back to article eBay users spot the online auction house port-scanning their PCs. Um... is that OK?

Users visiting eBay have spotted that the website runs port scans against their computer, using the localhost address to inspect what may be running on your machine. Fraud is a big issue for eBay, and if the purpose of scanning for remote-control access ports is an attempt to detect criminals logged into a user's computer in …

  1. IneptAdept

    This is not okay

    There is no explicit request to allow this request, so the domain has now been completely blocked at all levels

    Router

    Firewall

    Devices

    Not that I use eBay much nowadays

    1. Shadow Systems Silver badge

      Re: This is not okay

      Just added them to my Hosts file & will be rebooting in a moment to make it stick.

      You port scan my computer, I blackhole your fekkin' arse.

      1. Anonymous Coward
        Anonymous Coward

        Re: This is not okay

        If you're using Windows its already persistent. Takes effect from the moment you save the file back. Usually just after you've tried the first time and realised that Notepad isnt UAC aware......

      2. Gotno iShit Wantno iShit

        Re: This is not okay

        "will be rebooting in a moment to make it stick."

        ipconfig /flushdns

        "Takes effect from the moment you save the file back"

        Only for new lookups. If it's already in the DNS cache you need to flush it or wait for the cache to expire.

    2. Pascal Monett Silver badge
      Stop

      Re: This is not okay

      Absolutely. You want to scan my computer ? You pop up the question and ask me, along with a description of what you are looking for, where you're looking for it and why you think you have the cheek to ask me.

      If you do security checks on your side of the intertubes, that's your business and nothing I have the right to wail about, but on my side, you will only do what I bloody well allow you to.

    3. Anonymous Coward
      Anonymous Coward

      Re: This is not okay

      meanwhile, 99.999999% of users: domain... scanning... ports... click

      :(

    4. foobar79

      Re: This is not okay

      You do know ANY site can do this right?

      The problem is not that eBay uses this, the problem is that javascript allows it.

      1. PeeKay

        Re: This is not okay

        > The problem is not that eBay uses this, the problem is that javascript allows it.

        And because of these issues with Javascript, I've turned to uMatrix (https://github.com/gorhill/uMatrix) to control them all. JS can come into the browser, but does not always leave (depends on MY rules). Can recommend (for most Chrome based browsers and Firefox).

      2. Gonzo wizard Bronze badge

        Re: This is not okay

        According to a couple of posts I have read, Opera does not permit port scanning the local machine from JavaScript but I've yet to try it for myself.

  2. Drew Scriver Silver badge

    Isn't this the same company that has users download DLL-files?

    Correct me if I'm wrong, but doesn't eBay still use ".dll"-extensions? A number of proxy servers block that by default as part of the stronger security sets - and for very good reason.

    1. Anonymous Coward
      Anonymous Coward

      Re: Isn't this the same company that has users download DLL-files?

      I recall they had .dll in their URLs, but users weren't downloading DLLs to run. Any file extension in a URL is not necessarily tied to any particular file type, server-side. You can configure any web-server to run .dll extensions through php, perl, whatever, or even dispatch an entire domain to a single executable.

      1. eldakka Silver badge

        Re: Isn't this the same company that has users download DLL-files?

        Any file extension in a URL is not necessarily tied to any particular file type, server-side.

        Any file extension anywhere is not necessarily tied to a particular file type. A file extension is nothing more than a part of the name of a file, and some systems (looking at you Windows) make assumptions about a file based on a file extension.

        1. IneptAdept

          Re: Isn't this the same company that has users download DLL-files?

          Nope they run a IIS backend and a lot of the backend is written in C# and VB

          So in this instance it is a .DLL that is run in a few different security modes

          So while you are right, in this instance you are wrong

  3. Efer Brick

    Seems they want to load a scandal (or more) on mine

    https://www.ebay.com/scl/js/ScandalLoader.js

    (blocked, natch)

  4. Chris G Silver badge

    UBlock Origin on Firefox will block eBay's shenanigans, there are other alternatives.

