Sometimes, the best way to understand a failure is to contrast it with a success. Take @Amazon, whose avowed "relentlessness" created next-day Prime delivery and AWS, with its power to instantaneously, continuously emit "buckets" of data. 1/ 
If you'd like an unrolled version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
pluralistic.net/2022/03/27/bew… 2/
pluralistic.net/2022/03/27/bew… 2/
Amazon boasts endlessly of its efficiency, ease of use and speed - so whenever you find Amazon being inefficient, hard to use and slow, it's reasonable to assume that this is a deliberate choice. Like, say, when Amazon is giving you the data it has collected on you. 3/
Nikita Mazurov is a security and privacy researcher with @TheIntercept. Noting that Amazon is now legally required (under California's #CCPA) to show him all the data it has gathered on him, he placed a request for that data. Therein begins the tale.
theintercept.com/2022/03/27/ama… 4/
theintercept.com/2022/03/27/ama… 4/
Amazon - home of one-day delivery of physical goods - took *19 days* to deliver that data. During those 19 days, it required Mazurov to jump through innumerable hoops. 5/
On *six* separate occasions, Amazon tried to divert him to his "Your Account" page where "you can access a lot of your data instantly." 6/
The data, when delivered, came as *74 separate .zip files*, with no "download all" button (you have to click 74 links individually, in succession). 7/
Once Mazurov manually downloaded those files n and pieced the data together it became apparent that the thin, sanitized stream of data on his "Your Account" page was a translucent scrim over a massive block of data Amazon had squirreled away on him. 8/
It's...*a lot*: search keywords, chat logs, conversations with buyers and sellers, your IP addresses, how many search results you click on/add to your basket/buy, and mystery data like "Shopping Refinement" whose values are things like "26,444,740,832,600,000." 9/
Amazon retains data you've explicitly deleted (like old shipping addresses), which exposes you to risk by providing answers to other services' verification questions ("What was your first street address?"). 10/
There are also files on everything you watched on Prime Video, everything you read on a Kindle, everything you listened to on Amazon Music, everything you uttered to an Alexa, and every game you played on Amazon Games. 11/
Mazurov doesn't use these, so he wasn't able to say how detailed they are, but given the overall level of detail, it's likely pretty granular. 12/
This is where the contrast between Amazon's failures and successes come in. As Mazurov notes, one of the zip files lists *167 corporations* who were sold access to his personal data, ranging from the Royal Bank of Canada to Fitbit to HCA Healthcare. 13/
It's a sure bet that when Amazon sells your data to these customers, it comes as a ready-to-use product, not 74 .zip files.
The gap between Amazon's "relentless" efficiency and its bumbling, Kafkaeque data delivery couldn't be more stark. 14/
The gap between Amazon's "relentless" efficiency and its bumbling, Kafkaeque data delivery couldn't be more stark. 14/
Think of Amazon's product philosophy, it's one-click, Buy Now seamlessness versus this clunky, foot-dragging malicious compliance. 15/
Here's Amazon's design philosophy: "If you have to click multiple buttons, if you have to wait for too long, if you have to answer a lot of information — all of those things create friction, and friction exponentially kills the joy of shopping."
cnbc.com/amazon-rising/ 16/
cnbc.com/amazon-rising/ 16/
When Amazon is getting something from you, it is a marvel of efficiency. As Mazurov points out, when you want your data *from* Amazon, you fill in a form, then another form, then get misdirected six times to the "Your Account" page. 17/
Meanwhile, when Amazon wants to *get* your data, it *takes* it, silently, efficiently, insatiably - and relentlessly.
Amazon doesn't let the sensitivity of that data interfere with its product development, either. 18/
Amazon doesn't let the sensitivity of that data interfere with its product development, either. 18/
In contrast to its competitors, Amazon has a long history of treating customer records as a free-for-all, with no effective controls on how internal teams can access, copy and use your data.
revealnews.org/article/inside… 19/
revealnews.org/article/inside… 19/
That has led to innumerable, completely predictable scandals, including insider attacks that spied on users - and blackmailed them. The company sidelined the security professionals it hired to clean up these processes, treating them as overly cautious killjoys. 20/
Eventually, it solved the problem by promoting unqualified people who wouldn't raise inconvenient objections - leading to a world-class breach:
wired.com/story/amazon-f… 21/
wired.com/story/amazon-f… 21/
Mazurov wondered if this chaotic data-handling practice might be behind Amazon's sluggish response to his request, but an Amazon's spokesperson vigorously denied that the company's security incompetence was to blame for its inability to deliver his data in a timely fashion. 22/
Mazurov calls the misdirection and delay a "dark pattern," revealing just how broad (verging on useless) that term is. We have a well-understood term for telling a user that the "Your Account" screen has the data they're seeking when it doesn't. We call that "a lie." 23/
I think we should get back to calling tech company fraud "fraud," rather than "dark patterns." It's one thing to have a giant "OK" button and a tiny, grey-on-white "I do not consent" link hidden in a corner of the screen. 24/
But when we call straight-up frauds "dark patterns," we engage in "criti-hype" - @STS_News's term for criticism that amplifies the tech companies' own self-mythologizing:
pluralistic.net/2021/09/30/don… 25/
pluralistic.net/2021/09/30/don… 25/
"Dark patterns" implies data-driven mastery of the blind spots of the human critical faculty. When you price n plane tickets from @Fareportal and it shows you a false message stating there are n+1 left, that's not "dark patterns," it's "lying."
freedom-to-tinker.com/2022/03/21/hol… 26/
freedom-to-tinker.com/2022/03/21/hol… 26/
Amazon's data handling looks chaotic from the outside. For example, it somehow managed to delete @nelson's entire history from @Goodreads: 600 titles, 250 reviews.
somebits.com/weblog/tech/ba… 27/
somebits.com/weblog/tech/ba… 27/
Minar thinks it might have been a malicious deletion request from someone who hacked his account and then used CCPA to demand deletion to cover their tracks:
help.goodreads.com/s/article/How-… 28/
help.goodreads.com/s/article/How-… 28/
But as we see with Mazurov's case, Amazon has more than one way to handle those requests. When retrieval might reveal Amazon's overcollection, the company takes 19 days to comply, and tries to divert you to a misleading page six times. 29/
When you explicitly delete information from Amazon that it can use for data-mining, it keeps the data and flags it "Is Address Active: No."
This all makes sense when you recognize that Amazon's relentlessness is pursuit of profit, not provision of service. 30/
This all makes sense when you recognize that Amazon's relentlessness is pursuit of profit, not provision of service. 30/
Amazon *will* provide good service when it is profitable to do so - but when it is more profitable to put you at risk, then that's the choice it makes. 31/
• • •
Missing some Tweet in this thread? You can try to
force a refresh
