Skip to content

Amazon.com STORES customer’s credit cards without express permission – this also leads to fraud – which is EXACTLY what happened to ME!

Yesterday I happened to check my Amazon orders in process and discovered, to my horror, that someone had placed an order on our account and that the item was ‘preparing for shipment.’

While it was ‘only’ a $140 computer gaming mouse, and I happened to catch it ‘in time,’ this event brought up several issues I have (and have raised with Amazon customer service repeatedly) with their fiduciary responsibility to their customers.

I have purchased, literally, tens of thousands of dollars worth of goods on Amazon over the years. Usually this process has gone well and there are any number of good things I could say about their product selection and ordering process.

I have also usually found their customer service to be superb – highly responsive and extremely efficient at solving even the smallest problem.

So it is with some discomfort that I bring forward the true nature of my complaint.

Simply put, there is NO excuse for the irresponsible manner in which Amazon’s back-end order processing system STORES users’ credit cards. Not only does it store them – but it does so entirely without the express permission of the customer. Im NOT talking about some fine print legal runaround wherein Amazon can probably correctly claim that we – the customers – gave them some blanket permission to do whatever they want with our credit cards and store them. I’m talking about the fact- in the glaring light of day – that this company stores every credit card you ever put in their system and does so without asking the customer.

In an age of hacking, identity theft, and egregious breaches of e-commerce and other sites with critical personal and private information this is UNACCEPTABLE. It is an unacceptable risk policy and it is made even more so by the fact that it is done surreptitiously.

Which leads me to my next point.

I notified Amazon customer service of the breach of my account and the associated fraudulent order. Their response?????

They notified me that they (after I notified THEM) had noticed account activity that appeared to be a breach of my account and they were changing my password to a temporary password and blah blah blah.

ARE THEY SERIOUS?

I notified THEM.

I had already changed my username/email, my password, and deleted all vestiges of stored credit cards (6 of them).

THEY did NOTHING. Except make me have to change my password again. I had already deleted the as yet unshipped order. Or cancelled it or whatever. Fortunately it had not shipped yet – to some guy in Kansas or whatever.

All of this speaks to a shoddy system. I’m a cybersecurity student. I knew that some day this would happen. Amazon claims that it has nothing to do with stored credit cards but I ask you – how exactly would this person have been ABLE to place – successfully – an order using our account if it were NOT for the fact that there were stored credit cards???????

The answer? IT’S IMPOSSIBLE. No matter what Amazon customer service says. No credit card… NO ORDER.

It stores the WHOLE THING – and doesn’t even ask for a CCV. If you have one click ordering – it’s another DISASTER.

My family has gotten so used to using our Amazon Prime account – partially because it is SO EASY to buy things without even giving it a second thought. Click and buy.

Great if it is authorized purchases. NOT GREAT if it’s some hacker in Kansas.

YOU DECIDE if they are playing with our money for the sake of ease of ordering – which serves THEM most of all because it ramps up their profits BIG TIME. Easier and easier ordering is inversely correlated with privacy and security.

It’s even WORSE because our ‘credit cards’ are actually debit cards and the money comes directly out of our bank account.

I’m going to post this on my two blogs as well – personal and cybersecurity.

By the way – Amazon also tried to pin this on us – saying that we should avoid clicking through in emails (spoofed obviously) that ask us for account information.

REALLY??????????

Gee. I think that I have enough functioning and firing neurons to have figured that out and so did my family – like 10 years ago.

Who are they kidding?

Advertisements

Experiment: To what extent can I disengage from Web-based data-mining companies?

I’m looking at this experiment as a learning tool for my current studies in cyber/info security.

I’m also looking at it from the perspective of the potential benefit (or lack thereof) that I may derive in terms of greater (perhaps future) privacy (what good is a site called “A Little BIT Safer” if not for this?)

I started by changing my email address. I know that NO unencrypted email is safe, regardless of address – but using a non-Gmail address gives me more control, and is one step on the way towards extracting myself from the Google product labyrinth.