  5. Anonymous Coward
    Anonymous Coward

    A friend used ThreatMetrix at a company where he worked

    They build a complete history of email addresses, phone numbers, etc. entered on their customers sites, their JS also creates a machine fingerprint. IIRC there're some 400+ data data points used to score the client. TM can tell you when the email address was first seen by one of their customers, if it's a catch-all, or disposable, etc. The number of account registrations on customer sites in the last x days, etc, etc. From that they build a credibility score based on the weighting you give to any of the parameters. I remember him saying that his firm refused to send a lot of the available/requested data items on privacy grounds.

    If you shop online, there's a high probability you're already in their system along with who knows what PII

    1. Anonymous Coward
      Anonymous Coward

      Re: A friend used ThreatMetrix at a company where he worked

      A couple of years ago I had a demo with LexisNexis for some of their fraud prevention products. I was stunned at the amount of data they had pulled from all kinds of public and private sources of information that they had compiled into their identity databases. Not just the kind of data you'd assume they would have on web browsing/shopping behaviour/location etc, but all sorts of stuff, work history, education history, spouse details, commute time, where kids attended school, there was the things they knew about with high confidence and things they inferred from the entire data set. It was scary. They had 100s of millions of profiles of people in the US. People have some awareness of the Facebooks and Googles of the world but they have little idea of the data these companies that largely fly under the radar have on them.

      1. Anonymous Coward
        Anonymous Coward

        Re: A friend used ThreatMetrix at a company where he worked

        "[People] have little idea of the data these companies that largely fly under the radar have on them."

        That would be an article worth reading, what about it, vultures?

        NoScript (etc) turn up just such a terrifying number of these phishy smelling domains on pretty much every online sales site nowadays, and you just know that they're up to no good because many of them use short cryptic domain names that bear no resemblence to their actual company name, almost as if they themselves know that they have something shameful to hide.

  6. Martin
    IT Angle

    Puzzled

    If I have no incoming ports open on my firewall (and surely that's the default for most people on a normal NAT router) then what can they do? I'm not saying I approve of eBay trying to do anything on my computers, but surely most people these days (whether malicious or not) will be behind a standard NATting router in it's default state. So I don't see what eBay are gaining from this.

    Or am I completely misunderstanding what they are doing?

    ---> nearest we have to a "?" icon.

    1. Anonymous Coward
      Anonymous Coward

      Re: Puzzled

      The scans are being conducted by them via their 'secure' page, if effectively has an encrypted link through your firewall as it's using the encrypted traffic to your browser.

    2. AMBxx Silver badge

      Re: Puzzled

      The Javascript that's doing the scan is running locally so your router's ports aren't involved outside those used to deliver the web page.

      I'm sure the array of add-ons I have in Firefox would block the attempt, but as they also block the login page, I'm forced to use Chrome for ebay.

      1. jake Silver badge

        Re: Puzzled

        "I'm forced to use Chrome for ebay."

        Forced? Are they holding a gun to the head of your firstborn?

      2. Anonymous Coward
        Anonymous Coward

        Re: Puzzled

        I'm sure the array of add-ons I have in Firefox would block the attempt, but as they also block the login page, I'm forced to use Chrome for ebay.

        or you could choose to use Linux.

        From Developer Dan Nemec post: "I couldn’t replicate the behavior in Linux even after spoofing a Windows User Agent and disabling all of my extensions."

        1. Anonymous Coward
          Anonymous Coward

          Re: Puzzled

          Which is kinda ironic because all the web-scrapers I ever did runs only on Linux (and spoof user agents, of course)

    3. Anonymous Coward
      Anonymous Coward

      Re: Puzzled

      I can only think that it's part of the fingerprinting. If they scan 200 ports, whether open or closed, then that's another 200 bits of entropy they have mined from you.

  7. alain williams Silver badge

    My firewall - getting updated

    iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

    It seems that I was naive, I now only allow some connections. Its going to be a pain until I get the rules right.

    1. Danny 14

      Re: My firewall - getting updated

      If you read the report by Dan in the article you will see that it wasnt replicated in linux.

  8. Mike 137 Silver badge

    Could they do a better job?

    "not all the code is obfuscated, so if the script's creators really wanted to cover their tracks they could have done a better job."

    Maybe they're blindly using an obfuscation tool they don't really understand.

    1. jake Silver badge

      Re: Could they do a better job?

      "Maybe they're blindly using an obfuscation tool they don't really understand."

