So far what Apple and other companies did is to keep the biometric auth tied to the device and not let leak out. Now Amazon is saying leaking it is the feature. They are using the hand as the identifier, so the biometric id is what is used to identify a person, not an email address, not a random number or a handle. The biometric data that cannot be changed ever is the identifier.
It's very troubling.
- The privacy and security implications are huge.
- Its tied to commerce, not some airport entry thing. Commerce has legs.
- On top of that its scary because Amazon can push this all over the world and give their tech for free to businesses.
- Other companies will provide this "feature" too.
The one door I was hoping will never be opened is opened now.
how is palm recognition different from facial, aside from scanner proximity?
radiorental 1292 days ago [-]
To play devils advocate I guess you could argue that Facial Recognition is passive. Finger print, and by extension palm, requires proactive participation of the user.
I.e. you choose to hand over your palm to be read, you do not make the same choice in Facial Recognition scenarios.
noodlesUK 1292 days ago [-]
This is not true at all. One of the reasons fingerprints and DNA are so valuable is that they are left behind by people as they go about their business, and you can go in retrospectively without their knowledge and collect their biometrics.
teachrdan 1292 days ago [-]
What if the palm recognition is done without the person's knowledge via camera? Fingerprinting can already be done at a distance. Here's a story about it below from back in 2011.
What if the technology is built into door handles or other objects that require active use?
As soon as there is an incentive to scan people's palms, technology will be implemented or created to do so. However, Amazon has no incentive to let the public know if there's evidence of multiple people with indistinguishable palms, the rate of false identifications, or other shortcomings of the software.
Off the top of my head: cameras are, and will remain, a lot more common than palm scanners.
ballenf 1292 days ago [-]
There's also this gem in the FAQs:
> If I decide I don’t want to use Amazon One any more after signing up, can I delete my biometric data?
> Yes, you can request to delete data associated with Amazon One through the device itself or via the online customer portal at one.amazon.com. We believe customers should always be in complete control of when and where they use the service, and we designed Amazon One with this in mind.
Maybe I'm paranoid, but that FAQ feels like it was worded by Orwellian doublespeak experts:
- you can "request" (thank you for granting us permission to make a request of you)
- data associated with Amazon one (all the data or only certain data? Do you keep data that's not associated with an account but maybe still associated with my identity?)
m1gu3l 1292 days ago [-]
yeah it doesn’t take a tech or legal genius to suss out that this wording leaves the door to fuckery wide open.
bit_logic 1292 days ago [-]
This is why we need laws like the California CCPA and GDPR to be in more places. Regulation with high penalties for not complying is the solution here.
1292 days ago [-]
jacobn 1292 days ago [-]
Also, what about false identifications?
With Face/TouchId it’s authentication, not identification (as there’s only one identity associated with the device).
What’s the fallback here for “twin palms”?
I guess those unlucky people will have to swipe in using traditional methods?
yencabulator 1291 days ago [-]
Or just keep buying things the other guy will be paying for...
1292 days ago [-]
gonzo41 1292 days ago [-]
This is the door you didn't hope was opened? So many other more terrible doors are open. Not saying this is great. But look at what social media is doing to the social fabric. This is just shopping.
debrice 1292 days ago [-]
I would caution against such statement “this is just shopping”.
Social media also used to be underestimated in the damage they can do. Privacy information brokers are like an Hydra, you cut one head, 3 new ones grow... and before you know it, your biometrics, bed time conversations, source of news, children habits... are up for sell because someone thought “it’s just X“ and underestimated what someone else can do with all the data they collected.
I believe we need to change our optimistic attitude when it comes to individual privacy as we are nothing if not seeding the world of tomorrow, the world of the generations to come.
dfischer 1292 days ago [-]
Purchasing behavior is literally what drives and directs the world today.
underyx 1292 days ago [-]
At this point I feel like products are named One when the product manager and marketing people are having a bad day and want to just be done with the naming discussions already.
silentsea90 1292 days ago [-]
X and One fall in this category. They sound cool and could be any Amazon product under the sun. The problem though is the next iteration ie X2, X3 etc sound fine but One 2 sounds weird
Joeri 1292 days ago [-]
That's how microsoft ended up with the Xbox One X and its successor the Xbox Series X. Many shoppers were confused, because when the preorders for the Series X went live the sales of the One X went up 700%.
some_furry 1292 days ago [-]
One Plus naming is annoying because I want to add the two numbers together.
ryanjm33 1292 days ago [-]
And adding + to the name
snug 1292 days ago [-]
XBox One X...
colmvp 1292 days ago [-]
I had initially read your comment as "marketing people are having a bad day and want to just be one with the naming discussion"
jnxx 1292 days ago [-]
Said the Japanese monk to the hot dog vendor: "Make me one with everything" :)
1292 days ago [-]
7leafer 1292 days ago [-]
One is the name of the monopoly, and when you see things like XYZ One, the brand is actually One, and whichever XYZ coming before it is merely a product, not the vice versa.
ykevinator 1292 days ago [-]
Lol
ctvo 1292 days ago [-]
This is a continuation of Amazon's remove all inconvenience strategy. And it'll work.
You're waving your hand and walking through now, no more scanning, no more opening up an app, no more tinkering with your phone. By chipping away at each of these friction points, no manner how minor, their moat grows and customers will notice a difference between an Amazon retail store vs. a competitor's.
ragona 1292 days ago [-]
What I think is interesting is that I suspect they’ll eagerly license this to competitor stores. A palm reader does not turn your local Safeway into Amazon Go, and they know that.
Having a slice of every point of sale could be huge; imagine how much better this is than having to use FaceID during a pandemic. (Tap tap, pin, pin, tap is a LOT more friction than “hover.”)
I’d pay for it if I ran a retail store. I wonder if Amazon will ever compete with Visa or other payment providers.
hammock 1292 days ago [-]
The biggest competitors will never license something like this. They'd be basically giving (or creating an untenable risk of giving) their customer data over to Amazon.
