June 29, 2012

eBay. What Did Your Neighbor Buy?

I was browsing eBay and came across quite a striking lapse on the part of the ideologists.  They offer you this feature - feedback - which influence the buyer and  seller ratings. Once you close your deal and get your buy, you are strongly asked to rate the seller ("leave feedback").

You enter the page, rate the seller according to a number of criteria... and that's pretty much it. But! By doing so, you leave an entry on the seller's page, which contains your username, the name of the item you bought, its price, and the purchase date. Visit a page of any seller, and you'll see all information about their customers: names, purchases, prices, and dates of the purchases.


There is no option for a buyer to hide the information about their buy.


Leave no feedback? The seller will give one to you anyway, right after you buy anything. Besides, if you give no positive rates to a seller for all the criteria, you risk ruining your business relationships and even losing the after sales guarantees.

Likewise, visiting a page of any buyer (for instance, jonty.leech), we'll know the country they live in (doesn't work with agent services, such as shipito), their purchases with prices and dates of the deal.


A short study of a buyer's page will give you a lot about the person: their shoe and clothing sizes, car model, and even details of their home setting, and information on their spouses and children.  

This information is available not only for registered eBay users.  You can get it by simple Googling .


 The information seems quite depersonalized for the first sight. No big deal, right? Email addresses are not specified, neither are home addresses.... However, many users, when creating accounts with eBay, enter the same names they use in email services, social networks, and forums. In a couple of minutes you'll get everything on the person: their address, their company, whatever.


eBay itself can match several accounts with a real person by showing you their username history.


And if you bother to study feedbacks closer, you'll find a lot of compromising information which had better be hidden from strangers.



Everyone remembers the notorious leaks [ru] of data on Yandex buyers. Residential burglaries tipped off by social network profiles are nothing new. People buy security systems for their apartments and cars, carelessly order sex toys and adult movies - and it all get stored in the purchase history. Applying the method described above, a criminal can get everything they need about you or your apartment. I doubt that anyone would be happy about such an intrusion into their private life.

Let's hope that soon enough eBay will give it a good though and depersonalize some information.

Author: Olesya Shelestova, Positive Research

4 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete