Drew Olanoff was The Next Web's West Coast Editor. He coined the phrase "Social Good" and invented the "donation by action" model for onlin Drew Olanoff was The Next Web's West Coast Editor. He coined the phrase "Social Good" and invented the "donation by action" model for online charitable movements. He founded #BlameDrewsCancer. You can follow him on Twitter, Google+, Facebook, or email [email protected]
When you visit Amazon’s homepage, you’ve more than likely seen the recommended items that the company suggests you check out. It’s a really great way to get people into the mood of shopping when they might have just come to browse a bit.
Sometimes I visit Amazon with an intent to buy something and have no idea of what I want to get, and that’s why its recommendation technology is so powerful. What if someone could control the things that pop up under Amazon’s recommendations? It would be a pretty powerful, and profitable, trick wouldn’t it? One guy has figured out how to do just that simply by having you visit a page first.
In a post titled “I can manipulate your amazon.com recommendations” Felix Middendorf discusses exactly how he goes about having Amazon recommend things to you by his choosing, and here’s how you can test his methods:
1. Open this page.
2. Visit amazon.com.
3. Observe Dale Carnegie’s classic “How to win friends and influence people” appear on your personalized amazon.com homepage (see screenshot below for comparison).
4. Order it if you are interested, it is a great read (optional step ;-) )!
I tried it and yep, it worked:
Middendorf explains exactly how he did it:
The page contains a hidden iframe that triggers an HTTP GET request to the book’s page on amazon.com. Now amazon thinks you are interested in this article and recommends it and similar ones to you on their homepage. I would like to leave possible malicious applications to your imagination.
How to fix this? If the X-Frame-Options response header is set to SAMEORIGIN, modern browsers will not allow third party websites to include a page. Interestingly, the German amazon website amazon.de does this.
I have informed amazon.com of this issue via Twitter and E-Mail.
While it’s good that he reached out to Amazon about the issue, the fact that your recommended list is so easily manipulated is pretty scary. Anyone on the web who wants to put a specific item in front of you to buy can easily do this.
Have you ever seen something recommended to you on Amazon that made absolutely no sense? This might be why.
Get the TNW newsletter
Get the most important tech news in your inbox each week.