I was shocked to discover this is the canonical URL & domain for the Amazon press releases. After I clicked the link and saw the URL I initially thought this was some bizarre phishing scheme.
That being said, I think this is a great idea. I don't love the Facebook OAuth flow and the amount of access most apps ask for. I have trouble taking Twitter seriously as an OAuth provider [bias much?]. I think there are many US-focused companies who will be excited to have Google & Amazon as the two default OAuth authentication providers. If nothing else, it's much more adult than Twitter/Facebook. Oh, and Amazon has your credit card info and a great platform for SaaS billing :)
Regarding the URL: Amazon (and just about every public company in the US) outsources the investor relations portion of their site, because it is easier to do so than to integrate the feeds mandated by the SEC on their public site themselves (stock quote, press releases, sec filings, etc). There are 2 major competitors in this space, and the one that Amazon chose has these ugly URLs.
I'm surprised that they haven't made this better since that platform (phoenix) was designed in the mid-2000s. I presume that nobody really cares enough to put money into migrating it to a url scheme that is more sensible... the site exists to satisfy the SEC, and serious investors get their news/stock data from other sources anyhow.
>I was shocked to discover this is the canonical URL & domain for the Amazon press releases.
It seems like it is outsourced investor relations. Funny thing is that if you go to the bare domain, it redirects you to ccbn.com, which doesn't work because CCBN (Corporate Communications Broadcast Network) got bought out in January and apparently killed their domain too. That's pretty shoddy.
>That being said, I think this is a great idea. I don't love the Facebook OAuth flow and the amount of access most apps ask for.
You bring up a perfect point from a user's perspective and I agree with you. The challenge for Amazon is that there are two competing interests:
1. Users who don't want their entire life to be open to developers
2. Developers that want as much info as possible on the users
Facebook favors group #2 above, Amazon will probably favor group #1 above. If that ends up being the case, how many developers will be willing to utilize the OAuth service that doesn't give them as much info by default?
If Amazon were as ubiquitous as Facebook, we would.
In most situations where we've used a Facebook login, it's simply to avoid forcing the users to create yet another account. We don't pull any real data (except maybe a couple things, again, for their convenience - to fill out their profile) like their name. We push nothing back.
Being able to say "Hey, just login. We don't actually care about your information." would be much preferable to Facebook's unnecessary "This app is requesting permissions to access your profile and friends list." We don't need that information.
I guess maybe that's our fault for abusing Facebook integration by using it simply as a single sign-on service.
corporate-ir.net is a utility domain that only exists to serve customized investor relations sites. The base domain itself actually does nothing. Think of it like github.io... www.github.io serves no purpose in itself.
phx.corporate-ir.net was a major upgrade to corporate-ir.net done around 2003, called phoenix. That's why there's the strange phx subdomain in front of the domain. Apparently that was the last upgrade they did to this service... and its neglect is most likely the result of a couple of acquisitions.
corporate-ir.net was created by a company called CCBN (ccbn.com). They were purchased in the 2000's by Thompson, which then merged with Reuters. Thomson purchased CCBN for a different product (not corporate-ir.net) that was strategically important to their business. So its not really a surprise that they haven't put much TLC into the way that the domains resolve -- this investor relations website business is peanuts compared to Thomson-Reuter's core competency.
If you have trouble with Facebook and Twitter, how is Amazon/Google better? They all have great engineering teams, but they also all make money on data mining – not the best feature of a login provider (2013-05-30: jrandomhacker successfully logged in to PersistentGenitalArousalDisorder.com … let's show some relevant ads next time his in-laws are near the computer).
I agree. I love OAuth idea and the single-sign on flow. I love having one source where I can go and see all of the sites that have my info, and I love being able to rescind my account from that central location.
However, I hate that Facebook/Twitter take it a step further with all of their social integration features to the point where many apps assume, by default, that you want to share share share everything you do all over your social network.
As I've found a number of apps/websites that do not allow you to continue without giving them permission to post on your wall, I've been forced to mark every single app/OAuth site on my Facebook as available to "only me". Post all you want, no one will ever see it.
