I think in our current world you should expect your hashed password to leak online at some point. How it happens is irrelevant to most people, just expect that it eventually will leak out. Does that mean your account has been compromised? Not necessarily, or more precisely, not immediately.
The current news blurb is that a Russian hacker was able to pull a list of all of LinkedIn's SHA1 hashed passwords out of a magic hat and posted them onto the web. Usernames were not posted, so you can't really match a users credentials to get access to their profile. This might be a part of the leak that the hacker is holding onto, looking for a buyer, but nothing is certain. Examining the list I have identified a lot of the most common passwords such as, "password", "jesus123", "l1nk3d1n", and so forth. There were also a number of other hashes that I did not immediately recognize though.
Interestingly enough, the SHA1 hashing algorithm has been compromised in that with a beefy enough computer setup, you can reverse the hash in a manageable amount of time. Back in 2005, we are talking about 2^69 operations to find a collision, or a brute force match for a hash. With today's hardware and computer resources, this is not an unobtainable amount of computing power for large systems.
So why is LinkedIn using SHA1 for passwords? Ease of use would be my first guess. SHA1s are not too difficult to manage and compute for large systems and if someone did get a hold of a hashed password, they would still need some major computer power and time to get the original. They probably had a lot of trust in their security setup as well and didn't anticipate a leak of this caliber.
Either way, if you have a LinkedIn account, go change your password. Make it unique, and for the best security measure, use an auto generated pass that you can save in a password management program.
Interesting stats,
6_143_150 hashes listed
3_521_180 hashes listed with five prefixed zeros or presumed known passes
2_621_970 hashes listed without the five prefixed zeros or still unknown
Thursday, June 7, 2012
Tuesday, June 5, 2012
New Quantic Dream PS3 Game!
Quantic Dream happens to me be one of my absolute favorite digital story tellers so hearing that a new experience is on the horizon is giving me goose bumps. Unfortunately, their newly announced game, Beyond: Two Souls comes racing out of the Sony E3 press conference with a bit of a limp.
The game itself looks fantastic for this generation of hardware but it also comes across very similar to its predecessor, Heavy Rain. Drape on a Hollywood name as the main star and I can feel myself starting to cringe. Even though Quantic Dream's portfolio is lean, each iteration of a newly developed experience has come across as a leap in story telling and technology.
Take a look at the first release trailer for Beyond:Two Souls,
Here's a quick reminder of what Heavy Rain looked like as well.
No doubt both look fantastic. Hopefully as the release date gets closer, Q1 2013 which translates to Q2 2013, we can get some idea of what improvements and new ideas are being implemented.
I think a good first step will be to get their IT team together and fix Beyond's website, ops.
The game itself looks fantastic for this generation of hardware but it also comes across very similar to its predecessor, Heavy Rain. Drape on a Hollywood name as the main star and I can feel myself starting to cringe. Even though Quantic Dream's portfolio is lean, each iteration of a newly developed experience has come across as a leap in story telling and technology.
Take a look at the first release trailer for Beyond:Two Souls,
Here's a quick reminder of what Heavy Rain looked like as well.
No doubt both look fantastic. Hopefully as the release date gets closer, Q1 2013 which translates to Q2 2013, we can get some idea of what improvements and new ideas are being implemented.
I think a good first step will be to get their IT team together and fix Beyond's website, ops.
Monday, February 27, 2012
Can the PS Vita Repeat the Success of the Nintendo 3DS?
Gaming has become a mainstream past time, more so with the push of mobile gaming hitting iOS and Android devices. With the new Playstation Vita now dropping into users hands in the States, I find myself like many gamers asking the question, "Can the PS Vita make it in today's market?"
I own a PSP, Playstation 3, Nintendo DS, and iPhone 4, enjoying gaming on each in turn. Well, let me address that, I used to play games on the PSP and DS but I do very little traveling now and since that phone in my pocket is so convenient, they just doesn't get much thumb time anymore. I also carry my iPad with me since I use it heavily for reading and web browsing at home and on breaks during the day.
The first thing we can point at is the Nintendo 3DS with impressive sales of just over 16 million units to date. People are obviously interested in buying a mobile device! It took a slow start and an embarrassing price drop early in its life to get there, but you can't doubt it has become a worldwide hit. The PS Vita started strong in Japan, tampering off in the weeks following. The Sony consensus has been that since the PSP is still so popular in the far East, it's been slower to move this new system. How well it does in the states is still too early to know, but I'm sure developers will be keeping an eye out in the coming months.