I spent several HOURS attempting to eliminate all current connections and product links from same on the Google site. Everything – even location information. Where necessary, I put in ‘incorrect’ information – if a form field required it.

I do not think I completed the tasks – but I did spend at least 4 hours eliminating whatever stored details that I COULD control.

I could have probably taken a simpler route (who knows if it works) and simply deactivated or closed my entire Google account. I was not prepared to do this since I am still working on saving my emails locally using Thunderbird.

This will be INCOMPLETE at best, and it certainly has (from what I’ve learned thus far) little or even NO effect on ‘history.’ I entered into this experiment fully aware of that. There is nothing that I currently know how to do (maybe some day) that can change that.

Once I have taken care of what I CAN control vis a vis Google and the other social media sites, I can use my LastPass Vault to access the dozens of sites that I log into and change their login credentials to suit my needs. That is one good thing about having gotten comfortable using LastPass. I don’t have to remember all of the places I actually use since they’re all collected in the Vault.

Other tools I am using or planning to use/experiment with (I know… yawn… many have been around for ages – all are free):

1. I use Comodo’s IceDragon (a modified version of Firefox) – it is excellent.

2. I use Thunderbird for my email client – and I use a digital certificate to digitally sign my emails (but I need a new one for my new non-gmail address)

3. I am using DuckDuckGo (see vid below) for my search engine – I like their explanation of how they work.

4. I use SpiderOak for cloud storage (because of their zero-knowledge policies)

5.  I use 3 layers of anti-malware/antivirus: Comodo Internet  Security 2012 Pro (free for me :-), Malwarebytes Anti-Malware, and Spybot Search & Destroy – all resident in the system tray and all tailored for max. benefit w/o too many false positives.

6. I also use a bunch of other utilities like Glary and CCleaner and Speccy. You can get a lot of great, crap-free (no extra junk) stuff from a site they taught us about in school called Ninite.com   I HIGHLY recommend it. The ‘installer’ is COMPLETELY free of extra junk. Just the program. Also, if you already have a version of a program that is ‘newer’ than Ninite has, it will know just to ‘skip’ it and tells you that it did so. You can’t go wrong. They certainly do not have everything – as you can see from what I use – but it’s a good starting point. It’s good for Windows and Apple and Linux I think.

DUCKDUCKGO PRESENTATION!

Why Google Has Too Much Power |NYT articles : Just scratching the ‘gates’ of the mines….

The Emperor of All Identities
Google’s aim isn’t only to sell ads, it’s to collect personal data: yours.

http://www.nytimes.com/2012/12/19/opinion/why-google-has-too-much-power-over-your-private-life.html?smid=pl-share

U.S. Inquiry of Google Is Expected to Press On
Google must submit a plan in January to change its practices to avoid a fine or finding of wrongdoing, Europe’s top antitrust enforcer said.

http://www.nytimes.com/2012/12/19/technology/google-wins-time-from-eu-antitrust-enforcer.html?smid=pl-share

I think that the real issue isn’t going to be these ‘revelations’ and court cases – but the issue of how we can all learn what we can and maybe ‘should’ do to protect ourselves to the best of our abilities.

I have nothing personally against Google or Facebook. They’re companies and they make a lot of good products that billions of people like. They are just corporate entities though – and if history teaches us anything it’s that 99.9% of corporate entities do not act in our personal realm of ethics and morals – or at least the don’t until they get caught or forced to do so. It’s why we have regulations and laws that go along with capitalism, obviously.  We all know that the game (usually) is to maximize profitability and shareholder value. It’s kind of absurd to argue otherwise.

I started this blog because I wanted to educate myself (and others) regarding things like the safest means of using email, learning where and how my data is stored online, and perhaps continuing to investigate and understand what my digital fingerprints have touched, and if there is anything I can do about it.

I don’t know why it takes these governmental investigative agencies so long to act.

