Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Mechanical Turk is not anonymous

Yosem Companys companys at
Fri Mar 8 12:06:28 PST 2013

From: Matt Lease ml at via

This may be of interest to those in community using Amazon's Mechanical
Turk platform for research, as well as those more generally interested
in how online data can be linked in ways that can be surprising to
people in practice and compromise their privacy in a manner they didn't

Several collaborators and I have just announced discovery of a
vulnerability on Amazon's Mechanical Turk platform, with potential
implications for IRB governance of human subjects research using AMT at
US universities. In particular, this vulnerability can be exploited to
obtain personally identifying information (PII) and other private
information of some workers, who may have shared this information online
in a way they did not recognize could be linked to their WorkerIDs.

This may impact IRB oversight of research conducted at UT with AMT, as
well as what research is classified as human research and subject to IRB
governance.  I am just starting to follow up on this now with our IRB
coordinator here at UT Austin.

The announcement of our finding is below:

Blog post:

We are now trying to get the word out to be AMT workers, as well as
researchers whose might be impacted or who may have posted WorkerIDs
online which could be compromised via this vulnerability. We would
appreciate your help with this.

We are also specifically advocating *against* online posting of
WorkerIDs due to the risk of workers not having realized that
information they have shared could be linked with their worker accounts.
Regardless of the vulnerability, we have also found explicit requests
from workers to not post such uniquely identifying information.


More information about the liberationtech mailing list