Whose Selling Games?
So no matter how nice the hardware is for these portable systems, what exactly can we play on them? Like most Nintendo systems, first party titles lead the pack with numbers falling quickly from 3rd party developers.
Source: http://www.vgchartz.com
Out of the top eight titles sold on the 3DS, six are first party titles. Only one 3rd party title has broken the 1 million mark.
There hasn't been enough time to evaluate Vita game sales, but looking historically at the PSP, only three of the top eight games are from Sony. These include Daxter, Ratchet & Clank: Size Matters, and God of War: Chains of Olympus.
With these titles we now see the major difference in mobile gaming today. The Andriod Market and Apple App Store do not carry Nintendo titles. A number of titles on the PSP list have shown up for these mobile platforms, even original Playstation titles for Sony Andriod phones, in a number of different forms. You can't get a true conversion of the newest games like Dead Space on an iPhone, but you get something in the same universe that is pretty close to the feeling of the original.
Speaking of Metal Gear and Silent Hill on iOS, the names are attention getting, but the mobile version of these games are timid in comparison to focused handheld systems. Metal Gear on iOS is a touch game that has no stealth or any real classic MGS feeling. Dead Space came across well done, but still having a "mobile" feeling to it. Silent Hill is just horrid on the iPhone. The scariest part of that game is the fact that some people paid $8 when it was first released.
I own a PSP, Playstation 3, Nintendo DS, and iPhone 4, enjoying gaming on each in turn. Well, let me address that, I used to play games on the PSP and DS but I do very little traveling now and since that phone in my pocket is so convenient, they just doesn't get much thumb time anymore. I also carry my iPad with me since I use it heavily for reading and web browsing at home and on breaks during the day.
The first thing we can point at is the Nintendo 3DS with impressive sales of just over 16 million units to date. People are obviously interested in buying a mobile device! It took a slow start and an embarrassing price drop early in its life to get there, but you can't doubt it has become a worldwide hit. The PS Vita started strong in Japan, tampering off in the weeks following. The Sony consensus has been that since the PSP is still so popular in the far East, it's been slower to move this new system. How well it does in the states is still too early to know, but I'm sure developers will be keeping an eye out in the coming months.
Whose Selling Games?
So no matter how nice the hardware is for these portable systems, what exactly can we play on them? Like most Nintendo systems, first party titles lead the pack with numbers falling quickly from 3rd party developers.
Nintendo 3DS Games Sales Feb 2012
World Sales (Millions)
|
First Party?
|
|
Super Mario 3D Land
|
5.33
|
Yes
|
Mario Kart 7
|
4.80
|
Yes
|
Zelda: Ocarina of Time 3D
|
2.49
|
Yes
|
Nintendogs + Cats
|
2.11
|
Yes
|
Monster Hunter 3G
|
1.24
|
No
|
Pokemon Rumble Blast
|
0.74
|
Yes
|
PilotWings Resort
|
0.73
|
Yes
|
SSFIV:3D Edition
|
0.72
|
No
|
Out of the top eight titles sold on the 3DS, six are first party titles. Only one 3rd party title has broken the 1 million mark.
There hasn't been enough time to evaluate Vita game sales, but looking historically at the PSP, only three of the top eight games are from Sony. These include Daxter, Ratchet & Clank: Size Matters, and God of War: Chains of Olympus.
With these titles we now see the major difference in mobile gaming today. The Andriod Market and Apple App Store do not carry Nintendo titles. A number of titles on the PSP list have shown up for these mobile platforms, even original Playstation titles for Sony Andriod phones, in a number of different forms. You can't get a true conversion of the newest games like Dead Space on an iPhone, but you get something in the same universe that is pretty close to the feeling of the original.
For
the PS Vita to be a success, it will have to convince gamers that
Sony's version of games is worth their time and money. Even though there are games like Silent Hill, Dead Space, and Metal Gear
on most mobile systems, the one on the PS Vita will be the most
technology advanced and closest to console levels. Whether that means a better gaming experience, we
can't say one way or another until they are released. In contrast,
Nintendo could sell a Mario game to kids in the middle of Disney World,
replacing the world of mice with plumbers, in the blink of an eye.