I suspect that for a lot of people the fingerprints are permanently etched and what can be ‘done’ is less than many people (including myself) would like to do in terms of clean-up.

I do want to give people a sense that there is HOPE though – with proper training and (hopefully) simple enough tools.

I do know that many hundreds of writers, bloggers, podcasts, security specialists, and countless end-users have been stating the ‘obvious’ long before I came along.

I’m just trying to figure out what to do about it.

Hopefully as I gain the cybersecurity education (formally) and mix it in with my life/work experience I will be able to help myself and others do what ‘can’ be done.

Maybe even help a bit in training newer users regarding how to (like my tagline) ‘navigate the digital(mines) and play IT Safe(er).’

If you had to list the Websites that have your stored credit card info, could you?

This seems like a pretty simple question. But I know that I probably could NOT answer it with any degree of certainty…. which is kind of scary.

If you had to list all (or even 90%) of the Websites that have your credit card information stored on their sites…. COULD YOU?  

Did you even know that some of these sites do this without even telling you that they do so?

The one that I use – without naming names – is one of the biggest in the world and certainly does this. There may be something buried in the fine print.

I do KNOW that in order to make a purchase using a credit/debit/whatever card I have to enter it and it gets auto-stored (as I call it).

There is NO option for this NOT to happen. NONE.

After the purchase is complete then I have to go back in every, single time and manually delete the card it just stored.

Me no like that.  I asked them about it and I just got the runaround – about how safe it was and so forth. I want the option (wouldn’t we ALL????) to have this NOT be the case?

Am I alone in this? Did you take a look at the list of data breaches on privacyrights.org ?

Another related question:

If you had to list all of the so-called ‘cloud storage’ sites that you either use or have used (which usually means they still have your info) – COULD YOU?

I know I had a hard time with this one too: Mozy, Dropbox, SkyDrive, Google Drive, CX.com, Sugarsync, SpiderOak – and do you actually know WHAT is on each of them?  Oh, and let’s not forget about some of the ‘sync’ programs like Crashplan, that I had to spend hours and 20 emails on to get my account deleted? Do I even know if it is really done?

This is something to think about. Just these things – the stored credit cards and the offsite/cloud-storage/data-synch/whatever name they go by companies.

It certainly is for me.

I want ta program that I can use that tells me where everything is stored so I can go and see if I think it’s safe there. There ARE ‘safe enough’ places for certain kinds of data – and then there are places where nothing is probably entirely safe. I like SpiderOak because of it’s security policy. But I have a LOT of work to do regarding the credit cards and other GB of stored data.

Don’t you?

Useful Security Information for ALL of us at Privacyrights.org and Electronic Frontier Foundation (EFF.org)

Consumers, small business people, and just about anybody with an interest in learning what’s really going on can benefit from two sites I have recently started to use much more frequently to try to understand some of the basics of what people ACTUALLY face every day (and it applies to online and offline transactions and things you would not necessarily even think about)

As a cybersecurity student and blogger, I have, of course, had to face the avalanche of daily information from such diverse sources as blogs, podcasts, e-zines, mainstream media, LinkedIn groups, other social media sites, and on and on when it comes to trying to filter and understand the who/what/when/where/how and why of information security.

Two sites that are extremely well known and are not news to any of those experienced people  – but are pretty new to me:

Privacyrights.org  Privacy Rights Clearinghouse: Empowering Consumers, Protecting Privacy

and

Electronic Freedom Foundation (EFF.org) Electronic Frontier Foundation: Defending Your Rights In The Digital World

There is lots of really straightforward, practical advice on how to begin to protect yourself.

The list of data breaches that privacyrights.org has collected since 2005 (something over 605,000,000+) was enough to scare me silly 🙂

New Online Game Trains Kids Against Cyber Attacks | What about the rest of us? It’s overwhelming…

New Online Game Trains Kids Against Cyber Attacks | Armed with Science.

