A9.com – Amazon’s Trojan Horse
Trojan horses come in many shapes and sizes. While most computer users worry about the ones that can damage their files or harm their computers, other types of Trojan horses can sometimes have far more insidious, long-term consequences. The latest is Amazon.com’s new search engine, A9.com.Amazon.com recently announced their search engine, called A9. Using Google’s search engine technology, as well as a couple of additional sources for specific searches, A9 offers several additional features:
- Search Inside the Bookâ„¢: Amazon offers a direct link, through A9, to its book content search.
- Adjustable Columns: The A9 web site says, “Simply drag the boundaries between the columns either to the left or the right to change their width of the different result sets (web, books, history).” Nice touch.
- URL Short Cuts: Unlike many search engines, A9.com uses a very simple query syntax, so you can type searches directly in your browser’s address field: a9.com/query. For example, to search for Kirkville, I’d just type a9.com/kirkville, and press return.
- Search History: A9.com stores all your searches, and you can go to your search history to find what you’ve searched for in the past, saving you a lot of time when you want to look again for specific web pages you forgot to bookmark.
- Click History: If any of your search results include sites you have already visited, it’s marked on the result, with the date and time you visited the site.
- Bookmarks: Drag sites into the Bookmarks pane (after clicking the Bookmarks button to display this pane). A9.com stores them for you, so you can find them again, and since they are stored on A9′s servers, you can access them from any computer, once you have signed in on A9.
- Diary: Create your own diary – only for users of the A9 toolbar, hence only for Windows users.
- Special Searches: Search for images (with Google), movies (with IMDB), or reference information (with GuruNet). Just perform a search and click the Images, Movies or Reference buttons.
- Site Info: Amazon says, “Place the cursor on one of the Site Info buttons to see a lot more information about that site without leaving the search result page.” Doesn’t work on Safari.
There’s also an A9 toolbar, but if you’re a Mac user you won’t be able to play with that.
While all this is powerful, there is a disturbing element in Amazon’s implementation of this search engine: not only does it use cookies to record your usage, but it also knows who you are. If you have an account at Amazon.com, you’ll see something like this at the top of the page:
Hello Kirk McElhearn. Click here if this is not you.
Hmmm… Do you see what’s going on? Since I have an Amazon.com account, A9 recognizes me and tells me so – it reads the Amazon cookie on my computer. This means that A9 is also recording my searches, and linking them in some way to my Amazon account, along with all the other activity (such as Amazon searches and purchases) that it records.
This is a troubling concept. Does this mean that Amazon is planning to use my search history to recommend books or CDs? To quote the A9 site, “You provide most [personal] information when you use A9.com to search or otherwise communicate with us. For example, you provide information when you enter search terms; download and use our toolbar; communicate with us by phone, e-mail, or otherwise; and employ our other services. As a result of those actions, you might supply us with personally identifiable information or information about things that interest you.”
The above sentences clearly suggest that Amazon is planning to use A9 search queries to datamine users’ habits. The only reason for this that I can imagine is to offer more closely targeted recommendations on the web site. However, I find this disturbing, in the sense that recording users’ search habits in any such location, and linking them to specific user information and profiles, may allow third parties to access to this information, and use it for nefarious purposes.
Say I do a few searches for single-malt whiskeys, or for information on specific medical conditions I suffer from. And say a hacker gets a hold of this information by breaking into Amazon’s servers, or say Amazon sells this information. And say  again, we’re just in the realm of hypotheticals here  my employer, or a potential employer, discovers this, and considers me a risk. Or my health insurance company, or any other party that might have prejudices against certain types of behavior, gets wind of it. My cover is blown, all because I used a search engine that is, in essence, bugging my Internet usage. (A9′s privacy FAQ clearly states that this is possible: “As we continue to develop our business, we might sell or buy subsidiaries, or business units. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the customer consents otherwise). Also, in the unlikely event that A9.com, or substantially all of its assets are acquired, customer information will of course be one of the transferred assets.”)
Now, A9 states that you can use its site without this customized information trawling, by using generic.A9.com instead of A9.com. This site still uses cookies to trace some of your activity, but you are not recognized as an Amazon customer, nor are you offered the chance of signing in to your account. The downside is that many of the sites functions, such as your search history don’t work.
Another solution is to create a new Amazon account with a fake name and e-mail address. You don’t need to enter credit card information before purchasing, so you can do this easily. When using A9, think of signing in under this bogus account, then, when you want to use Amazon to purchase items or get personal recommendations, sign in to your real account.
In any case, this seems to be a very dangerous trend. I may be a satisfied Amazon.com customer (and I use Amazon affiliate links on this site to sell my books), but I’m still uncomfortable with this idea. While A9 offers valuable functions, users should be aware of just how much a Trojan horse it is, and just what kind of a risk it poses in the long term.
Posted: 9/27/2004 by kirk | Filed under: Miscellanea | 14 Comments »
, 
, or 
.
Why are you troubled by this? Amazon already uses cookies and onsite-searches to make recommendations on future purchases. Now it’s just broadening it for generic web searches. It should make their CD recommendations a lot better.
Your employers / insurers can’t judge you by your searches, any more than they can judge you by your Amazon wishlist, the mail you receive, or the places you shop (and if they already do this, A9 won’t be changing anything).
Google is said to be moving in this direction, as well, with personalized searches (so searching for "pizza" finds something near your area code, and searching for "keyboard" gives different results for musicians vs. techs).
You can accept the mild privacy risks and reap the benefits, or stick with the luddite crowd that’s still "very disturbed" about the potential for hackers getting them fired.