Curating what gets posted under your name shouldn't be this much work. I shouldn't have to strive for a clean digital presence with content that adds something to my readers life.
I'd love an OAuth provider that HAS NO SOCIAL NETWORK!
And Google is out on this too, sorry, but Google Plus is obviously the only web property that Google cares about anymore and trusting them not to socialify everything is a fools game.
I'd rather use one with an exceptionally good security policy (including account recovery), realtime multi-modal notification, customizable settings (i.e. being able to ip/geo restrict, rate limit, etc.), etc. And maybe do groups, too.
Google Apps for Your Domain could be kind of like this, but isn't. Probably the closest, though.
This is basically exactly what I built https://www.persowna.net/ for. It's still in its infancy (as is Mozilla Persona), but that's where I want to take it.
Can I email you to talk about your needs a bit? It sounds like you have some good ideas.
It is. It's unfortunate that more people don't know about it, especially since it's ridiculously easy to implement, well-designed and would save us all a lot of hassle.
If you're running a Django app, please add Persona integration. It takes around five minutes, literally.
> I'd love an OAuth provider that HAS NO SOCIAL NETWORK!
GitHub, BitBucket?
Both are actually good options if you have a service with developer demographic (even if its just in part). I'm using Google & GitHub right now, and will likely add Amazon since it's very little work to do so.
I'd rather use Mozilla Persona based login systems than OAuth based ones. From both a user and a developer point of view, Persona is a very refreshing approach to identity instead of OAuth.
I'm having trouble finding sites that use Persona as a login option. Does anyone have any examples? Trovebox seems to have a demo site up, but I was not able to actually log in to my account.
http://scanner.rachelbythebay.com/main - this one's been using Persona since it was called browserid. (Hit the gear on a call to see the login prompt - you only need the login for certain extended functions)
Exactly. I hope so much that Persona takes off. It's a breeze to implement, taking barely five minutes to add to your site from scratch, versus the hours traditional sign up takes, it's decentralized (you can easily become your own provider, etc https://www.persowna.net) and it's very very convenient.
If you're making something, please please add Persona to the list of login methods. If you're currently using emails for logins, it's even backwards-compatible.
This is about the four horsemen -- Amazon, Apple, Facebook, Google -- and how Amazon is moving forward with Facebook and Google, and perhaps into the lead.
The true purpose of Google+ is to accumulate more information about you, not to be a "social network" per se. The latter is the means to the former.
Amazon has a huge amount of exceptionally high quality ecommerce information. They have "only" 200 million users, but info about what they actually like -- because they buy it -- not what they say they like. Plus, for search -- if you're searching for products/pricing, you might already use Amazon not Google.
Login helps Amazon extend information beyond ecommerce -- and potentially pull clearly in the lead in that regard compared to Facebook and Google.
Apple...has a problem in this regard. Excellent company in many respects, but falling out of the pack in this regard.
p.s. In all of the above I'm only talking about it from the company perspective. If you think it's not necessarily a good thing for a company to have even more complete data about you, I wouldn't argue with you.
Alright, but the question is "why would someone want to log in with Amazon"? There's no social network attached to your Amazon account. It seems like it would be an odd choice of identity provider, unless you are a store and already using Amazon's fulfillment services.
For some reason it strikes me as a pretty good idea. Upon further reflection, I think it has something to do with:
- Trust -- people increasingly distrust sites like Facebook or Google (privacy concerns), but Amazon still has pretty much entirely "positive" feelings for consumers. And if they can run AWS as well as they can, then you assume you can trust them with your password too
- Micropayments -- your credit card is already linked to your Amazon account, presumably, so it suddenly enables you to pay for content, etc. on a wide range of sites where you might not otherwise, due to friction and trust issues
It's funny... for some undefinable "fuzzy" reason, I feel much more willing to log into a site using Amazon credentials, than I would with Google, Facebook or even Apple.