This seems like a good approach – It is targeted towards 6th-8th graders. I do wish there were similar ‘games’ for high-school aged kids as well. There may be… if you know of any that are like this let me know. This is a joint effort between the Army and the National Science Center.

Security Awareness without making it overly complex, intimidating, and filled with jargon. It seems like an approach that could actually work for all age groups if done in a clever manner. The feedback I get from adults is that it is absolutely overwhelming to try to learn all of the things that they ‘need’ to learn to be safe and have a modicum of privacy.

I can relate to that. It may be that as generations move on it will become second nature and the tools will be much more user-friendly – or even transparent and require no user knowledge. I understand that that is how technology usually works. BUT – what about the hundreds of millions of people right now, who are too busy and stressed and on information overload to try to absorb yet another body of knowledge.

I know people might respond that we can, perhaps, incrementally train each other  – but from what I understand, even the ground-rules keep changing… one day you hear that you should always use sites with HTTPS and not HTTP for transactional/personal ID stuff… and then you (or I) read that even that isn’t entirely true or safe – my own textbook states that these HTTPS sites can be spoofed as well.

And… from what I understand, even though something like HTTPS has been around for quite a LONG time, many people aren’t even AWARE of its existence or use (or LACK thereof – which is what ‘matters’).

I’m just speculating out loud – as a second semester cybersecurity student. I see that from my LinkedIn groups there are dozens, if not hundreds of articles on all of this – and in blogs – and in podcasts. It’s so overwhelming that even I don’t know how to filter it.

That’s the truth (or my truth at the moment).

 

2012 KPCB Internet Trends Year-End Update: Excellent historical/trend analysis by Kleiner Perkins

Kleiner Perkins calls it “Re-Imagination” in the context of the changes that have been/are taking place in this arena.

Indeed, as some have suggested, the future might not have as many open Windows as you might think!

But who really knows? There are always unforeseen obstacles and circumstances that these companies and their products run into along the way that can temporarily or permanently derail them. For example, which of them will end up using Numenta’s (Jeff Hawkins) GROK before the other and to what end? (see my previous posts on this paradigm shift)

This is a great slideshow to flip through though.

(I want to thank my brother for providing me with the link to this material – he’s in the tech field and very up to date on trends/analysis)

I think that this is one of the pages that seemed to clearly indicate a major market change – a decline in Microsoft’s control and dominance – and perhaps (and I say this very cautiously) a decline or even ‘fall’ of Microsoft to whatever extent that is possible:

slide-24-638

The future was born here… You will look back and see it I think… Jeff Hawkins 2012 ICSA Speech

THE MONUMENTAL  significance of Jeff Hawkins’ lifetime of learning about neuroscience and integrating it with computer science (as one of the FATHERS of mobile computing  – inventor and founder of Palm and Handspring) – this CONVERGENCE – cannot be overstated or overemphasized.

I could be completely wrong – and t/his company, Numenta, along with his ‘theories’ (even though they are now being implemented in actual working machines which you can SEE) could somehow flop because something unpredictable happens.

That kind of thing does happen, and is possible in life, of course.

So – I can only say what I THINK will happen.

I hope Mr. Hawkins would like my tribute  and homage to him here, and my initial attempt to share my understanding of what he is saying and has said (in his book and afterwards in many times and places). 

If I err, it is because my brain is an imperfect (for certain) hierarchical memory-prediction system.  My brain still needs serious ‘training,’ and I’m trying to train it – even though I did start at a pretty young age 🙂 

I am training it now in the IT field and cybersecurity, but I do have Gigabytes of partially useful information and I’m perpetually fascinated with SO many areas of life – but especially brain science and cognitive psychology and now this convergence.

I think that this convergence, and his company called Numenta (or whatever it morphs into by the time it becomes ‘well known’) will create the biggest leap forward in so many disciplines that it is hard to list. Perhaps it on par with Einstein’s Theory of Relativity (but for the brain and intelligence).

