Hacker News new | past | comments | ask | show | jobs | submit login
Amazon scooped up data from its own sellers to launch competing products (wsj.com)
1350 points by benryon on April 23, 2020 | hide | past | favorite | 692 comments

About 10 years ago I met the head of IT for B&H cameras in NYC. Among many things, he was in charge of the hosting for their online store. After he complained about dealing with physical servers, I asked him if he had ever considered using AWS ec2 for the website, and he replied that his boss refused because he believed that Amazon would pull data on B&H products and use it to compete more effectively.

I'm not sure that Amazon would be able to pierce the veil of the hypervisor like that, but his instincts were in the correct direction.

There is absolutely no veil between the hypervisor and the guest virtual machines. Not in the EBS either.

If they say they won't read your data, better trust them. If you don't, stay away from their datacenters.

EDIT: fix typo.

> The is absolutely no veil between the hypervisor and the guest virtual machines. Not in the EBS either.

This is 100% true. To do any useful computation on your data (read, what you're using all AWS for) they have to have 100% visibility into your data.

> If they say they won't read your data, better trust them. If you don't, stay away from their datacenters.

That's it, right there. All of this is based on Trust in Amazon, not some technology that provides any assurances, much less proof, they're not looking at your data.

They can pull the curtain off anything you're running in their cloud, at any time they feel like it. It has to work this way for AWS to be of any use, and by using AWS you're implicitly trusting Amazon with your data.

This is a similar level of trust that you give to banks not to seize your money, or to your bodyguard not to do you physical harm. Stealing data from a customer paying for hosting would be _very_ different, and much more scandalous, than identifying trends on a competitive marketplace and taking advantage of them by launching competing products.

If a bank were to seize your money, you'd notice, because you wouldn't have that money anymore. And it would be very well documented, leaving a clear paper trail to a criminal conviction and a civil suit. If your bodyguard did you physical harm, you'd notice, because your knees would hurt. And there would be ample evidence for a criminal case. If amazon copied all your proprietary data, you would almost certainly never notice, no criminal law would apply, and you'd have a hell of a time proving it in a civil suit.

It's the difference between breaking into a Walmart with a ski mask and assault rifle and stealing a bunch of blu rays vs recording the HDMI out from whatever device you stream Netflix from. They're not the same thing at all, either in terms of harm done, applicable criminal law, or ability to build a compelling civil lawsuit.

> If amazon copied all your proprietary data, you would almost certainly never notice, no criminal law would apply, and you'd have a hell of a time proving it in a civil suit.

For a thought exercise, let's play this out.

Amazon copies data running through VMs (or grabs it from storage).

Let's assume it isn't on hardware certified for capital-letter processing [1], most of which require regular third party audits.

So they have your illegally-obtained data [2], which presumably they want to use to make money.

Except they can't leave any record of its source, in any documented form. This includes server logs, data transfers, emails about data, meeting minutes about data.

So they create some isolated network, run by a third party contractor, that transfers encrypted data from the taps to a store, then decrypts. All of which brings us to the most difficult part.

Who does... what with it?

The source data itself is radioactive. Who knows when "pricing strategy for company X" or obvious equivalent might pop up in the stream?

So you... what? Exclusively touch it via algorithm that outputs only aggregate information? How do you possibly code and maintain that pipeline, sight unseen?

All while risking an incredibly profitable business.

Or, you know, you just operate as an honest IaaS provider and make $10B in revenue / quarter with a 25% growth rate...

[1] https://aws.amazon.com/compliance/programs/

[2] https://www.law.cornell.edu/uscode/text/18/2511 (?)

Sometimes you can learn a lot from the metadata without actually looking into the actual data stream. For example, if B&H was hosted on AWS, Amazon could deduce the effectiveness of their holiday sale tactics by looking at the overall page traffic, DB writes, etc. These metrics are already recorded by Amazon for billing purposes and someone stealing a glance at them would likely leave zero evidence.

I thought Amazon was already organizationally constructed in very small functional units which each are encouraged to export their units "interface" in an formal way. Is the source data traceable if it becomes anonymized product sales samples exported to apis that mix into a pile of legit data and all fed into some sales analysis engine?

The unit could be the "open sales modeling unit" that just supplies one data feed among thousands.

You overestimate the competency of short-sighted individuals anxiously striving for a seat closer to Bezos, ie thinking for themselves versus the organization. Ironically, I wonder if such news actually motivates some PMs to ask around...

> Except they can't leave any record of its source, in any documented form. This includes server logs, data transfers, emails about data, meeting minutes about data.

They can certainly take the risk. If crimes only happened when there was a 0% change of getting caught there would be no crime.

You're right that they are different, but maybe not as different as you think they are.

> If amazon copied all your proprietary data, you would almost certainly never notice, no criminal law would apply, and you'd have a hell of a time proving it in a civil suit.

If Amazon were doing this and profiting from it, that would essentially be a criminal conspiracy that reaches to the leadership of the company. Is it possible? Sure. Is it likely? I tend to think conspiracy theories are rarely true. Would it be caught? I believe it would likely be caught.

Companies get things done by having meetings, informing their hierarchy, and following executive decisions. In what meeting do you imagine this being discussed? Who floats this idea, and who signs off on it? I just don't see it happening. And if it does, I expect whistleblowers to put a stop to it.

Criminal conspiracies by corporate execs are not all uncommon in the history of business and presuming that you can't possibly run into one because you personally haven't is taking an unnecessary risk. One thing due diligence is supposed to look for is criminal behavior. This is not because they never find it.

Criminal conspiracies by corporate execs are not all uncommon in the history of business

Actually, they are quite uncommon, which is why they make headlines when discovered.

I'm not taking a side here, just pointing out a fallacy.

This is even more fallacious- the only thing that unsourced opinion proves is that certain types of criminal conspiracies that are uncovered are deemed sensational enough to sell news services. It says nothing about the commonality of successfully covert conspiracies nor about the frequency of uncovered ones that are hard for the general public to understand/care about.

It is time to shut the computer, take a deep breath and see if you can do a long walk outside.

Bezos is making the most money of everyone living. Many of the scandals happen when the founder is retired or dead.

Lets see..


See 737 MAX, other 737 boondoggle like the vertical stabilizer reversal back in 94'ish.

Monsanto, hell, what chemical hasn't hid information they damn well shouldn't:

Dicamba, roundup.. Take your pick. The stellar behavior of this corporate citizen taints cements the stereotype of an entire industry.



Special mention goes to a certain German pharma company who brought you Thalidomide:


The lovely folks at Insys:


Believe there was a fraudulent implant thing a bit ago... Where'd I put that?


Someone beat me to Dieselgate.

Arthur Anderson LLP.

PG&E deliberately skimped on maintenance, leading to fires in California, and if I recall natural gas lines overpressuring in Massachusets?


Excuse me, the natural gas one was Columbia Gas.

Big Tobacco...

Nestle I think getting caught using child labor in their supply chain at one point.


Oh what else can I think of off the top of my head? Uhhh...

That's all I can think of for right now. I mean we can hit the history books or case law to get a solid count I suppose, but to be frank, once a company hits a certain revenue point, it is pretty much guaranteed they've had to do something to get dirty/avoid getting outed as dirty.

So it really isn't that unusual. Throw in stuff that happened back before the rise of the Unions of the last century, and since their decline, and you also end up with so.e decent stories of workforce abuse. Though admittedly there's slant depending on who is telling it.

Like the Pinkertons as a matter of fact.


Or the original incarnation of Equifax, who were tasked with vetting prospective executive promotees.

Just because it'sorganized doesn't mean it's doing anyone any favors.

Several dozen companies doing bad things, compared with the hundreds of thousands of companies operating in the United States.

I stand by my statement -- it is rare.

Rare, that you ever hear about it.

I know of a case of fraud in oil well lease payouts, someone was stealing a small from a large number of leases and had been doing so for years.

A company auditor caught it. Did they go to the police? No. They paid the guy to leave the company and never talk about it again. The guy might have stolen hundreds of thousands in the process, but the company knew they'd lose millions, just from clients demanding audits going decades back. It was easier and cheaper to cover up and never mention again.

Much like typical crimes, only a subsection of company malpractice comes into public view. There's a few major scandals per year from the largest and most publicly known companies.

The very least we can say is that company malpractice is more common than it appears, unless 100% of it is reported on.

You misunderstand. That is just what I keep in my head and have been accurately tracking and commiting to remembering in the last 5 or so years.

As has been mentioned as well is that governmental/regulatory apparata are typically starved of funding, so must limit their investigation/scrutiny to likely the most obvious cases.

Furthermore, if you've just entered into white collar circles these last few years, you may have been surprised at a tendency to not write things down. This isn't just people not realizing it is a good idea to do so, but a conscious decision in many cases due to eDiscovery, and the effects it has on provability in a court of law.

Pay attention on HN, and you'll get little snippets of other cases of "tribal skeletons" every now and again.

Anyway, by all means, I'm not necessarily arguing against your point; merely stating that given the sample size, and keeping in mind that regulators/the media can only dig up so much muck given limited manpower; it is not prudent to assume there isn't wrongdoing where no one has looked yet. I used to hold the same view you espouse; then I started A)cataloging things and B) noticed how often settlements seem to be applied with no admission of wrong doing.

Absence of evidence does not imply evidence of the non-existence thereof. You just haven't found it yet.