Assuming Amazon's endgame is optional integration with their payment/delivery platforms, there's certainly the hypothetical possibility of accidentally purchasing from confusingly designed sites you'd never give your cc details to though.
Since chargebacks - unlike social spam - cost money, Amazon has every reason to be more cautious about their permissions and confirmation screens, but the wary user probably isn't unjustified in hesitating when asked to sign up for a free service using a login they normally use to buy stuff with.
But might you now have to put up with Amazon targeting even more ads and recommended products to you based on the various sites you've logged into using their service? :/
My complaint is the payment for the login service through the use of my behavioral data I'd rather keep private. I have never clicked through an ad to purchase anything. I dislike seeing ads that are clearly based on my behavior but don't understand the intent of that behavior (i.e. showing me ads for generators because I looked at a few on Amazon to compare the stats to the one I already own). I also dislike seeing ads in general because they are not a useful feature to me. I'd prefer to pay for features in a more direct and favorable (to me) manner. I also dislike the concept that targeted ads are in some cases specifically designed to influence my attitude toward brands and provide me with information that may not be absolutely true but which they will hope I internalize to influence my future purchasing decisions.
Obviously, this is my personal preference, and I do understand that ads can be a useful revenue stream for companies targeting other users with different profiles from mine.
Why? Because there isn't a social network attached to it. I don't have to create another username/password and I can possibly avoid entering credit card details into another site if I decide to do business with them. Why not is a better question.
What does a social network have to do with it? I thought that logging in using a third-party account was simply a way to ease signups and limit password/account explosion, nothing to do with "social" anything. Certainly that's how I use it.
If I was selling something I would want to use Login with Amazon. This press release doesn't specify, but potentially they could add a one-click purchase API, which would be very nice.
This is the sort of thing I was assuming as well, if it let you tie in to doing purchases via amazon's payment API (though I'd still expect another request for password during purchase, but it would pre-assume account) could be useful, if leveraged correctly.
amazon wants you to do so for advertising purposes, and this is particularly important given the implications of firefox's 3rd party cookie policy / dnt. Amazon is actually quite a large ad vendor: they allow you to retarget based on purchases and because they've run out of inventory on amazon proper, they buy on exchanges. Running a login system means they can track you around the internet, and this nicely dovetails with ff's new cookie policy since amazon will most likely be on of the sites you've visited and hence a permitted 3rd party cookie. This is a valuable dataset for an advertiser, and even more importantly, will allow 3rd party targeting to continue to work.
This is also why fb / twitter / G run 3rd party login systems.
Personally, I don't like "login with facebook" everywhere, because every site wants permission to "post to your wall" even when not logged in, etc... Personally, I find this unconscionable. I find the same thing happens with Google these days for single-signon... I'd much rather have a common/popular oauth provider that does NOT have a social integration piece. I don't want invites to every game you play, and don't want them sent out to my friends.
Google was really close to this for me before the Google+ thing. At least with amazon, acting as a purchase gateway is an additional bonus.
I don't have up to date addresses and payment methods anywhere else, besides PayPal, but I'm far more active on Amazon. That's a great way to turbo charge sales.
I hope payment integration is at least on the burner, though. It seems like an obvious addition -- if the customer is already logged in to your site through Amazon, why not let them bill their Amazon account for stuff on the site?
Amazon certainly isn't averse to third-parties using their infrastructure; in fact, they've encouraged it. Kindle Direct Publishing, their third-party seller program, all of the AWS offerings...
Naturally, Amazon is going to want a cut (which is a perfectly reasonable thing for them to expect, don't get me wrong).
I'm not too sure, for my purposes. I was trying to think of some ways we could use this, but I'm just not seeing it. Perhaps I'm misunderstanding, though.
Can anyone provide some neat examples for cases in the context of web applications? Their mobile app examples didn't really speak to me.
Login with Amazon. Now the person has one-click purchasing power. Or most likely, a credit card on file, which is more valuable then a Facebook profile without any CC on file, especially in the context of a web application.
