Amazon Gay Book Removal Was Massive Prank, I Did It, Claims Troll
UPDATE: Former Employee Says AmazonFail Caused By The French (Well, By One Of Them At Least)
An online miscreant named Weev is taking credit for this weekend's fiasco where reams of GLBT books were removed from Amazon sales ranking, sparking a massive online riot. Weev, pictured, says he organized an army of off-shore computer users to make a bunch of fake Amazon accounts and flag all the gay and lesbian books they could as inappropriate. Also, he got several friends with high-trafficked websites to embed an iframe code that made their visitors automatically send the flags without their knowledge. If true, this recent post by a formerly profligate troller provides insight. However, no one can verify Wee's claims as Amazon appears to have deactivated all the ways he used to ply his prank. It's hard to trust a professional liar like Weev, even the idea's plausibility doesn't speak well for Amazon.
This is how he said he did it:
Hay dude. Amazon removed its customer-based reporting of adult books yesterday. I guess my game is up! Here's a nice piece I like to call "how to cause moral outrage from the entire Internet in ten lines of code".I really hate reputation systems based on user input. This started a while back on Craigslist, when I was trying to score chicks to do heroin with. My listings like "looking to get tarred and pleasured" and "Searching for a heroine to do the paronym of this sentence's lexical subject" kept getting flagged. The audacity of the San Francisco gay community disgusted me. They would flag my ads down but searching craigslist for "pnp" or "tina" reveals tons of hairy dudes searching for other hairy dudes to do meth with. So I decided to get them back, and cause a few hundred thousand queers some outrage.
I'm logged into Amazon at the time and see it has a "report as inappropriate" feature at the bottom of a page. I do a quick test on a few sets of gay books. I see that I can get them removed from search rankings with an insignificant number of votes.
I do this for a while, but never really get off my ass to scale it until recently.
So I script some quick bash.
#!/bin/bash
let count = 1
while true; do
links -dump 'http://www.amazon.com/s/qid=0/?ie=ASCII&rs=1000&keywords=Gay_and_Lesbian&rh=n%3A!1000%2Ci%3Astripbooks%2Ck%3AHomosexuality&page='`echo $count`|grep \/dp\/ >> /tmp/amazon
((count++))
doneThere's some quick code to grab all the Gay and Lesbian metadata-tagged books on amazon. Then I pull out all the IDs of the given books from those URLs:
cat /tmp/amazon |sed s/.*dp\\/// |sed s/\\/ref.*//
and I have a neat little list of the internal product ID of every fag book on Amazon.
Now from here it was a matter of getting a lot of people to vote for the books. The thing about the adult reporting function of Amazon was that it was vulnerable to something called "Cross-site request forgery'. This means if I referred someone to the URL of the successful complaint, it would register as a complaint if they were logged in. So now it is a numbers game.
I know some people who run some extremely high traffic (Alexa top 1000) websites. I show them my idea, and we all agree that it is pretty funny. They put an invisible iframe in their websites to refer people to the complaint URLs which caused huge numbers of visitors to report gay and lesbian items as inappropriate without their knowledge.
I also hired third worlders to register accounts for me en masse. If you ever need a service like that, you can find them in a post like this advertising in the comments:
http://ha.ckers.org/blog/20070427/solving-captchas-for-cash/Then they would log into the accounts, save the cookies in a cookie file and send it to me.
Then I used the cookie files like so to automated-report all the books:
for i in `cat /tmp/amazon |sed s/.*dp\\/// |sed s/\\/ref.*//`; do lynx -cookie_file=/home/avex/cookie1 http://www.amazon.com/ri/product-listing/`echo $i`/;done
The combination of these two actions resulted in a mass delisting of queer books being delisted from the rankings at Amazon.
I guess my game is up, but 300+ hits on google news for amazon gay
and outrage across the blogosphere
ain't so bad.