After all, he is/was friends with Watson and Crick (yes, that Watson and that Crick of DNA fame) – or whichever one of them is around these days. I don’t call exactly.

This history goes back roughly 30 years if I recall correctly.

Mr. Hawkins fits into that mythical lineage of people who come from that most mysterious and phenomenal (and understated) places – Bell Labs. If you ask most people what the heck that place is or was, they would not know, despite what originated there.

Which is just about everything having to do with 20th century technology in one way or the other…. or close to it.

No, he didn’t work there, of course. I’m just saying it in a metaphysical sense.

His first job was at Intel – where they turned him down when he wanted to study brain science and he ultimately left to… well.. you can read about that.

NOTE: from hereon in, I’m going to use the same linguistic shortcut that Mr. Hawkins does when he uses the word BRAIN.

BRAIN – for the purposes of this discussion, means the cortex and not the entire human brain, which is not what Mr. Hawkins is trying (or has succeeded) to translate into intelligent machines.  This was his goal and he has succeeded thus far as Numenta proves.

As I understand from his book, neuroscientists and AI people were not even looking in the same place that Mr. Hawkins did (does) when it came to (comes to) understanding intelligence, the brain, and certainly not machine intelligence. 

In fact, MIT rejected him when he applied to work/study/teach there in the AI department because they just didn’t agree with his conceptualization of what machines could become.

He was correct and if I understand it correctly, they were wrong.

I have only skimmed the book so far since I got it last night,  I am SO completely enthralled by his vision and dedication, and unwillingness to be deterred by detractors who said that only AI  (traditional) could or would be the future of intelligent machines.

Mr. Hawkins rejected this notion AGES ago.

Just so I’m being clear, Mr. Hawkins is not talking about building (ever) anything that is a replicant of a human – he’s focused on the cortex – that area that is the seat of intelligence and learning. 

No Androids dreaming of electric sheep. Not even our beloved Mr. Data, I’m sorry to say.

Nothing that could pass the Turing test (if I’m correct) – which is a fascinating test but is an AI benchmark and not what Mr. Hawkins is striving for – or what he predicts intelligent machines will be used for or function as.

He’s very explicit about the aspects of ‘human nature’ that he’s leaving out – because he is focused on the cortex and the cortex is only a part of what makes us humans, or how human brains interact with our bodies, if you get my point.

It is far, far better if you let him explain why this was the case and still is the case – why AI will NEVER ‘complete its mission,’ as it were.

No amount of memory and processing power can make it so (yes, Jean Luc) because the manner in which AI folks (at MIT or wherever) were going about it missed the entire point of HOW the brain works.

Mr. Hawkins figured out how the brain works, and how it CAN be ‘translated’ into machine language (and I don’t mean that term in the IT definition of the word).

He didn’t START from the machine and work backwards and integrate, or try to make a machine behave like a human brain.

He worked the OTHER way around – first doing groundbreaking work in how the BRAIN works – as a hierarchical, memory-prediction system (he sticks to the cortex – the seat of ‘intelligence’ – which is an important distinction). 

Then, he figured out (and already obviously had vast IT experience) how to integrate that brain memory structure/design into ‘machines’  – he didn’t even have (or really need I suppose) an ‘actual’ machine at the time with which to test his (then) theory – he knew what he needed and how it would work and the industry would ‘catch up’ to him because of the inherent properties of ‘change over time’ that we all know exists in technology – ie – Moore’s Law, etc.

Well, MB turned into GB which turned into TB and more – we  ALL know that of course. I can carry a TB external HD in my back pocket (and even sit on it since it’s mil drop spec 🙂

So – the resources that he could not find to back him in the bad old days when he worked at Intel or even in the mid-1990’s and so forth – those hardware resources are now available, and at a fraction of the cost of what they used to be.

Now – there is GROK.

And GROK is ‘just’ a ‘phase one’ implementation of Mr. Hawkins’ ideas – but GROK has real teeth and you can use it and buy it and it works.