Speaking of Metal Gear and Silent Hill on iOS, the names are attention getting, but the mobile version of these games are timid in comparison to focused handheld systems. Metal Gear on iOS is a touch game that has no stealth or any real classic MGS feeling. Dead Space came across well done, but still having a "mobile" feeling to it. Silent Hill is just horrid on the iPhone. The scariest part of that game is the fact that some people paid $8 when it was first released.
Thursday, January 12, 2012
Why Wired's CES Phone Articles Are the Least Exciting
Christina Bonnington wrote an article for Wired titled, "Why Windows Phones Are the Most Exciting Handsets at CES," that takes center stage on their homepage. I was chowing down on my spring roll lunch and huddled in for a good informed read. Instead I got a puzzled face asking myself why did I just waste my time with this garbage?
The article starts with the contradiction that Windows phones are the fire of the show even with years of evident failures. Interesting, let's keep reading. There's a quote from Ballmer that turns into the same PR drivel you would expect from any corporate drone. Then the article points out how these new Windows phones, specifically from Nokia, are no longer, "behind the times, specs-wise." How utterly banal.
Fantastic how going from mediocre to average is an achievement in the realm of Microsoft smart phones. One of the differentiating factors are upgraded cameras as high as 16 megapixels but rating cameras by megapixels alone has never been a real identifier of quality for the average user. No mention about the timing from turning on the phone to picture, HDR, filters, timers, or integration with a cloud system to share and save your images through multiple devices (hello Xbox 360).
The next item is how these phones support 4G speeds. Ok, that's kind of cool, if not totally unexpected since almost all phones will be 4G by the end of this year. Let's keep moving on through the sea of yawns.
Comparison to the current Android OS and Android 4.0, also known as Ice Cream Sandwich comes down to how Microsoft's OS is more locked down and allows for minimal customization to get a feeling of unity across devices. A nice differentiating factor from Android, but nothing new from an Apple standpoint.
So far I haven't read a single thing that makes me want a Nokia Microsoft phone, let alone read about one.
To finish it off, here's a direct quote from the article, "In most ways, Windows Phone is playing catch up. But for those of us who deal with smartphone news and technology on a daily basis, it’s exciting to see a new player enter the game in earnest. A major reason for that excitement is Microsoft’s and Nokia’s Windows Phone product synergy."
Yes, Windows phone is playing catch up. As someone who reads technology blogs and news information on a daily basis, no, I don't find it particularly exciting to read an article about a product that lists nothing new or interesting. From an average consumer standpoint, I think the article would be even more useless since there are no real talking points or clear symbols of uniqueness. I guess Wired just had to make some imaginary quota of CES articles for the day.
The article starts with the contradiction that Windows phones are the fire of the show even with years of evident failures. Interesting, let's keep reading. There's a quote from Ballmer that turns into the same PR drivel you would expect from any corporate drone. Then the article points out how these new Windows phones, specifically from Nokia, are no longer, "behind the times, specs-wise." How utterly banal.
Fantastic how going from mediocre to average is an achievement in the realm of Microsoft smart phones. One of the differentiating factors are upgraded cameras as high as 16 megapixels but rating cameras by megapixels alone has never been a real identifier of quality for the average user. No mention about the timing from turning on the phone to picture, HDR, filters, timers, or integration with a cloud system to share and save your images through multiple devices (hello Xbox 360).
The next item is how these phones support 4G speeds. Ok, that's kind of cool, if not totally unexpected since almost all phones will be 4G by the end of this year. Let's keep moving on through the sea of yawns.
Comparison to the current Android OS and Android 4.0, also known as Ice Cream Sandwich comes down to how Microsoft's OS is more locked down and allows for minimal customization to get a feeling of unity across devices. A nice differentiating factor from Android, but nothing new from an Apple standpoint.
So far I haven't read a single thing that makes me want a Nokia Microsoft phone, let alone read about one.
To finish it off, here's a direct quote from the article, "In most ways, Windows Phone is playing catch up. But for those of us who deal with smartphone news and technology on a daily basis, it’s exciting to see a new player enter the game in earnest. A major reason for that excitement is Microsoft’s and Nokia’s Windows Phone product synergy."
Yes, Windows phone is playing catch up. As someone who reads technology blogs and news information on a daily basis, no, I don't find it particularly exciting to read an article about a product that lists nothing new or interesting. From an average consumer standpoint, I think the article would be even more useless since there are no real talking points or clear symbols of uniqueness. I guess Wired just had to make some imaginary quota of CES articles for the day.
