Amazon's 'adult' book fail: Glitch or hack?

A blogger claims responsibility for delisting gay and lesbian books from Amazon.com, but the company has a different explanation - it messed up.
Written by Elinor Mills, Contributor
Amazon got blasted by gay rights groups this weekend after gay and lesbian book titles were delisted from its site. Was it an internal glitch, as Amazon claims, or is an Internet troll with a vendetta responsible?

Amazon spokeswoman Patty Smith told CNET News on Monday that the "glitch" was being fixed, but declined to elaborate.

"This is an embarrassing and ham-fisted cataloging error for a company that prides itself on offering complete selection," she wrote in an e-mail statement.

"It has been misreported that the issue was limited to Gay & Lesbian themed titles - in fact, it impacted 57,310 books in a number of broad categories such as Health, Mind & Body, Reproductive & Sexual Medicine, and Erotica," the statement said. "This problem impacted books not just in the United States but globally. It affected not just sales rank but also had the effect of removing the books from Amazon's main product search."

However, a Live Journal blogger with the alias of "weev" claims he did it to cause an outrage among the gay community, which he alleges has repeatedly flagged his online ads on Craigslist as inappropriate.

"I guess my game is up! Here's a nice piece I like to call 'how to cause moral outrage from the entire Internet in ten lines of code,'" he writes on his blog.

Weev said he figured out that he could easily get the books removed from search rankings by reporting them as inappropriate through a link at the bottom of the book page. He also claims he wrote code to identify all the gay and lesbian metadata-tagged books on Amazon and grab their IDs. He then hired people outside the U.S. to register new accounts en masse to help push the books out of the system, he said.

"Now from here it was a matter of getting a lot of people to vote for the books," he wrote. "The thing about the adult reporting function of Amazon was that it was vulnerable to something called 'cross-site request forgery.' This means if I referred someone to the URL of the successful complaint, it would resister as a complaint if they were logged in. So now it is a numbers game."

Amazon's Smith dismissed the claim and insisted the error was internal. She is not alone.

Blogger Mike Daisey, who worked in customer support and business development at Amazon from 1998 until 2001, wrote on his blog that: "Someone was editing the category systems inside of Amazon.fr, made an error, and that system is global, so it propagated everywhere. I have no insight as to anyone's nationality, or whether it was a language gap, or anything of that nature."

Smith declined to comment on Daisey's explanation.

Blogger Bryant Durrell said he tested out Weev's concept and doesn't believe it is legitimate, partly because of buggy code.

"Summation: nope, you didn't do that, you liar you. Nice meta-troll, though," Durrell wrote on his blog.

"The really interesting thing about the troll is that he's right even if he didn't do it. The vulnerability he describes exists anywhere you make automated decisions based on third-party input."

This article was originally posted on CNET News.

Editorial standards