"But AWS etc etc.." Trust me, the retail landscape is very different. Source: I work in it
thebean11 1292 days ago [-]
For big chains I agree, but if they can make this palm reader cheap enough and include a normal card reader (why not?) it could easily be a Square/Stripe POS competitor.
filoleg 1292 days ago [-]
>What I think is interesting is that I suspect they’ll eagerly license this to competitor stores.
According to the source article, your prediction is on point. Here are the relevant quotes:
>"Do you have any third-party customers who plan to use Amazon One?"
>We’re excited to see Amazon One in more retail environments and are in active discussions with several potential customers, but beyond that, we’ll have to ask you to stay tuned.
barranger 1292 days ago [-]
"I wonder if Amazon will ever compete with..." Yes has to be the assumption at this point
MattGaiser 1292 days ago [-]
Visa can't be bothered to innovate. 90% of what Amazon has done should have been done by industry incumbents.
gonzo41 1292 days ago [-]
Well hopefully amazon will push enough of them to the brink of extinction that they to will innovate or suffer the fate of negative selective pressure.
anongraddebt 1292 days ago [-]
Often, you're too late and the cake is baked when innovation is reactive.
jnxx 1292 days ago [-]
Like suddenly demanding you register a credit card with them when you have perfectly fine working other payment methods.
nafizh 1292 days ago [-]
'One reason was that palm recognition is considered more private than some biometric alternatives because you can’t determine a person’s identity by looking at an image of their palm.'
Umm, if this is true, how are you identifying the person then?
n_t 1292 days ago [-]
I think they are saying that humans cannot associate palm prints to an individual, unlike face (or even eyes in certain cases). It's just security by obscurity kind of thing but yes, not very convincing argument for privacy.
strawberrypuree 1292 days ago [-]
This is a sleight of hand on Amazon's part. Humans looking at a palm print and identifying the person is not a concern, it's computers looking at a palm, associating it with a credit card, which can then open up a trove of behavioral data to push (i.e., ads) to people. It's disingenuous, like putting someone in a tiger cage and saying "Don't worry, there's no way you can drown in here -- we made sure there's no water."
hughw 1292 days ago [-]
They don't identify you. They read your future.
nerdjon 1292 days ago [-]
The wording of that is odd.
But my guess is, your face could be identified wether or not you are using this particular system. But your palm only works after the system does the scan of you so you have to specifically opt in to use it.
jacobr1 1292 days ago [-]
I think it means that they are using some 3d representation of a palm that a (single) 2d image won't capture (unlike a fingerprint). Maybe they use video (gesture was mentioned) or maybe something like lidar.
smhost 1292 days ago [-]
We should read the opposite of what they're saying to be true: they already have our fingerprints, and they want the rest of our hands.
giancarlostoro 1292 days ago [-]
Hate to go that way but I was thinking this. What's worse is that it is uploaded to some server somewhere instead of being kept localized.
ragona 1292 days ago [-]
My hope and suspicion is that they’re storing a one way hash of the data to create the signature.
BerislavLopac 1292 days ago [-]
My guess is that they meant that a person couldn't determine someone's identity, unlike with, say, facial recognition.
brian_herman 1292 days ago [-]
Yeah, I was confused at this statement too.
IshKebab 1292 days ago [-]
Perhaps using some electrical or acoustic properties? They're very cagey about how it works, so I doubt it is just a camera.
> Q: What is the device actually scanning when it creates my unique palm signature?
>
> A: the technology evaluates multiple aspects of your palm
Ok then.
julianozen 1292 days ago [-]
Is it possible they are saying that you can’t uniquely identify a person in the population at large based on palm, but you can in a smaller population of people such as registered Amazon go users or ticket holders for a venue?
On an iPhone, biometric is being treated as a password where the expectation is that no one but you could open it. For Amazon go, it is just an identifier to a user
Plus a data dump of uuids and palms might not be useful information. Maybe there is a effectively a way to hash the raw palm data since this is just effectively a user look up
The camera is just one of many signals, some of which do change over time
ageitgey 1292 days ago [-]
> We selected palm recognition for a few important reasons.
I'm sure the main one was that people associate fingerprints with being arrested, but maybe they could trick people into volunteering to be constantly fingerprinted by a private company if they just used a different part of the hand.
alexmat 1292 days ago [-]
From the FAQ, it seems like this is not as invasive as fingerprints:
"We selected palm recognition for a few important reasons. One reason was that palm recognition is considered more private than some biometric alternatives because you can’t determine a person’s identity by looking at an image of their palm."
ben_w 1292 days ago [-]
If that is understood to mean palm prints are less invasive than fingerprints, then it also means palm prints are less good at correctly identifying users.
I read that part of their statement as a comparison of data privacy (not invasiveness) with face recognition. I think the contactless part was about invasiveness.
filoleg 1292 days ago [-]
>If that is understood to mean palm prints are less invasive than fingerprints, then it also means palm prints are less good at correctly identifying users.
Not necessarily. Purely guessing here, but I think it is also partially guided by the idea that you leave your full fingerprints on objects quite often, no matter where you go. Touched something? You got a fingerprint left there.
With palm, how often do you press your full palm flat against something? And when you do it, it also gets rid of the natural curving of the palm that those air sensors detect (I assume). I can only think of door handles, but a lot of people don't use the full hand, and I think even out of those that do, they don't make full contact with the entirety of the door handle surface and their palm.
If that was their guiding idea, then it is possible to be just as good at correctly identifying users, while also being less invasive in terms of privacy. Also, with fingerprints, there are already plenty of databases that have it, like, if you ever applied for TSA Precheck or if you had to get those prints taken for immigration paperwork or for passport or whatever. But there is no giant existing database of your palm 3D scans. And, as opposed to face scan, you cannot be identified by someone just looking at that scan and then encountering you on the street.