      Probably. There is a lot of cargo-cult programming out in the Corporate World. Probably because they are firing old programmers and hiring wet-behind-the-ears new graduates with absolutely zero street smarts.

  9. oiseau Silver badge
    Facepalm

    Downright illegal

    Hello:

    ... obvious that the company is in the business of gathering data ...

    Indeed ...

    What they use the data they gather is anyone's guess* but you can be certain that it is not just a fraud prevention exercise.

    And if we take into account that what they are doing is very shady if not downright illegal ...

    O.

    * not really, it's either up for sale or payment on behalf of eBay for the "service" rendered.

    1. Peter2 Silver badge

      Re: Downright illegal

      Yeah, under the GDPR though they are required to gain explicit consent to the use of your data in this way. I haven't given it.

      Has anybody reported this to the ICO yet?

  10. whitepines Silver badge
    Alert

    And what do you think Ebay's response to you actively scanning their servers, perhaps behind their firewalls via exploits, "to protect against fraud" would be? After all, just because it says ebay.com in the browser doesn't mean their site is secure or that you are on the legitimate ebay.com.

    I suspect the response would be in terse legalese threatening hacking charges and prison. It's the active penetration / behind firewalls part of what Ebay is doing that probably makes it illegal, but IANAL.

  11. macjules Silver badge

    Fraud is a big issue for etailer

    Probably because they got so good at making sure users can be defrauded. I stopped using eBay many years ago when the steps you needed to take to prevent AFF criminals outweighed the value of the goods you were selling.

    Once memorably got a $500 transaction on eBay cancelled and refunded when the seller assured my wife that the bag she had bought was "genuene aligator [sic]" I informed eBay that if they did not cancel and refund that I would have them charged under CITES.

    1. Insert sadsack pun here
      Megaphone

      Re: Fraud is a big issue for etailer

      Alligator leather is perfectly legal - it's not an endangered species and there are big farms that feed the leather trade.

      1. jake Silver badge

        Re: Fraud is a big issue for etailer

        Alligator, sure. They can be tasty, too. But what she purchased was supposedly aligator ... which is so endangered that most people have never even seen it in a dictionary.

        1. Version 1.0 Silver badge

          Re: Fraud is a big issue for etailer

          It's easy to tell if you are eating a legal farm-raised alligator or a wild alligator, the farm-raised alligator tastes like chicken, the wild alligator tastes like hunting dogs.

          1. jake Silver badge

            Re: Fraud is a big issue for etailer

            True, the farm raised version tastes like chicken ... but actually, the wild ones taste vaguely of fish. You can guess how I know this.

            1. Martin-73 Silver badge

              Re: Fraud is a big issue for etailer

              Wild is also much MUCH chewier... to the point of being rubbery

              1. jake Silver badge

                Re: Fraud is a big issue for etailer

                You're not cooking it right. Try low and slow, either a crockpot on low or your favorite smoker at about 220F (105C), both at least 8 or ten hours. Or go the other way and use a pressure cooker.

                1. John Sager

                  Re: Fraud is a big issue for etailer

                  Freshwater croc in QLD. Mine was cooked quickly at the table on a cast iron sizzler plate. Yummy!

            2. richdin

              Re: Fraud is a big issue for etailer

              Diet? Makes sense about the flavour. Though better us on them than vice versa...

          2. Anonymous Coward
            Anonymous Coward

            Re: Fraud is a big issue for etailer

            Really? How do you even know what hunting dogs taste like?

            Enquiring minds want to know

          3. clyde666

            Re: Fraud is a big issue for etailer -- MEAT

            There used to be a cables/connectors business somewhere near Liverpool (I think it was). They had a good sideline in specialist meats. I.e., Alligator, ostrich, lots more. Even Japanese sake. All really good stuff.

            And they were probably the best ever company for cataloguing and sourcing specialist cables and connectors.

            1. Pen-y-gors Silver badge

              Re: Fraud is a big issue for etailer -- MEAT

              Chinese bats?

              1. clyde666

                Re: Fraud is a big issue for etailer -- MEAT

                Too long ago :-)

  12. Anonymous Coward
    Anonymous Coward

    Why do browsers have port scanning capabilities via JavaScript?

