Howto: Spam a user’s recommendation list on Jamendo

I sent an e-mail to one of the Jamendo staff about a month ago, explaining how a person could dump an album into another user’s list of recommendations. I didn’t hear anything back, and since then I’ve occasionally tried to find some information that might explain how to delete unwanted recommendations.

But I haven’t learned anything new, and I don’t figure it’s that big of a deal. In any case, it’s a simple matter to tack an album onto any user’s list of recommendations, by suffixing the album link with a ?refuid identifier.

As an example, here’s the link for something called “Robot Wars” by Binärpilot. I’ve never heard it, and don’t know anything about it — I picked it because it happened to show up early in the music list.

Add the refuid identifier to the link, and it shows up in a user’s list of recommendations. I’ve added mine, since I don’t care if it appears on my list.

And so you can see, it now shows up as an album I’ve recommended.

Again, it’s completely unknown to me, and I can’t get it off my list now. The few recommendations I’ve “given” it come from my few clicks when I tested this post (unless you folks are clicking on that link too. Okay now, stop that).

It’s a pretty weak idea really. It’s not going to derail the system. But with enough clicks you could bump your album higher up the list of a prolific user, making it look like it’s a popular work. Since users don’t have a way to delete recommendations off their list (I think), people can get stuck with phony titles they’ve “recommended,” and can’t remove.

Anyway, this is an exceptionally weak idea and a post that’s about three times longer than it needs to be. So I won’t bore you any more with this. 🙄


2 thoughts on “Howto: Spam a user’s recommendation list on Jamendo

  1. K.Mandla Post author

    Thanks Laurent. Like I said, it’s not a critical flaw, but if someone were to set up a short program that just triggers URLs with ?refuid identifiers, they could move an album up a list very quickly. Cheers!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s