment method that uses your unique palm print instead of cards or phones to make purchases, gain access to venues of work and play, and enter or pay in whatever other spaces Amazon can invade down the line. The idea is that one day, we’ll all be able to leave our homes without any form of money or ID of any kind, because we’ll all be stored away in Bezos’ big biometric file cabinet.

We tossed this one around in the writer’s room back when the Amazon One concept was nothing but a pile of buzzwords and a render or two, but these kiosks are now active in 50+ Whole Foods and Amazon 4-Star locations across the US. Here’s the deal: you can only sign up at a participating store that has a kiosk, because they have to scan your palms into the system. We were worried that the signup kiosk could easily take fingerprint scans at the same time, but according to the gifs in Morning Brew’s review, it just uses another of their point-of-sale palm scanners along with a touch screen and a card reader. But you still have to hover your entire hand over it, so who’s to say that the scan ends where the fingers begin?

Your Biometrics Are Worth More than $10

Registering for Amazon One, a contactless payment and ID system.
Registering for Amazon One using an Amazon One scanner. Image via GeekWire

So then you give it your phone number and insert whatever credit or debit card you want to tie your hands with tie to your hands, and the thing scans both of your palms in the name of convenience. See, this way, you don’t have to remember which palm you signed up with, and going forward, you can pay for stuff with either hand if you happen to be holding a wiggly toddler or a big bag of dog food under one arm or something.

And then voila, in exchange for a measly $10 in Amazon credit, they have a copy of both of your palm prints forever more. You know, that unique pair of bio-identifiers that can’t be swapped, only maimed or destroyed. Oh, but according to the Help page, palm prints are not stored in the kiosks, they can be deleted whenever you want to cancel your account, and they’ll automatically disappear from the database if you don’t make an Amazon One purchase for two years. Right.

So, how much is relative anonymity worth to you? Would you give it up for the convenience of paying for things by scanning your palm? Plenty of people use their fingerprint to unlock their phone, not that they’re the type to read Hackaday. Is having both of your palm prints on file with Amazon any creepier than storing your fingerprint on your phone to unlock it? Of course it is, because your phone (presumably) is not sending your fingerprint to, say, Samsung. But let’s be clear: using your biometric fingerprint is still not great — as Elliot Williams wrote years ago, finger prints aren’t secret, they’re not hashable, and you can never change them.

Go Ahead, You Know You Need That Coffee

Illustration of woman paying at a coffee shop using a palm print
This woman’s about to pay for coffee with her palm print while the cyclist in line behind her searches for his wallet.

We think it’s telling that Amazon is using a cartoon woman and a cartoon world on their landing page to sell this idea, because it detracts from the seriousness of the issue of having a database of people’s palm prints. Just what is Amazon planning to do with this handy database? The mind reels.

What do you think, Hackaday? Shouldn’t we be trying harder to keep corporations at arm’s length? They’re already trying to scan in our bodies so they can create the perfect custom t-shirt. Does any of this make your skin crawl?

63 thoughts on “Ask Hackaday: What Is Amazon Thinking By Entering The Palm-Reading Business?

  1. Yah, Yah. When it comes to this sort of thing everyone is worried about big brother and/or bit corp using it to track us everywhere. (as if they don’t already have that information).

    I predict that rather than the start of an orwelian dystopia this concept will just flop. (not that something else couldn’t be the start of the dystopia).

    TFA even links to Elliot’s past comments on the theme. Biometrics as passwords suck. As soon as this thing or something like it catches on it will start to get hacked. And a bad idea that keeps coming back will finally die for good.

    The idea of an implantable rfid chip for buying things I like. So long as I know where it is implanted, close to the surface so I can always choose to cut it out. Being able to change the id number on it myself would be nice too. (you think that defeats the purpose? It’s not like one cannot type different numbers when paying by credit card online today)

    And sure, talk about implanting numbers and the crazy religious people will go all 666 on you. But that’s just dumb. If nobody is making you swear fealty or opposition to any god to get the implant then it’s not what your holy book talks about.

      1. Hacks the database, buys palms on the dark web. Latex gloves printed with your palm print on the outside. Now they have access to your whole life, job, bank balance, house, car.

        1. Who is “THEY?” Have you ever met “THEM?” What do “THEY” look like? Sounds like you have a lot of time on your hands and your imagination is getting the best of you. I know you are just joking though :). BTW, maybe THEY just want to start a business to tell you your future. Well maybe not YOUR future, but …

          1. Who is they? The people responsible for the roughly 5,127,000 Millions of dollars of fraud yearly perhaps. It’s only going to help them by making our passwords visible to anyone with a camera or willing to snatch that coffee cup from the garbage.

        1. We’ve all seen Guardians of the Galaxy, we all know how they escaped from the Kyln:

          – A security band (fused to guard’s hand)
          – A battery
          – A prosthetic leg…for laughs

          I done sawed it myself.

