SAN FRANCISCO (02/10/2000) - Crackers weren't Amazon.com Inc.'s only problem yesterday. If fact, its PR people can be grateful that the string of attacks diverted the media's attention from problems that could prove to be more embarrassing: privacy lawsuits and an FTC probe. The lawsuits allege that Amazon subsidiary Alexa - which, when installed in a Web browser, tracks surfers' online movements and suggests related Web sites - "secretly intercepts personal data and sends the information to third parties, including Alexa's parent company, Amazon.com," wrote the AP's Michael J. Martinez. The FTC is conducting an "informal probe" of Alexa, both Reuters and the AP reported.
Amazon reported the lawsuits and the probe in a document filed with the Securities and Exchange Commission. According to Reuters, the legal actions charge Amazon and Alexa with breaking two federal laws, as well as the California Business and Professions Code.
And while Reuters reported Amazon's denial of the allegations, the complaints recall the recent DoubleClick controversy. According to Martinez, computer security consultant Richard Smith, who found the problems in Alexa's software, was concerned about the way Alexa tracks Web pages by recording the entire address of each page. The story quoted Smith as saying, "Some [Web addresses] may contain personal information such as mailing addresses or customer account numbers. It's conceivable that someone like Alexa could tie it all together with your surfing patterns and create a profile." And, as Martinez reports, that's just what the lawsuit charges - that Alexa is combining its information with Amazon's customer accounts.
So perhaps we should get ready for the next wave of conspiracy theories - that the denial-of-service attacks were really an attempt by Amazon to wag the dot-com.