1292 days ago [-]
hughw 1292 days ago [-]
That seems disengenuous? You can't determine a person's identity by looking at a fingerprint either. You have to match it against a database of them.
ragebol 1292 days ago [-]
Same as face recognition in that regard. It's just that humans are evolved to do wetware-accelerated face recognition very well. And not hand palm recognition. But for computers its all the same
1292 days ago [-]
david-cako 1292 days ago [-]
Hahahaha, my interpretation of this is that palm prints are proprietary and require less widely available technology to make use of them.
oakesm9 1292 days ago [-]
I took "biometric alternatives" to be referring to face recognition.
retSava 1292 days ago [-]
it's probably also less error prone - more area meaning more data to base the identity from. Also less fiddly.
elil17 1292 days ago [-]
My college uses these to control entrance to the dining halls. The technology has been around for years and it works consistently and effectively. They want you to think this is something highly innovative but I’m pretty sure they’re just licensing already existing palm scanners.
joezydeco 1292 days ago [-]
Were those dining hall scanners using a palm-on-glass technology, or mid-air like what Amazon is showing?
catsdanxe 1292 days ago [-]
My college used mid air finger print scanners. It scanned all 4 finger prints and would let you pass even if you had a bandaid over one.
Their product uses visual light to take the 3D scan (hence the green glow) but their patent filings cover a lot of related scanning techniques.
autokad 1292 days ago [-]
that's a cynical way of thinking. applying something in a new area is innovative. For example, the iphone was a mobile phone + mp3 player + ... none of that stuff was new, but yet the iphone was incredibly innovative.
this helps streamline a process. one of the annoyances at go stores was waiting for someone to pull out their phone, open the app, and scan. I was like if you dont have your phone out already, step aside until you do, but at least this solves part of that issue.
also the dinning hall situation was probably a simpler environment with not as many negative consequences if a person got accepted into the hall.
MisterPea 1292 days ago [-]
A big thing though is how cheap they can make this. The Idemia one seems a lot more expensive. Driving down costs on existing technology is innovation. (Although who knows how much this actually costs to amazon)
poisonborz 1292 days ago [-]
Coupling un-alienable, (purposefully) unchangeable biological marks to any account is always horrible idea. And not just the privacy part, for one, it can (only) be unwillingly altered (eg. by an accident), the same way as fingerprints, so a secondary backup code is needed anyway, making the whole setup a bad sort of convenience feature.
The proper solution would be a safe hardware key mechanism.
jnxx 1292 days ago [-]
This is an important aspect. People are not aware how big the difference of this is to the usual account name and password. If you want to start over and register a new account, you can have that. Not with this technology. And with the amount of data which Amazon vacuums up, there are totally legitimate reasons for this. Let's say, just as an example, that your girlfriend has bipolar disorder and you order and read a couple of books from Amazon how to cope with that, and how to help her. Fast-forward ten years. She has overcome the illness with good medication, and became your wife, or maybe you have parted ways and live in different states. This is past. But Amazon still has that information about you - a very sensitive kind of information. Maybe if this data is sold to an insurance company, she won't get health insurance. Now, closing your account and starting a new one is an option to handle, even in a limited way, that toxic data waste which is laying around.
Irreversibly tying accounts to biometric identities is a very powerful thing which can easily be abused. Think of Salman Rushdi, the Iranian writer which became target of a religios fatwa and was basically advertised to be murdered. He somehow managed to disappear. But that was years ago. In todays world with Facebook everywhere and your social graph being a different kind of fingerprint, you'd need to axe-murder your whole family and friends to get rid of that social graph which identifies you, whatever name and picture you use. AS no normal human being will do that, it has become basically impossible to disappear. And, having lived in Colombia, South America, I've known many decent and nice people who just had to disappear only in order to protect their life. This is dangerous technology.
silentsea90 1292 days ago [-]
Nitpick : Salman Rushdie is Indian
switch11 1290 days ago [-]
you cannot 'overcome bipolar disorder with medication'
It's a permanent mental illness and cannot be 'cured' or 'overcome'
dustinmoris 1292 days ago [-]
That's just not true. By definition all our identities are basically linked to a biometric, namely our face.
If you walk into your bank and want to withdraw a large sum from your account, someone at the counter looks at your face and a shitty small photo taken from you either on their system or on your passport to determine if there is a "face match".
A proper technological solution to the current more insecure human verification process of your biometric is only an improvement, not a horrible idea as you suggest.
schrodinger 1292 days ago [-]
Banks do that, but retail stores don't… yet. I think we accept a higher bar for authentication and security for a bank than we do for a retail store.
monadic2 1292 days ago [-]
Yea but that was fixed with introducing pin numbers on debit cards. We haven't relied on manual authentication of transactions for decades, thank god.
xorcist 1292 days ago [-]
Also, Amazon (and any involved subcontractors) now have access to your palm, with the possibility of accessing any other system authorized by it.
We tell users not to re-use their passwords, but the same goes for fingerprints too.
BerislavLopac 1292 days ago [-]
You don't need an accident. I was on chemo earlier this year, and I had to re-register my fingerprints both on my phone and on my laptop.
therealx 1292 days ago [-]
I minorly burned my finger on a toaster oven below my fingerprint line and still had to reregister my finger due to skin growth.
solarkraft 1292 days ago [-]
I'm waiting for fake palm gloves. I'm sure such things already exist for finger prints.
jnxx 1292 days ago [-]
And, what also needs to be pointed out: It is, functionally, a user name. Not a password.
mabbo 1292 days ago [-]
Why not offer both?
You can already enter these stores using your phone.
manigandham 1292 days ago [-]
Terrible naming aside, the onslaught of biometrics everywhere is very concerning.
kleiba 1292 days ago [-]
I recently attended a scientific conference on biometrics (I'm not from the field) and it was shocking to learn about all that stuff, both what's going on in the research community as well as on the law makers' side of things.
dane-pgp 1292 days ago [-]
> as well as on the law makers' side of things.
Anything you're allowed to share?
kleiba 1292 days ago [-]
Oh, there wasn't anything secret presented at the conference as far as I'm aware.
It was a European conference and, for instance, I hadn't previously known about the Prüm Arrangements [1], or perhaps I had and forgotten about them. In any event I was not aware of the ability to freely share such highly private information about individuals across borders, and quite shocked to learn about it.