    1. jake Silver badge

      Browsers don't.

      javascript does.

      Spot the difference, win a cookie. And hopefully promptly turn off javascript like any other sensible trained chimpanzee.

      1. tin 2

        Re: Browsers don't.

        Turn off Javascript?! how many websites you visit actually function these days?

        1. Martin-73 Silver badge

          Re: Browsers don't.

          All the reasonable ones. Often with much reduced functionality, but any reasonable site should work for sufficiently small values of 'work'.

          1. Anonymous Coward
            Anonymous Coward

            Re: Browsers don't.

            British Gas web site to view your account doesn't render under Waterfox Classic. Complained and was told "You can only use Chrome for that".

            1. Martin-73 Silver badge
              Pint

              Re: Browsers don't.

              UGH, shades of IE6 all over again

              Pint because I'm sorry you had to deal with BG

              1. Anonymous Coward
                Anonymous Coward

                Re: Browsers don't.

                A friend says that her Post Office and bank online account pages won't work with FireFox. Yet again Chrome appears to be the walled garden.

      2. Pen-y-gors Silver badge

        Re: Browsers don't.

        And hopefully promptly turn off javascript like any other sensible trained chimpanzee.

        Absolutely - I always recommend that people should brick up all the windows in their homes to stop burglars getting in.

        1. Dave559 Bronze badge

          Re: Browsers don't.

          "Absolutely - I always recommend that people should brick up all the windows in their homes to stop burglars getting in."

          You've pretty much described a castle, which is a highly secure dwelling designed to resist external attack and minimise attack surface. If you are at very high risk from such an attack, it's a perfectly reasonable solution. The same reason why many shops have shutters, and some houses have grilles on the windows. The corollary with a web browser is obvious. Determine your perceived level of risk/threat, and take proportionate action. Now, where did I put that boiling oil extension...?

          1. Anonymous Coward
            Anonymous Coward

            Re: Browsers don't.

            "You've pretty much described a castle, [...]"

            The small postern gate was used to save opening the main access barriers - like a back door. It was a weak link - subject to subterfuge, imposters, or corruption. An alternative was to use the water/drains tunnel***.

            ***eg "Small Gods" by Sir Pterry (the "p" is silent as in "Psnow")

    2. phogan

      They're called web sockets and at least in Firefox I believe network.websocket.enabled = false disables them while leave Javascript otherwise intact.

  13. Anonymous Coward
    Anonymous Coward

    eBay got back to us to say that

    the reply bots they employ didn't read your questions and / or didn't understand them and / or don't give a flying monkey fuck because they're not paid to provide any meaningful answers, so they chose a random reply No 36366 thank you & good bye.

    Or, should I read they did provide a meaningful answer to a (presumably) clear question, only that I'm too simple to see the true meaning in their reply?

    1. Martin-73 Silver badge
      Big Brother

      Re: eBay got back to us to say that

      You're not simple enough to be taken in by reply No.36366 and are therefore not their target audience, please move on citizen

      (ALSO very generous of you to assume there's that many replies... unless it's in binary with 3 and 6 representing 1 and 0)

  14. 2+2=5 Silver badge
    Unhappy

    Fraud is a big issue yada yada...

    Presumably a lot of eBay fraud is fraudsters buying an 'eBay fraud kit' on the dark web which provides handy features for defrauding buyers and or sellers. So I fully expect that an updated version of that kit was released about 5 minutes after eBay first started doing these scans.

    As always, it's us that suffers - the fraudsters won't be impacted in the slightest, except a one-off upgrade payment for the updated fraud kit.

  15. redpawn Silver badge

    TRUST is a two way street

    I don't run Windows except when a special application is needed for both TRUST and speed issues. uBlock Origin on Linux makes me feel a bit better. However, lack of transparency does not lend me to volunteer any info to eBay. I would ditch eBay but parts can be hard to come by through other channels without paying too much for both shipping and the part here in Hawaii. Keeping old kit running keeps me a customer unfortunately.

    1. jvf

      Re: TRUST is a two way street

      Unfortunately true. I'm stuck in the same boat over here.

  16. This post has been deleted by its author

  17. ZenCoder
    Linux

    There is a proper way to do this ... and an improper way to do this ...