  2. Ah, yet more bollocks.. what is wrong with chip and pin, cash, even those awful NFC contactless cards and phone payment systems, all seem both secure and reliable in comparison… And I can’t say I’m a fan of the implementation on some of them too…

    I wonder how hard will it be to spoof this system, faking fingerprints from a fingerprint scan or lift has been done before, for ages in fact, doesn’t seem like this will be any different. Not that I’ve seen these systems in person or even know exactly what they are looking at and how.

      1. And? Who now can actually be without their mobile phone/ its baby watch cousin, it seems to be basically mandatory to have communication devices on you at all times…

        Personally don’t understand that, but it is what people are like… and those NFC cards have been butchered and turned into jewellery like rings before too. Its not like paying for stuff is asking you to carry anything you wouldn’t be anyway…

        And that doesn’t even account for how often its likely to work – anybody who works with their hands probably won’t ever get a payment accepted! Or the system is so insecure even an out of focus photo or line drawing of a few key features will be enough… I know my hands are constantly getting scratched, scuffed, dirty, oily, painty, blistered in new ways, fingerprint scanning basically never works.

        Nor does it address the creepy and risky factor of giving somebody else so much information on something you can’t change permanently (easily at least) – not like its a password that when the data centre is breached you can change…

        1. All that is off topic. You asked “what is wrong with {a bunch of stuff}” and the thing that is wrong with all of that stuff is that you can forget them.

          The problem description is “people would like to pay with something they can’t forget.” The solution is to pay with a body part.

          It would be akin to asking “what is wrong with a wheelborrow?” on a post about the latest heavy lift cargo plane.

          1. And you can forget the keys to get back into your home, the passcode for your computer – anything can be forgotten. But most folks don’t forget their daily essentials – like clothing, the door key and phones…

            And in this case carrying the objects in question is trivial, a few grams (and its generally not extra weight as these days you would be carrying them anyway)… Its not at all like what is wrong with a wheelbarrow vs a Herky bird – that is orders of magnitude different in scale, perhaps more like what is wrong with a trolley vs a wheelbarrow, subtly different in operation, but actually comparable in scale..

  3. Fortunately, in the US, one can still pay with cash… I do take advantage of that quite frequently. The main problem is that cashiers can’t do the math to figure out the change, so if I try to give them a dollar extra so they can return a ten instead of nine ones their eyes glaze over and I can see the “oh shit, what am I supposed to do now?” on their face…

    1. A cashless society is so much better though. Can you only imagine how COVID stuff is on paper currency? Not to mention for about 20 bills you can shake them and get a small rail of … I think it is those aliens that are running things just like I saw in the 1988 movie “They Live.” No worries, the companies just want to read your future and warn you of any impending personal danger.

    2. An advantage of using cash is that it is reasonably traceless. As long as cash is still an alternative the Orwellian stuff with e-payments won’t kick in otherwise people will just go to back to cash. Once everybody has moved away from cash (including all the stores) and it is practically impossible to use anymore, 99% of the population will be happy with whatever they do from that point onwards, they will put convenience over anything else as usual. As all the payment systems will be operated by private companies, they could easily then stop ‘undesirables’ purchasing anything, including food. You don’t have the correct views (you don’t support a worldwide corporate tyranny) you don’t eat. There is already talk about using browsing/purchase history to determine somebody’s credit worthiness: https://blogs.imf.org/2020/12/17/what-is-really-new-in-fintech/. Might sound paranoid but tyranny seems to be the historical default setting for most political and economic leaders unless there is significant resistance to it.

  4. I fully trust governments and corporations to do nothing wrong with my personal, biometric, or any other data. I’m an open book! If you’ve done nothing wrong, you have nothing to fear.

    1. What you do today may be illegal tomorrow and all the databases $THEY build of your transactions today may be a problem tomorrow.

      At all cost, we should give them only as few information about us as possible.

        1. A “white” drinking fountain was a fountain with a sign “For Whites Only” (i.e. white people), it didn’t imply the color of the drinking fountain.
          Sometimes, there was another fountain (often in a less visible location) with a sign “For Colored People” (i.e. anyone non-white).
          It was the same with toilets/restrooms (e.g. the restroom in the “Hidden Figures” movie) or restaurants.
          Often the “colored” facility was a lower standard than the “white” facility, e.g. an outhouse (dry loo) for coloreds and flush toilets/running water for whites, tables, tablecloths, chairs for whites dining inside, and picnic tables out back for colored.

          I suspect [Chuck Nash] was being facetious or sarcastic, but just in case…

    2. Either jake is sarcactic, or he needs to spend a while living under Jinping’s social credit system to see where this all leads. Will he enjoy that?

      The very idea of “done nothing wrong” makes no sense when those running the system are deciding what is defiend as “wrong” and constantly modifying it to meet their interests. And when they often set valeus for “wrong” which forbid what moments ago were regarded as human rights.