Friday, January 6, 2012
The laws of pirates
Look here: http://www.engadget.com/2012/01/05/warner-bros-pushing-movie-delays-from-28-to-56-days-for-netflix/
We see a potential announcement at CES that DVD/Blu-ray sales of Warner Bros titles to movie rental outlets like Netflix and Redbox could be delayed by 56 days, instead of the current 28.
If true, I would like to award Warner Bros with the bonehead award. I can imagine it now. Warner Bros business executives blindfolding each other in the boardroom. Take a quick line of cocaine, then throw darts at an invisible board of bad consumer decisions that screams in the latest intern's voice; the last intern mysteriously disappeared after the last game of drug darts.
I don't know if there is a law out there, but there should be. Not a law enacted from a local governing body, but an internet law if you will. It's simple. The harder you make it for consumers to acquire your product, the faster the good old skull and crossbones flag gets rung up the flag pole. In reality, I'm sure they've already thought it out and could care less about the pirates. A small percentage of consumers will be disgusted and turn to pirating movies which they can publicly complain about to justify their harsher clamp downs. The other consumers who really want the movie will go out and purchase it, offsetting the pirating costs, and lastly a minute number of customers will just stop making purchases.
It's business, and more importantly it's their business, and they can do what they want with it. It's also a clear example of a company that likes to sit on a throne and look down on the consumer, treating them like expendable surfs. It's only when you become truly interested in people who use your product that you really shine as an example of master creator and distributor. For now, they're just the master of maximizing profits over the ease of acquiring their movies.
Tuesday, December 13, 2011
Password Retrieval
I love tasty sandwiches, but I absolutely hate poor password management.
Which brings me to Jimmy John's website.
Do NOT store your credit card information on this website, and usually not on any website to be sure.
So what exactly has gotten me riled up? Password resetting. It's a direct tell of how a website stores your information. I had previously ordered a tasty sandwich online, but forgot my password. So I clicked the forgotten password button and my email dinged. Now comes the best part, the password was in plain text - it was readable just as if I had typed it into an office document. Good security management is when a company sends you an email with a link to reset your password. You can get even better with security questions, but we're just ordering a sandwich here!
This tells me that they are not using hashed passwords. Anyone who stores passwords in the clear like this, should be kicked back to web development 101.
What is a hash? Simply put, think of it as a math equation where you input some text or data, in this case a password, and then out comes a fixed length mix mash of alphanumeric characters. Theoritically, the hash itself should not be able to take you back to the original password; more on that a little later.
Amateur level
User enters a password onto a website -> Database on website stores password in plain text
At the amateur level, if anyone compromises the database, they have it all. Also, the website developers and pretty much everyone at the company, can easily read your password. Pathetic job at security here.
Intermediate Level
User enters a password onto a website -> Database on website stores password as a hash
Works well at this level, but a lot of improvement is needed. If this equation is done right, even if someone steals the hashed passwords, they still wouldn't know what your password is.
There's something very wrong with this level though. If someone is trying to discover your password to gain access, they will use a rainbow table. Think of this as a massive spreadsheet with every popular password and common combination of words and phrases. In the first column is the plain text, and in the next column is the hashed value using the most common hashing algorithms. Now if they find your password hash in the second column, they can simply match it up to your original password. You would be surprised how easily this will crack popular passwords even though it takes a lot of computer horse power to initially run and the hash hasn't been technically compromised.
Advanced Level
User enters a password onto a website -> Database on website adds random data to password and then stores it as a hash
All we need is a little bit salt. This isn't a tasty seasoning, it's a bit of subterfuge. You hash the password just like the intermediate level, but you don't just use the plain text a user enters into the website. You mix it with something unique, or a salt. One simple example is to prefix some random text to the password.
Now if someone tries to make a rainbow table to search for your password's hash, as long as the salt is secure, it's not going to happen. This of course isn't the only "salt" you can use, but it provides a good beginning example.
For instance if I compute the MD5 hash onto the text string "password", I get "5f4dcc3b5aa765d61d8327deb882cf99" (minus the quotes). Try doing a Google search with that hash. The "password" phrase comes right up. This being such a common password phrase and with no salt, all it takes is a simple search to discover the original password.
Dash on a little salt, let's say "5^Lt" so we now have, "5^Ltpassword" and we get,
"faf50047e2d20a2afd699cdeed7cacdd". Do a search for that and you get ... nothing!
To be truly effective, the salt should be a secret that only very few people know. Whenever someone wants to log in to a website, they type in a password phrase and then only the computer secretly applies the salt and verifies if it's correct.
So if someone is storing your password, the only piece of information that verifies your identity, as
"password"
compared to
"faf50047e2d20a2afd699cdeed7cacdd"
who are you going to trust with your credit card and personal information?
Jimmy John's can make a tasty lunch, but they get no confidence from me when dealing with personal information. From now on, I'll pay at the counter.
Some references,
Ruby Digest Standard Library
http://www.ruby-doc.org/stdlib-1.9.3/libdoc/digest/rdoc/Digest.html
Hash Functions in more depth
http://en.wikipedia.org/wiki/Cryptographic_hash_function
For the curious I'm using Ruby to compute md5 hashes.
require 'digest'
Digest::MD5.hexdigest("password")
=> "5f4dcc3b5aa765d61d8327deb882cf99"
Also of note, MD5 isn't the ideal hash function. It is possible to break with brute force and for added security, and complexity, most commercial websites are going to use the SHA-2 hash.
Which brings me to Jimmy John's website.
Do NOT store your credit card information on this website, and usually not on any website to be sure.
So what exactly has gotten me riled up? Password resetting. It's a direct tell of how a website stores your information. I had previously ordered a tasty sandwich online, but forgot my password. So I clicked the forgotten password button and my email dinged. Now comes the best part, the password was in plain text - it was readable just as if I had typed it into an office document. Good security management is when a company sends you an email with a link to reset your password. You can get even better with security questions, but we're just ordering a sandwich here!
This tells me that they are not using hashed passwords. Anyone who stores passwords in the clear like this, should be kicked back to web development 101.
What is a hash? Simply put, think of it as a math equation where you input some text or data, in this case a password, and then out comes a fixed length mix mash of alphanumeric characters. Theoritically, the hash itself should not be able to take you back to the original password; more on that a little later.
Amateur level
User enters a password onto a website -> Database on website stores password in plain text
At the amateur level, if anyone compromises the database, they have it all. Also, the website developers and pretty much everyone at the company, can easily read your password. Pathetic job at security here.
Intermediate Level
User enters a password onto a website -> Database on website stores password as a hash
Works well at this level, but a lot of improvement is needed. If this equation is done right, even if someone steals the hashed passwords, they still wouldn't know what your password is.
There's something very wrong with this level though. If someone is trying to discover your password to gain access, they will use a rainbow table. Think of this as a massive spreadsheet with every popular password and common combination of words and phrases. In the first column is the plain text, and in the next column is the hashed value using the most common hashing algorithms. Now if they find your password hash in the second column, they can simply match it up to your original password. You would be surprised how easily this will crack popular passwords even though it takes a lot of computer horse power to initially run and the hash hasn't been technically compromised.
Advanced Level
User enters a password onto a website -> Database on website adds random data to password and then stores it as a hash
All we need is a little bit salt. This isn't a tasty seasoning, it's a bit of subterfuge. You hash the password just like the intermediate level, but you don't just use the plain text a user enters into the website. You mix it with something unique, or a salt. One simple example is to prefix some random text to the password.
Now if someone tries to make a rainbow table to search for your password's hash, as long as the salt is secure, it's not going to happen. This of course isn't the only "salt" you can use, but it provides a good beginning example.
For instance if I compute the MD5 hash onto the text string "password", I get "5f4dcc3b5aa765d61d8327deb882cf99" (minus the quotes). Try doing a Google search with that hash. The "password" phrase comes right up. This being such a common password phrase and with no salt, all it takes is a simple search to discover the original password.
Dash on a little salt, let's say "5^Lt" so we now have, "5^Ltpassword" and we get,
"faf50047e2d20a2afd699cdeed7cacdd". Do a search for that and you get ... nothing!
To be truly effective, the salt should be a secret that only very few people know. Whenever someone wants to log in to a website, they type in a password phrase and then only the computer secretly applies the salt and verifies if it's correct.
So if someone is storing your password, the only piece of information that verifies your identity, as
"password"
compared to
"faf50047e2d20a2afd699cdeed7cacdd"
who are you going to trust with your credit card and personal information?
Jimmy John's can make a tasty lunch, but they get no confidence from me when dealing with personal information. From now on, I'll pay at the counter.