Mind you, the majority of the attendants of the conference were absolutely uncritical about such regulations being in place. In fact, they were mostly in favor of them it seemed, which is not surprising given that that's what their research is based on.
This is a little off-topic but can someone explain why some companies are hosting official content on domains that are similar to their real domains but not their actual domain? e.g. AboutAmazon.com or tescogiftcards.com - at first glance they look fake and it's additional step to verify they are actually affiliated with the company.
jedberg 1292 days ago [-]
Usually this happens because a totally different departments runs the marketing site, and it's just easier to have their own deployment than integrate to the main site. In some cases it's a hosted CMS.
Another reason is for cookie management. This way your cookies aren't sent to the marketing site.
I'm not sure why Amazon does it though, as I think they're big enough to run their own CMS and therefore the cookie thing isn't really an issue.
advisedwang 1292 days ago [-]
If a page hosted on amazon.com has security vulnerabilities, users real amazon accounts are at risk because of same-origin policy etc. Putting a page on a different domain eliminates this risk.
Another reason is for branding. Using aboutamazon.com for PR fluff keeps amazon.com reserved for their actual consumer products.
Better privacy for a user. FaceID has the problem that I can't hide it. As soon as I walk somewhere cameras can capture and match my face against their own records, however if I never registered my face ID with Amazon then they will know that I am possibly a recurring customer, but not know who I am. Palm IDs, VeinIDs, etc. are biometrics which I can easily hold back from disclosing. Only when I actively insert or present my finger/hand/palm I allow another device to scan my hand and do a match analysis. This means that I as a user am in better control of when and to whom I want to disclose my identity.
mmm_grayons 1292 days ago [-]
Or we could (radical idea here) not use biometrics. I don't mean to be dismissive, but what advantage does this provide over opening a web site and hitting "pay" or maybe some sort of NFC tap? This looks like biometrics for the sake of being cool and flashy, which is not a trade-off I'm willing to make.
dustinmoris 1292 days ago [-]
Here's an example which something like Amazon One can solve, but a card cannot:
When I go to the grocery shop and I buy alcohol then I have to wait at the self checkout till until a member of staff comes to verify my age before I can pay for my shopping basket. That involves me showing them an ID (e.g. my driving license) and them having to verify my biometric (face) by looking at me and then looking at my driving license. This is time consuming and requires additional staff at self checkout tills, making them less "self checkouty".
On the other hand (or palm should I say :P) I could age verify myself only once at an Amazon One kiosk and then have my legal age linked to my verified palm. Now I can go and buy alcohol and when I present my palm then the checkout till knows that it's me (because unlike a driving license or credit card or phone I can't hand my palm to someone else). It knows that I'm of legal age to buy alcohol and therefore was able to do three things in one go: age verify, pay and reward points all via a single hand gesture. That is a win for the consumer and the shop as they don't need that extra staff anymore and there's less of a human bottle neck, leading to faster checkouts.
culturestate 1292 days ago [-]
> I could age verify myself only once at an Amazon One kiosk and then have my legal age linked to my verified palm
Why not do the same thing, but instead of verifying your palm you verify a device that's responsible for authenticating you? This could be a special phone app (like Singapore's SingPass[1]) or even a small card with a built-in fingerprint reader. Once you authenticate yourself to the device, it can attest to your identity and the transaction can be finished via NFC.
Seems like the best of both worlds - automate identity validation without a centralized biometric database.
> Why not do the same thing, but instead of verifying your palm you verify a device?
Because my (imaginary) 12 year old son can grab my phone and then pretend to be an adult when doing booze shopping. This is the reason why most Western countries don't allow this kind of technology for age verification. For example in the UK you have to file an application if your new technology can be authorised to be used for age verification in pubs, restaurants and other venues and that wouldn't pass their requirements.
On the other hand, a palm cannot be given to a 12 year old person. If Amazon One uses an element of palm veins in their biometric template, then even if you chopped off your hand it wouldn't work anymore because the blood flow would stop and therefore fail the identification.
It is true that an adult could still pay for booze for a 12 year old by presenting their palm, but that is already the case today where parents can go shopping with their children and buy alcohol as part of the family basket.
EDIT:
At the end of the day, a biometric will ensure that the adult is actually physically present at the time of purchase, which is what the law requires for things like alcohol shopping. Devices don't have that extra layer of quality assurance.
EDIT 2:
> But why couldn't the device handle your biometric authentication? Your 12-year-old son can't (hopefully) steal your face or your fingerprint
Because what happens on the device is unknown to the thing which needs to know that you are of legal age. At the end of the day it's just a phone which says "yes person is above 18" but how do you know that my phone didn't just reply that because it was programmed by me to do so? If the biometric is verified by the Amazon One device which is not my personal device then it's infinitely less likely to have bene tampered with.
mmm_grayons 1292 days ago [-]
If your son is stealing your stuff to go buy booze there's a bigger issue and the answer is not invasive biometrics, nor is it government restriction of alcohol sales. Kids will drink if they want to; only a willingness not to do so will stop them.
kuschku 1292 days ago [-]
Germany uses for e.g. cigarette dispensers (those shitty ones you see in shitty districts) two possible options: (a) ID (b) bank card + PIN, where the bank verifies you’re > 18yo.
Works just fine.
culturestate 1292 days ago [-]
But why couldn't the device handle your biometric authentication? Your 12-year-old son can't (hopefully) steal your face or your fingerprint.
dane-pgp 1292 days ago [-]
You might be able to avoid a central database of biometric data, but who is going to certify the accuracy of these biometric authentication devices?
Presumably if a manufacturer made a device that didn't actually bother checking the fingerprint, the systems that integrate with these devices would have to refuse to accept claims from it.
culturestate 1292 days ago [-]
If this were an interoperable standard, I imagine the pool of "approved issuers" would be relatively small, limited to e.g. governments or banks. Bloomberg uses a system not entirely dissimilar to this[1], and I could see Apple and Google building an OS API that the issuers' apps would use specifically for this.
