[IP] Data mining of Amazon wishlists

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Data mining of Amazon wishlists
From: David Farber <dave@xxxxxxxxxx>
Date: Sun, 8 Jan 2006 14:50:07 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <43C165F6.5090407@xxxxxxx>
Reply-to: dave@xxxxxxxxxx

Begin forwarded message:

From: Tony Wasserman <tonyw@xxxxxxx>
Date: January 8, 2006 2:20:22 PM EST
To: dave@xxxxxxxxxx
Subject: Data mining of Amazon wishlists

For IP, if you like.

Do you have the Quran (Koran) on your Amazon wish list? How about
something by Michael Moore?

Slashdot (www.slashdot.com) has a pointer to an article on how one could

find people with "subversive" Amazon wish lists. The article, by TomOwad,

can be found at http://www.applefritter.com/bannedbooks, and gives a

straightforward means to find such people from publicly availabledata usingscripts. Owad presents this article as the first in a planned weeklyseries"that will deal with security on the internet and practical steps youcan take

to protect your privacy".  Readers can register and post comments on the

site and/or contact him directly by email (his last name atapplefritter.com)

I've included the introductory paragraphs of the article below. Theremainderof the article includes a more detailed discussion, including scriptsshowinghow to locate those individuals who have specific titles on theirwish lists.


Tony Wasserman

Data Mining 101: Finding Subversives with Amazon WishlistsSubmittedby Tom Owad on January 4, 2006 - 7:37pm.Vast deposits of personal information sit in databases across theinternet. Terms used in phone conversations have become the groundsfor federal investigation. Reputable organizations like the CatholicWorker, Greenpeace, and the Vegan Community Project, have come underscrutiny by FBI "counterterrorism" agents.

"Data mining" of all that information and communication is at theheart of the furor over the recent disclosure of government snooping."U.S. President George W. Bush and his aides have said his executiveorder allowing eavesdropping without warrants was limited tomonitoring international phone and e-mail communications linked topeople with connections to al-Qaeda. What has not been acknowledged,according to the Times, is that NSA technicians combed large amountsof phone and Internet traffic seeking patterns pointing to terrorismsuspects.

"Some officials described the program as a large data miningoperation, the Times said, and described it as much larger than theWhite House has acknowledged." (Reuters)

Combining a data mining operation with the Patriot Act's power toaccess information makes it all too easy for the federal governmentto violate the Constitution's prohibition against unreasonablesearch. Ars Technica has an article, The new technology at the rootof the NSA wiretap scandal, that describes the ease with whichwidespread wiretapping can now be implemented. It quotes PhilipZimmermann, the creator of the PGP encryption software:

"A year after the CALEA [Communications Assistance for LawEnforcement Act] passed [in 1994], the FBI disclosed plans to requirethe phone companies to build into their infrastructure the capacityto simultaneously wiretap 1 percent of all phone calls in all majorU.S. cities. This would represent more than a thousandfold increaseover previous levels in the number of phones that could bewiretapped. In previous years, there were only about a thousand court-ordered wiretaps in the United States per year, at the federal,state, and local levels combined. It's hard to see how the governmentcould even employ enough judges to sign enough wiretap orders towiretap 1 percent of all our phone calls, much less hire enoughfederal agents to sit and listen to all that traffic in real time.The only plausible way of processing that amount of traffic is amassive Orwellian application of automated voice recognitiontechnology to sift through it all, searching for interesting keywordsor searching for a particular speaker's voice. If the governmentdoesn't find the target in the first 1 percent sample, the wiretapscan be shifted over to a different 1 percent until the target isfound, or until everyone's phone line has been checked for subversivetraffic. The FBI said they need this capacity to plan for the future.This plan sparked such outrage that it was defeated in Congress. Butthe mere fact that the FBI even asked for these broad powers isrevealing of their agenda."

It used to be you had to get a warrant to monitor a person or a groupof people. Today, it is increasingly easy to monitor ideas. And thentrack them back to people. Most of us don't have access to thedatabases, software, or computing power of the NSA, FBI, and othergovernment agencies. But an individual with access to the internetcan still develop a fairly sophisticated profile of hundreds ofthousands of U.S. citizens using free and publicly availableresources. Here's an example.

There are many websites and databases that could be used for thisproject, but few things tell you as much about a person as the bookshe chooses to read. Isn't that why the Patriot Act specificallyrequires libraries to release information on who's reading what? Forthis reason, I chose to focus on the information contained in thepopular Amazon wishlists.

Amazon wishlists lets anyone bookmark books for later purchase. Bydefault these lists are public and available to anybody who searchesby name. If the wishlist creator specifies a shipping address,someone else can even purchase the book on Amazon and have it shippeddirectly as a gift. The wishlist creator's city and state are madepublic on the wishlist, but the street address remains private.Amazon's popularity has created a vast database of wishlists. Noindex of all wishlists is available, but it remains possible to viewall wishlists by people of a particular first name. A recent searchfor people named Mark returned 124,887 publicly viewable wishlists.

For an all inclusive search by name, you could compile acomprehensive list of first names and nicknames from the baby namesdatabases available on the internet. Armed with this list, and byrecording the search results for each first name, it is possible foryou to retrieve the vast majority of public wishlists on Amazon.

For the purposes of this exercise, only a single name was chosen – acommon male name that returned over 260,000 wishlists. I'm not goingto divulge what name was actually used. Let's pretend it was "Edgar,"in honor of former FBI director J. Edgar Hoover.

Before writing a script to download all the 260,000 "Edgar"wishlists, I confirmed that my actions would not violate Amazon'sConditions of Use. I also checked the robots.txt file which containsa list of directories Amazon requests not be traversed by scripts.User wishlists are not in this list, nor did the actions to be takenviolate the conditions of use. [more at www.applefritter.com/bannedbooks]




-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Letter to the Internet Community: IOIC - "For an Open Internet"
Next by Date: [IP] more on Data mining of Amazon wishlists
Previous by thread: [IP] Letter to the Internet Community: IOIC - "For an Open Internet"
Next by thread: [IP] more on Data mining of Amazon wishlists
Index(es):
- Date
- Thread