Editorial: Dear Amazon, usernames and passwords exist for a reason

We interrupt our regularly scheduled Amazon Kindle Fire review for this timely editorial.

I'm really not a tinfoil hat type -- maybe a little too much on the other side of that spectrum, actually. But I'm really not crazy about how Amazon's shipping the Kindle Fire. Here's how it works: You order a Kindle Fire from Amazon, they ship it to you. You open the shipping box, and then the specially designed, "Certified frustration-free packaging" (which is pretty cool and mostly frustration-free). Unwrap the Kindle Fire, turn it on and connect to Wifi.

And find that you're already logged in, password and everything, ready to purchase books, magazines, apps and music.

This is not good.

We actually ordered two Kindle Fires for the site -- one to use and review, the other to give away to one of you fine readers. I ordered them through my personal Amazon account. Credit card and shipping info are saved, so it made sense, right?

Opened up one of the Kindle Fires (note in the picture above how it already realizes it's my "second" Kindle) and turned it on. Soon as it connected to the Internet, it started calling me by name. Well, by my Amazon name, which differs a little from what we're all used to seeing. But, hey, it knows who I am. Cool.

Wait. How the hell does it know who I am?

Is it some magic SSID database? Nope -- especially since I'd just renamed mine earlier in the day to get off the Google grid. Maybe it used the camera to recognize me? Nah.

Amazon preregistered our two Kindle Fires, sealed them in the box, then sent them on their way.

I understand that this is a convenience thing. Order the Kindle Fire on Amazon, open the box, and go. I get that. And, actually, it's a pretty interesting way to go about it. No other Android device I've ever used has made it that easy for me -- and I sign in to a lot of Android devices. It really does make for a fast, easy out-of-box experience.

But that's also the problem. It's just a little too easy.

What we'd prefer to see the first time we turn on the Kindle Fire

My credit card's attached to the account that Amazon went ahead and signed into for me. My Amazon recommendations are visible in the Web browser. Now I realize that it's pretty unlikely that my Kindle Fire will be delivered to the wrong person or fall off the back of a truck, into the hands of someone just waiting to abuse my low-limit, high APR credit card to buy a Justin Bieber album or that Steve Jobs biography. And pretty much nobody wants to see the horror show that is my Amazon recommendations list.

But it's my credit card. They're my recommendations. And I didn't sign in with my username and password.

There's another scenario here, too, apparently. Amazon's Kindle Fire help documentation has the following section:

When registering your Kindle Fire, you may see a "deregister" instead of "register" option. This means your Kindle Fire is already registered to another account. This may happen if you received your new Kindle Fire as a gift. Select "deregister" to register your Kindle Fire to your Amazon account instead.

Skip to 2:20 in this video and it really makes more sense.

So someone I know sends me a Kindle Fire, and it's already registered with their account, and I can purchase books, magazines, apps and music on it out of the box? Sweet! But, again, it's something that shouldn't happen.

There is a piece of good news here, though. When you go to the Amazon website, you'll find you're already logged in, but you'll still have to enter your password to actually make a purchase. So while you can get taken for $10 a pop with videos and music -- and for more with books -- at least someone can put you on the hook for hundreds of dollars without spending a little time first.

Look, this isn't the end of the world. If someone starts making purchases on your Kindle Fire, chances are you'll see the e-mailed receipts and raise the alarm. This is about the principle. It's my username and password that Amazon's taking the liberty of entering into a piece of hardware before it ever hits my hands. And while it certainly makes the out-of-box experience painless -- almost enjoyable, actually -- Amazon's taking liberties with my information here. It's my username and password. I should be the one to enter them.

Update: As geewhipped points out in the comments, if you properly designate the Kindle as a gift, it'll ship unregistered. Here's the official word on that: "If you purchase a Kindle, it will not be registered to your Amazon account. The recipient can register the Kindle to their own Amazon account when it arrives." So we suppose if you're really worried about this sort of thing, just mark the "This item is a gift" box. But you really shouldn't have to.

Phil Nickinson