Defensively shopping at

Defensively shopping at Be sure to log off!

A few days ago, I wrote about my experience using the new Amazon MP3 Download store. Perhaps the most important point I raised was that it was possible to purchase songs without having to enter an Amazon userid/password, let alone a credit card number. I have purchased many things from Amazon over a number of years and this was a first for me.

Two days after my posting, fellow computer griper Ed Foster, of Gripe to Ed fame, wrote about the issue of logging off in more detail. See Amazon Makes You Lie to Log Off.

Ed's article includes this quote from Amazon, which gets to the heart of the defensive computing aspect:

"If the particular system which you are using is being shared with any another user, and if you leave your system with out logging out from your account of, they will be able to view your account information and also will able to place an order from your account."

Place an order? Up until a few days ago, I thought that leaving myself logged in to was no big deal, since every purchase required entry of a userid and password. But this quote confirms what I experienced, this is no longer the case, at least not always.

To triple check, I purchased another song from Amazon's MP3 Downloads using Internet Explorer (the first time around I had used Firefox). Again, I purchased a song without entering any information at all.

This is a shame. I've been a happy Amazon customer and don't appreciate their choosing ease of use over security.

This time I ran across another purchasing issue. Using IE6 on Windows XP, the browser issued a warning and initially blocked Amazon from downloading my MP3 file. The warning was a yellow stripe just under the address bar. At the point where the warning is issued, you have already purchased the song, but not downloaded it. Not good.

Even in beta, Amazon should have some warning about this. I knew what to do, but I'm a computer nerd. Not everyone knows how to respond to this warning, if they even notice it at all (click on the yellow stripe and allow IE to download the file). Many web sites that download files include up-front instructions and warnings about this IE yellow stripe. But not Amazon.

The beta (read "unfinished") status also shows in the song previews which seem to always be the first 20 or 25 seconds of a song. Many of the live performances I checked out started with an instrument tune-up session that had nothing to do with the upcoming song, rendering the preview useless. In the track I downloaded today, the performer asks the audience if they are ready for some rock and roll a minute and 35 seconds into it. The first recognizable note of the song comes at 2:09. Turns out this wasn't the live performance I was looking for. Needless to say, there are no returns.

But to end an important note, always log out of

Featured Video

How Pixar created the world of 'The Good Dinosaur'

Pixar's upcoming new film imagines what it would have been like if dinosaurs never became extinct.'s Lexy Savvides reports on how real-world data helped make the movie's prehistoric landscapes look incredibly authentic.

by Lexy Savvides