    The proper way to do this is to have a click through notification! Also why would any web browser allow this without asking for permission first?

    I switched operating systems and stop using corporate owned social media, I can definitely walk away from eBay without looking back.

  18. Henry Wertz 1 Gold badge

    Probably fine

    First off, from a practical standpoint, I have no problem with EBay trying to detect fraudulent software running on people's machines. This will prevent both the user and EBay from fraud caused by people running greasy greasy unpatched infected-all-to-hell Windows; some people seem to think they can run as infected a system as they want and it should be (EBay, bank, etc.) responsibility when their account is "mysteriously" abused.

    That said... GDPR? That's tricky, GDPR honestly makes a lot of normal computer activities a legal grey area. The computer fraud and abuse part.. can't speak about Britain but in US it's very clear, trying usernames and passwords, or buffer overflow, etc., if it succeeds it's gaining access to areas you are not already authorized to access and is a legal problem. Running a port scan is not exceeding anything; the system is willingly answering or refusing connections on each port, and the port scan is not trying to bypass anything on ports that are answered, it's merely closing the connection. This is clearly legal here.

    1. jake Silver badge

      Re: Probably fine

      "I have no problem with EBay trying to detect fraudulent software running on people's machines."

      In my mind, EBay trying to run a port scanner from inside my firewall without so much as a by-your-leave is just as bad as any other skiddie trying to run code on my machine without asking.

      Quite simply, it is NOT benign ... and it's entirely too far over the wrong side of the slippery slope. They should stop the practice immediately and issue a public apology with promises to not do anything of the sort ever again. And even then, I doubt I'd trust them. Once a corporation crosses the line, they always cross it again as soon as they think they can get away with it.

    2. Peter2 Silver badge

      Re: Probably fine

      That said... GDPR? That's tricky, GDPR honestly makes a lot of normal computer activities a legal grey area.

      Honestly, no it doesn't.

      You can do anything legal that you have specific informed consent to do. Doing a port scan is legal, assuming that you have informed consent from somebody to do it, so if you had a website that offers a port scan (eg. shields up run by Steve Gibson which has been running for something like 30 years) then if somebody chooses to visit it and run a port scan then that is entirely legal.

      It'd only cease to be legal if he then did something like sell the data that he collected without the end user having specifically consented to that.

      The issue comes when somebody then takes the same technology and runs it on somebody who has not specifically been informed and who has not consented. You can't just put a line in page 9000 of your terms and conditions saying that by visiting the site they have accepted this.

      So the issue comes down to "did eBay have specific informed consent to run a port scan". As nobody knew they were doing it then by definition they didn't have informed consent to do so. As it wasn't authorised they are breaking the law.

      It's not difficult.

  19. Glennda37

    I wouldn't buy insurance then

    Having worked at many insurance firms... They all do this as fraud prevention, they gather stats about the machine to check for fraudulent activity

    1. Louis Schreurs Bronze badge

      Re: I wouldn't buy insurance then

      I appreciate your info. Would like to know where you are from, US, Brit, EU, ..... uhm what nations’ insurers I am literarely asking in a way.....?

      1. Korev Silver badge

        Re: I wouldn't buy insurance then

        I'd also be interested

    2. A random security guy Bronze badge

      Re: I wouldn't buy insurance then

      I’d like to know too.

  20. mark l 2 Silver badge

    What happens if ebay do detect that your PC has the RDP port or VNC port open will they warn you or stop you using ebay?

    Some people might legitimately have these ports open, say someone on ebay from an office PC where their IT support requires these to be able to remote admin their machines.

    I used Ublock on firefox which will hopefully block this behaviour, as without it ebay is full of ads like some tabloid newspapers website.

    1. Mark192 Bronze badge

      Mark I 2 asked: "What happens if ebay do detect that your PC has the RDP port or VNC port open will they warn you or stop you using ebay?"

      Probably not. It'll likely be used, along with other information, to assign a probability of fraud to the actions you're talking.

      You might notice, e.g. a little more hoop jumping when you change passwords or enter a delivery address that's not been previously associated with you.

      1. eldakka Silver badge

        It'll likely be used, along with other information, to assign a probability of fraud to the actions you're talking.

        That is how threatmetrix works, yes. They calculate probabilities, and pass that on to their client (ebay in this case) as a threat rating, and it is up to the client to decide what to do with the threat rating. So, for example (random non-specific), usually you don't get prompted for 2-factor authentication when making a purchase on checkout. But for this transaction, for some reason they require 2-factor. It's likely something like threatmetrix (or similar service) has told ebay that this transaction has a higher threat rating than usual, but not so high as to just block it entirely.

  21. Anonymous Coward
    Anonymous Coward

    Nothing about this in their privacy notice

    They mention scanning messages sent via their system and "cookies and other technologies" (view-source:https://www.ebay.ca/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260 and view-source:https://www.ebay.ca/help/policies/member-behaviour-policies/user-agreement?id=4259) but squat about port-scanning.

  22. Anonymous Coward
    Anonymous Coward

    fingerprinting

    I had read a very informative research paper about advanced fingerprinting techniques that uses Flash, HTML5 canvas, WebGL, WebRTC, Silverlight and font fingerprinting.

    This script is using many of those techniques.

    When I'm bored I scan the internet looking for hex-obfuscated code in websites and almost always the beautified and deobfuscated scripts show they are used for nefarious purposes.

    Credit-card skimmers, advanced fingerprinting scripts to weed out only intended targets to be served up malware, parking domains that use API keys to bypass adblockers to serve up rootkits from fake browser or flash updates, chained exploits to target minority groups etc.

    (And website owners wonder why more and more people are using ad/script blockers.)

    1. TheSkunkyMonk

      Re: fingerprinting

      "And website owners wonder why more and more people are using ad/script blockers"

      Still with all the threats listed the first reason I use a script blocker is so the marketing wankers and arsehole coders who make their software don't feed me ad's or track my activity so i can be turned into a product to sell, security only comes in second, lol my bank is pretty much empty anyway good luck to em :P

      1. Anonymous Coward
        Anonymous Coward

        Re: fingerprinting

        And the other reason for ad blockers / script blockers is... to be able to use the web.

        Last night partner burbled about slow computer. Had to reboot the Win7 to get control. On restart and bringing Chrome back up, a cooking recipe site pegged out the CPU and was using >>1 GB within one minute of bringing up a particular page.

        With some sites there is no difference between maliciousness and cluelessness. Have to disable scripts on those sites to evade both.

        1. Anonymous Coward
          Anonymous Coward

          Re: fingerprinting

          Then there's AdNauseum

  23. Jamie Jones Silver badge

    Lots of issues here

    1) How the hell is javascript allowed to make any connections other than to the address ih the pages URL, without prompting?

    2) If Ebay claim this is perfectly legit, and is to check if *innocent* computers have been compromised, why all the obfuscation?

    3) How the hell can they justify sending a report of my internal network to themselves, or anyone?

    ... and the stuff others have mentioned.

    Just thinking out loud here....

    I don't run windows, but it's a general javascript hole. I'm unable to disable javascript a lot of the time, so .. what's a good generic way of stopping this?

    I guess on android, firewalling all "app" users from the local network, and localhost (maybe open port 53, but I think ns lookups go through the android framework, so may not be necessary..)

    On freebsd, run all browsers under a seperate network stack (fib) and firewall similarly.....

    This still doesn't seem like enough though...

    1. Mark192 Bronze badge

      Re: Lots of issues here

      "why all the obfuscation?"

      So criminals don't spot and avoid the measure and so competitors to the security company don't spot and use the measure.

    2. Allonymous Coward

      Re: Lots of issues here

      Run a pihole for your local DNS server, pull down a few good big domain blacklists (mine has ~1M records), make sure whatever domains this script is coming from are in that list.

      My pihole blocks ~20% of all requests from my home network, with no obvious loss of functionality for wife & kids in most cases (had to whitelist some Kindle Fire stuff).

      1. Jamie Jones Silver badge

        Re: Lots of issues here

        I already run my own dns server with blocklists. I don't see how this can stop a site scanning locally via javascript.

        1. Allonymous Coward

          Re: Lots of issues here

          It doesn't, of course. But it does mean in many cases you can stop it loading the script in the first place. I realise I may be telling people on a site like El Reg how to suck eggs, but defence in depth and all that.