I cannot go into depth about how and why.  I am simply in awe of this visionary.

He stated (in On Intelligence) that parts of this theory (like all theories) could/might be proven inaccurate and need amendment or change.

But so it is with any scientific theory and the scientist who creates it.

He gives credit to the shoulders he stands/stood on, while supporting his main idea to the point of asserting that it WILL in fact revolutionize human understanding of how brains work, intelligence works, and ultimately what can and cannot be done (and is now being done ) in the new world of machine intelligence – Intelligent Machines (NOT, as he explicitly states, Artificial Intelligence or AI).

I don’t know if Numenta, Inc. will be the name of the company you see at the IPO 🙂 but if I were you,  I’d be on the lookout for whatever it does become.

If you DO keep an eye (through the newsletter, Twitter feed, Facebook, YouTube, etc.) on Mr. Hawkins, and this company and what he creates, you will most likely be watching the birth of a new era.

I don’t know how else to put it.

Here is one YouTube video to get you started. It’s certainly not bedtime reading, as it were. But it’s done well enough that even though the audience is a bunch of tech weenies (:-) I think that if you pay attention (and maybe know what binary is) you can follow along.

If not, then I will be posting other videos and sources of information about Numenta and his brain science theories and so forth. And I strongly recommend reading ‘On Intelligence,’ even though I would have loved to have edited it a bit since it is a bit awkward in terms of sentence construction. It’s probably intentionally written as such – since there was a NYT science writer editing it with him – but I’m still a bit surprised. He’s a fellow NY’er – and I’m sure it was meant to reflect his natural speech style. It’s not a big deal.

My memory-prediction system was predicting different linguistic patterns – that’s all it is. Otherwise, the ideas are Earth-shattering!

 

There is a TedTalks vid that I want to watch and probably will post as well.

I do hope that Mr. Hawkins will come to speak in NY sometime soon – I know this isn’t ‘new’ news- because analysts have been following him and his companies for ages now – but this IS a new iteration of his creativity. And it is the first beta-testing and testing of his GROK-ster.

GROKster the Rockster.

Clutch before shift: The Jeff Hawkins pre-GROK book: On Intelligence (yes, it’s an e-book too)

On Intelligence by Jeff Hawkins

From the inventor of the PalmPilot comes a new and compelling theory of intelligence, brain function, and the future of intelligent machines. Jeff Hawkins, the man who created the PalmPilot, Treo smart phone, and other handheld devices, has reshaped our relationship to computers. Now he stands ready to revolutionize both neuroscience and computing in one stroke, with a new understanding of intelligence itself.

Hawkins develops a powerful theory of how the human brain works, explaining why computers are not intelligent and how, based on this new theory, we can finally build intelligent machines.

The brain is not a computer, but a memory system that stores experiences in a way that reflects the true structure of the world, remembering sequences of events and their nested relationships and making predictions based on those memories. It is this memory-prediction system that forms the basis of intelligence, perception, creativity, and even consciousness.

In an engaging style that will captivate audiences from the merely curious to the professional scientist, Hawkins shows how a clear understanding of how the brain works will make it possible for us to build intelligent machines, in silicon, that will exceed our human ability in surprising ways.

Written with acclaimed science writer Sandra Blakeslee, On Intelligence promises to completely transfigure the possibilities of the technology age. It is a landmark book in its scope and clarity.

PARADIGM SHIFT: Jeff Hawkins Develops a Brainy Big Data Company (understatement) – Rock with GROK!

Get ready for a massive paradigm shift- it could be that I am wrong about who the Lord of the data(Mine) will be… Unless they Rock with GROK.. Call your stockbroker. If Numenta is publicly issued stock – it might make the Google IPO look like child’s play. What do I know though. This is big neuroscience data convergence stuff here. Nobel prize level. AI level.

Man, is the NYT understating it in their headline (IMHO).

Jeff Hawkins Develops a Brainy Big Data Company – NYTimes.com

%d bloggers like this: