Amazon suggests user delete tweet showing how much data they collect
twitter.comThat's a clickbait headline. It is clearly a support person that sees a list of addresses that could include the address of the user and uses their macro to tell the user to delete the tweet. Just like they would do if someone posts their password, date of birth or credit card information.
Exactly.
However, the support person should have been more explicit that the OT (original tweeterer ?) is sharing addresses and may want to hide that. The way support person's tweet was phrased is what gave the pitchfork people an opportunity. A perfect example of how not to communicate.
Unfortunately that also distracts from the intent of the OT's post.
I used to work at Amazon, but even then it's pretty clear the support person is erring on the side of caution here. in isolation two grocery store addresses and orders isn't particularly illuminating, but tying it with their real name it suddenly provides information on where they've been in past few years that might not otherwise have. and what if their order history accidentally contained something embarassing?
i think its a good thing for support to (be told to) err on the side of caution with account information, though some nuance that you could "remove/blur/blackbar information" would be nice.
Exactly. In this case, it's meant to showcase how much data Amazon has on people, but I imagine their support handle (@amazonhelp) gets hundreds of requests a day that have things like full home addresses in the screenshot, and their support wants to inform people about the risks of having that be publicly tied to their online identity.
This is great.
Probably most HN users know that, of course, if someone buys an Alexa and keeps it in their home, it is going to have a bunch of audio recordings of them. And all of the Whole Foods transactions will be logged as well. And even a silly amount info about how they use the Kindle.
But I don't think most Twitter users know.
I also enjoy that there is a tweet about how to request your data from Amazon, here: https://twitter.com/AlinaUtrata/status/1485196120997478404
Next I wonder if Amazon will badger Twitter to take down the tweet on the basis it has some PII (which I'm not even sure it does, but if it does, it is the users own information. And afaik you can't dox yourself.)
So I hate my data being collected like this, and try to reduce when it happens whenever I can. But, buying an Alexa and then complaining they store the audio? When they confirmed they kept it about two years ago?
Imagine I found out the library kept a list of titles I borrowed! Or my bank account storing my transactions.
It is my impression that at least some librarians are adamant about not storing lists of titles borrowed by a single individual.
That may be perfectly correct. What I'm saying that is I expect them to store it, and I'm okay with that. If they don't store it, well that's great.
These were recordings from years ago. Why are amazon keeping it that long?
Honestly, what I find most offensive is that Amazon tracks all of this data and yet their recommendations are still awful. I just bought a vacuum cleaner. Why are you trying to sell me another one? How many vacuum cleaners do you think a person goes through in a month!
You're most likely to buy a vaccuum cleaner just after you bought one. Consider the one you bought might not fit your needs.
"Yeah, what was the victim doing wearing that skimpy outfit! They brought this on themselves!"
I absolutely hear your point, and understand where you are coming from. If this where a regular person, I would agree that they would have no idea that Amazon would store their data.
However, this lady seems incredibly smart, hosts a podcast (and newsletter) about many topics (inc. tech). I would personally have the opinion that she would be fully aware of how Alexa works and that Amazon would most likely be storing her data.
I know I shouldn't be blaming her in this instance, and I'm not, I'd just expect her to know better.
I understand from this that we are forced to share PII with Amazon with every interaction, but we are not supposed to share it with Twitter followers. US citizens can get their dossiers and delete their accounts. https://www.reuters.com/investigates/special-report/amazon-p... I received 88 zip files and subsequently deleted my account.
>88 zip files
This is madness. How is the 'average user' supposed to go through and understand this data? The files inside are also probably a bunch of CSV or XML files as well.
It seems like a completely disingenuous (even nefarious) offer to the 'average user' to have a change to look at all the data these big companies have on them.
If you log into a loyalty account for a Kroger store (QFC, Fred Meyer, others)... you see similar transaction lists. This is extremely normal for retailers.
Also, machine learning can create shadow profiles for people, even those who don't have a loyalty account. (E.g., a purchase occurs every Friday around 5:30 and buys a specific beer and specific brats...).
This is all obvious stuff to me, but, also, people might not be aware that every interaction - touchpoint - on a big enterprise is recorded.
Does paying in cash "protect" me from these shadow profiles?
Not entirely. Think stores are still free to use any signals available at their own premises, like camera footage, license plate numbers in their parking lot, Wifi Mac addresses, or even gait analysis if they feel like it :-/
This is why I use <local-area-code>-867-5309 for every "loyalty" chain. I'd rather get the discount but also mix my data with as many other people as possible to make it worthless.
as I mentioned, they can observe purchase patterns and derive that a given individual is making those purchases if its unique enough.
gently, my take on privacy is that, we will never be able to turn the clock back to 1970; we have to instead reconceptualize privacy in the age of pervasive sousviellance & surveillance.
The addresses are whole foods stores
Still provides a good faith reason why an Amazon employee might see this and think "I need to apply the company policy on PII here" rather than a nefarious "you are making us look bad"
I think that's obviously what is going on. This is a boots-on-the-ground employee tasked mostly with responding with pre-determined answers to people angry about their orders. Of which, a number undoubtably treat their posts like PMs. This isn't someone who is tasked with any sort of decision making regarding data privacy.
And when combined with other information, constitute personal information.
address + person + timestamp = location history
Individual items purchased are PII. Timestamped records of presence at any given store might be. Store addresses, however, are not.
Title is misleading. They didn't really suggest to delete the tweet because of the fact it shows their data collection, but because it contains some PII like the user's address.
I don't want to side with Amazon on this, but I genuinely believe there is nothing strange here: Amazon collects all that data, and under GDPR they have to provide all the data they have on your profile. Seems pretty standard. Google provides the same amount of data (or more) if you ask :)
Yeah, this is pretty obviously something that their support team copy-pastes everytime they see someone posting potentially revealing information with the keyword "amazon" or "alexa" or something like that.
Evidence for this theory: https://twitter.com/search?q=We%20encourage%20not%20includin...
A good internet rule is to never attribute to malice what can be attributed to automation.
This search just sent me down a half hour rabbit hole of what in the actual fuck... after I discovered the user behind this thread...
> The Terrorist are ordering off Amazon. They stole my last parcel package, I did not tweet about it. My green light, don’t report it.
https://twitter.com/HeidiNarco/status/1485408221024210944?cx...
This is like when someone tweets "drank 6 oz of cold medication feeling lit" and the pharmaceutical corporate account responds with a generic pharmacovigilance statement that they're mandated by law to say and then someone screenshots it and it becomes a meme.
It's definitely not that clear.
Sure, Amazon's response was probably just a standard text the support team has to use. But it can also be interpreted like "here's an arbitrary reason you should delete this tweet about our data collection, and look how easy it is!".
That's what you get when an anti-competitive megacorporation collecting data about everything including how many seconds users looked at a picture wants to look trustworthy.
I don't see the user's address listed. I checked and the two addresses I do see are Whole Foods locations.
>Google provides the same amount of data (or more) if you ask :)
Facebook too. And Apple and so on. Doesn't make it a good thing.
It's a good thing they provide it, it's a bad thing they collect it.
Anyways, yes, I stand corrected. Those ywo addresses are related to Whole Foods, not the user's location. My bad!
> because it contains some PII like the user's address.
Does it, though? Where?
Sorry. I'm wrong. It does contain a shop location but not the user address. Still, could be considered PII or at least could be juicy information.
Whole Foods store locations are neither PII nor juicy information—especially not sufficient to justify Amazon responding unprompted, encouraging the poster to delete these tweets.
To be honest I would consider "X went to Y at time Z" to be a sensitive information. Whether you care about privacy or not, that's another issue
> To be honest I would consider "X went to Y at time Z" to be a sensitive information
It's not personally identifying information.
> Whether you care about privacy or not, that's another issue
Lol, that's quite the false dichotomy you got there.
At best this is a clickbait title. Cleary support team only wants to help you but not compromising your own PII details.
I question the appropriateness of @AmazonHelp jumping into a thread that it was not tagged in and that is not even asking for help with anything.
Alexa heard someone talking about this and summoned them. (=
"*years ago when I was young and foolish about surveillance"
So I guess now they is just foolish?