Can't believe I forgot about Wells Fargo, btw. That whole mess.


ISP's have been known to falsify their Form 477 data fabricating coverage stats, and overcharging customers:



There's plenty more where that came from with every ISP to be honest.

FTC keeps stats on all enforcement actions apparently. Might be a decent place to start looking to get some solid numbers.


Mind that that's only the ones. I assume CFPB and other commissions have similar, but do keep in mind they can't be everywhere or investigate everyone. So without stats on how many actions are dropped by prosecutorial/investigator's discretion, it is actually difficult to make really solid claims as to the actual frequency of malfeasance. Further, from my social circle's anecdata, it seems to be a safe bet that just about every organization at least has something in the the way of "muck they've cleaned up after" without getting authorities involved.

Anyway... I've rambled enough.

I used to think a lot more like you and then Dieselgate[0] happened.

[0] https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal

as sibling comment author mentioned, look at dieselgate. it was huge conspiracy against emissikns regulations and they did it relatively well for multiple years. and it’s not like it’s simple hack in software. this solution required manufacturing additional special purpoce devices, adjusting assembly line, engineering and so on. definitely it must have some design stages, testing, actual implementaion done.

main thing here is that in big corps you can divide big (evil) task into smaller steps which could be defined as non-evil in isolation, and nobody in actual implementation people crowd would understand big picture.

> breaking into a Walmart with a ski mask and assault rifle and stealing a bunch of blu rays vs recording

I'm ready to watch that movie

For me it's not at a similar level.

For one, banks are far more regulated than Amazon is. If governments funded departments with 10s or 100s of thousands of employees monitoring and regulating cloud computing services, then it might be similar.

But the most significant difference is that if the bank seizes my money, I'll know about it pretty quickly and can respond. If Amazon sniffs through my commercial data, I'm unlikely to ever know. Most people are far more tempted to do wrong if they know if the chances of getting caught are miniscule.

Banks mightn't seize your money. They certainly take the data from your bank accounts and monetize/resell it. This is a dirty secret, and pervasive.

How else do you think "closed-loop" measurement of marketing effectiveness, and retargeting based on purchase behavior are done? How else do you think suppliers can pull a D&B report on your company showing your bank account balances?

Banks definitely seize your money. When I was a young teenager my parents encouraged me to put my lawn mowing money in a bank account. I had a total of $100.00! We went over to Bank of America and I opened up an account and deposited my hard earned cash. A month or two later I tried to withdraw some cash and was told I had no money. My full $100.00 had been consumed by insufficient balance fees.

A valuable if painful lesson to learn. I still do all my personal banking with a credit union and consider my relationship with banks to be adversarial. They only own my debt, never my cash.

> A month or two later I tried to withdraw some cash and was told I had no money. My full $100.00 had been consumed by insufficient balance fees.

Is that an exaggeration? It amounts to $100 or $50 a month in "low balance fee"!

All the banks I've looked at had a fee under $10.

I think it may have been more than a couple of months, IIRC the fee was $20.00. This was a very long time ago.

This is like saying Amazon seizes your money because you have to pay for their monthly service fees you agreed to when signing up for the service.

Actually it's not _that_ uncommon for guards to be involved into the business of braking in into high profit buildings. At least in countries with partially undermined police/law systems. Which sadly applies to most countries of the world even first world countries where people normally don't think about it.

Or your commercial landlord to not send the cleaning staff to rummage around in your filing cabinets. Which, while it could happen, is something that people don't really seem to get concerned about.

I have been chastised for not locking my desk for this exact concern. It does happen

Don’t let anyone chastise you for this. Most desk locks are easy to pick. Also, there are like 3 keys to have on your keychain to open like 80% of all manufactured locks like the ones in furniture. Deviant Ulam, a pen tester, gives a lot of talks on this topic.

I pick my battles, I’m not going to complain about a policy unless I think it could really hurt people. If I complained about everything i think is dumb, I’d never be able to keep a job, because most of it seems dumb to me.

So true, so often.

No the reason for these types of structures is simply to prevent passive leaks of information which is a far more common occurrence. Any large business is frequently visited by vendors and agencies who also work with others in the industry.

Similarly, if you're presenting externally, it's a good idea to close open applications that are not relevant to prevent info leaks from Alt-Tabbing.

Actually having a competitor pay someone to come into your office to pick locks etc. is rare, comes with criminal liability and is easily detectable on security cameras.

Most "crimes" of this sort would be stopped by simply locking the drawer. Nobody believes that a simple desk lock would keep out a determined attacker.

Not really wrong, actually. A friend picked a desk lock for another when they left their charger in there.

> This is a similar level of trust that you give to banks not to seize your money, or to your bodyguard not to do you physical harm.

That's not true. I surely don't trust banks, but at least they're regulated to the point that they have to come up with some legal pretense for seizing my funds. A bodyguard is ostensibly a person who I've incentivized more than the competition to not harm me, and who I probably form a relationship with over time. None of these things are true of Amazon.

> Stealing data from a customer paying for hosting would be _very_ different, and much more scandalous, than identifying trends on a competitive marketplace and taking advantage of them by launching competing products.

What part of using data that you have on your competitors but they don't have on you, to sell competing products on a platform where you don't have to pay fees but they do, sounds like a competitive marketplace?

I don't disagree with any of what you've said. I just think that many people are ignorant of that being the case with Amazon, Facebook, Google, etc because they assume 'Well Technology must have solved that'.

Then again, compared to the average bear, maybe I'm unusually circumspect when it comes to all of those things.

Technology alone cannot solve the use of technology to promote interests of parties in a zero sum game.

The promise of homomorphic encryption is to allow cloud computing without giving your data away.

Without giving what data away, exactly?

If for example I'm fully on amazon AWS for everything, DNS/DB/Web then no matter how encrypted your data is Amazon still has a very good idea of the effectiveness of your campaign. You can't hide the number of DNS queries. You can't hide the number of TCP SYNs. Hell, there is just a huge amount of things that encryption does not cover up, especially involving time for particular transactions to occur.

Don’t be obtuse. Observing some encrypted traffic going in and out gives away some info, but it’s nothing like the email addresses, addresses, names, and order history of all of your customers.

Amazon, if they wanted, could read stats from Netflix’s database about which movies drive the most engagement and use that to determine what to license for Prime video.

It’s the difference between root on the server and capturing encrypted packets on a network.

>This is a similar level of trust that you give to banks not to seize your money

How many PayPal horror stories have there been?

Bad analogy, I can tell when the bank seizes my money.

How about snooping the traffic through a load balancer service managed by AWS? That's exactly 'identifying trends on a competitive marketplace and taking advantage of them by launching competing product', except that instead of looking at sales data of products on your shelves, you look at URL access patterns for sites hosted on your platform.

For about half a billion they will build you an aws on site(s) you control: https://cloudcheckr.com/cloud-security/understanding-aws-gov...

If AWS used Intel SGX, then it would be possible for them to offer VMs that ran inside of a secure enclave that AWS could not peer into as long as Intel didn't give them a backdoor.

(Well, it seems like SGX is insecure right now with all of the CPU vulnerabilities, but in principle it may be fixed in a future generation and be well-suited for this.)

The fact that you wouldn't have to trust your host specifically could have a real decentralizing effect for cloud hosting: people would be able to run stuff on any cloud host without needing to trust them much. If you just wanted compute power and didn't care about strong uptime/connectivity, you could even safely rent cheap VMs on computers of random individuals.

SGX has no syscalls. You cannot run VMs or any regular application in SGX.

AMD SEV, on the other hand, is exactly that.

> To do any useful computation on your data (read, what you're using all AWS for) they have to have 100% visibility into your data.

This is true, but it doesn't have to be this way [1].

[1] https://en.wikipedia.org/wiki/Homomorphic_encryption

I'm aware, but thanks for posting nevertheless. I've actually read Gentry's thesis. Last I looked into FHE though it was something like 14 times to 100 times as inefficient (either in time or space depending on the scheme) as operating on unencrypted data.

Now things may have changed since then, but I'd imagine it's not yet gotten down to 1.X inefficiency multiplier regardless of the FHE scheme you're using.

That would increase their computation costs by a fair bit, it would be more expensive to run the same amount of computation on their cloud using fully homomorphic encryption, even without taking the engineering costs on your side into account.

Which is why a company operating cloud computing should just do that and nothing else. (And a company producing phones should also just do that and not start competing on the app marked. etc.)

Well it's a b2b business and YOU could vote with your wallet to take your business elsewhere.

As an aside, Amazon competitors like Walmart typically require their suppliers to host data on a platform other than AWS if they want access.

Except huge tech companies are incentivized to vertically integrate into selling their extra datacenter capacity. From there it's just an economies of scale game that a pure cloud company will have difficulty keeping up with (not saying it's impossible).

It is things like this that will make people lose trust on Amazon. If they start reading data, it is bye-bye AWS for Amazon.

Throwaway account for obvious reasons.

In the past, AWS has used the data from third party hosted services on AWS to build a similar service and in fact start poaching their customers.

Source: I used to be at AWS and know the PM & his manager who built a service this way. I was hired on that team.

As for talking to journalists, I didn't leave with any ill will and don't want to complicate my life. I personally know a friend who got involved with journalists... his past employer came to know about it, sued him... and he became almost unemployable in the valley.