Yup, and I could see governments demanding that these devices have "lawful interception" capability, allowing the biometric data to be scooped up with individual warrants, or in bulk with a National Security Letter, to "catch all the terrorists".
solarkraft 1292 days ago [-]
Plus all your alcohol (and other) purchases are permanently logged and associated with you. Hell yeah.
suvelx 1292 days ago [-]
The only benefit I can think of, is that biometrics has no way of me loaning my credentials.
If my age verification was tied to my palm, I'd have to cut off my hand to let a teenager buy booze with it.
But I still don't feel this is a compelling argument.
mmm_grayons 1292 days ago [-]
I honestly don't care that much about kids buying booze. The "think of the children" argument also typically leads me to be suspicious of the motives of those that make it. Kids are going to drink if they want to; I didn't because I chose to do otherwise, not because I couldn't.
kleiba 1292 days ago [-]
The justification of biometrics is usually to make it harder for fraudsters to pretend they're someone else.
However, one advantage of something external to your body is that if it ever does get compromised it is a lot easier to deprecate that thing and replace it with a new one.
monadic2 1292 days ago [-]
In practical terms, biometrics are almost always introduced as a convenient way to authenticate, certainly not as a MORE secure method of authentication. Just look at how protestors have disabled it to avoid giving cops an easy way of accessing their phone without their consent.
neilalexander 1292 days ago [-]
> We selected palm recognition for a few important reasons. One reason was that palm recognition is considered more private than some biometric alternatives because you can’t determine a person’s identity by looking at an image of their palm.
> When you hold your palm over the Amazon One device, the technology evaluates multiple aspects of your palm. No two palms are alike, so we analyze all these aspects with our vision technology and select the most distinct identifiers on your palm to create your palm signature.
Can someone ELI5 this to me? Is there some biological thing I am missing here or is it just as simple as, unlike fingerprints which are commonplace, other organisations tend not to have images of your palms?
jclulow 1292 days ago [-]
One imagines once Amazon starts cataloguing palms, quite a few government and law enforcement agencies will suddenly tend to have quite a lot of images of palms!
I expect they were trying to contrast with face recognition, though.
alfonsodev 1292 days ago [-]
> I expect they were trying to contrast with face recognition, though.
That's how I understand it too, I think this is just UX, by the time you check out they know who you are and what did you pick up, so I think the palm is just a gesture to confirm, maybe confirming by walking away the store with item or with a face was a weird user experience, and they are trying confirmation "by hand".
Or I'm curious what happen to the, "you just walk away with your items" experience?
riknos314 1292 days ago [-]
The experience would be pretty much the same I'm guessing.
Current Amazon go experience:
Open amznGo app -> hold qr code over reader to gain entry to store -> grab stuff -> walk out
Amazon go experience with one:
hold palm over reader to gain entry to store -> grab stuff -> walk out
1292 days ago [-]
gjhr 1292 days ago [-]
At a guess they are probably saying that a human when looking at a picture of a palm would not be able to tell you who it is, unlike a picture of someone that includes their face or body. Seems a bit of a pointless distinction as the Amazon Go stores heavily rely on cameras to track people when in store.
solatic 1292 days ago [-]
They're being intentionally vague. Their argument is that they're only mapping from palm to credit card number and mobile phone number, which isn't the same thing as mapping from palm to real identity name (unless you also link to your Amazon account). Which belies the fact that it's much easier to map from a credit card number or mobile phone number to a real identity name.
underyx 1292 days ago [-]
Sounds like palm prints are even easier to harvest from public figures than fingerprints. Take a photo at a speech, you can likely make a silicone mold replicating their palm, and you get to shop for groceries with their card.
TiltMeSenpai 1292 days ago [-]
On the flip side, palm recognition allows you to use infrared-based vein biometrics, which requires special lighting conditions. I don't think this is currently feasible for fingerprints.
systemvoltage 1292 days ago [-]
Year 2030. I kind of like the old school physical credit cards. It was fun to carry a wallet too. You could customize it, add a bit of flair and constantly obsess about making it thin.
Good ol’ days.
toper-centage 1292 days ago [-]
Yeah, but that's just simply inconvenient. When you look at a copyrighted building or hear a copyrighted song, you need a quick and integrated way to debit the royalties from your crypto wallet. How did folks do that in 2020? Did you have to enter your credit card details in hundreds of websites before leaving the house each day?
dane-pgp 1292 days ago [-]
If you think that updating people's financial balance was difficult in 2020, wait until you hear how they updated their social credit scores. Basically, everyone had to write their thoughts down on one of a few government-approved social media websites, but the government would crowd-source most of the actual surveillance and punishment, by relying on mobs of users to "cancel" people who expressed the wrong ideas. Completely inefficient!
mister_hn 1292 days ago [-]
Just a coincidence, or Amazon got inspired by Fujitsu with its truedentity for Palmsecure?
> palm recognition is considered more private than some biometric alternatives because you can’t determine a person’s identity by looking at an image of their palm
Isn’t this what the whole product is about, tying palm prints to identity? Maybe they are saying nobody else collects palm prints so others can’t tie to identity?
immmmmm 1292 days ago [-]
Researcher in biometrics working on contactless palm/finger recognition here.
1) A new innovation ok. People have been doing that for more than a decade, my group included.
2) Given the sensors look, it's almost certainly near infrared (NIR) camera, probably 850nm illumination and the dark surface is a NIR filter.
3) It certainly capture a mix between palm veins (850nm quite absorbed by de-oxygenated hemoglobin) and palm skin ridges.
"Rather, the images are encrypted and sent to a highly secure area we custom-built in the cloud where we create your palm signature."
4) Weird approach to biometric template security to send palm picture to a server...
5) Curious how anti-spoofing is implemented, if at all.
edit: less agressive
nakagin 1292 days ago [-]
5) Are there any anti-spoofing measures already out there? It sounds like if there are, they can be easily bypassed...
immmmmm 1291 days ago [-]
First time a phone was advertised unlocking with facial recognition, it took one day for researchers to unlock it with a printed photograph. Try that with modern phones..
