Skip to content
Naked Security Naked Security

Amazon plans to check up on your price checks

Thinking of shopping in one of Amazon's new physical stores? Think twice about using their free Wi-Fi to do a price comparison while you're there as a patent suggests they'll be snooping on your browsing

Much to the chagrin of brick-and-mortar shops, people have been using Amazon to look up and compare prices from showrooms and other retailers since the site debuted 23 years ago.

But now, thanks to a newly granted patent, Amazon will be able to squash all that – at least, when it comes to its own stores. After a five-year wait, Amazon was recently granted a patent to stop shoppers from checking online prices from competitors when we’re in one of its shops.

What perfect timing! Amazon is also buying Whole Foods for $13.7bn, it announced on Friday.

Don’t like the price of Amazonified bananas? Want to find out how much they’re going for at Walmart? Sorry, banana-muncher, you’re out of luck!

At least, that’s an example of what could happen, Ebenezer Scrooge, not what will. For all we know, this could be a defensive patent, as The Verge points out.

The patent, titled “Physical store online shopping control”, describes a system that would prevent customers from comparing prices in Amazon stores by watching any online activity conducted over its Wi-Fi network, detecting any information of interest and responding by sending the shopper to a completely different web page, or even blocking internet use altogether.

The patent describes how Amazon could interfere with a shopper’s online browsing in “the event that requested content is determined to be associated with or potentially associated with a competitor or an item of interest”.

After Amazon’s system sniffs out when a consumer’s looking up an item on a competitor’s site, it could determine what the competitor’s charging, then take action if the price beats Amazon’s price by a certain threshold.

If Amazon doesn’t like what the shopper’s seeing online, “information may be blocked” or the customer “may be redirected to other content,” such as an Amazon webpage. There, Amazon might offer a coupon or a special offer.

Besides hijacking the Wi-Fi session, the technology would enable Amazon to zero in on a shopper’s physical whereabouts in the store. Or, in patent-speak, “the location may be triangulated utilizing information received from a multitude of wireless access points”. Then, the retailer could try to upsell customers on nearby items or might even send a sales rep to them.

How to sidestep Amazon’s Wi-Fi retail high jinx

If you like price checking, this is yet one more – of many – reasons to stay away from open, public, free Wi-Fi networks.

As we’ve warned in the past, open Wi-Fi, where you don’t need any type of password at all, enables anyone within a few meters (or determined hackers who are 100 meters away or even more) to eavesdrop on everything you send and receive.

Even if the network is encrypted, anyone else who knows the password can listen in at the moment you connect, capture what’s called your “login handshake”, and then eavesdrop the rest of your traffic anyway.

If you don’t like the notion of Amazon controlling your internet browsing activity when you’re in its stores, the solution is simple: don’t connect to its network, and don’t download its app.

We don’t know when the Whole Foods deal will be finalized, and we don’t know when or whether this price-comparison monkey wrench will be thrown into the grocery gears when it is.

But again, if you’re squeezing this Wi-Fi fruit and it’s too squishy, put the Amazon network and app right back on the shelf, and put your phone into airplane mode.

Here are more examples of why you might want to stay away from open Wi-Fi networks:

💡 CASE STUDY – Anatomy of a free Wi-Fi hole ►

💡 LEARN MORE – Sophos Warbiking tours search for insecure Wi-Fi ►

💡 LEARN MORE – Sophos Warbiking tours search for insecure Wi-Fi ►

(No video? Watch on YouTube.)


13 Comments

Dumb many Americans , they are addicted to free WIFI wherever they go like its a daily meal on a plate. Amazon for sure will get many suckers on that part but not me.
Thanks Lisa .

A lot of people, especially those who don’t have the best incones, rely on free wifi as a way to supplement data plans that only offer the minimum (as phones are cheeper than computers and data is cheeper than cable internet they often get lower cost phone/data plan as the only computer.) They rely on price checking too because at a certain threshold every dollar is precious. This, if used by any store, is rather wretched. And yes, free wifi, is not safe, but due to the above reasons, its not gonna go away, so we need to stay aware.

Or just use your phones data plan to check the pricing of a competitor while in one of their stores?

There is always the cell network. No store in their right mind would block that, as it would block voice and text as well. The only cost is data use.

You’re right. Plus, I’m pretty sure building a Faraday Cage into the building would be cost prohibitive for any entity that’s not highly dependent on a signal-free zone, such as certain laboratories or a top-shelf recording studio. There are likely other ways to block mobile signal, but I don’t think there’s a better way that’s still thorough. Then they’d need additional infrastructure for their employees…manager needs to be reached from outside, et cetera….

Amazon’s got a patent now on Squid? Hmmm.

/me shuffles away to patent Linux, Apache, OpenSSH and a few other handy dandies…

Using a VPN will bypass the snooping, at least if you’re not using their app. Anyway thanks for letting us know! This is human hostile ideas, because of this I will most likely not buy anything on their website either unless it’s really necessary. Any other will be first choice.

And this is from the company that was actively encouraging customers to check out products in competing brick-and-mortar stores, then order them from Amazon online, essentially treating the physical retailers as unpaid showrooms.

If it’s https, they might know I’m looking at Walmart on their Wi-Fi network, but they won’t know what item I’m looking at. So will they just give deals across the entire store to someone who does that? If so, expect everyone to do that.

Hmm, I didn’t notice details about HTPPS. The patent: “A system, comprising: at least one wireless access point configured to provide Internet access to a consumer device within a retail establishment associated with a retailer, and at least one processing component configured to: identify a first uniform resource locater (URL) requested, via the wireless access point, by a browser application executing on the consumer device; determine, based upon a comparison of the first URL to stored information associated with one or more competitors of the retailer, that the first URL is associated with a competitor Web site; identify an offering of an item on the competitor Web site; identify (i) retailer information associated with an offering of the item by the retailer and (ii) competitor information associated with the offering of the item on the competitor Web site, wherein the retailer information comprises a first price for the offering of the item by the retailer and the competitor information comprises a second price for the offering of the item on the competitor Web site; determine that a difference between the first price and the second price exceeds a first threshold value or that a consumer value of a consumer associated with the consumer device does not exceed a second threshold value; determine, responsive to determining that the difference between the first price and the second price exceeds the first threshold value or that the consumer value exceeds the second threshold value, that information associated with an offering of a complementary item that is complementary to the item should be presented to the consumer in lieu of counter-competitive information that competes with the offering of the item on the competitor Web site; and redirect the browser application to a second URL different from the first URL, wherein the second URL is associated with a Web site that includes the information associated with the offering of the complementary item.”

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?