Amazon's online workforce not so anonymous after all

March 28, 2013, University of Texas at Austin

( —Most people assume that's massive online workforce is anonymous, but a study by researchers from The University of Texas at Austin and five other universities has uncovered a security vulnerability that makes it relatively easy to uncover many workers' personally identifying information.

"Even though many people aren't even aware that a huge online workforce like Amazon's exists," said Matt Lease, assistant professor in The University of Texas at Austin's School of Information, "a tremendous amount of manual data processing is being performed online by an international 'crowd work industry.' "

Crowd work is similar to "crowdsourcing" in that a large, is mobilized to complete tasks or offer information. The major difference is that crowd work offers pay for successfully completed activities. Crowd work includes a wide range of tasks and necessary skill levels—from micro-tasks such as data processing that take a few moments, to multi-hour jobs that require more demanding skillsets. can even post requests on some of these platforms to gather input or data for a study. In the case of Amazon, this "anonymous" workforce may also be customers of the company.

Called Amazon Mechanical Turk (AMT), the company's online platform allows a "requester" to sign in and enter a job post. Any of the 500,000 workers that AMT now boasts can sign on and complete the task. The requester then assesses the work and, if it meets specifications, pays the worker without either knowing the identity of the other. The assumption has been that disclosure of the identities of employer and worker are not necessary or apparent.

According to Lease, the of worker privacy on AMT was most strongly reinforced by the fact that AMT requesters and workers are identified to one another only by a 14-character sequence of letters and numbers.

Although these alphanumeric identifiers were widely believed to be unique to AMT, the fact is that Amazon links the same identifiers to all Amazon activities in which users engage. As a result, simply searching the Web for worker IDs often reveals allegedly private information about the workers such as products they've rated, product reviews they've written, their Amazon wish lists, and often even the workers' actual names and pictures.

"Besides the unexpected loss of privacy to many workers, this issue is of particular concern to universities that use AMT for human subjects research," said Lease. "Both participants and researchers have operated under the assumption that participants could not be personally identified, something we now know is possible. While this finding does not preclude future use of AMT for such research, both researchers and participants need to recognize and acknowledge the potential lack of participant anonymity in future studies, as well as those already under way."

Lease and his research colleagues have alerted the Institutional Review Boards at their universities to this AMT vulnerability and launched a grass-roots initiative to inform AMT workers and other academic researchers about the security concern.

Lease also has informed Amazon of the privacy issue. He stated that staff members there said they are unlikely to break the link between AMT worker IDs and its customer profiles and most likely will address the issue by better educating workers about the interconnectedness of their online information. Amazon also confirmed its continuing interest in helping academic scientists find effective ways to conduct research responsibly through AMT.

The findings regarding AMT's security vulnerabilities were made during the Association for Computing Machinery's Computer Supported Cooperative Work and Social Computing (CSCW) conference and published online to the Social Science Research Network on March 6.

In addition to disclosing AMT's specific privacy vulnerability, the paper also includes broader recommendations for how similar security breaches might be avoided in today's global marketplace of online crowd work.

Explore further: Research could ensure that crowd work becomes a career option, not a dead end

Related Stories

Germany demands probe of Amazon work conditions

February 17, 2013

A German government minister called Sunday for a thorough probe into allegations that foreign seasonal workers hired in Germany by US online retail giant Amazon were harassed and intimidated.

Workforce from the digital cloud

February 29, 2012

By means of cloud computing, enterprises can access scalable computing power and storage capacity. A people cloud, by contrast, supplies a scalable number of workers via the internet. It is used when non-automated tasks are ...

Amazon fires German security firm amid probe

February 18, 2013

(AP)—Online retailer Amazon reacted to mounting criticism Monday by firing a security company named in a German television documentary about alleged mistreatment of foreign temporary workers.

Dell, AMD 'DASH' Toward New Standards

March 27, 2007

The two companies are some of the first major vendors to offer software and hardware that will meet new standards set by the Distributed Management Task Force.

Recommended for you

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.