WingNews logo WingNews
top | item 23930183

(no title)

former-aws | 5 years ago

Cannot up vote this enough. During my time both at Retail and AWS it was perfectly normal to trawl production customer data and come up with ideas to launch competing products. Prices were always set lower or free offering justified as data-driven and customer obsession. I hated the gas lighting their customers and left in disgust of the company and its leadership which encourages that behavior.

discuss

order

munk-a|5 years ago

I know it's hard to do when you're making good money and would be going against co-workers.

But, if you see something, say something. This crap continues because there are too many folks that are happy to help support immoral business practices for some extra scratch. This isn't all on you in particular but when google folks started raising hell about Chinese censorship the company was forced to move. We all have the power to withdraw consent over how our labour will be used and, as software developers, we've got a strong enough employment market that we have real power to help make companies behave better - power that folks working in the warehouse are absolutely deprived of.

burtonator|5 years ago

I mean the problem is corruption begets corruption. They WANT do to these things because you're going to get a massive bonus when the product you 'invented' does well because you stole the idea from an Amazon customer.

Amazon needs to be properly taxed so that this crap doesn't happen anymore.

The idea that they shouldn't pay taxes simply because they're large should absolutely enrage everyone.

rckoepke|5 years ago

What types of AWS data would be trawled? Are we talking about data inside S3 buckets, database schemas, particular architecure styles, the fact that a product is consuming {x, y, z} amounts of cloud resources, or simply "spending $m / year" in gross?

redredrobot|5 years ago

I worked in an area where it is really hard to figure out exactly what workloads were being run and where it would have been extremely useful to know even basic things like CPU utilization patterns, network throughput patterns, etc for a specific customer.

We had access to absolutely none of that information. We flew blind, relying entirely on the fact that we gave our customers enough hand-holding support that they would willingly volunteer information about their workloads so we could help them optimize it/save money.

No one even attempted to get more detailed customer information AFAIK because it would have been extremely against company culture. That isn't Earning Trust or having Customer Obsession. The idea of reading data in someone's S3 bucket or inspecting what is happening inside of someone's EC2 instance in any way was unthinkable. Amazon is huge and imperfect, but from what I saw AWS takes data privacy extremely seriously.

whoisjuan|5 years ago

I can confidently tell you that Amazon's employees cannot see customers data inside S3 buckets or EC2 instances. They are extremely serious about that stuff since they know that will erode their customer's confidence.

But there's probably other superficial business data that's helpful to evaluate that.

bg24|5 years ago

Can speak for AWS. Only the later. Basically the usage information for cloud resources. This constitutes the foundation for billing. BTW, this is be true for any cloud, any SAAS.

There is no way an employee can look into customer data. There's enough trail inside AWS to prove that without any doubt.

ShroudedNight|5 years ago

Given how granular AWS billing data is, I would expect the odds to be fairly good that it alone is sufficient to make a good analysis for which third-party offerings are compelling markets. Then AWS takes their execution advantage, along with things like the lower friction that arises from first-party integration with IAM and billing, as well as not having to pay retail for the cloud resources, and it becomes very difficult to retain a moat unless you have a paradigm or perspective that is both critical to succeeding and is also incompatible with AWS culture.

kapilvt|5 years ago

aggregated api usage stats, api client headers is often enough to identify competitor products and their traction, and is non-sensitive, coupled with account id to customers.

httpsterio|5 years ago

Considering that OP created this account today and that they're admitting to what would be a felony and against Amazon's own privacy policy, I doubt this statement is true.

Even if the customer had a misconfigured S3 bucket that was exposed to the public, it would still constitute as accessing customer data you're not meant to see.

As other users have provided insight on, everything you do as an Amazon employee basically leaves a trail with your employee ID, even if you had access to private information (which you wouldn't basically because it's locked behind several layers of security). Fireable and sueable offense which Amazon would definitely not allow, let alone endorse.

swiftcoder|5 years ago

> everything you do as an Amazon employee basically leaves a trail with your employee ID

That might be true in retail, but it wasn't anywhere close to true in AWS. When I left most engineers still had SSH access to the production hosts (and a not-insignificant portion of operations relied on that fact).

tekknik|5 years ago

Definitely not defending parent here, but in this day in age many people create burner accounts specifically to avoid tying any statements back to them. It’s pretty acceptable practice to create burner accounts on HN. That said, I agree, I doubt any of these claims are true.

thoraway1010|5 years ago

This frankly doesn't match my experience and I have to say I find it unlikely.

Before going into our AWS production S3 buckets, looking at our databases for customer lists AWS seems to be pretty careful to get an OK.

Now we are being told that production customer data was normal to trawl? How in the HELL are they passing all their certs with all production data so wide open. I do customer managed keys - I mean, this is a HUGE backdoor.

Either Amazon is lying about AWS security (and has fooled a bunch of others) or routinely trawling AWS customer production workloads for data is a false statement.

starfallg|5 years ago

My understanding is that Customer Managed CMK in KMS only means that the customer has control over the key operations - like rotation, key policies, IAM policies, etc. AWS still has actual control over the KMS system and full access to the HSM.

flak48|5 years ago

I would assume the comment you're replying to means things like resource usage patterns and costs to estimate a client's profits for example. Rather than reading actual data from S3 or a database.

daiwaka|5 years ago

As I said to throwaway -- if you are of the mind to share, i am here to listen. my email is dai.wakabayashi@nytimes.com

neilk|5 years ago

Come on NYTimes! You can do better than email.

Don't ask someone to admit to felonies over email. Tech employers have a LOT of power to investigate their employees' digital behavior.

How about this instead: https://www.nytimes.com/tips

julianeon|5 years ago

I want to be careful here, as I respect that you worked at AWS (that is, most likely), while I never have, and don't know what goes inside the company.

But it would be helpful if you broke that down a little more than 'trawling customer data', because at the most innocuous, if they're just looking at what's publicly selling on Amazon, what goes into sales rank, that seems acceptable, to me anyway.

ajross|5 years ago

I think there's a difference there, though. Retail sales and reselling are parts of what most people broadly consider the "same industry". I mean, a small seller making a deal with Amazon to resell something that they know Amazon could sell on its own is at least always aware of the competition.

In this case, tech investing and online retailing are not the same industry. Amazon is using a dominance in one to fund the other, which then it uses to either drive valuations of potential competitors down or to simply outcompete them.

And that's a plausible antitrust problem.

I'm normally not in the Amazon haters camp. Most of the time I'll defend them against the typical charges of unfair competition. Not this time. This is sketchy.

caralombardo|5 years ago

Hi former-aws: I'm one of the reporters and would like to hear more about your experience. Mind sending me an email at cara.lombardo@wsj.com so we can connect?

neilk|5 years ago

caralombardo: Please don't ask people to admit to felonies over email. That goes double for any FAANG employee; their employers have many options to surveil them. Your employer has a page listing better options

https://www.wsj.com/tips

marta_morena_25|5 years ago

"perfectly normal to trawl production customer data"

It's not. And there are plenty of trainings inside of Amazon to make you aware of that. It is your fault, in the end, to not report your team. I have been on several teams at Amazon and this would always be an absolute no-go. It's already difficult to even get basic ideas about customer data, things that you would consider "essential" to improving the customer experience.

icelancer|5 years ago

>> It is your fault, in the end, to not report your team

Talk about all time gaslighting. It's the managers/directors job to ensure compliance, not normal employees.

b20000|5 years ago

[deleted]

rorykoehler|5 years ago

Didn't you anonymously tip off the customer?