I have done three years research on that topic: yes there are out there! Do they work: to some extent yes. Can it be bypassed: like any system yes.
nakagin 1292 days ago [-]
I still don’t get it: why would you choose something that’s so hard to change, if ever, for a store ID? It’s convenient but is it secure? There are photos of me waving with my palms out...
ctvo 1292 days ago [-]
Do you really think this is a photo of your palm they're storing?
No doubt there are 3D scanners (to map the elevation of your palms, the depth of the lines, etc.), infrared imaging and a slew of other minor sensors. To make this fast, they need to effectively correlate enough of the data to identify you without relying solely on a single thing.
vorpalhex 1292 days ago [-]
We already know there are solid theoretical basis for rebuilding 3d spaces from photos. Infrared imaging doesn't dramatically get different data from a regular camera except maybe picking up your veins a bit more clearly.
There aren't a bunch of other sensors available.. probably some heat/temperature just to make sure it's a real palm but that's not for uniqueness.
dustinmoris 1292 days ago [-]
The photo of your palms out doesn't include an image of your veins because it wasn't taken with an infrared camera.
nakagin 1292 days ago [-]
“ One reason was that palm recognition is considered more private than some biometric alternatives because you can’t determine a person’s identity by looking at an image of their palm.”
Wow. Never thought of that. But is it easy to reconstruct veins?
tinyhouse 1292 days ago [-]
Not fully following what problem this is solving. I was in one of these Go stores and scanning the app to get in is convenient enough for me. Now, if you're telling me I can use this palm technology in almost every store I go to, then I can see the value. But if it's just for Go/Amazon/WHF stores then not so much.
plumeria 1292 days ago [-]
Will this service have a "forget me" button? I think this should be the first question addressed in their FAQ.
dane-pgp 1292 days ago [-]
It's not the first question addressed in the FAQ, but there is this answer:
"Yes, you can request to delete data associated with Amazon One through the device itself or via the online customer portal at one.amazon.com. We believe customers should always be in complete control of when and where they use the service, and we designed Amazon One with this in mind."
Perhaps, as the sibling comment suggests, this was an architectural decision made based on the requirements for operating in the EU.
wooptoo 1292 days ago [-]
Under the GDPR in EU or the DPA2018 in the UK you can request your data to be erased, corrected or you can grant limited access to your data.
You also have the right to request that a decision to not be made solely using automated means.
This is a good introductory article
Too bad most of these companies operate based on the US legislation which doesn't grant the same consumer rights.
6d6b73 1292 days ago [-]
The question is - is picture/scan of your palm YOUR data? or is it Amazon's data? I'm sure corporate lawyers can find ways around simple things like GDPR.
tomger 1292 days ago [-]
I recognize the ease of use. I don’t have to carry a device with me. But looking a little farther in the future, will I loose the ability to not be able to authenticate anymore?
karmasimida 1292 days ago [-]
Not going to offer my biometrics this easily lol
But good try
ncr100 1292 days ago [-]
To me this is creepy. I am sure to "evolve" my thinking on it, but:
I might consider cutting an artificial hand off a silicone doll and registering its hand print.
Carrying a necklace of dismembered hands might creep out the store attendees & shoppers though.
1292 days ago [-]
dfischer 1292 days ago [-]
I certainly hope there’s alarms ringing in a few heads about this.
dane-pgp 1292 days ago [-]
Well, it's not like they're literally requiring users to take a mark in their right hand.
sschueller 1292 days ago [-]
This is how the CIA/NSA get your hand print. No thanks.
1292 days ago [-]
Dig1t 1292 days ago [-]
Very creepy, I will try my best to never use this.
arbitrage 1292 days ago [-]
even though it's designed to have the user hover, people are gonna touch this anyway. and that's just gross.
1023bytes 1292 days ago [-]
Worst name ever
IshKebab 1292 days ago [-]
They're just feeling left out - everyone else has a product called "One". The next version will be called the Amazon One X 360 Series X.
ja27 1292 days ago [-]
Is it discontinued yet?
mdellabitta 1292 days ago [-]
Interesting time to launch a product that involves everybody touching something.
doctorhandshake 1292 days ago [-]
FTA: It’s contactless.
dane-pgp 1292 days ago [-]
Is that your professional medical opinion, Dr. Handshake?
More seriously, how successful do you think people will be at holding their palm above the device at a close enough distance for an accurate reading?
Rendered at 19:03:50 GMT+0000 (Coordinated Universal Time) with Vercel.
It's very troubling.
- The privacy and security implications are huge.
- Its tied to commerce, not some airport entry thing. Commerce has legs.
- On top of that its scary because Amazon can push this all over the world and give their tech for free to businesses.
- Other companies will provide this "feature" too.
The one door I was hoping will never be opened is opened now.
there are laws against facial recognition (https://www.msn.com/en-us/news/us/portland-becomes-the-first...)
how is palm recognition different from facial, aside from scanner proximity?
I.e. you choose to hand over your palm to be read, you do not make the same choice in Facial Recognition scenarios.
What if the technology is built into door handles or other objects that require active use?
As soon as there is an incentive to scan people's palms, technology will be implemented or created to do so. However, Amazon has no incentive to let the public know if there's evidence of multiple people with indistinguishable palms, the rate of false identifications, or other shortcomings of the software.
https://www.technologyreview.com/2011/01/14/197589/fingerpri...
> If I decide I don’t want to use Amazon One any more after signing up, can I delete my biometric data?
> Yes, you can request to delete data associated with Amazon One through the device itself or via the online customer portal at one.amazon.com. We believe customers should always be in complete control of when and where they use the service, and we designed Amazon One with this in mind.
Maybe I'm paranoid, but that FAQ feels like it was worded by Orwellian doublespeak experts:
- you can "request" (thank you for granting us permission to make a request of you)
- data associated with Amazon one (all the data or only certain data? Do you keep data that's not associated with an account but maybe still associated with my identity?)
With Face/TouchId it’s authentication, not identification (as there’s only one identity associated with the device).
What’s the fallback here for “twin palms”?
I guess those unlucky people will have to swipe in using traditional methods?