Nick
PS I’d have given more credence to your viewpoint if you didn’t, yourself, solicit registration to Kirkville. What if hackers break into Kirkville and share these comments with my boss??? Paranoid, maybe, but don’t warn readers about far-fetched risks from Amazon and then ask them to do the same thing for your site.
Nick,
What troubles me is the convergance of store searches and web searches.
Sure, I want Amazon to offer me the books I want, and the recommendations
(based not on my searches, but on my past purchase) are often useful.
The idea of a store using web searches to recommend items is irksome.
People search for many things on the web; they generally only search for
books, CDs, DVDs, etc. on Amazon. The fact that Amazon is indexing your
searches in order to recommend things remains disturbing, since your
searches may be for things for which you don’t want recommendations.
On Amazon’s end, I find that this technique is not necessarily useful. I do web
searches often when writing to find out how specific terminology is used. (I
do a fair amount of writing for corporate customers, and check up on obscure
terms be seeing which terms get more hits.) I really don’t want Amazon
recommending books to me on these areas, as it will be a waste of my time
and theirs.
As for this site, registration is a convenience, not a requirement. It is provided
with Geeklog, the software that runs the site, as a way of building community.
If you want to register, your comments will appear under your name. Other
than that, I’m not using the other functions available (sending stories by e-
mail, etc.).
You say "Another solution is to create a new Amazon account with a fake name and e-mail address. You don’t need to enter credit card information before purchasing, so you can do this easily. When using a9, think of signing in under this bogus account, then, when you want to use Amazon to purchase items or get personal recommendations, sign in to your real account." But when I created a new name for aol account and signed on, Amazon immediately greeted me by my real name. I take it you have to get a new computer–a new email account isn’t enough.
You need to sign out when you get to Amazon’s site – at the top, where it
says Hello to your, click the If you’re not XXX, click here link.
i appreciate that you have security concerns regarding personal information and data mining by A9.com, but imho the site is designed for individualized searches with a search history function built into it. complaining about this is akin to complaining that the plane you got on left the ground and landed somewhere else. for somebody who is doing research (work, school, news, etc) this is a very valuable tool that allows you to track your search history.
re: your issues with security and privacy there are two very simple tricks to use to protect yourself:
1-don’t use it, it is based on google technology, so use google.
2-disable cookies, or always clear your cookies.
dsk
Here’s another solution: Don’t use it. Try this instead (I don’t think many people know about this yet, but in my usage it’s outperformed Google – with no ads to boot): http://conk.com
This is a pretty paltry worry compared to the other more commonplace
and
much more invasive tracking technologies that already exist in our consumer
culture. If you’re that worried about keeping your interests private,
then I
assume you don’t use credit cards or have an ATM card, because if you do,
you’re wasting your clicks and keystrokes worrying about a9. Ever read “Database Nation”? (sorry – I couldn’t
resist…). Here’s an easy low-tech way to ease your malaise – go visit and
support a local
bookstore! It’s 100% analog, and 100% anonymous!
In any case, if you are going to go to all the effort to write an
article like that, at
least get your terminology right – even if everything you say is true, a9 has
nothing to do with a so-called “Trojan Horse” (look it up). If it did, then
every website that uses cookies would also be a Trojan Horse, and so, oh no!
wait! That includes this one! I’m getting out of here now!
Trojan Horse, as in a gift from the Greeks that hides something within… I
certainly didn’t mean it in the malware sense.
Allow me a bit of poetic license, perhaps?
I’m saying “Trojan Horse,” is a pretty bad analogy – malware, original
greek-style, metaphorically, or otherwise, because Amazon isn’t hiding
anything! As you said in your article, they tell you they are doing this. You
can be similarly tracked on any website that uses cookies, and if you’ve
logged in, then the site can link the activity with your account (as you’ve
probably found out from running your site on Geeklog). At least Amazon is
telling you about it!
This type of web technology is not at all new (relatively speaking) nor is it
terribly unique, but your article seems to paint it as a ominous watermark in
the destruction of our privacy.
Amazon is not "hiding" anything, but unless you read the fine print, you won’t
be aware of how they are linking your search history to your purchase history.
Face it: you and me know what they’re doing; it’s obvious. I don’t think the
average Internet user knows, or even understands.
Fair enough – I guess for the very uneducated Netizen, this info may be
helpful. However, I’d still have written about a9 as an example of something
that already exists everywhere on the net, rather than as a new and
dangerous threat to privacy.
And about the local bookstore comment – well yes, of course I meant walking
in, asking if they have a title for you to peruse, and pay cash if you buy it.
This method is 100% anonymous and patriot act proof! Like I said, anytime
you use a credit card anywhere – Internet or not – you’re buying patterns can
be tracked – which has been the case for decades.
Yes, I have read Database Nation. Very interesting read.
Re going to the local bookstore… Unfortunately, in the US, the Patriot Act can
force booksellers to tell law enforcement agencies what books you’ve
bought… Unless, of course, you do it anonymously…
Bugging your Internet usage? Gimme a break! (sorry John Stossel). You use
their service voluntarily! That’s like saying your friends are bugging your
conversations when you talk to them.
I have been using A9 and I have been enjoying it quite a bit. I mainly use it for research purposes. The history is very useful and I have employed it numerous time already.
I can understand your apprehension regarding entering too "personal" of information. For example, if I was going to be looking up some personal health information or if I was to be looking up Thai massage parlors, I would just make sure to use the standard Google search engine. No need for Amazon to start recommending stuff to me based on that!
All in all, I think A9 is a great tool.