By John Gruber
Kolide ensures only secure devices can access your cloud apps.
It’s Zero Trust for Okta.
Jason Del Rey, reporting for Recode:
Amazon on Tuesday is unveiling a new biometric technology called Amazon One that allows shoppers to pay at stores by placing their palm over a scanning device when they walk in the door or when they check out. The first time they register to use this tech, a customer will scan their palm and insert their payment card at a terminal; after that, they can simply pay with their hand. The hand-scanning tech isn’t just for Amazon’s own stores — the company hopes to sell it to other retailers, including competitors, too.
I’m happy to hear more details, but on the surface this sounds insane. Why in the world would anyone voluntarily send their palm print to any company to store in the cloud? With something like Face ID and Touch ID, your biometric info is not only stored solely on your own device, it’s stored on the secure enclave on your own device. Even the apps running on your own device can’t access it.
And with Apple Pay, if you ever need or simply want to create a new card number, you can do so. (Settings → Wallet & Apple Pay → Name of Card → Card Information → Request New Card Number.) You can’t request a new palm print.
This is a terrible idea and the only reason I can think of why Amazon created it is that they wanted their own payment system and felt they had to use some kind of biometrics for identification, privacy implications be damned, because they don’t have any sort of mobile device platform they could use instead. Why they don’t just stick to offering a scannable code from their app is beyond me.
★ Tuesday, 29 September 2020