Edit: fixed a typo

> ... his past employer came to know about it, sued him... and he became almost unemployable in the valley.

You might have a family to protect. A home to maintain, etc. I understand. It's scary. But the world doesn't and cannot change for the better if we let corporations bully us into silence. The world will and does change when brave individuals, with the support of society, stand up and blow the whistle.

Lol exactly what support will you be providing? Will you contribute to paying this person's salary for the next 10 years? I wish people would quit with the empty platitudes and the rhetoric.

Your comment reminds me of the kind seen from Russian bots. Everything about what you said matches the algos I've seen. Very interesting.

But yes, I would be happy to contribute to a support fund to support such individuals.

lol yea right now people that call you out on your meaningless blather are russian bots haha

>But yes, I would be happy to contribute to a support fund to support such individuals.

cool you can start by donating to absolutely any charity in need right now.

You should consider going to Project Veritas. They stand by their sources. Maybe it's not as likely to be published if you don't have video footage to back up your story, i don't know... but still it's worth trying. I understand wanting to play it safe though...

Have you ever been tempted to tell people (journalists, government) about it? If not, are there any particular reasons?

Cynical curiosity: did the services they poached from have such abysmal UX/DX or is that an Amazon touch?

They poached because it was a lucrative business. AWS’ sales pitch was that their service was so much better integrated with the underlying infra. Also, they priced out the competition and offered generous discount for bundling with additional AWS services.

Funny (or sad)... I described those very tactics in When AWS, Azure, or GCP Become the Competition: https://www.gkogan.co/blog/big-cloud/

This amazes me it's so much easier at that scale to deal with 6-10 boxes vs all the crap that comes with AWS. Don't want to deal with managing them there are companies that will do it for you and you will have an actual on call people that are accountable to you. Unless you are doing 6+ figures a month in AWS spend have fun trying to have same level of service.

I’m a big believer in use cases that fit on-prem solutions like that. But you’re dreaming if you think a 6-10 box operation is going to come close to the same service levels as AWS, and if you want to replicate the developer experiences that you can achieve on AWS, you’re going to have to devote a lot of resource to it. Whether scaling works well on-prem depends entirely on your scaling requirements. If you have bursty loads, or sudden increases in utilization, then scaling is going to be painful, because it will require hardware procurement, which is a slow process. There’s situations where it makes sense, but there’s way more factors than you’re considering in this comment, and you’ve completely misrepresented what the trade offs are.

I am not only not dreaming I've being running workloads like that for a long time. Both in cloud and colo. If it's my money sanity or ass on the line colo is my strong pref. I def. do not want to replicate developer experience of AWS in Colo as AWS has s ton more moving pieces which are black boxes and have arbitrary limits. Scaling is a disingenuous point for most e-commerce apps as you generally have RDBMS that do not scale horizontally so cloud or no cloud your bottleneck is the same. The price point at which say Spanner would outperform a cluster of RDBMS on high end boxes is way south of 100K/month and no of the shelf e-commerce software would support it anyway.

Say you completely ignore scaling. The two things you simply cannot replicate at that scale are redundancy and operational resource. AWS has their entire operations team working at all hours of the day and night supporting their infrastructure. They also offer some of the most highly redundant services in the world. There is simply no way you could ever dream of replicating those service levels with such a small operation, and if you were to even attempt it, it would require an absurd level of over provisioning. As I said, you’re completely misrepresenting what the actual trade offs are, and there’s no possible way your claims about replicating AWS service levels is even remotely plausible.

> AWS has their entire operations team working at all hours of the day and night supporting their infrastructure. They also offer some of the most highly redundant services in the world.

And yet, a couple times a year perhaps, we have discussions right here on HN about the latest AWS outage that took down half the Internet.

No group is infallible. If I thought about a world where cloud providers didn't exist (AWS or otherwise), where every company had to build and maintain all of their infrastructure themselves, and had to make a guess, I'd wager the combined occurrences of issues around availability, durability, etc. would far outpace what we have had.

That's not even considering the potential impact to software development and innovation that we get with commodity cloud services. This is hand-wavy of course but I'd stick to it.

AWS haven’t had a major incident since 2017. Their last one before that was in 2015. If you’re not counting managed services, it was 2014.

2018 May 31 Outage no ?

You mean the incident where a small percentage of EC2 instances were unavailable for 30 minutes in a single AZ in US East 1? I see your definition of major incident is pretty loose. I remember that incident. I had services running there. It was so minor that my auto-scaling picked it up and my service impact was nothing.

AWS has amazing marketing the truth of the matter is AWS Region has worse downtime than a single top tier DC. Mainly due to nightmarish complexity of their control layer. They had outages that lasted many hours in a row multiple times. You need to carefully separate marketing claims from operational reality and actual track record. When US East has major issues there is not enough spare capacity to spin up everything that was running there in other regions.

with high availability you don’t wait for an outage to spin up new resources, at that point it’s too late. it’s by definition not highly available and if you build infrastructure this way then you can’t blame AWS for an outage

So you have say 3 Region deployment are you saying that you are running 50% more instances than you need in 2 regions that are not US East to make sure you will have capacity when US East goes down :) ? I somehow seriously doubt that.

so you’re suggesting entire regions go down at once or one of the AZs? An entire region doesn’t go down. So again, you are not building for high availability.

US East as a whole went down several times plus a number of incidents when S3 or other critical services went down for the whole region.

i don’t remember seeing us-east go down in its entirely. show me supporting evidence or this is FUD. multiple DCs physically separated, different flood planes make up a region. it’s not easy to down an entire region. the biggest event they had, the S3 one you’re talking about, effected only 2 AZs and didn’t allow new EC2 instances to start and iirc some EC2 instances failed as well. this is a far cry from the entirely of us-east having an outage.

Amazon has some of the best uptime in the world, especially for basic services like EC2, even if you’re only considering the least reliable regions like US East. Their last major event was in 2017. There are few providers in the world that can compete with them in that respect, and there’s nothing that you or I or anybody else could build with 6-10 servers that could come close. If you were planning to try exceed their service levels yourself, there is no conceivable use case where a small to medium sized company could justify the requisite expenses to provide the redundancy and operational coverage necessary. What you are actually talking about is that you can meet your own needs without AWS, which is entirely plausible, but completely different from the absurd claims that you can build a low budget infrastructure that exceeds their service levels. That claim is so ridiculous, you might as well be saying that you can make a car faster than Toyota can, or that you can run a two minute mile.

Our AWS monthly spend is deep 7 figures over the last 10 years our colo projects had better uptime than AWS US East. You keep living in the marketing bubble for AWS.

I would love to see some data here. What service outages? What’s your infrastructure like? What’s your DCs uptime?

There’s a few confounding factors to address before you get to the believability of the claims (which are remarkably dubious). For starters they’ve only spoken about the AWS region which is least reliable by design (as it is the first to receive new features), and they’re talking about a 10 year time span (AWS in 2010 was much less reliable than it is today). It’s also not really clear what they’re talking about when they say AWS. If it’s just the core features you’d need to forklift an on-prem service into the cloud, then the claims are especially frivolous, but the SLA difference between EC2 and AWS Ground Station is more than an order of magnitude.

Even if their claims are true (which I certainly don’t believe they are), you’d be more likely to get better uptime than EC2 with a small on-prem setup through dumb luck rather than through deliberate planning. Something still has to go wrong for you to have an outage, and you’re more likely to get an incredible lucky streak than you are to outperform their entire AWS infrastructure capability with a few people and half a rack of servers.

Are you from AWS marketing :) ? AWS SLA is meaningless as there are no meaningful penalties.

AWS outages you can google details

2011 April 21 Outage

2011 August 8 Outage

2012 June 29 Service disruption

2012 October 22 Outage

2012 December 24 Outage

2013 September 13 Outage

2014 November 26 Service disruption

2015 September 20 Outage

2016 June 5 Outage

2017 February 28 Outage

2018 March 2 Service degradation

2018 May 31 Outage

There’s a terrible amount more information you’re missing here. What services were you using that went down? (not what services went down, how were you affected) What is your availability for your DC? it seems you’re being light in the details and perhaps there’s a reason why.

The CDN will be fronting most of the load, behind that 10 decently specced servers running sanely architected code can scale to millions, if not tens of millions of requests per second.

Drop the servers in HA sets of 2-3 nodes across 3-4 regions, anycast your service endpoint from each cluster. The hardest thing to replicate without AWS is the 6-7 figure bills.

What you’re describing is “good enough service levels for what I need” not “the same level of service as AWS” (or a superior level, as the parent comment implied).

If some sanely architected code was all you needed, then you’d expect at least other cloud/IaaS providers to be able to match AWS service levels. Which they can’t, and which some little software shop most certainly cannot either.

Look at actual downtime of US East over the years.

So what do you do when you are featured on CNN or whatever and you need to scale up massively in a matter of minutes? Do you just let all those sales go?

I genuinely want to understand the point you are presumably making here, but I’m honestly having a tough time with understanding what it is.

"If you use their boxes, they own your data. Don't use their boxes."

Its my understanding a some of the large bricks and mortar retailers also stray away from hosting on AWS for these same reasons.

I think that’s less about being afraid that Amazon will steal their data, and more that they don’t want to give any money to an entity already steamrolling them

Some are legitimately afraid that AWS will deprive them of the ability to scale during peak times, like holiday shopping seasons. I've heard claims of this happening to more than one retailer.

