So far what Apple and other companies did is to keep the biometric auth tied to the device and not let leak out. Now Amazon is saying leaking it is the feature. They are using the hand as the identifier, so the biometric id is what is used to identify a person, not an email address, not a random number or a handle. The biometric data that cannot be changed ever is the identifier.<p>It's very troubling.<p>- The privacy and security implications are huge.<p>- Its tied to commerce, not some airport entry thing. Commerce has legs.<p>- On top of that its scary because Amazon can push this all over the world and give their tech for free to businesses.<p>- Other companies will provide this "feature" too.<p>The one door I was hoping will never be opened is opened now.
At this point I feel like products are named One when the product manager and marketing people are having a bad day and want to just be done with the naming discussions already.
This is a continuation of Amazon's remove all inconvenience strategy. And it'll work.<p>You're waving your hand and walking through now, no more scanning, no more opening up an app, no more tinkering with your phone. By chipping away at each of these friction points, no manner how minor, their moat grows and customers will notice a difference between an Amazon retail store vs. a competitor's.
'One reason was that palm recognition is considered more private than some biometric alternatives because you can’t determine a person’s identity by looking at an image of their palm.'<p>Umm, if this is true, how are you identifying the person then?
> We selected palm recognition for a few important reasons.<p>I'm sure the main one was that people associate fingerprints with being arrested, but maybe they could trick people into volunteering to be constantly fingerprinted by a private company if they just used a different part of the hand.
My college uses these to control entrance to the dining halls. The technology has been around for years and it works consistently and effectively. They want you to think this is something highly innovative but I’m pretty sure they’re just licensing already existing palm scanners.
Coupling un-alienable, (purposefully) unchangeable biological marks to any account is always horrible idea. And not just the privacy part, for one, it can (only) be unwillingly altered (eg. by an accident), the same way as fingerprints, so a secondary backup code is needed anyway, making the whole setup a bad sort of convenience feature.<p>The proper solution would be a safe hardware key mechanism.
This is a little off-topic but can someone explain why some companies are hosting official content on domains that are similar to their real domains but not their actual domain? e.g. AboutAmazon.com or tescogiftcards.com - at first glance they look fake and it's additional step to verify they are actually affiliated with the company.
Similar to FinGo (<a href="https://fingo.to" rel="nofollow">https://fingo.to</a>) and Hitachi VeinID Five (<a href="https://digitalsecurity.hitachi.eu/products/veinid-five/" rel="nofollow">https://digitalsecurity.hitachi.eu/products/veinid-five/</a>).<p>All these new biometrics share one common theme:<p>Better privacy for a user. FaceID has the problem that I can't hide it. As soon as I walk somewhere cameras can capture and match my face against their own records, however if I never registered my face ID with Amazon then they will know that I am possibly a recurring customer, but not know who I am. Palm IDs, VeinIDs, etc. are biometrics which I can easily hold back from disclosing. Only when I actively insert or present my finger/hand/palm I allow another device to scan my hand and do a match analysis. This means that I as a user am in better control of when and to whom I want to disclose my identity.
> We selected palm recognition for a few important reasons. One reason was that palm recognition is considered more private than some biometric alternatives because you can’t determine a person’s identity by looking at an image of their palm.<p>> When you hold your palm over the Amazon One device, the technology evaluates multiple aspects of your palm. No two palms are alike, so we analyze all these aspects with our vision technology and select the most distinct identifiers on your palm to create your palm signature.<p>Can someone ELI5 this to me? Is there some biological thing I am missing here or is it just as simple as, unlike fingerprints which are commonplace, other organisations tend not to have images of your palms?
Year 2030. I kind of like the old school physical credit cards. It was fun to carry a wallet too. You could customize it, add a bit of flair and constantly obsess about making it thin.<p>Good ol’ days.
Just a coincidence, or Amazon got inspired by Fujitsu with its truedentity for Palmsecure?<p><a href="https://www.fujitsu.com/ro/solutions/business-technology/security/product/palmsecure/truedentity/" rel="nofollow">https://www.fujitsu.com/ro/solutions/business-technology/sec...</a>
> palm recognition is considered more private than some biometric alternatives because you can’t determine a person’s identity by looking at an image of their palm<p>Isn’t this what the whole product is about, tying palm prints to identity? Maybe they are saying nobody else collects palm prints so others can’t tie to identity?
Researcher in biometrics working on contactless palm/finger recognition here.<p>1) A new innovation ok. People have been doing that for more than a decade, my group included.<p>2) Given the sensors look, it's almost certainly near infrared (NIR) camera, probably 850nm illumination and the dark surface is a NIR filter.<p>3) It certainly capture a mix between palm veins (850nm quite absorbed by de-oxygenated hemoglobin) and palm skin ridges.<p>"Rather, the images are encrypted and sent to a highly secure area we custom-built in the cloud where we create your palm signature."<p>4) Weird approach to biometric template security to send palm picture to a server...<p>5) Curious how anti-spoofing is implemented, if at all.<p>edit: less agressive
I still don’t get it: why would you choose something that’s so hard to change, if ever, for a store ID? It’s convenient but is it secure? There are photos of me waving with my palms out...
Not fully following what problem this is solving. I was in one of these Go stores and scanning the app to get in is convenient enough for me. Now, if you're telling me I can use this palm technology in almost every store I go to, then I can see the value. But if it's just for Go/Amazon/WHF stores then not so much.
I recognize the ease of use. I don’t have to carry a device with me. But looking a little farther in the future, will I loose the ability to not be able to authenticate anymore?