          1. Jamie Jones Silver badge
            Thumb Up

            Re: Lots of issues here

            Ah ok, I get you. No problem.

            I'm still shocked (and also, shocked that I didn't know) that a javascript could initiate a connection to any ip and port it likes.... That's damn rediculous (even if it can only communicate http, it's still yet another fingerprinting mechanism..)

            1. NZ Journey Man

              Re: Lots of issues here

              Lots of web pages pull information from sites other than the one that served up the web page. A good example is the javascript libraries themselves are often served up by Content Delivery Networks.

              Another trivial example is any website that includes a weather report is probably pulling that data in from an api on a weather site. While they *could* do this at the server, they save themselves a lot of CPU and network bandwidth by getting the browser to do that work.

              A big trend in web pages is the single page application. The web page itself only loads once, and everything else is done in Javascript and websocket calls. Turning off Javascript will completely kill this kind of webpage.

              1. Jamie Jones Silver badge
                Facepalm

                Re: Lots of issues here

                Doh. Yeah. I had a bit of a brainfart moment there. I guess it's the fact that the state of the connection can be reported back that is the issue. Also, I guess restricting things to just port 443 would help..

  24. Martin-73 Silver badge

    I'd mess with em

    I would be tempted to set up a separate vlan with many many dummy hosts with all kinds of interesting ports open.

    Possibly with the sequence of IP vs Open Ports spelling something obscene in ASCII

  25. John Navas

    Outrageous and probably illegal here in California

    it's likely a violation of California Penal Code 502(c), the California Consumer Privacy Act, and the federal Computer Fraud and Abuse Act. (eBay is located here in California.)

    Unless and until eBay stops such abusive behavior, I won't use eBay, and will advise others to do the same.

  26. razorfishsl Silver badge

    Which is just Fucking stupid......

    If for security, I remote my home PC a special network to do banking & purchases......

    1. Mark192 Bronze badge

      Take less coffee and relax a bit - they're not banning everyone with these open ports, it's information that informs their anti-fraud algorithm.

  27. anoco

    You must have Java Script enabled to sign in.

    Hmmm... maybe ebay is being fooled here. This marketing company is probably telling them one thing and doing another.

    Like telling ebay that their Java back end needs scripts to run so their visitors need a Java Script as well.

    We should be able to curtail our javascript capabilities at our own choice. Like yes for layout rendering, but no for a list of all installed fonts. Have a list of what you allow javascript to do and what not.

    1. oiseau Silver badge
      Facepalm

      Re: You must have Java Script enabled to sign in.

      Hmmm... maybe ebay is being fooled here.

      Hmmm ...

      And what did Santa bring you last Christmas?

      And did the Tooth Fairy leave you more money this time around?

      So much quarantine time finally got to you.

      Maybe if you get some fresh air? ;^D

      O.

  28. Manolo
    Devil

    Bollocks

    If you get an answer that starts with "committed to creating an experience", you know that:

    A) it's written by an marketing droid, not a technical person

    B) it's going to be useless.

    1. Mark192 Bronze badge

      Re: Bollocks

      Part of the use will be so that fewer security steps are needed for customers, say, entering a new delivery address.

      Eg Bob enters a delivery address the security company doesn't already associate with Bob. It looks like Bob's computer but has a previously closed port, often used by hacked machines, now open.

      Bob gets the hard Captchas and a text message with a code in.

      The difference isn't that harder security can be given to dodgy looking customers, but that easier security steps can be given to honest-looking customers doing honest-looking things.

    2. oiseau Silver badge
      WTF?

      Re: Bollocks

      If you get an answer that starts with "committed to creating an experience", you know that:

      A) it's written by an marketing droid, not a technical person

      B) it's going to be useless.

      B) They are fucking you over, twice.

      C) You're not even getting a kiss. 8^7

      O.

      1. Lotaresco Silver badge

        Re: Bollocks

        If you get an answer that starts with "committed to creating an experience", you know that:

        A) it's written by an marketing droid, not a technical person

        B) it's going to be useless.

        B) They are fucking you over, twice.

        C) You're not even getting a kiss. 8^7

        B) They are going in dry from behind.