Personally, I wonder if that isn't an emergent property of a lot of people trying to scale at once.

Walmart won't even allow their suppliers to use AWS.

Home Depot refuses to use AWS and partners with Azure for this reason.

Home Depot uses GCP.

That's absolutely not the same thing lol. What Amazon did is unethical. What you are describing is illegal.

I'm honesty curious what crime this would be. If I rent time on someone else's server, and they look at what I'm doing on that server, what illegal thing has happened?

Seems like a pretty clear violation of https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act.

I'm not so sure about that.

AWS terms do not assign their customers any rights to any physical computer. And the AWS customer agreement gives Amazon the authority to access your data for certain purposes.

I'm not sure I've ever heard of anyone prosecuted under the CFAA for accessing a computer that they physically own and physically control. AWS is a service, not a computer rental.


> We will not access or use Your Content except as necessary to maintain or provide the Service Offerings, or as necessary to comply with the law or a binding order of a governmental body.

The CFAA uses wording like "exceeds authorized access", which Amazon would absolutely be guilty of if they went into your database to spy on your product listings.

If they could go after Aaron Swartz for using authorized access in an unauthorized way, it seems likely it could be applied here.

"One reason we could charge the price we did for the service is that we were treating the data we had access to as an investment. Thus the data we accessed was done so to ensure the service could be maintained."

Would a judge accept that argument? From me? No. From the lawyers Amazon can afford? I wouldn't be comfortable betting either way.

A reminder that the legal system is designed to serve the wealthy, and few are wealthier than Amazon. It's not absolute, but the little guy isn't going to walk away with Bezo's fortune in damages.

The CFAA doesn't protect "content", though. It protects "protected computers".

In this case, Amazon fully owns, possesses, and operates the "protected computer".

You'd have to successfully argue that Amazon fraudulently accessed their own computer. It might be possible, but I'm guessing it'd be a first.

The difference in Aaron's case is huge: he didn't own the computers that hosted JSTOR.

The Amazon employee accessing the data would be "exceeding authorized access".

> The difference in Aaron's case is huge: he didn't own the computers that hosted JSTOR.

His access was authorized, though. They still threw CFAA at him.

"exceeding authorized access" is not enough to violate the CFAA.

You have to "exceed authorized access to a protected computer"

The CFAA is not a data protection law. It is a computer protection law.


> In practice, any ordinary computer has come under the jurisdiction of the law, including cellphones, due to the interstate nature of most Internet communication.

Sure. The question I am alluding to is: can someone defraud their own computer?

Maybe it is possible, but the consequences to answering 'yes' to this is pretty scary.

If I buy my spouse a phone, and secretly bug it, I'm still violating wiretap laws, even if it's technically mine.

If I'm renting an apartment, my landlord can't install a camera in the bathroom, even if they're the owner of the building.

Ownership doesn't change the fact that the law says "exceeds authorized access". Amazon agrees to only access the computer I'm renting from them in very specific scenarios. If they violate that, it looks like a pretty clear CFAA violation.

Neither of your two examples have anything to do with the CFAA.

> Amazon agrees to only access the computer I'm renting from them in very specific scenarios.

AWS provides compute services, they do not rent computers. They make this clear in their terms.

> Neither of your two examples have anything to do with the CFAA.

They demonstrate that legal ownership is not the same as the legal right to do whatever you want with what you own.

> AWS provides compute services, they do not rent computers. They make this clear in their terms.

Good luck hoodwinking a judge with that argument.

Okay, you think you rent AWS servers?

Which one do you rent?

Where is your rental agreement?

When did you first take possession?

Huh, WTF?! Your FBI used to railroad random kiddies for messing around with poorly programmed dynamic pages and now you’re arguing there’s nothing wrong if a hosting provider trespasses and mines your private property?!

The rules the FBI/DoJ applies to kids on irc are not the same rules the FBI/DoJ applies to multibilliondollar infrastructure companies and/or trusted military defense contractors (Amazon is both).

Equal protection or application of computer crime law (perhaps, any law) in the USA is a fiction. It would be practically illegal to invent and run a web spider today, for instance, if they didn’t already exist as a concept. (France recently decided this was true for news link aggregation; Google must pay the newspapers for reproducing their headlines. I’m glad hosted RSS readers aren’t outlawed so far, but under these sorts of restrictive legal interpretations you could see how they might be. Google doing AMP, of course, gets a free pass.)

If you don’t believe me about the web spider thing, try making a complete download of Twitter for the purpose of making a tweet search index and see if you get to continue owning your house. (My theory is that Clearview is allowed to do it for Instagram because they’re using the database to provide services to law enforcement/military, so those groups want it to continue to exist free of prosecution.)

Bummer that actively collaborating with violent types like pigs and military seems to be the only way to avoid jail if you want to build large novel data systems with interesting public datasets today. This sort of freedom to experiment with new/neat algorithms over published documents got us Google; today these same companies will get you raided if you dare download/index their data. (Facebook’s idea famously started out scraping public yearbook photos. Try scraping Facebook now.)

one small counterpoint: https://www.eff.org/deeplinks/2019/09/victory-ruling-hiq-v-l...

RIP aaronsw

Amazon owns the computer and grants you limited rights to use it, in exchange for the money you pay them. It's basically the opposite of a script kiddie hacking into someone else's web server.

Now, indiscriminate access to your content might violate whatever commitments Amazon made to you in their terms of service; I have not read them for a long time and can't remember what the language is specifically. But that would not be a matter for the FBI.

I read the parent comment as less of an argument against it than a question of which laws do we have in place to prevent it.

This could fall under Unlawful Access to Computers.

Assuming that the information would be behind at least a password entrance that a user had setup, Amazon breaking through that would be considered illegal unless they had a court order or something. They can peer into metadata that your machine creates but I think looking at private information on a server that they lease out would be illegal. Maybe I'm just hopeful?

Why do you feel its unethical?

I love B&H, we planned family holidays from the UK specifically around buying from this shop. When the $/£ exchange was healthier we got some real bargains!

Couldn't they use Azure?

Of course there are other reasons to use physical servers.

At the very least, they own your IP traffic. From there, every single value-add service you use gives them an opportunity to eavesdrop your data. Take, for example, https://aws.amazon.com/elasticloadbalancing. All of the sudden your URL traffic is 'fair' game.

Hold up one second. Is this something that they're actually open to doing? Surely part of their ToS isn't about stealing data on their physical infrastructure to enable other aspects of their business. Right? Has any data centre ever done this?

Imagine if amazon has as much ad presence as google or fb. If they're able to identify you as a business of interest and identify your key employees you're pretty much f'd unless they have adblockers and even that might not be enough

Christ, this thought is terrifying. If any company would be this shady it would be Amazon, and they have the greatest market share. And other commenters here make it sound like it's not even clearly illegal.

The one point of solace is that there's a lot of competition out there for web hosting.

I know the B&H execs too. All Hasidic Jews, super nice, smart people. They had a big contract with some software I wrote ages ago.

It’s just as likely one of your own administrators could steal it and sell it to a competitor. A lot of espionage is inside jobs.

Wonder if they are on Microsoft's Azure now?

Just did a tracert to their website. After hitting b-h-photo-v.ear1.newark1.level3.net it goes through a couple routers on an IP block they own before hitting their IP.

Safe to say they are not on Azure.

Sounds like this head of IT isn't very good at his job if he can't explain the difference between EC2 access, databases, and web requests over TLS

There are ways that you can use AWS that Amazon would have no way to access any of your data even if they wanted to.

They have 100% hypervisor access. To give them zero knowledge, you need full homomorphic encryption which is impractical at this point (and likely for a while).

You may trust them not to abuse hypervisor access, but they still have network “meta” data - it could tell them how many transactions clear against credit processors (though not the actual amounts if encrypted), a good idea general distribution of page views With respect to time and user ip (though not the exact pages), times of day, demographics of users (Geo locations and ISPs, for example)

If you don’t trust them not to peek at what they can, don’t use them. He is perfectly right.

There are other cloud providers who aren’t competing with B&H and would be a better choice. But amazon is a direct competitor to B&H, even if they do have an IT barrier - they cross subsidize; any $ paid to Amazon helps it against B&H.

Even if homomorphic encryption was practical, you would need hardware to decrypt that would have to be either on the cloud oron premise.

If any decryption of your data occurs on AWS hardware (i.e. if your software in AWS has access to your unencrypted data), then wouldn't AWS also have access to it if they wanted? Even with encrypted volumes, etc, the decrypted data is present in memory, AWS controls the box with the memory in it.

Yep, this is how computers work. Not saying this to be snarky, just... it's surprising how many people don't know this. And when I say 'people' I mean 'Professional Software Engineers with Years of Experience in the Industry'

> There are ways that you can use AWS that Amazon would have no way to access any of your data even if they wanted to.

Is it worth the extra effort and moving already functional servers to do so?

> There are ways that you can use AWS that Amazon would have no way to access any of your data even if they wanted to.

Please explain, as I'd like to know how.

This is the exact reason why Shopify grew rapidly. Sellers knew they needed a platform where they own the data and could abstract the operations outside of Amazon seller dashboard.