Social media also used to be underestimated in the damage they can do. Privacy information brokers are like an Hydra, you cut one head, 3 new ones grow... and before you know it, your biometrics, bed time conversations, source of news, children habits... are up for sell because someone thought “it’s just X“ and underestimated what someone else can do with all the data they collected.
I believe we need to change our optimistic attitude when it comes to individual privacy as we are nothing if not seeding the world of tomorrow, the world of the generations to come.
You're waving your hand and walking through now, no more scanning, no more opening up an app, no more tinkering with your phone. By chipping away at each of these friction points, no manner how minor, their moat grows and customers will notice a difference between an Amazon retail store vs. a competitor's.
Having a slice of every point of sale could be huge; imagine how much better this is than having to use FaceID during a pandemic. (Tap tap, pin, pin, tap is a LOT more friction than “hover.”)
I’d pay for it if I ran a retail store. I wonder if Amazon will ever compete with Visa or other payment providers.
"But AWS etc etc.." Trust me, the retail landscape is very different. Source: I work in it
According to the source article, your prediction is on point. Here are the relevant quotes:
>"Do you have any third-party customers who plan to use Amazon One?"
>We’re excited to see Amazon One in more retail environments and are in active discussions with several potential customers, but beyond that, we’ll have to ask you to stay tuned.
Umm, if this is true, how are you identifying the person then?
But my guess is, your face could be identified wether or not you are using this particular system. But your palm only works after the system does the scan of you so you have to specifically opt in to use it.
> Q: What is the device actually scanning when it creates my unique palm signature? > > A: the technology evaluates multiple aspects of your palm
Ok then.
On an iPhone, biometric is being treated as a password where the expectation is that no one but you could open it. For Amazon go, it is just an identifier to a user
Plus a data dump of uuids and palms might not be useful information. Maybe there is a effectively a way to hash the raw palm data since this is just effectively a user look up
This is pure speculation
I'm sure the main one was that people associate fingerprints with being arrested, but maybe they could trick people into volunteering to be constantly fingerprinted by a private company if they just used a different part of the hand.
"We selected palm recognition for a few important reasons. One reason was that palm recognition is considered more private than some biometric alternatives because you can’t determine a person’s identity by looking at an image of their palm."
I read that part of their statement as a comparison of data privacy (not invasiveness) with face recognition. I think the contactless part was about invasiveness.
Not necessarily. Purely guessing here, but I think it is also partially guided by the idea that you leave your full fingerprints on objects quite often, no matter where you go. Touched something? You got a fingerprint left there.
With palm, how often do you press your full palm flat against something? And when you do it, it also gets rid of the natural curving of the palm that those air sensors detect (I assume). I can only think of door handles, but a lot of people don't use the full hand, and I think even out of those that do, they don't make full contact with the entirety of the door handle surface and their palm.
If that was their guiding idea, then it is possible to be just as good at correctly identifying users, while also being less invasive in terms of privacy. Also, with fingerprints, there are already plenty of databases that have it, like, if you ever applied for TSA Precheck or if you had to get those prints taken for immigration paperwork or for passport or whatever. But there is no giant existing database of your palm 3D scans. And, as opposed to face scan, you cannot be identified by someone just looking at that scan and then encountering you on the street.
Their product uses visual light to take the 3D scan (hence the green glow) but their patent filings cover a lot of related scanning techniques.
this helps streamline a process. one of the annoyances at go stores was waiting for someone to pull out their phone, open the app, and scan. I was like if you dont have your phone out already, step aside until you do, but at least this solves part of that issue.
also the dinning hall situation was probably a simpler environment with not as many negative consequences if a person got accepted into the hall.
The proper solution would be a safe hardware key mechanism.
Irreversibly tying accounts to biometric identities is a very powerful thing which can easily be abused. Think of Salman Rushdi, the Iranian writer which became target of a religios fatwa and was basically advertised to be murdered. He somehow managed to disappear. But that was years ago. In todays world with Facebook everywhere and your social graph being a different kind of fingerprint, you'd need to axe-murder your whole family and friends to get rid of that social graph which identifies you, whatever name and picture you use. AS no normal human being will do that, it has become basically impossible to disappear. And, having lived in Colombia, South America, I've known many decent and nice people who just had to disappear only in order to protect their life. This is dangerous technology.
It's a permanent mental illness and cannot be 'cured' or 'overcome'
If you walk into your bank and want to withdraw a large sum from your account, someone at the counter looks at your face and a shitty small photo taken from you either on their system or on your passport to determine if there is a "face match".
A proper technological solution to the current more insecure human verification process of your biometric is only an improvement, not a horrible idea as you suggest.
We tell users not to re-use their passwords, but the same goes for fingerprints too.
You can already enter these stores using your phone.
Anything you're allowed to share?
It was a European conference and, for instance, I hadn't previously known about the Prüm Arrangements [1], or perhaps I had and forgotten about them. In any event I was not aware of the ability to freely share such highly private information about individuals across borders, and quite shocked to learn about it.
Mind you, the majority of the attendants of the conference were absolutely uncritical about such regulations being in place. In fact, they were mostly in favor of them it seemed, which is not surprising given that that's what their research is based on.
[1] https://www.london.gov.uk/what-we-do/mayors-office-policing-...
Another reason is for cookie management. This way your cookies aren't sent to the marketing site.
I'm not sure why Amazon does it though, as I think they're big enough to run their own CMS and therefore the cookie thing isn't really an issue.
Another reason is for branding. Using aboutamazon.com for PR fluff keeps amazon.com reserved for their actual consumer products.
All these new biometrics share one common theme:
Better privacy for a user. FaceID has the problem that I can't hide it. As soon as I walk somewhere cameras can capture and match my face against their own records, however if I never registered my face ID with Amazon then they will know that I am possibly a recurring customer, but not know who I am. Palm IDs, VeinIDs, etc. are biometrics which I can easily hold back from disclosing. Only when I actively insert or present my finger/hand/palm I allow another device to scan my hand and do a match analysis. This means that I as a user am in better control of when and to whom I want to disclose my identity.
