Why It Makes Sense That a Hacker's Behind Amazon's Big Gay Outrage

Twitter had a big tizzy yesterday over Amazon.com's supposed censorship of gay and lesbian titles, did you hear? Just one problem: A well-known hacker has come forward and claimed the whole thing was his prank.

The hacker, known as Weev, with whom we've had dealings before the "amazonfail" episode, is saying that the whole escapade was the result of his exploitation of a vulnerability in Amazon's product-rating tools.

What to make of people who don't want to believe this was a prank? They're left with the notion of Amazon.com pursuing homophobic censorship, which must be pleasing to people who see evil behind every "Inc." Pick your conspiracy theory: Someone's playing someone.

A recap: On Friday, two gay-themed romance novels disappeared from Amazon's sales rankings ā€” they were still listed on the site, but could not appear on best-seller lists. On Saturday, hundreds more vanished. Writer Mark Probst asked Amazon.com customer service what happened, and got this answer from an "Ashlyn D." in customer service:

In consideration of our entire customer base, we exclude "adult" material from appearing in some searches and best seller lists. Since these lists are generated using sales ranks, adult materials must also be excluded from that feature.

Twitter users started decrying the move en masse, tagging their posts "#amazonfail" and accusing the online retailer of homophobia. Amazon.com PR didn't help matters by calling the problem a "glitch." Even though the sales ranks of most gay and lesbian titles had been restored, Twitterers taunted Amazon.com by posting messages with the tag "#glitchmyass."

Glitch my ass, indeed. One LiveJournal user speculated that the mass flagging of gay books on Amazon.com might be the work of organized antigay groups ā€” or troublemaking hackers:

Now, let's just put ourselves in Amazon's shoes. Keep in mind that Amazon is a smug, fairly liberal company headquartered in fucking Seattle of all places and, last I checked, Jeff Bezos is not exactly a Christian fundamentalist.

Why on earth would they suddenly censor only a specific group of content that deals with a marginalized and politically active community? Why would this policy change not take the form of a specific policy, but rather of very discriminately flagging only certain titles as "adult" content? Why would this happen over a weekend?

Our hacker has an explanation: Amazon.com has long had a mechanism that allowed customers to flag a product as "inappropriate." Only a small number of these votes were needed to get a book off of Amazon's sales rankings.

What Weev says he figured out was a way to trick Internet users into automatically flagging products without their knowledge, with the help of friends who run high-profile websites. He also says he hired "third-worlders" to register fake Amazon accounts and flag books. (His full explanation of the stunt is below.) He hasn't yet offered proof that he carried off the prank as described, but one part checks out: Amazon.com has apparently removed the feature that lets users flag books as "inappropriate." And the scheme he details seems far more likely than Amazon CEO Jeff Bezos deciding to become a censor.

The hacker's confession, which he also posted on LiveJournal:

Hay dude. Amazon removed its customer-based reporting of adult books yesterday. I guess my game is up! Here's a nice piece I like to call "how to cause moral outrage from the entire Internet in ten lines of code".

I really hate reputation systems based on user input. This started a while back on Craigslist, when I was trying to score chicks to do heroin with. My listings like "looking to get tarred and pleasured" and "Searching for a heroine to do the paronym of this sentence's lexical subject" kept getting flagged. The audacity of the San Francisco gay community disgusted me. They would flag my ads down but searching craigslist for "pnp" or "tina" reveals tons of hairy dudes searching for other hairy dudes to do meth with. So I decided to get them back, and cause a few hundred thousand queers some outrage.

I'm logged into Amazon at the time and see it has a "report as inappropriate" feature at the bottom of a page. I do a quick test on a few sets of gay books. I see that I can get them removed from search rankings with an insignificant number of votes.

I do this for a while, but never really get off my ass to scale it until recently.

So I script some quick bash.
#!/bin/bash
let count = 1
while true; do
links -dump ' $count`|grep \/dp\/ >> /tmp/amazon
((count++))
done

There's some quick code to grab all the Gay and Lesbian metadata-tagged books on amazon. Then I pull out all the IDs of the given books from those URLs:

cat /tmp/amazon |sed s/.*dp\\/// |sed s/\\/ref.*//

and I have a neat little list of the internal product ID of every fag book on Amazon.

Now from here it was a matter of getting a lot of people to vote for the books. The thing about the adult reporting function of Amazon was that it was vulnerable to something called "Cross-site request forgery'. This means if I referred someone to the URL of the successful complaint, it would register as a complaint if they were logged in. So now it is a numbers game.

I know some people who run some extremely high traffic (Alexa top 1000) websites. I show them my idea, and we all agree that it is pretty funny. They put an invisible iframe in their websites to refer people to the complaint URLs which caused huge numbers of visitors to report gay and lesbian items as inappropriate without their knowledge.

I also hired third worlders to register accounts for me en masse. If you ever need a service like that, you can find them in a post like this advertising in the comments:
http://ha.ckers.org/blog/20070427/solving-captchas-for-cash/

Then they would log into the accounts, save the cookies in a cookie file and send it to me.

Then I used the cookie files like so to automated-report all the books:

for i in `cat /tmp/amazon |sed s/.*dp\\/// |sed s/\\/ref.*//`; do lynx -cookie_file=/home/avex/cookie1 $i`/;done

The combination of these two actions resulted in a mass delisting of queer books being delisted from the rankings at Amazon.

I guess my game is up, but 300+ hits on google news for amazon gay
and outrage across the blogosphere
ain't so bad.

Weev has attracted at least one doubter who had trouble following his instructions, saying the code doesn't work. We asked him to answer the critique. He says he believes they were using a different version of a software program called "elinks," and that Amazon has disabled the site feature in question.

In the meantime, you can follow this clusterfuck, 140 characters at a time.