People also forget that Amazon doesn't have to pay to advertise its own products, but 3rd party sellers do. This immediately puts you at a disadvantage if you want your product at the top since you pay seller commission and advertising fees to Amazon. Next time you want to buy something from Amazon, I would encourage you to find the seller's website directly or find them on eBay. eBay charges less seller fees and is not in the business of selling products directly.

With Shopify you don't pay ~20% sales commission to Amazon per se, but you sure as heck will end up paying for that if not more to Facebook.

Where by FB has no direct incentive, yet. It could be a FB Marketplace PM team someone has already copied Shopify outright and is just waiting for the right time to roll that out to all FB user worldwide.

With Amazon Marketplace the strategy has always been to convert customers off that platform into your own.

Most top listings in most niches/categories are priced for break even inclusive of the multitudes of keyword PPC campaigns they're running with the hope that you leave a review and that you actually pay attention to the little postcard that comes inside the package asking you to register your email address.

Both games suck tbh.

I think Shopify should experiment with a centralized market place where stores can opt in. If you opt in, your store items are listed in a central location searchable in at single point, just like Amazon. Your item listing in the central market place merely directs you to YOUR branded store, allowing you to check out, and see your other products. That solves a huge problem of visibility that Amazon has mastered.

The reason they don't do this is a legal one. As a platform, they are not liable for what their sellers sell (copyright/trademark/counterfeit), but as a marketplace they would have deeper liability. A central marketplace also gives brands the ability to search through all Shopify stores, basically giving them a search engine to find infringement.

How do I know this? 10 years in ecommerce with a different ecomm platform.

That's exactly what Amazon has succeeded with: Owning the marketplace, but without any of the liabilities you mention...

They tested this at one point. I thought about it before launching weebly’s eCommerce. Sellers number one concern is sales.

I’m not sure it would be easy. Large hosting platforms like GoDaddy, Wix or Squarespace could try this too, but it puts you inherently at odds with your own customers.

If I pay you to host my site where I sell my products, but you index me into the central sales portal in a bad way, I’ll be pissed. Kind of like restaurants on Seamless.

It comes off as deep rent seeking - instead of helping me succeed, which is the real mission of most of these types of companies, you’re creating an artificially scarce resource (visibility within your central sales index) where now I have to pay you an arbitrary tax just to compete.

Immediately makes customers want to leave.

But I propose it as opt-in. If you don't want in, you aren't. It would also be entirely free, Shopify makes money on the transactions, so there are no ads but they have incentive to make you visible. I don't see how this is a negative in any way for anyone. Your store still exists in its own container, and the portal is just to drive sales to you by increasing your visibility. You could theoretically carry on your business as if this never existed within Shopify. It is basically just a giant search engine that only works across the Shopify network. If Shopify won't do it, I am near willing to bet this business model is eventually put together by someone. Wordpress.com kind of does it...but it's only with content and they don't make money on transactions. They key is that there are no ads, it's a pure search engine, the money is made from the new transaction/hosting.

GoDaddy, Wix and Squarespace couldn't really afford to do it because they aren't e-commerce focused.

> It would also be entirely free

This can’t be true, since no matter how you create the central sales channel, some sellers will get preferential treatment in terms of screen placement, appearance in search results, etc. Shopify could not pay the costs of operating and advertising that central channel unless the most successful businesses are placed more prominently and lead to higher conversions of some kind (sellers converting, leading to less churn or more subscribers, etc.). But every Shopify customer will want that - so who gets it? If you do nothing and “the rich get richer” and there’s no way for an outsider to break into the better display rankings of the sales channel, you’ll just alienate customers and see a huge drop in new subscribers. This is often a big problem for ecommerce companies that facilitate online sales portals like Amazon, eBay, Etsy, and even more niche things like Shutterstock.

You either “democratically” allow customers to pay for placement in your central product index, or you force customers to pay via lost business and lost opportunity, which they’ll be embittered by. But there’s no such thing as a “free” way to centrally index across all hosted subscribers.

> “GoDaddy, Wix and Squarespace couldn't really afford to do it because they aren't e-commerce focused.”

I think you are very unfamiliar with the hosting industry. All three of those businesses make the strong majority of revenue from subscribers of ecommerce plans and all three have huge platform offerings and nationwide advertising campaigns targeted specifically at ecommerce customers.

All three of them practically only exist (in terms of revenue) because they are a good hosting option for small businesses that sell online.

It's a very slippery slope. The portal is gonna cost money to create, and have a lot of brand value in itself. How could you ever trust that they were never gonna start charging for the portal? Or leaning on you to list in the portal.

Nah, it'll just end up being 100 copies of Alibaba postings. 90% of Shopify is BS, just dropshippers copy pasting images and texts over.

Shopify already has sales channels that users can tap into like Amazon and eBay. If they themselves build a marketplace, I'm sure those channels will opt out.

Another advantage to eBay and independent shops is that shipping is typically much faster than Amazon since the pandemic has caused Amazon’s shipping times to explode.

Facebook and Instagram do have their own checkout and are testing it

It's linked to Catalog Manager, which is a third class citizen in the FB ecosystem that they're shoehorning into being a second class. It's similar to Facebook Messenger taking Facebook Page and trying to upgrade its citizenry within the ecosystem and proclaiming it to be chatbots. That in 3 yrs flamed out and no one speaks of it anymore.

Marketplace team can do more if they can build a second class product from the get go.

Does amazon allow seller sites to have lower prices?

Just sell a "variant"

In my limited experience Amazon UK's prices are lower than the seller's/manufacturer's own website. I always check, it's always been significant when I've checked.

You could sell a variant or have a constant recycled set of promos

Not afaik.

They do... Dr. Squatch soap is one such example

Per Amazon's policy - no, the seller can not have lower prices on their own website than on Amazon. In practice, for now, it is not enforced (at least in my experience).


most obvious alibaba or aliexpress goods on Amazon can be bought cheaper from one of the other places, and if it's a weird item (like a bicycle hub motor) it'll generally be from the same merchant group.

usually the copy/paste pictures and description are a good giveaway.

> Next time you want to buy something from Amazon, I would encourage you to find the seller's website directly or find them on eBay. eBay charges less seller fees and is not in the business of selling products directly.

Last time I bought an item off eBay, it arrived shipped via Amazon Prime. Pretty sure the seller just bought it off Amazon and shipped it to my house... it was a weird turn of events.

It wasn't a branded item, just a third-party battery replacement for a cordless phone, but still.

This is a common arbitrage tactic. Seller carries no inventory, lists multiple products on eBay for slightly higher than the Amazon price, and buys/ships from Amazon if anyone buys the eBay listing.

This happened to me, payed $110 for a ski jacket, get an amazon box and lookup the price on amazon - $80. I had to applaud the eBay seller for their hustle..

It’s a money laundering thing too.

There was a story in my area a few years ago where people had some sort of scheme to convert Amazon gift cards into cash via EBay.

I stumbled across an anonymous payment processor that accepts all kinds of shady business, like online casinos and escorts. They accept payment via gift cards to Amazon and elsewhere. Maybe this is how they convert that into cash. I was puzzled about how that would work.

This arbitrage is also good for the buyer, if they don't have an Amazon Prime account.

Sellers use Amazon FBA (Fulfilled By Amazon). Their inventory sits with Amazon and irrespective of platform where transaction happened, Amazon ships it in their own box.

The term you are looking for is “Multi Channel Fulfillment”

Re-read the first sentence -- very carefully -- of the comment you replied to.

This happened to me when we de-Amazoned, even from direct website purchases. Lots of them use Amazon for fulfillment even if they sell directly.

Amazon does have to pay. It is an opportunity cost to them.

Sure, another seller could take their spot and they are potentially losing that ad money, but with their strategy, they can price out anyone since they don't pay seller commissions either.

It's not as if seller commissions are purely an invented cost. They charge them because it's not a free service they provide, even for themselves.

shopify is collecting a lot of data for all web interactions in their customer's websites. What it does with this info, is anyone's guess. There was a pretty explosive article a few days ago in HN.

Shopify may not be amazon yet, but it is certainly learning to be that way.

I suggest you research the topic of "transfer pricing".

So many comments about, "doesn't everyone know they do this?", and "everyone does this!"

I say there should be an explicit difference between "running a platform", and "selling on a platform", and never should the two meet. By "platform" here, and in the context of selling stuff online or IRL, I mainly mean that the store should never compete with their suppliers ... it's madness and unethical. If everyone can get a piece of the pie, it makes for a healthier ecosystem. We should want the rising tide to lift more than one boat.

And yes, I believe this should be regulated at the policy level.

This of course has implications for other forms of "platforms", such as operating systems, APIs, and clouds; but I'll leave those discussions for another time ;)

The major question I don’t have a good answer to is, “Why is this different than brick and mortar store brands like Safeway signature?”

Surely a part of is is placement, but Safeway could put own brand ketchup at the same level (and I think sometimes does) as Heinz and still wouldn’t sell the same volume.

Amazon is clearly getting a big advantage here, I’m just curious about what the underlying dynamics are that allow them to be so much more successful in their context than it seems store brands are in other contexts.

The difference is that Safeway does not have any other sellers on their shelves. Safeway buys inventory at wholesale and sells it at retail. Everything that is sold in Safeway was intentionally selected by Safeway to be there.

