Captive Emptor

Saturday, January 16th, ©2010 Marcus Brooks
Vanilla Flower (Wikipedia)

Vanilla Orchid (Wikipedia)

I bought some vanilla extract online the other day. When I went to check out, I got the increasingly common prompt asking me to create a password for my account. When I looked for the “skip the password nonsense and check me out” link, there wasn’t one. I was required to create a password account in order to buy the vanilla.

Think about this for a moment. I only wanted to buy some vanilla. (I also bought some Agave nectar, but those two things are all I got, and indeed all this website sells.) I bought a large amount, so the odds are very slim that I’ll need to buy again soon, unless this batch is no good. In either case there’s very little chance that I’ll ever return to the same place.

But I had to create a password. According to the website, this allows me to purchase again without re-entering my address and billing information. But I don’t ever want to go back there. And yet, there is my account, with access to my address and billing information. It’s password protected access, to be sure, but it’s out there, and for all I know it’ll be there forever.

I went ahead and created the password, but it worries me. So far this sort of thing has already happened to me, I don’t know, dozens of times? Hundreds?

At first I just used the same password everywhere. That’s a really bad idea. It means if the bad guys own you one place, they own you everywhere. So I’ve started creating different passwords, and stronger ones; passwords that nobody could ever guess.

Not even me.

I quickly got sick of password recovery routines, so I started keeping a record of all the accounts and passwords I use. (Never mind where or how. It’s also a bad idea, but I had to.) The list ran over a dozen entries in a few days, and that’s not counting ones still remembered by my browser, ones I never use, or ones that I created once and forgot I ever had.

Each and every one of those passwords is a chink in my identity’s armor. Every one, if breached, represents a hassle at best, and at worst a financial disaster, just waiting to happen.

I wrote the company about this. They assure me that they don’t actually store the information. In future transactions they use my site login and password to charge my bank account without having to re-acquire my actual credit card information. They say this is actually more secure, because my information is only transmitted once.

(They also gave me a line of bull suggesting they’re required by law to make me create an account, and that websites that don’t are doing something dodgy. I know that’s bull, or it had better be. They can keep whatever records they need to just fine without my help.)

The simple fact is, the act of creating a password makes me responsible to craft it well, remember it, and keep it secure. That’s a commitment I don’t want to make for every piddling little thing I buy online. Once a vendor gets his money, I believe I have the right to wash my hands of the transaction and forget it ever happened. Heaven knows, sometimes I want to!

But the vanilla guy wouldn’t listen to reason, and so as far as I know they’ve still got the account information I asked him to delete. I can’t be sure, because their website doesn’t allow me to view or otherwise access the account they “created for my convenience,” except, I suppose, by making another purchase.

I am convinced that the real reason for online stores to require a password has nothing to do with my convenience or security. I’m pretty sure a list of account-holding customers just looks better on the books than a bunch of individual consumer purchases. The password dodge is just a way to force purchasers into a higher-valued column of their marketing spreadsheet.

In other words, online sellers don’t just want your money. They want you, or a piece of you, to display as a captive “valued customer.” Giving them a password is not just a nuisance, and a security risk. It’s another way to be owned.

So How Was the Vanilla?

Vanillin Chemical Structure (Wikipedia)

Vanillin Chemical Structure (Wikipedia)

When the vanilla extract arrived (from, I was disappointed to see vanillin in the list of ingredients. This means that it is not just the “pure Mexican vanilla extract” that I thought I was buying: it is artificially strengthened with synthetic vanilla flavor. I see now where the website mentions the extract “is fortified with ingredients that make the flavor… double-strength.” I didn’t suss that out as “artificial flavor added” until I saw the ingredients list on the bottle.

I haven’t decided yet if I am disappointed enough to throw the stuff out. By itself, it doesn’t smell or taste as good to me as what I’ve been using. To be fair I’ve put this stuff and some all-real vanilla in two identical bottles and Im going to see if my wife can tell the difference. Sooner or later, though, I’m going back to or, both of which sell pure vanilla extracts that I’ve tried and liked very much. So far as I can tell, neither of those sellers use artificial ingredients. (Alas, it seems both have started asking for passwords, but at least will let me check out with my existing Google account.)

Tags: , , , , , , , ,

One Response to “Captive Emptor”

  1. marcus says:

    For the record, Shea preferred the vanilla.

Leave a Reply