  5. So I am now curious. I am going to 3d print a right and left hand and see if it is possible to link a printed hand to this. If so then it is a faulty idea from the jump. A fairly decent picture of some ones palm could then be used to recreate their hand and utilized to make illicit purchases.

  6. Bartenders have been scanning their customers faces and adding purchases to their tabs for quite a while and it seems to be widely accepted. The new thing is using palms and computers, and new things are scary.

  7. This might be a preferable method to other methods (Iris, face, etc.) because it’s voluntary. You can conceal your palm.

    I might be ok with this because let’s face it, passwords are the dystopian nightmare. Here you’ve got a machine that is perfect at remembering things querying a human, who is horrible at remembering things for an esoteric piece of information that is meaningless to the human and then teasing him or her relentlessly when he or she gets it wrong “that’s not your password, hah hah! Try again loser!”

    So if it saves me from having to enter passwords everywhere then great.

    The correlary question of course is whether I trust Amazon to be the broker of my security and I’m still dithering on that one. I certainly don’t trust FaceBook.

    1. The answer to that last question should absolutely be “no”. “Do you trust a group with money, connections, power, and no oversight to handle your personal security and biometric records?”

      1. As they are built entirely around efficiently turning a profit, and have a track record of not fucking up massively, unlike some other companies like Facebook who are built around selling your private details, and shoving ads down your throat, seems to me like they are a trustworthy as most government – in practice everything you said often applies to those at the top of governments too! So I’d not call that a ringing endorsement.

        But if the world really has to go that way I’d rather have Amazon than most of the current international corporates… Not keen on the idea mind you, seems pretty awful to me…

  8. I’m not their customer. Never have been, never will be.

    It’s not a paranoia thing. “They” sure know about me, it’s their business. I interact with enough schmucks who have a gmail address, for example. If the data gurus at Google can’t “graph-triangulate” me, they ain’t worth their salt. I’m on mailing lists, I post to sites (like here). I don’t hide.

    It’s not that. It’s just that I find it… disgusting. As in a poo-smeared toilet seat disgusting.

    I don’t want to be treated as cattle. So I take my business elsewhere.

    1. You appear to be conflating Google, the privacy ignoring data-grabbing machine, with Amazon, the delivery-making money-taking machine.
      Amazon have no incentive to abuse your data. They make their money from selling you stuff. Google and FB make their money from selling you.

  9. And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, but they shall haveth Amazon Prime.

    1. the 666 part is not needed until the smart-device runs out of battery and needs a recharge…

      as far as i know, modern smartphones and other stuff dont have much, if any old-school diodes… but your usb wall adaptor includes old-school diodes to rectify the wall socket power for the SMPS inside

      and whats the voltage drop of those old-school diodes?
      do i hear a faint grumbling of zero-point-sixsixsixsixsixsix ?

      so yeh, anyone using QR codes to cross-reference spiritual passages is either clueless or looking to bug your phone. REAL “spiritual informers” come back with untraceable pieces of paper with obviously legit human-readable URLs the next week so anyone can join such a spiritual journey…

      instead of being scared off by finding out that store employees have the ability to track them down and have them prosecuted to the fullest extent of the law, the bugging, and the unsolicited advertising are seperate, fishy to me, no interest in speading passages unless its a QR code, every week until i gave her a piece of my mind, and i never reminded her of the solicitation law she was breaking!

  10. Nope. Just nope. Amazon can go pound sand.

    At least my debit cards can be cut up and cancelled if they start causing me trouble. I’m sure as heck not going to mutilate or remove my hand when (not if) this idiotic idea becomes a huge security liability!

  11. This article is less of a “conspiracy theory” and more about a new business practice of a major retailer in the US. And, if you were to reread the article, you might notice that it doesn’t say anything about what Amazon WILL do with the biometric data, only that it’s a scary thought that Amazon has the data and something unpleasant MIGHT come from that. THAT is the point and substance of the article in my reading. :-)

    Random people spouting their conspiracy theory du jour in comment sections about what the government/Apple/aliens are doing is, I would suggest, different. :-)

    1. That’s right.

      And given their business idea to sell Ring door-cam feeds to local police departments, I think that it’s probably reasonable to think about what they “could” do with this palm-print data that would violate the Third Ammendment, and maybe the Fifth, if it were done directly by the police departments.

      https://www.theguardian.com/commentisfree/2021/may/18/amazon-ring-largest-civilian-surveillance-network-us , etc if you haven’t been following that one. (Although, there’s already starting to be enough blowback that they’re changing a little bit: https://www.eff.org/deeplinks/2021/06/ring-changed-how-police-request-door-camera-footage-what-it-means-and-doesnt-mean).

      What will they do with our palm prints? Sell them to the police. Yes, you are not a criminal, and neither am I. That does not make the police accessing their database of palm prints constitutionally acceptable.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.