When I go to the grocery shop and I buy alcohol then I have to wait at the self checkout till until a member of staff comes to verify my age before I can pay for my shopping basket. That involves me showing them an ID (e.g. my driving license) and them having to verify my biometric (face) by looking at me and then looking at my driving license. This is time consuming and requires additional staff at self checkout tills, making them less "self checkouty".
On the other hand (or palm should I say :P) I could age verify myself only once at an Amazon One kiosk and then have my legal age linked to my verified palm. Now I can go and buy alcohol and when I present my palm then the checkout till knows that it's me (because unlike a driving license or credit card or phone I can't hand my palm to someone else). It knows that I'm of legal age to buy alcohol and therefore was able to do three things in one go: age verify, pay and reward points all via a single hand gesture. That is a win for the consumer and the shop as they don't need that extra staff anymore and there's less of a human bottle neck, leading to faster checkouts.
Why not do the same thing, but instead of verifying your palm you verify a device that's responsible for authenticating you? This could be a special phone app (like Singapore's SingPass[1]) or even a small card with a built-in fingerprint reader. Once you authenticate yourself to the device, it can attest to your identity and the transaction can be finished via NFC.
Seems like the best of both worlds - automate identity validation without a centralized biometric database.
1. https://www.singpass.gov.sg
Because my (imaginary) 12 year old son can grab my phone and then pretend to be an adult when doing booze shopping. This is the reason why most Western countries don't allow this kind of technology for age verification. For example in the UK you have to file an application if your new technology can be authorised to be used for age verification in pubs, restaurants and other venues and that wouldn't pass their requirements.
On the other hand, a palm cannot be given to a 12 year old person. If Amazon One uses an element of palm veins in their biometric template, then even if you chopped off your hand it wouldn't work anymore because the blood flow would stop and therefore fail the identification.
It is true that an adult could still pay for booze for a 12 year old by presenting their palm, but that is already the case today where parents can go shopping with their children and buy alcohol as part of the family basket.
EDIT:
At the end of the day, a biometric will ensure that the adult is actually physically present at the time of purchase, which is what the law requires for things like alcohol shopping. Devices don't have that extra layer of quality assurance.
EDIT 2:
> But why couldn't the device handle your biometric authentication? Your 12-year-old son can't (hopefully) steal your face or your fingerprint
Because what happens on the device is unknown to the thing which needs to know that you are of legal age. At the end of the day it's just a phone which says "yes person is above 18" but how do you know that my phone didn't just reply that because it was programmed by me to do so? If the biometric is verified by the Amazon One device which is not my personal device then it's infinitely less likely to have bene tampered with.
Works just fine.
Presumably if a manufacturer made a device that didn't actually bother checking the fingerprint, the systems that integrate with these devices would have to refuse to accept claims from it.
1. https://security.stackexchange.com/questions/101862/what-adv...
If my age verification was tied to my palm, I'd have to cut off my hand to let a teenager buy booze with it.
But I still don't feel this is a compelling argument.
However, one advantage of something external to your body is that if it ever does get compromised it is a lot easier to deprecate that thing and replace it with a new one.
> When you hold your palm over the Amazon One device, the technology evaluates multiple aspects of your palm. No two palms are alike, so we analyze all these aspects with our vision technology and select the most distinct identifiers on your palm to create your palm signature.
Can someone ELI5 this to me? Is there some biological thing I am missing here or is it just as simple as, unlike fingerprints which are commonplace, other organisations tend not to have images of your palms?
I expect they were trying to contrast with face recognition, though.
That's how I understand it too, I think this is just UX, by the time you check out they know who you are and what did you pick up, so I think the palm is just a gesture to confirm, maybe confirming by walking away the store with item or with a face was a weird user experience, and they are trying confirmation "by hand". Or I'm curious what happen to the, "you just walk away with your items" experience?
Current Amazon go experience: Open amznGo app -> hold qr code over reader to gain entry to store -> grab stuff -> walk out
Amazon go experience with one: hold palm over reader to gain entry to store -> grab stuff -> walk out
Good ol’ days.
https://www.fujitsu.com/ro/solutions/business-technology/sec...
Isn’t this what the whole product is about, tying palm prints to identity? Maybe they are saying nobody else collects palm prints so others can’t tie to identity?
1) A new innovation ok. People have been doing that for more than a decade, my group included.
2) Given the sensors look, it's almost certainly near infrared (NIR) camera, probably 850nm illumination and the dark surface is a NIR filter.
3) It certainly capture a mix between palm veins (850nm quite absorbed by de-oxygenated hemoglobin) and palm skin ridges.
"Rather, the images are encrypted and sent to a highly secure area we custom-built in the cloud where we create your palm signature."
4) Weird approach to biometric template security to send palm picture to a server...
5) Curious how anti-spoofing is implemented, if at all.
edit: less agressive
I have done three years research on that topic: yes there are out there! Do they work: to some extent yes. Can it be bypassed: like any system yes.
No doubt there are 3D scanners (to map the elevation of your palms, the depth of the lines, etc.), infrared imaging and a slew of other minor sensors. To make this fast, they need to effectively correlate enough of the data to identify you without relying solely on a single thing.
There aren't a bunch of other sensors available.. probably some heat/temperature just to make sure it's a real palm but that's not for uniqueness.
Wow. Never thought of that. But is it easy to reconstruct veins?
"Yes, you can request to delete data associated with Amazon One through the device itself or via the online customer portal at one.amazon.com. We believe customers should always be in complete control of when and where they use the service, and we designed Amazon One with this in mind."
Perhaps, as the sibling comment suggests, this was an architectural decision made based on the requirements for operating in the EU.
You also have the right to request that a decision to not be made solely using automated means. This is a good introductory article
https://www.which.co.uk/consumer-rights/advice/how-do-i-make...
Too bad most of these companies operate based on the US legislation which doesn't grant the same consumer rights.
But good try
I might consider cutting an artificial hand off a silicone doll and registering its hand print.
Carrying a necklace of dismembered hands might creep out the store attendees & shoppers though.
More seriously, how successful do you think people will be at holding their palm above the device at a close enough distance for an accurate reading?