If you see a product on a Safeway shelf, the company that makes that product already got paid--by Safeway. If Safeway puts a generic ibuprofen bottle next to a bottle of Advil, that's fine with Advil because Advil already got paid! Safeway is assuming the risk that those bottles of Advil might not sell because everyone buys the generic.

Amazon is different--they sell things themselves, but they also offer to run a logistics platform for other folks selling things. Folks who use this platform believe (are led to believe) that they are going to direct to consumers, NOT selling wholesale to Amazon. Amazon purports to be a neutral infrastructure provider, like UPS or Verizon.

Now, you can say that these folks are naive for believing Amazon about their neutrality, but it is what Amazon said! Many of these companies would never have used Amazon for logistics in the first place if Amazon had said "we are going to use all your data to copy your products and go direct-to-consumer ourselves with our copies, including placing them above yours in search results." Who would take that deal?

I don't see as big of a distinction between Safeway and Amazon. The demand for pain medication is relatively constant, so if sales of Safeway's generic ibuprofen increase it will come at the expense of Advil because Safeway will start buying fewer units. The harm is one step removed but is still there.

I think a better argument would be the scale of the data collected by Amazon vs physical stores. But on the other hand, Safeway has an online store where they can collect the same information and if they are anything like Walmart then they also already have startlingly detailed insight into the supply chains and logistics of their suppliers that surely rivals what Amazon sees if you use their warehousing service.

I don't think it makes sense to draw a clear distinction between Amazon generics and Safeway/Walmart generics. It seems like a fuzzy line at best.

Maybe. One distinction I want to argue is placement: Amazon always places the Amazon Choice options at the top of the search and product listings. They also always include them in the "Popular, Editor's Picks, Highest Rated, etc." box that appears in the middle of most pages on the site. This would be like you walking into Safeway for a bag of sugar, and as soon as you turn down the aisle, there's an employee telling you everyone buys the Safeway brand Sugar or an advertisement with three boxes showing Safeway's as the Most Popular option, and two others next to it.

Where this gets real distinct is in delivery: Amazon is currently purging its warehouses of stock from thousands of vendors so it can keep stock of Amazon-brand and big box brand alternatives to those same products. (See: https://www.bloomberg.com/news/articles/2019-05-28/amazon-is...) So, the Safeway equivalent of this would be you going down the sugar aisle and finding exactly 1 or 2 bags of competing brands with a note that says, "Hurry! Almost out!", and each bag has 10lb. anchor attached to it. But there's 100 bags of Safeway sugar, and there's a line of employees offering to carry it through the store for you do you don't hurt your terribly sore shoulders...

How would you feel if a Safeway associate slapped a tracking device on you when you walked in the door, and then didn't tell you they were recording everything you thought while you were working your way through the store? That's how Amazon.com works. Oh, and if Safeway could just look at your other recent thoughts and know you fapped about 20 minutes before you walked in the door? That's also Amazon.

Another issue. At Safeway, Heinz ketchup is the real deal. No duplicates.

Amazon, on the other hand, has allowed duplicates, cheap reproductions and false reviews to proliferate. Now the only way you are assured a product is what it says is if it is an amazon brand.

Advil may very well be paying for the privilege of being on that shelf. See "slotting fees."

That's actually not true at all the shelf space at grocery store are often paid for by the name brands. "Slotting fees" etc. Often if the product doesn't sell Safeway returns it to get the money back.

https://www.npr.org/transcripts/718711109 https://www.vox.com/2016/11/22/13707022/grocery-store-slotti...

> If you see a product on a Safeway shelf, the company that makes that product already got paid--by Safeway.

This is not necessarily true. It's typical to not be paid for anywhere between 30 and 90 days. Additionally, some deals are more complex and depend on actual purchase volume.

I think getting paid and getting a fairly solid commitment to be paid at some point in the future are equivalent for this argument.

I have wondered the same thing every time this question comes up. It seems the difference is that the companies that put products in grocery stores are very large companies that spend a huge amount on marketing themselves (e.g. P&G, General Mills). So, the "house brand" is less recognizable to consumers and sells at a discount to the known brand that is often a larger company than the grocery chain. The grocery stores need the name brands because shoppers come looking for them (and Safeway gets the benefit of all the marketing they do). In Amazon's case, they are serving as a distribution channel for many, many small brands, none of which are known as well as Amazon (whereas Kellogg's cereal is better known than Safeway). That changes the power dynamic in favor of Amazon.

I had a friend who worked at a milk factory. They took their 2% organic milk and piped it into cartons with different labels: brand names as well as store brands, off to be sold at various price points.

To his company it didn't matter at the end of the day if people bought the brand name or the store brand, it was all the same stuff.

I think you’re totally right. In addition/corollary, it seems a lot of the things Amazon Basics sells are basically commodities. If you have a million iPad stands, eh, just buy the amazon basics one, it’s probably not crap and the reviews look good. I need my stand, my USB adapter, my cable, my whatever to just, “do the job”, there’s not a whole lot of performance differential within the category beyond works/doesn’t work. If there’s a strong quality differentiator in the product I think they’d do less well and I bet their data scientists have answered that question one way or the other.

This also points to a hidden advantage Amazon has which is totally unethical. Namely, Amazon is perfectly willing to sell counterfeit name-brand goods, and presumably this doesn't extend to their own Amazon Basics products.

I don't think this singlehandedly explains why Amazon is so unwilling to do anything about their huge counterfeit problem, but it's suspicious that the dilemma resolves in their favor.

It's because they don't have liability for it because they act as a platform. Whereas with Amazon Basics, they risk their brand.

Maybe store brands should also be banned.

We allowed this vertical integration in retail when maybe we shouldn’t. Yeah it shaves some costs, but is probably having a huge effect on supplier diversity and margins. If we’re revisiting the consumer welfare above all doctrine, this seems fair to revisit as well.

The vast majority of the "store brands" are made by the same companies who make the usual branded stuff. In many cases, it's the exact same product in a different wrapper or container, made on the same production line by the same company and the same staff. Sometimes to differentiate the product, it might have subtly different ingredients, or be of slightly lower quality to differentiate it from a "premium" product but still within the quality spec of the original product (for products which are binned or have batches of varying quality, or where there's variability e.g. biscuits which cook differently at different places on the conveyor).

I used to work in a big brewery where we made supermarket branded beers. It was the same product in a different can. Actually, the exact same can, with a custom paint job. It was one of the more generic beers, rather than one with a taste associated with one of the well-known premium brands, but there was zero compromise on quality there. What was packaged for the supermarkets was 100% identical to beers with our own company name on it.

It's only the cheapest of the cheap "value" stuff which has been significantly cost reduced and has compromised quality. That's stuff like pastry with a higher water content in place of fats, or substituted ingredients such as palm oil in place of butter etc. In these cases you're paying less, but obviously getting less product for your money. That's its own specialised segment. These are often made by different companies with their own separate supply chains, and possibly living by a different set of ethics... There clearly seems to be a market for this type of thing, but given the reduced nutritional quality and taste, it's not necessarily providing a genuine cost saving.

Does it mean that the brand of Amazon is better than the likes of Safeway or Target who sell their own products to compete with more name brand ones? Or it could also be that the brands on Amazon such as the top voted comment here might be smaller brands without enough name recognition to gain the attention of a buyer.

Such a difficult thing to regulate. The instant you stop Amazon from selling on its own platform, they will open a subsidiary Amazon Retail, which is a favored customer on their platform. Whatever new regulation you can come up with, there will be armies of corporate lawyers ready to satisfy your requirements while still capturing that audience who is ready (and wants) to be captured by a platform-branded generic option.

This seems a bit defeatist. We've successfully regulated against vertical integration in the past.

Yeah, just take a look at the financial sector. Your typical big investment bank has insider knowledge of a sizable percentage of the companies in the economy and separately, makes tons of trades. The two businesses are kept separate, no information exchanges between the two groups, no winks and nudges. If they get it wrong, they could go to jail.

If it is possible to create a so-called firewall [0] within banks to avoid unfair advantage via insider trading, it is possible to create a firewall between the platform and seller divisions withing Amazon for a similar effect.

[0] https://www.investopedia.com/terms/f/firewall.asp

Do you believe that investment banks actually respect the principle of a level playing field? Given the widespread fraud revealed during the 2008 financial crisis, I find that a more plausible scenario is the banks pay lip service to the idea of a level playing field and make a show of instituting a firewall, but in practice the firewall leaks information like a sieve, which the banks ruthlessly exploit for profits. The bigger the bank, the more clients they have, hence the more information they have, hence the higher the chance for insider trading and big profits.

And yet we let politicians who have knowledge and even control over markets have direct investments.

If a firewall can be implemented, fine, but I don’t see any great loss if we were to restrict the growth of a trillion-dollar company.

Would this apply to physical platforms as well? E.g. Walmart and Target who also do similar things with similar data


> And yes, I believe this should be regulated at the policy level.

But why? Nobody is forcing you to use AWS, there in fact heaps of similar services around which at first glance don't share have said problem.

Because "consumer choice" isn't a practical and full response to corporate abuse of power. Regulation is complete - if it's a well written regulation it works.

"Nobody is forcing you" misses the point.

Amazon has a dominant position in the marketplace and it is leveraging it in a blatantly anti-competitive manner. As a country we have consistently decided that smaller and decentralized is better - there is no compelling reason to allow Amazon to keep borging small businesses.