        C) You're not even getting the courtesy of a reach around.

  29. Anonymous Coward
    Anonymous Coward

    Barffff

    " ... committed to creating an experience on our sites and services that is safe, secure and trustworthy,"

    If I read that piece of PR bollocks one more time, i am going to strangle the nearest oxygen consuming life form. Fuck I am tired of that sort of non-answer double-speak. That we we don't all say, "fuck off cockhead and answer the friggin' question" every time we hear thus crap is an mistake on our part and only encourages them.

    1. Inkey
      Big Brother

      Re: Barffff

      Yeah I feel your pain.... The spin some of these vapid scum suckers come up with.. It's like vomiting in your mouth and then swallowing it...

      We respect your privacy and your security is our number 1 concern.... That's why we track you, profile you and then sell it on to all manner of bottom feeders.. Cause we really care

  30. Anonymous Coward
    Anonymous Coward

    Fraud prevention

    The percentage of fraud that comes from people being manipulated through TeamViewer is very high. This checks to see if this is happening.

    Along with a whole load of other factors this can be used to detect potential fraud.

    ThreatMetrix doesn't hold any PII as every input is hashed and all all the algorithms work on the hashes, not the actual data.

    They can even connect fraud occurring by linking data inputs from their different customers. e.g. see a whole load of email accounts being created then suddenly used to apply for financial products or ebay accounts, say. So even though ebay gets a fraud score for their individual users based on the rankings of the various inputs, TM can spot and alert about a bigger fraud case playing out by criminals.

    tl;dr nothing to see here.

    Anon as former LN employee.

    1. Mark192 Bronze badge

      Re: Fraud prevention

      Thanks for your comment - very interesting.

      Sad to see you got downvotes... I guess some people prefer the version that involves the lizard people only getting their information on you when you use eBay.

      1. Anonymous Coward
        Anonymous Coward

        Re: Fraud prevention

        So if you stumble on to one of my websites, I can justify scanning your internal network by saying that I'm doing it for your own security?

        It's OK for me to pop into your bathroom when you're in the shower to remind you that the door wasn't locked?

        I can look under the hood of your car just to check if it's safe to drive?

  31. Mike Tubby

    Blatant breach of Computer Misuse Act ?

    Surely this is a blatant breach of The Computer Misuse Act (1990) [as amended] ?

    Are there any Barristers here that fancy a class action against Ebay?

  32. Jake Maverick

    NOT OK

    Pretty sure it's illegal along with so many other things....like the number of sellers on there that have absolutely no intention of fulfilling you order, they just sell your personal data to Amazon for a %! I'm boycotting Amazon! No way to stop it :-(

    I've had to change PCs, account details, physical address and use a different bank card...because my account was targeted and black listed. So many sites out there telling you the problems with them/ horror stories now......I lost my house because of it so had to move anyway.

    But I think a large part of the problem is this perverted capitalism we now have. They did away with the Monopolies and Mergers commission 20 odd years ago.....this allowed the most successful of these auction sites simply to buy up and close down the competition. So many good businesses have ended up pretty much solely dependent on ebay and have been forced to close/ go out of business simply because of ebay's shoddy business practices. Some of the time i'm sure it's simply the competition claiming they're selling stolen goods and with no evidence whatsoever ebay shuts them down....

    I've known people who have bought a second hand PC and had their account closed/ blacklisted because ebay scanned the CPU ID and decided they didn't like that person. Same with blacklisted physical addresses.....people do move you know, it's not the same person!

  33. Jake Maverick

    There are also multiple ebay accounts here running from same IP address.....should I be worried? I'm solely dependent on ebay for my income.....

  34. nomilktoday

    Edge had it right

    The EdgeHTML version of Microsoft Edge protected against this by default. You had to agree to lower security and enable access to localhost through a setting on about://flags. This feature has not been brought forward to the new Chromium version.

  35. nomilktoday

    PAC to the rescue

    You can configure Firefox to block access to localhost using a Proxy Auto-Conf (PAC) file. It wouldn't work with Chromium because it shares proxy-configuration with the host operating system.But it will keep random websites from connecting to or port-scanning services on localhost if you use Firefox! Details here: https://www.ctrl.blog/entry/block-localhost-port-scans.html

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020