Why It Makes Sense That a Hacker's Behind Amazon's Big Gay Outrage [Gawker]
PREVIOUSLY: Gay and Lesbian Books Lose Amazon Sales Rank For Some Reason
Post a comment
Comments:
Some people really, truly need more useful hobbies. Maybe he could take up cooking?
1) DO NOT FEED THE TROLLS. Whether this is true or not, posting his face on your frontpage, along with links, gives him exactly what he wants. Epic fucking fail, Consumerist. You lose. The only way to fight idiots like this is to ignore them.
2) It's probably not true. Weev is just like every petty terrorist warlord who comes out and claims responsibility for any normal plane crash or railway accident.
3) If this started in February as is being reported, and Amazon was aware of what was happening then, the facts do not support the hacker story.
This is shoddy reporting of the worst kind. At least find a better source than the community of hackers who are themselves claiming credit. On something this big, you should at least double source your story for God's sake.
As much as I've read on his antics, with full knowledge that I am not an internet elite, I can completely understand why he wants to take away the internet from everybody who thinks Twitter is a soapbox for their idiocy or has to call tech support to find the power switch on the computer.
@nerdtalker: If what he did was just exploit a system, then he really didn't break any rules. The most he could get nailed with is a civil claim by the authors that what he did affected their sales.
If this guy represents the next generation, we are so fucked. First came Gen X, then Gen Y , now here's Gen MOAR EPIC FAIL...
@WhiteGuyOnWebCam_GitEmSteveDave: I'm sure setting up fake accounts and whatnot violate Amazon's TOS.
Does anyone believe he's telling the truth? Because I don't.
Ha, I really hope he did it. That'd be a nice slap in the face to all the posters here with their pitchforks held high against amazon.
@WhiteGuyOnWebCam_GitEmSteveDave: He could easily be on the wrong in of a civil claim by Amazon claiming damaged reputation. Confessing, if he actually did it, is massively stupid.
I thought the blogger who found this got a reply from amazon admitting to doing it. So confused...
@Rectilinear Propagation: I'm certainly skeptical. Gawker is considering the absence of the "flag item as inappropriate" capacity to be a confirmation of his story, but I'm wondering if that capability was ever there in the first place.
Gays are apparently easy to troll. If this guy was responsible, it's pretty impressive how much shrieking, hair-pulling outrage he kicked up with a minimal amount of effort. Then again, these people are among the perpetually agrieved. If it wasn't this, they would have found something else to whine about.
He could be telling the truth, or he's seeking some free fanfare but either way, he does bring to the forefront a common issue with Trust-based reporting models sites like Amazon, Craigslist, and eBay use. These companies setup a system of trust with their users for flagging inappropriate material, this system is easily exploited when those users haven't earn said trust.
I know I'm not the only person that has posted a completely legitimate post on Craigslist only to have it taken down due to people flagging it. Also, eBay has taken down legitimate auctions while spammy ones thrive. Using these trust-based system that's open to anyone causes the trustworthy to be squished out by the nefarious. Just like this amazon thing. This exploit also holds well with this guys theory of testing it out in February, as people have said they've seen.
These flag/trust-based systems always need a human filter, which costs money, which is why these systems were put into place in the first place.
At any rate, I truly believe this was a glitch/"hack" as Amazon wouldn't be so stupid to intentionally do this.
First thing first - Riiiight.
Second - I sort-of wish he had bright yellow fluffy hair in this picture.
@VittoriaCorvinus: I'd be fine if Ben tweaked this article so that the person wasn't named and if a different picture (kittehs?!!!) was used. I think it'd be ethical and follow the news-worthiness of the story. The provided links would be available for those curious people, while keeping Consumerist's hands clean of muck.
Funny thing is, if the loser posted a lying press release that had no basis in reality, he STILL gets his toadlike mug blasted across the interwebs, which is his purpose.
I think that is the more likely reality. Amazon's initial statement telling an affected author makes me think this one's all Amazon.
Considering Amazon's initial response to a gay author was that Amazon was "cleaning up" its rating system, I think it's far more likely that Toad-face is simply making crap up in a press release to get in on this much-hyped story.
@henwy: Any group that is persecuted in society (or merely just FEELS persecuted) are incredibly easy to troll.
I DON'T KNOW WHAT TO BELIEVE ANYMORE
I find it difficult to believe anyone who would include the following in his "confession":
"This started a while back on Craigslist, when I was trying to score chicks to do heroin with."
i'm not buying it... there are other authors stating that this problem has gone on for longer, on a smaller scale. while that might look like a hacker testing the waters, apparently the issue was reported to amazon by authors in august 2008 and february of this year.
if it was a hacker testing the system in those cases, i'd expect amazon to have looked into it, seen the breach and corrected the flaw.
if this is the case and amazon ignored the fact that someone was manipulating their system in a way detrimental to their sales and sellers... i'm still not going to be confident in them after that.
whether it was intentional, glitch or hack - i'm waiting for the public apology to everyone whose work was affected.
@Maurs: Amazon's TOS is not the law, and I doubt they could pursue any claim against you for something like this. Unless the authors were able to prove they lost sales as a result of his actions, which is highly doubtful and basically impossible...
so not buying it.
Ironically the guy looks gay himself. Maybe he's covering up for something deeper....?
If true, what a d-bag.
Also if true, he should be sued for loss of income by the authors of titles affected by the action. I'm sure there is some formula relating search results with sales that could be applied.
It would certainly make a dent in his hot pockets and bawls allowance he gets from his mom.
Whether he did it, or not, the damage is done. There are perpetual victims out there that will always believe the worst about corporate America regardless of any evidence to the contrary.
@nerdtalker: from a legal, financial standpoint, he's in trouble. From a street cred stand point, he has a little more than he did before.
@nerdtalker: This is what the trolling "community" is all about: doing repugnant things to get attention. It would be much more surprising if someone did this and didn't take credit.
I wish to God there was a way to break people's fingers through the Internet.
Not to be judgmental...but by looking at the picture, this doesn't come as a huge surprise. I'd explain further by I'd like to retain my commenting rights!
@WhiteGuyOnWebCam_GitEmSteveDave:
Really? If I forget to lock my apartment door and someone walks in uninvited at 2 AM they aren't doing anything illegal?
If they decide to climb through a window are they just exploiting a system?
@Trai_Dep: 'Toad-face' -- You know, I was trying to think of what that picture brought to mind and I think you've hit the nail on the head.
He may be good with hacking into major corporations, but can he make my slow computer run faster?
@Rectilinear Propagation: I have some familiarity with the things he has done, and he has pulled off much, much bigger things before. I don't doubt it.
it's ok weev, you can come out of the closet.
@Trai_Dep:
Yep I agree with you, and what's worse is, even if it turns out to be not true on the part of Amazon - they'll still be tainted to me and I will not shop there.
@Harley Balabanian:
They are using the same pic as consumerist, except its a bit larger. Look behind him, he has an anonymous mask on his dresser. /b/ tard strikes again?
Neither of those examples are valid to what he did.
He didn't break into the system.
He didn't change any code.
He used existing code to do something the way Amazon designed it, with results that Amazon wasn't expecting.
They might try to claim that because he 'automated' the flagging that it consitutes a "denial of service" attack, but that would really be stretching that definition.
I think even the authors would have a hard time proving damage, unless the sales data showed a marked difference from one day to the next. Which I would doubt since most people wouldn't buy a book based on the sales rank.
Ultimately I think Amazon will have to rethink some of it's systems.
And that is all presuming what this guy says is true.
@Berz: That's a mighty fine basement he's living in. He may even have a window, from the looks of it.
I guess that would explain it.
But why claim responsibility? You're just asking for problems at that point.