This is a ban against vertical integration no? There are real efficiencies (apples entire premise) from owning and running the whole stack top to bottom.

It'd be a ban of any mixture of vertical integrating with not vertically integrating. Which in turn makes it tough to transition (either direction) between the two.

So, Apple would be allowed to vertically integrate and make the chips, hardware, operating system, and applications for their products. But they'd have to stop selling Belkin chargers alongside Apple chargers at apple.com, and the iOS app store would have to contain either only Apple apps and no third-party ones or vice versa.

Mind explaining how this is a better situation?

It fixes a power imbalance that allows for the platforms to take advantage of their customers. A platform becoming dominant is insidious because it takes away the "choice" ... if you want to do business, you will probably have to engage with them, but as we see here, Amazon is taking advantage of the fact that they own the platform by taking their customers' (the sellers) data, and using it for themselves to put their customers out of business.

Elizabeth Warren's plan does just this by designating such companies as “platform utilities”: https://medium.com/@teamwarren/heres-how-we-can-break-up-big...

I agree a diverse marketplace is a healthy one, and that requires intervention since clearly the initial rules are not enough. Some like to pretend that free markets are only negatively impacted by regulation, and only positively impacted by its participants.

So, force all retail stores to divest their house brands, which they have been selling without complaint as long as I’ve been alive?

Those are different. Explained elsewhere in the thread: https://news.ycombinator.com/item?id=22961009

That seems like a distinction without a difference. Yes, Safeway owns inventory of branded merchandise that's on their shelves, but in modern retail, they probably don't own more than a couple of weeks of inventory. And, in modern retail, it's highly likely that branded vendors (like Coke and Pepsi) have very complex relationships with retailers that include co-op fees for marketing, premiums paid for end-cap placement and special displays, and bonuses for hitting certain volumes.


App stores are the same thing since most companies with app stores have their own apps. They can decide when the right time is to build their own version of something that's popular and promote it in their app store.

Microsoft was trying to do this and it led to antitrust cases. The browser wars ended with windows forced open to multiple default browsers.

So no private label products from Walmart, Target, Kroger, or CVS?

Those are different. Explained elsewhere in the thread: https://news.ycombinator.com/item?id=22961009

ideally, no

> I say there should be an explicit difference between "running a platform", and "selling on a platform", and never should the two meet.

Its a free market, you can do what you want as long as costumers like it. Valve makes its own games and the platform. There are other example where this is true.

Should SpaceX not be allowed to launch Starlink. Falcon 9 is a platform, and Starlink is selling the product that you get threw this platform. Maybe not a perfect example, but one could equally make a argument about that as well.

All of these things are pretty artificial opinion based market restrictions, and everybody want to create different rules based on different was to evaluate this question for every market business and so on.

So you would make totally different choices about what is a platform and what isn't. If my company has a product and then opens up the underlying API, is my product now illegal?

For me this is all nonsense, why not just have both the suppliers, consumers and everybody else involved make choices based on what they think is best. Why do you know better of how to define these terms and what evidence is there that when you force a separation it is better at 'raising all boats'. There is no evidence to prove that in the majority of cases.

In the example of Steam they lost many games because suppliers didn't want to deal with them. Microsoft SQL now runs on Linux because people didn't want to us Windows. In all of those cases, costumers and suppliers are perfectly capable at making those decisions for themselves and then the company has to make choice how adjust to this situation.

Why any of this is bad, is totally unclear to me.

Its easy to say 'see this one bad example' and the ignore a huge amount of efficiency gained by vertical integration. The idea that we have bureaucrats to have control over every single vertical integration decision by every company is pretty insane dream to me.

This reminds me of 'Indian Socialism' where you had to fill out a application for every market each company wanted to get into and the of course super smart regulator would then make sore that the 'correct' amount of companies were in each market. Of course as always there was tons of regulatory capture and corruption to say who got a permit and who didn't. Witch is basically the same pickle you want to get into, just with 100x more detailed determination about ever companies internal structure as well. A recipe for disaster if you ask me.

The idea of enlightned regulator who for each choice of each company on each level can figure if that decision is correct for 'the global population' is a total fantasy. Neither can they do it, nor would their intensives to do it actually be for the good of 'the global population'.

Nah, the way Amazon runs right now is pretty beneficial to me as a consumer. Having access to Amazon stuff and third party stuff in one place is nice.

I saw this happening a decade ago, but I had no real proof.

I had a profitable Amazon store in 2010. I found niche products that Amazon didn't sell. As soon as I started getting traction on any one product, Amazon would start undercutting me, and my sales would drop to almost zero over the course of a couple of weeks.

I had near 100% feedback and I had a single customer complaint that I sold them the wrong product. Within a few minutes of me receiving this claim, my account was suspended. I had no chance to rectify the situation.

No amount of calling or emailing Amazon could get me in front of someone that could help me. All responses were an automated rejection.

This was a rough time for me as it was my only form of income and Amazon held almost $30,000 of my money for 3 months. I ended up having to close my business and move on, though I did eventually get all of my money back.

I've built multiple successful businesses since then and Amazon has recently had many business reps try to get me to sign up with a business account, because we purchase lots of items on Amazon/month. I always try to get them to re-investigate my old seller account and our email correspondence stops shortly after this. It's crazy to me that after 10 years and in a completely different industry, I still can't open a seller account.

It taught me a valuable lesson not to build my entire business on someone else's platform.

It only gives them more control over you and they will most likely use your customers, data, and more resources to out-compete you, if you get too big. Twitter has also done this to their app developers.

My wife runs a small business on Etsy and it's just as bad. They make random code changes, which bumps listings up or down and you suddenly have no orders for weeks at a time.

What's even scarier is if a handful of companies run everything we use online. Will I suddenly not be able to get a home loan for a decade because of an account closure?

> It taught me a valuable lesson not to build my entire business on someone else's platform.

This sounds eerily similar to what happened to a close friend of mine, and that's 100% the right takeaway from the situation.

> My wife runs a small business on Etsy and it's just as bad. They make random code changes, which bumps listings up or down and you suddenly have no orders for weeks at a time.

Same as above, different friend, but again Etsy.

> What's even scarier is if a handful of companies run everything we use online. Will I suddenly not be able to get a home loan for a decade because of an account closure?

And that's why I'm in favor of strong individual privacy laws, and corresponding enforcement of said laws. Because 'I've got nothing to hide' only works so long as your values/goals are in line with everyone else in the system you're operating in.

The second that changes, good luck and godspeed.

Thanks for the great read, and... I dunno just validating your view of things.

>> I'm in favor of strong individual privacy laws

I support such laws too, but I wouldn't expect them to really change this. I think what we're seeing is more of a monopoly problem than anything else, even if violating privacy is a part of how they pull it off.

It's very hard to prove that a company that does, in theory, have access to data is not storing it or looking at it. Even accidentally. I just finished explaining all this to someone who freaked out about a Facebook post they saw about how Facebook was starting to collect information about everything you do off-Facebook. I had them show me what they meant, and it appears to just be every app that integrates with Facebook comments or allows Facebook sign-in as an option, etc.

The problem is one Facebook naturally got because of it's success: everyone has good reasons to want to work within their ecosystem. So they get tons of data on everyone. You can inconvenience yourself and refuse to ever visit a service that might share data with Facebook. But honestly: who's going to find that practical and do it? And if Facebook ignores the setting and "accidentally" captures all this data, and I suspect they're misusing it, how do I really get an investigation and more than a slap on the wrist for them?

It's messy to be a platform that provides a service and a consumer of that service that competes with your other consumers. At a previous job of mine we made a conscious decision not to do that for fear it would hurt our core business to ruin relationships with our customers. The problem here is Amazon just doesn't fear that. And I can't say they should. But the root problem seems to me to be more of a monopoly problem than a privacy problem.

The American idea used to include anti-monopoly rules. Granted Amazon is not a monopoly, but the idea was to keep businesses small (and govt small) so no single superior entity would reign abusively on individuals. And that would make the federation stronger.

Maybe it’s time to revive it. Google, Apple, Amazon, all cause issues because they are too big and haven’t been broken up (or menaces of) for way too long.

We’ve scratched antitrust laws in 9/11, when Microsoft was recognized guilty but never sanctioned, because the domination of USA after 9/11 was important. But maybe that led to two decades of really huge corporations, and a bit more liquidity in the market (choice of platforms, etc) could be nice.

This is a legislative/governmental issue not a technical one. In jurisdictions where privacy and anticompetitive laws are enforced (EU) regulators have the ability to regulate with fines of real consequence which is not the case in the US. It does not always lead to perfect outcomes but it does give greater protection to most people.

The 'I got nothing to hide' is when discussing law enforcement surveilence? It is funny how fear of the "police state" is more or less irrelevant now vs early 2000s and private companies are the main problem. It is hard to predict the future.

Yeah that may have not been the correct phrase to turn there. I guess in this context it's more about personal ownership of data. Which at this point in time, is 100% trust based with Amazon and 0% tech based.

I don't think that's something people, even many very technologically knowledgeable people, are aware of.

I had a few bad experiences with Amazon.

1st I got an item from a fraudulent 3rd party shipper. Did not get my money back and amazon claimed they don't know his identity

2nd Packet got stolen. Amazon claimed based on statistical analysis this packet is assumed to have reached me. Delivered to "mailbox". Paid with CC, made a charge back, closed my account.

