X

Defensively shopping at amazon.com

Defensively shopping at amazon.com. Be sure to log off!

Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

Disclosure.

See full bio
Michael Horowitz
3 min read

A few days ago, I wrote about my experience using the new Amazon MP3 Download store. Perhaps the most important point I raised was that it was possible to purchase songs without having to enter an Amazon userid/password, let alone a credit card number. I have purchased many things from Amazon over a number of years and this was a first for me.

Two days after my posting, fellow computer griper Ed Foster, of Gripe to Ed fame, wrote about the issue of logging off Amazon.com in more detail. See Amazon Makes You Lie to Log Off.

Ed's article includes this quote from Amazon, which gets to the heart of the defensive computing aspect:

"If the particular system which you are using is being shared with any another user, and if you leave your system with out logging out from your account of Amazon.com, they will be able to view your account information and also will able to place an order from your account."

Place an order? Up until a few days ago, I thought that leaving myself logged in to Amazon.com was no big deal, since every purchase required entry of a userid and password. But this quote confirms what I experienced, this is no longer the case, at least not always.

To triple check, I purchased another song from Amazon's MP3 Downloads using Internet Explorer (the first time around I had used Firefox). Again, I purchased a song without entering any information at all.

This is a shame. I've been a happy Amazon customer and don't appreciate their choosing ease of use over security.

This time I ran across another purchasing issue. Using IE6 on Windows XP, the browser issued a warning and initially blocked Amazon from downloading my MP3 file. The warning was a yellow stripe just under the address bar. At the point where the warning is issued, you have already purchased the song, but not downloaded it. Not good.

Even in beta, Amazon should have some warning about this. I knew what to do, but I'm a computer nerd. Not everyone knows how to respond to this warning, if they even notice it at all (click on the yellow stripe and allow IE to download the file). Many web sites that download files include up-front instructions and warnings about this IE yellow stripe. But not Amazon.

The beta (read "unfinished") status also shows in the song previews which seem to always be the first 20 or 25 seconds of a song. Many of the live performances I checked out started with an instrument tune-up session that had nothing to do with the upcoming song, rendering the preview useless. In the track I downloaded today, the performer asks the audience if they are ready for some rock and roll a minute and 35 seconds into it. The first recognizable note of the song comes at 2:09. Turns out this wasn't the live performance I was looking for. Needless to say, there are no returns.

But to end an important note, always log out of Amazon.com.