I'd prefer Mozilla persona. Amazon as well as Facebook and etc. aren't trustworthy - they are tracking your activity and using them for external logins sounds like a very bad idea.
Amazon is all about e-commerce, and their partners are reporting a 40% adoption rate for new signups? That sounds way higher than facebook's oauth ... if this continues, Amazon could be an awesome platform to build a business on! They also have a credit system now -- and inventory!
I think this could be really interesting. In my opinion, Login with Facebook creates a little bit of anxiety for customers. Everyone has been burned by unanticipated sharing & with this there is no social network to share to. I need to read the documentation (from a quick glance) it didn't seem like allowing people to checkout with Amazon on your site was possible but I bet that isn't far behind. That to me could be great if they are reasonable on commission rates.
Yes. Amazon itself is undoubtedly data mining your purchase history, but at least they're not spewing your personal info to every random Serfville/PirateWars "games" that one of your friends signs up for (yes, I know that you can turn most of that off, and I have; most people don't).
Everything I've heard and experienced indicates that Amazon is pretty tight with customer information. Certainly you don't get any personal information on customers when you sell ebooks through the Kindle store. Apple is also pretty good about that.
My main problem with these (as user) is that I usually have hard time remembering which sign-on system I have used for a particular site. Twitter? Google? Facebook? Username and pass? Amazon?
In most cases what I would truly like to have is a option to order a sign-on link to my email that would be valid for single use and just for some minutes.
I think this is really great! As a customer, I'd much rather sign in with this than Facebook or Twitter, as then I know there would be no social side-effects - e.g. posting on my behalf or similar - which is sometimes anxious making when confronted with a social login button. This separates easy sign-in from social sharing.
I'll echo what some of the other commenters are saying, namely that for anything e-commerce related (and I'd argue SaaS-type software) this method of login makes most sense. If you were going to sign up for a free trial of something or create an account at a store, would you want to login with Facebook or Twitter? Or Amazon, whom you likely already trust with your money. The latter I'd say.
On the other hand, if I have a social or news/content site, FB and Twitter login makes the most sense. That way I have access to their social graph as well as an indentity.
Anyway, this is pretty cool. I think I'll integrate Login with Amazon with my startup (mariposta.com) pretty soon, as it very well could lessen signup friction. We'll see.
I'd rather use Amazon than Google or Facebook, but I'd rather use a site that only did identity than any of the rest. (I don't want access to my Kindle books screwed up because Amazon decided I did something wrong when using them for login, and banned my account. Yes, that reminds me that I need to backup all my Kindle books monthly.)
I don't know what the business model for such a site would be, though.
This is excellent, as I would love to have a shared login provider whose business model does not revolve around sharing my information (e.g. twitter, facebook, google). I really don't want everyone on my [friends list equivalent] to know every time I create an account anywhere on the internet, and I feel like I'm always one privacy setting away from that happening.
Seems like a great idea and a signup option that will spread quickly. Mostly because Amazon accounts tend to be linked to payment options already so you essentially add people who are used to and willing to play online to your site.
OpenID is great, but I somehow just don't expect it to get that much adoption on sites where "Sign In With Facebook" is the default. Whereas I have at least some hope that Persona might become that common if Mozilla play their cards right.
People apparently think that OAuth is Open Authentication not Open Authorization. I think that ship has sailed, unfortunately. Although it still confuses me when I go to log in to a site and I get the pop-up about "Do you want to authorize this application to access <X>?"
I understand that this is a good idea for Amazon because it is good for them to keep people within their ecosystem, but this is what I think of whenever someone announces a product that has already been made several times: http://xkcd.com/927/
That being said, I think this is a great idea. I don't love the Facebook OAuth flow and the amount of access most apps ask for. I have trouble taking Twitter seriously as an OAuth provider [bias much?]. I think there are many US-focused companies who will be excited to have Google & Amazon as the two default OAuth authentication providers. If nothing else, it's much more adult than Twitter/Facebook. Oh, and Amazon has your credit card info and a great platform for SaaS billing :)