Some references,
Ruby Digest Standard Library
http://www.ruby-doc.org/stdlib-1.9.3/libdoc/digest/rdoc/Digest.html
Hash Functions in more depth
http://en.wikipedia.org/wiki/Cryptographic_hash_function
For the curious I'm using Ruby to compute md5 hashes.
require 'digest'
Digest::MD5.hexdigest("password")
=> "5f4dcc3b5aa765d61d8327deb882cf99"
Also of note, MD5 isn't the ideal hash function. It is possible to break with brute force and for added security, and complexity, most commercial websites are going to use the SHA-2 hash.
Monday, December 5, 2011
Search and Ship with Google
The Wall Street Journal recently ran a story about Google looking to compete with Amazon on quick shipping services. As a fan of Google's search algorithms and an Amazon prime customer, this is extremely interesting to me.
The first question I have is, who pays for shipping? With Amazon Prime, they get my $79 every year and on average it works out to be profitable up to around 16 items shipped. I average the cost about $5 per shipped item, less for blu-rays or more for bulky items, this comes to $80/5 or around 16 items. If you buy less than this within a year with Prime, Amazon thanks you for your continued donations for their services.
I doubt Google is going to move away from their ad supported model of revenue and their partners are not going to want to step up and eat the costs for a customer who is not yearly invested, like Amazon Prime, or even guaranteed to come back and purchase another item ever again. (This is similar to the current online coupon setup.) This makes it clear that Google will have to subsidize some of these shipping costs to get companies on board.
That's where this gets a little complicated. Let's say it's $1 for two day delivery of my new Gap sweater. Somehow this is missed and on the third day I get annoyed, but at who? If I contact Google, their going to point me at the Gap, and the Gap will either apologize and offer a credit, or blame some timing issue through Google. In other words, there's no single point of contact for the customer to focus on.
This is similar to my relationship with Android. I think it's a fantastic operating system and deserves heaps of praise. That is, when it comes directly from Google. As soon as you get some dubious distributors of Android who like to pack their phones with vulnerabilities and bloat ware, it takes a nose dive off the cliffs of quality. When Google works with other companies for fast shipping deals, it's once again entering into a pact that it doesn't have complete control over.
I think the Google quick ship can work, but it will not be close to the Amazon Prime level of integration and ease of use. Have you tried searching for a product through Google lately? For popular items like Black & Decker juicer or Uncharted 3, Amazon is always in one of those coveted top spots. Just getting past that for a new shipping service is going to be one heck of a battle.
Quick notes:
I don't have anything against the Gap. I own cloths from there and have usually been happy with my purchases. Also, as stated I am an Amazon Prime member and do a vast amount of my shopping through Amazon.com.
The first question I have is, who pays for shipping? With Amazon Prime, they get my $79 every year and on average it works out to be profitable up to around 16 items shipped. I average the cost about $5 per shipped item, less for blu-rays or more for bulky items, this comes to $80/5 or around 16 items. If you buy less than this within a year with Prime, Amazon thanks you for your continued donations for their services.
I doubt Google is going to move away from their ad supported model of revenue and their partners are not going to want to step up and eat the costs for a customer who is not yearly invested, like Amazon Prime, or even guaranteed to come back and purchase another item ever again. (This is similar to the current online coupon setup.) This makes it clear that Google will have to subsidize some of these shipping costs to get companies on board.
That's where this gets a little complicated. Let's say it's $1 for two day delivery of my new Gap sweater. Somehow this is missed and on the third day I get annoyed, but at who? If I contact Google, their going to point me at the Gap, and the Gap will either apologize and offer a credit, or blame some timing issue through Google. In other words, there's no single point of contact for the customer to focus on.
This is similar to my relationship with Android. I think it's a fantastic operating system and deserves heaps of praise. That is, when it comes directly from Google. As soon as you get some dubious distributors of Android who like to pack their phones with vulnerabilities and bloat ware, it takes a nose dive off the cliffs of quality. When Google works with other companies for fast shipping deals, it's once again entering into a pact that it doesn't have complete control over.
I think the Google quick ship can work, but it will not be close to the Amazon Prime level of integration and ease of use. Have you tried searching for a product through Google lately? For popular items like Black & Decker juicer or Uncharted 3, Amazon is always in one of those coveted top spots. Just getting past that for a new shipping service is going to be one heck of a battle.
Quick notes:
I don't have anything against the Gap. I own cloths from there and have usually been happy with my purchases. Also, as stated I am an Amazon Prime member and do a vast amount of my shopping through Amazon.com.
Subscribe to:
Posts (Atom)