[liberationtech] Mechanical Turk is not anonymous

Yosem Companys companys at stanford.edu
Fri Mar 8 12:06:28 PST 2013 

From: Matt Lease ml at ischool.utexas.edu via asis.org

This may be of interest to those in community using Amazon's Mechanical
Turk platform for research, as well as those more generally interested
in how online data can be linked in ways that can be surprising to
people in practice and compromise their privacy in a manner they didn't
expect.

Several collaborators and I have just announced discovery of a
vulnerability on Amazon's Mechanical Turk platform, with potential
implications for IRB governance of human subjects research using AMT at
US universities. In particular, this vulnerability can be exploited to
obtain personally identifying information (PII) and other private
information of some workers, who may have shared this information online
in a way they did not recognize could be linked to their WorkerIDs.

This may impact IRB oversight of research conducted at UT with AMT, as
well as what research is classified as human research and subject to IRB
governance.  I am just starting to follow up on this now with our IRB
coordinator here at UT Austin.

The announcement of our finding is below:

Blog post: http://crowdresearch.org/blog/?p=5177
Paper: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2228728

We are now trying to get the word out to be AMT workers, as well as
researchers whose might be impacted or who may have posted WorkerIDs
online which could be compromised via this vulnerability. We would
appreciate your help with this.

We are also specifically advocating *against* online posting of
WorkerIDs due to the risk of workers not having realized that
information they have shared could be linked with their worker accounts.
Regardless of the vulnerability, we have also found explicit requests
from workers to not post such uniquely identifying information.

Thanks,
Matt
--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list