You know what is a pretty good competitor? eBay. As a business it may be terrible, but as a market place it is quite good.

> You know what is a pretty good competitor?

Competitor on what vector? Speaking from a US-centric viewpoint here, but my thoughts;

* Distribution & Warehousing - Walmart & Costco

* Sales & Advertising - Google & Facebook

A few notable online storefronts that are independent and I use frequently are B&H Photovideo and Newegg. Realistically though the options I listed above are the only companies I see having the scale to compete with Amazon at anything, and even then they're an order of magnitude behind. Just my opinion, again very US-centric.

Yes, sorry, I meant from a buyer perspective.

As a side node: I am actually thinking of buying a tiny bankrupt travel equipment company. Friends advised against it because of "Amazon essentials". I would not sell on Amazon but it is a strong argument.

Maybe someone has some words of wisdom regarding to this.

If you’re considering entering anything that depends on travel right now, you are much braver than me! Respect!

> bankrupt

What do they have that you want, or what do you think you're going to do differently?

Why did it go bankrupt?

If they claim it's only bankrupt because of COVID-19, then it must not have been very profitable (if at all) if they didn't have enough money to weather out at least 3 months. So I recommend not accepting that explanation.

They were "bankrupt" before. They just selling what is left of the stock.

I was always impressed by the quality of their products. It is a comparatively "old" company, they produce their stuff in Eastern Europe, not Asia.

Why they did not sell?

1. Their webpage looks like from the 90ies

2. No marketing. I think I can solve this, I also have contacts with some small travel agencies. I am sure they would be interested in some affiliate scheme.

3. Has also some niche products where I have contacts in the US (Military, dogs etc.)

Biggest problem is to convince the guy to either sell or take on partners.

How does one find bankrupt businesses to purchase?

Depends on the country. But why would you like to purchase one?

I asked this business if I can buy a stake before they filed for bankruptcy because I saw potential and value that I could bring to the company. I still do.

If a restaurant of bakery goes bankrupt I would not want it for free since I don't understand the business, nor can I bring value to the business.

eBay charges almost 10% for all goods sold, that's larceny.

Not only on goods, they even charge commission on shipping costs. With eroding seller protection and stupid changes to the UI, I guess one of the only reasons they still have vendors is their monopoly.

And have begun collecting sales tax which only shows up after you've legally committed to buying the item.

All on purpose, all user-hostile actions to take.

I don't see how this is legal,

Personally i don't think you should be able to run the market and compete in it at the same time.

People talk a lot about other companies but the one i'm most worried about for stamping out startups and holding the economy back is amazon.

> I don't see how this is legal, Personally i don't think you should be able to run the market and compete in it at the same time.

It may be, it may not be. I don't know, I am not a Lawyer nor do I play one on the internet.

What I do know is that to date no individual, or collective, has had the financial or political will to test any of this in court.

I suspect this is largely a positive feedback loop whereby any entity that has the financial or political capital to do so and stand a reasonable chance of winning has done the calculus and come to the conclusion that setting said legal precedent would do their own businesses more harm than it would net them in value from Amazon.

Until that changes, meet the new boss same as the old boss.

Any individual or collective which had the wherewithal could do the math and it will always be strongly in favor of working with Amazon rather than against it.

Old boss wasn't going anywhere until a new one came along that was big enough to crush at will.

There’s a step before them undercutting you, and that’s the margin squeeze.

I’ve seen it happen, repeatedly - also years ago. If you sold a high volume commodity on seller central, you’d see your commission go up, and up, and up, until you squeak - you either quit or you complain.

They now know exactly how much that line nets you, and whether it’s worth selling.

I recently (pre-COVID19) sold all my Amazon and replaced it with Apple due to these issues. I feel Apple Pay, and the fast followers, will drive shopping to more platforms than Amazon by reducing friction for customers of independent websites (supported by USPS, UPS, Fedex... which Amazon has decided not to compete with anymore). With the Amazon COVID19 shipping delays, I’ve established many new shopping relationships online, and I hope that is the experience for many others, changing the market. The CEO of Shopify gives great talks about the important of this, so I do support that platform at this point.

> It taught me a valuable lesson not to build my entire business on someone else's platform.

Lots of developers do this already with iOS and the App store.

Some people don't even have a choice. E.g. taxi drivers had their entire market turned into a platform. Same with restaurants and meal delivery.

It's pretty anti-competitive that a company can operate a marketplace and sell on the same marketplace. It would seem like an obvious law to enact.

It's one of those Schrodinger's laws that applies to companies like Amazon. They're either a marketplace or not depending on the complaint. Complain about shady sellers and fakes? They're a marketplace and not responsible! Complain about anti competitive practices? Well this is clearly the Amazon store, says so right on it, clearly not a marketplace!

Yes, Prime Minister used to call these irregular verbs. I compete, you steal, he or she colludes...

You know, at some point people will discover that "online market" is something important enough for governments to regulate.

I think this is just a special case of “online communication”. It’s illegal for the phone company to arbitrarily suspend your service for what (legal things) you say over the phone.

It’s legal for Twitter or Amazon or Etsy or Twitch or Discord or YouTube.

I recently got suspended by Twitter after using it daily for 12 years and in addition to not being able to send new tweets or DMs (or do data backup/takeout), I also can no longer see even the usernames (or the message history) of the people I was communicating with in DM. For many of them, that was my only contact info for them.

I am becoming increasingly convinced for the need to regulate arbitrary suspensions for communications platforms (including sales/business platforms, that’s just a special case of communication). The current emergency situation really woke me up to the huge dangers involved.

GP lost his business, which is sad and tragic and unfair. I envision that in disasters or emergencies, eventually someone is going to lose their life.

Imagine if the mobile phone or cable company could arbitrarily suspend your connectivity because you left bad reviews online about their service.

I recently did a deep dive on how these sorts of centralized, censorship systems pose an inherent and existential threat to safety and human rights in an emergency/pandemic/war that is non-obvious in peacetime: https://sneak.berlin/20200421/normalcy-bias/

It’s truly terrifying to me that these systems (among them Amazon, Discord, Twitter, YouTube, Facebook, Instagram) have final say, practically, over who gets to speak to whom in a lot of cases in society, or what is allowed to be said. These companies (and the government in their jurisdiction) are entirely unaccountable for this terrible censorship power they wield, and it is only a matter of when, not if, it will be horribly abused. TFA is just one important facet of this danger.

Can I see the laws that affect phone companies and free speech? That's an interesting observation, and does parallel Twitter/YouTube/etc, so I'd like to see the wording for it.

I think that the relevant laws are those related to the phone/cable companies being public utilities (and thus explicit, by-design, state-permitted monopolies or duopolies). They aren’t allowed to wiretap them (because communications privacy was a bigger deal to legislators pre-internet) and have to provide service to all comers (ostensibly in exchange for being a monopoly-by-design).

From my limited understanding, this regulation forcing them to offer service (as a utility) to 100% of the market is coordinated on a state-by-state basis by the public service/public utilities commission.


(Fun fact, I learned this at a young age because my dad ran a paging/voicemail service out of the basement of our single family, suburban residential home when I was about 10. We were the only house on the block with dozens of trunk lines coming into our little bungalow; but by law they had to do it if you ordered it. Try that today with internet access from a cable company, ha! It’s all but impossible due to TOS to run an internet business at a residential address now. Hosting for-profit services with the internet you pay for or reselling the service in any way means you get instantly unplugged.)

Sorry I don’t have a direct link to the all-comers bit of PUC/PSC regulation, but this should give you a starting point for research.

The not-allowed-to-tap-phones bit is a federal law:


It’s sort of insane how provider-wiretapped has been the all-encompassing default for almost all of the largest DM/1-to-1 communications systems in the world: SMS, WeChat, Facebook, VK, Instagram, Gmail. WhatsApp and iMessage are outliers in this regard. Almost all popular new entrants like Slack and Discord are provider-tapped, too.

This is a relatively recent development in our society’s relationship with electronic communications. Reading content by the provider used to be illegal as fuck.

Is life significantly better for retails selling through grocery or other retailers? What stops Safeway from one day selling a competing product under their store brand? And then they'd still be charging you for shelf placement.

Same happens to us but we split sales to Shopify. Any idea if Shopify does same? It seems their ambitions keeps growing, they started charging percentage of revenue instead of flat subscription.

I've had this thought as well, and certainly there seems to be nothing preventing them from going down that road. Though at least with Shopify, it's theoretically easier to move your website to another platform/service or just roll your own.

I'd say that you're basically at their mercy with regards to the charging a percentage of revenue though. I mean, that's how all card processors work.

By default I trust Shopify more than Amazon, and in both instances your business is essentially succeeding 'at their pleasure' so to speak. So I thought on it for a minute.

I think the main difference comes down to individuals in the business and culture. I'd elaborate more but I'm not sure I want to write that much speculative crap on the internet this morning, and I should get something productive done with my day.

EDIT: Also just realized, that if you look at my spending habits, they 100% imply I trust Amazon more than Shopify.

Get worried when they start owning the customer relationship (or trying to). Already low-key happening in payments.

No Shopify does not. Amazon and Shopify are very different 1

1) https://stratechery.com/2019/shopify-and-the-power-of-platfo...

Come to Shopify.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact