Tracking through emails / Web beacons / TOKENS / index.dat files? WHAT ELSE?

[ebayaintstupid]

EDITORS NOTE:
The final verdict is that EBAY cannot track you through opening or reading your emails. Web beacons are not an issue. Cookies are not deposited into your system by opening or reading EBAY emails.

--
there are obviously things that EBAY is doing that are not covered here.

First of all, volume triggers alerts in EBAY. So if you start a new account and within three months you are doing heavy volume, EBAY will likely be looking real close. It has been recommended you limit yourself to one account at a time, but you really need to split accounts up if you plan on doing any volume at all without later suspension, at least in the first year or so. Plus you are planting seeds for later. You have to be careful as possible to not get the accounts linked.

IP Address is only one way that they can track you, and it isn't incredibly reliable. Why? Some ISPs have thousands of customers and for a given area may broadcast the same IP Address for thousands of folks. Many corporate IDs are the same. Company I work at now has thousands of computers. They all show up as a single IP Address to the outside world. I use whatsmyipaddress.com on my PC at work and then go look on one of the servers in the lab for the other floor on a different subnet in a different part of the building, bingo, both the same.

So EBAY can't link you solely based on IP Adress, they need something more. Yup cookies. Obvious, right? Now, you say, OK, I am real cookie careful. I clean up all the time. But one innocent miss is deadly. If a cookie is around when a hit on your IP Address happens and you are identified as a different EBAY user than the last time that cookie was seen, you are linked. It is possible for Ann and Dan to have the same IP Address and have no association whatsoever. But if Ann has Dan's cookies, well, there is almost no chance they aren't associated. If you got linked to a suspended account, you got suspended. Dead.

Aspkin says smartly to never log back into a suspended account. Of course, you really can, so long as you clean up your cookie trail and NEVER forget, but it is risky. You could get caught off guard.

Now, how could you get caught off guard? Beacons. If you don't know what a beacon is, go find out. They are an insidious invasion of privacy used by marketers. They are why GMAIL and some other mailers block all images unless you specifically allow them. You open an email with a beacon and you don't have them blocked, and guess what. Read about beacons and you will get it immediately.

Let's just say, EBAY is a marketer. Beacons are a way of life for all internet marketers. And Beacons combined with a cookie trail are deadly to anyone trying to hide from the EBAY monster. And I have spoken to well educated and very experienced internet engineers, and even many of them have no idea what a beacon is.

Beacons are a total invasion of privacy and should be banned and made illegal. But marketers are discussing now how to get you to open emails with beacons despite the new gmail and other mailers blocking them. How to make them beckon you to click "Allow Images" when you open your mail. And each time you do. Someone knows you are there.

If you have other suggestions or ideas for how to evade EBAY, or questions regarding beacons, post them here. I would love to see some more folks' thoughts.

Aspkin got me thinking. EBAY got me mad.

[jamesy]

I had a look into these here

makes for interesting reading.

I'm thinking about blocking cookies from ebay in my internet options settings of windows. is that a good idea (because of beacons and just wanting to block ebay from snooping) or does a blocked cookie signal a red flag to ebay?

jc

[ebayaintstupid]

except you can't log in to ebay with them blocked. Good idea to block them where you cannot use them. Perhaps work or someplace you never want to really log into EBAY, but may encounter a beacon.

The safest thing is to ensure you always have cleaned up your cookie trail before you log in to EBAY. Firefox has an ability to delete all your private data on every exit from the program. Explorer does not. It has a utility you can download called Cookie Monster that does the same thing, but not automatically. Explorer appears to operate better inside of EBAY though, so just be careful.

You can open your emails from EBAY and never hit a beacon unless you "allow" them. Don't. Block all images from EBAY. A quick examination of some, not all, EBAY messages clearly show beacons being used.

Beacons can also be placed on web sites. So, you could be browsing someplace you don't even know is related to EBAY and blam, you find a beacon. Blocking all images when browsing is kind of useless. So, you just have to make sure you delete all your cookies before you start. You can then even go to EBAYs site and they won't know who you are unless you actually log in.

An example of this kind of beacon is used consistently by advertisers like doubleclick or valueclick. You go to a website, and their beacons are there. As soon as you browse the sight, double click places a cookie on your system. Next time you hit a site that has a double click beacon, it finds your cookie. It makes a trail of where you have been. If you have logged into one of the sites, they even know who you are on every site you browse.

Ever wondered how come you go to one site and suddenly you have 30 cookies all from different marketers? If you haven't looked, watch the cookie count jump. When I come to askpins site, the only cookie added is aspkins. But when I go to BlockBuster or some other heavily marketed sites, I may get blasted with cookies.

I have not really tried this yet, but it would be a curious exercise to see if an EBAY cookie gets dropped on your system while browsing some related sites like Paypal.

Beacons are nasty, but a beacon without cookies is useless. They see a hit on an IP address, but have no idea who you are without a cookie. But once they start laying down cookies and you are not cleaning them up, it is only a matter of time before they identify you.

If you don't believe me that beacons exist, clean up your cookies and go to a few web sites and watch the cookies pile up. If you are brave enough, you can even allow an ebay message to display. If there was a beacon in there, when you are done with the message, you will have an EBAY cookie.

One more tidbit. Be careful responding to EBAY mail messages from buyers. Have you ever received such stupid questions in your mail that you just say to yourself, geesh, noone could be this dumb? For example, you say New everywhere in your listing, and they ask you is it new? Or questions that ask you to ship to timbuktu even after you specifically said you only ship the US? It is very possible that terse questions or form looking emails from an EBAY user are sent by EBAY.

If you have mail forwarded to a central email or respond from the wrong location the mail could identify you. I carelessly responded to one question from a forwarded email one day from an email address that was suspended, and bang, within minutes, I was suspended. I had been using that account on the same IP address for ages. EBAY caught me through that one email and linked me.

[tpayton]

Very interesting.

I've followed the guide without error and still got busted. The only thing that I did that could have linked me in any way was read old emails from the old suspended account and kept using PayPal.

I'm wanting to hope that the PayPal theory of it not being connected with EBay is correct - as many people have kept their new accounts using the same PayPal accounts. I'm hoping that what got me suspended was reading those old emails because of this "beakon" theory. It makes sense and had me asking if "emails" could track you.

So thanks! I've not been reading old emails from my new IP address and so far no problems - so we'll see.

Take care

[tpayton]

Interesting again.

Sure seems like it is something with the email. I have been in an old email on my new IP address and only replied to emails where the senders address is on the email (and not through the respond now button). In the past I have felt that this is what caused the EBay linking. But now that this information has been posted, I'm very curious to see if it's indeed something in the email and not just paranoia.

What I'm curious about is if what linked me could be that I clicked on the item number link or the feedback link that is in the email. It doesn't log you into EBay so there's no way they could get you there nor does it show your userID or anything in the HTTP link - I'm wondering if there's a beakon or something though that catches you.

Too many thoughts.

[ebayaintstupid]

so if you have two browsers, like I do, Explorer and Firefox, they each store and act on cookies in independent directories and are totally unaware of each other's cookies. So, a cookie stored in Firefox could never be accessed through Explorer and visa versa. But that also means when you clean up your cookies on Firefox you are NOT cleaning up your cookies in Explorer.

Beacons aren't a theory, they are a fact. All internet marketers use them. I just checked paypal, and they have a beacon from doubleclick. Surprise. But fortunately they do not have one from EBAY.

I do not think them directly connected, at least not yet. Otherwise, EBAY could just can your account the minute they got your email address for payment on paypal. I believe there are laws pertaining to privacy involved there. You have to ALLOW paypal to hand over your information and that is what the linking of accounts is all about.

That is why EBAY provides incentives to link your accounts. To catch you off guard seeking a bargain. Notice how they also offer a discount when you open account for free access to your bank account. If you give it, watch out.

Beacons are typically very small invisible icons. They aren't typically invisible and small to fool you. Shoot, you could be looking at a full screen image and not know it was a beacon. So why bother to use small invisible icons?

They are small because they render almost instantaneously. They are the first bitmaps even on dial-up links to render and each one can result in a cookie being read or placed on your system before you even see the web page you are about to browse or the email you are about to read.

Again, EBAY definitely uses them. They are most obvious in their generic messages, like the EBAY Welcome or the Congrutulations messages sent to all new users. How many people have you seen say, gee, I got suspended right after I got my welcome message. If you have gmail, which blocks them, you can see them as very small images along the sides or bottom of the message. If you don't use a mailer that blocks them, you don't see them at all.

Anyway, back to the browser question. It is possible to be using Firefox and clean up all your cookies and then open up a message using Outlook Express which uses Explorer. Even though your Firefox express cookies were cleaned up, outlook express opens an explorer window internally and exposes your system to all the beacons within. Lovely. If you have explorer cookies about, those beacons access those cookies and if they are EBAY cookies from a prior login, they know exactly who you are.

Outlook also blocks images for the same reason. Rule. Absolute rule no doubt. NEVER ever allow images to be displayed in any message received from EBAY.

[aspkin]

Like any good internet marketer, we have ways to see if a person has opened an email, which links they clicked on and more by inserting simple hidden code in emails. The hidden image is used to see if you open an email. There is extra code added to your links to see which links you click. And I'm sure there are ways to insert cookies to identify you. EBay does all of this I'm sure.

You have to be careful about opening eBay's mail. I wouldn't open them with outlook either. It's best to use one browser, I like firefox, to open and read your emails. Then delete the cookies afterwards, or do like ebayaintstupid and have firefox auto delete cookies.

ebayaintstupid, you're really thinking hard about this, I like that.

EBay is very complex, and yes they aren't stupid.

[ebayaintstupid]

but you don't have to click on anything for a beacon to work. All a beacon has to do is shine. In other words, it just has to be displayed in your browser. For that to happen, it hits the server from which it is referenced.

Once hit, ebay can then go out and add a cookie to your PC if it isn't already there. If it is, they can read the cookie to see if they can identify you. I am betting this is how 75% of people on EBAY are linked to a suspended account.

An IP Address is iffy at best for identification. An association of what you are selling is iffy or your style in listing is iffy.

A cookie/beacon identification of a suspended account is definitive. It can't be wrong.

[ebayaintstupid]

in my last message. It will take you to EBAY. Aspkin, can you delete that message? I just meant to say it will hit ebay's web site and accidentally added a link. If anyone clicks on it they could be toast.

[aspkin]

hahah, it's deleted.

[ebayaintstupid]

outside of EBAY. If you have you cookies deleted and have logged into EBAY and ONLY respond to EBAY mails ON EBAY, these techniques I will show you will not work. But if you open so much as one EBAY email on your system from your email browser (gmail, hotmail, outlook, outlook express), you are NOT SAFE from the EBAY scumBAgs.

OK, now I want you to carefully read the two following definitions from Webopedia. Then I want you to send ALL, and I mean ALL, EBAY email messages to your garbage can or spam or whatever and never ever open one of them ever again.

What is Web beacon? - A Word Definition From the Webopedia Computer Dictionary

Web bug - Wikipedia, the free encyclopedia

EBAY uses these guys. They ain't stupid and these are the absolute best way to spy on people on the internet today. They don't need your IP Address guys. It is only part of the equation. All they really need are these too cynical spying techniques and a simple slip-up on your part and you are dead.

And for those of you that opened a message or two and think, I didn't get suspended so this can't be true. Just wait. EBAY ain't stupid. They may flag an account using these techniques and know you are a bad guy, but allow you to exist on EBAY and sell etc. They know it is more or less harmless. You will deliver your product and sell innocently because you don't want to raise suspiscion. They are waiting for you to get linked to someone they know. Someone they can pinpoint with an address and phone number.

And with all your false addresses and false identifications, how is that going to make you feel once you are exposed.

[aspkin]

Look ebayaintstupid, not all web beacons or so called tracking bugs are bad. They're mainly used to see if you open an email, if you click on a link, or on a website, who your referrer was, what browser you're using, how long you're been on a page, which pages you're viewing.. etc

They're mainly used to help monitor how well email campaigns are doing, or which pages of a website are more popular.

Aspkin.com has three pieces of tracking software.

If you view the source of my blog homepage, aspkin.com, look towards the bottom of the code.

<script id="stats_script" type="text/javascript" src="http://metrics.performancing.com/wp.js"></script>

<script type="text/javascript" src="http://s28.sitemeter.com/js/counter.js?site=s28aspkinstats">

<script language=JavaScript src='http://www.aspkin.com/astracker/ast.php'></script>

One is sitemeter stats, another is metrics stats, and other is for adwords tracking.

The adwords tracks if someone clicks on a Google ad of mine I'll know about.

The other two monitor how many people visit the site, where they came from and other details.

It's not bad; most websites have some type of tracking scripts to keep track of website traffic. Even using beacons as images, is the same thing. I've used them before in my mass email campaigns. I just sent an email to 90k past customers of mine about a week ago with a beacon and link scripts. They're only used for email tracking purposes.

EBay uses this in the same way.

I'm on the fence about eBay using cookies in emails, because I don't remember having problems in that way. I'm only going off what the masses are saying about them.

Just some more information on the subject,

-Aspkin

[ebayaintstupid]

emails. I guarantee they are there. Just go look fer crying out loud.

And how would you know anyway? Every image has the capability of being a beacon.

And no beacon has a good purpose from the recipient's point of view. They are used typically to covertly spy on someone.

Every time you have someone here that seems to do everything you say and they get their butts nailed by EBAY, think about how it could have happened.

I am amazed you guys don't buy this theory. I don't just think it I know it. Just go read a bit on a Google Search and find out how marketers are planning ways to get around the mailers that block beacons.

It is sad you are so closed minded guys. But think about it the next time you get nailed and can't explain why.

[aspkin]

I'm definitely not closed minded, trust me on this. I wouldn't have figured out most of eBay's systems if I was. I say most because I believe I don't know 100% of eBay. I have recently stopped being active when it comes with eBay. Since my items can not be sold on eBay anymore. I wrote about it in an earlier post. I simply can't list my items anymore, and they're not illegal, they're virtual currencies for online games. Like World of Warcraft gold, Everquest II gold and more. EBay in the past would let us sale, but as a few weeks ago, no one can. That's actually not a bad thing, since my business has many websites dedicated to selling game currency, and since there is less competition from eBay, we're doing well. But that's something else. Just letting you know, I do not sale anymore on eBay and thus have fallen behind on what's new with eBay.

Though I believe I know enough to help people out, and that's why I opened this forum. And with the things I don't know, there are people like you to have their input. I respect your observation but I humbly disagree.

And yes it's true; it's very hard to keep your account if you're clumsily about what you do. But I don't believe eBay has cookies in their emails. I'm sure they have beacons, but cookies I'm 99% sure they don't have. And I'm sure there is a security issue here about allowing cookies to be downloaded from an email if it were true.

I said this before, but let me say it again. Once you're suspended by eBay, don't mess with any emails associated with those accounts. If you need to, you can simply reply to an email and it will reach the customer, not eBay. Dump your email address, and open a new one to use with eBay. This is one of the reasons to open new yahoo or gmail account. Gmail is best because of it's being able to forward to other emails. I used this feature consistently. I would forward my emails to a central email address, which then we would open any emails, read them and reply if necessary. Note, all eBay emails would be forward to one central email address, our customer service email. We used the same central email address for each eBay account we had, and replied using the same person (computer). If there were cookies in the emails, eBay would be able to connect the dots and suspend our accounts, but that never happened.

But I believe you there are web beacons in emails, heck I use them my self. If you believe they're for spying okay, that's fine, but to me they're only used to keep track of who opens emails, and if someone clicks on any links, but that's it.

As a test to give your theory more proof, could you delete your browser cookies, and open an eBay email? Without going to eBay.com, do you have any eBay cookies?

-Aspkin

[JackNoMore]

Here's something I haven't quite wrapped my head around even though I've seen it mentioned a few times now here. What do you mean by 'don't open the emails' but "If you need to, you can simply reply to an email and it will reach the customer, not eBay."? This seems to contradict. Do you mean that it's ok to open the emails in your own email account, just don't respond to them through the ebay "respond" link on that email? That would make sense to me. I don't understand how it would be a problem to open an email just to view it, just as long as you don't actually "do" anything with it through the ebay system. Your email should be your own private business. It's pretty unnerving that ebay could actually trace you back simply from the fact that you happened to open an email on your own email account. I've never had that problem with any other company spamming me if I don't click on their link. So why would ebay be able to trace you if that's all you're doing? But the moment you click that link, watch out!

[aspkin]

I mean nothing; you can still open your emails from eBay, but once you're suspended, don't mess with those emails. It's pointless and if you click on any links, there could be a connection made to your suspended account.

If you're not suspended, you can freely open and reply to the emails without worry.

[ebayaintstupid]

beyond any shadow of a doubt.

I thought about the doubting Thomases on this board that didn't thing beacons existed in the emails from EBAY even though I already showed them they did.

Well, if you are still a doubter, here is a real real simple test. If a beacon exists, a cookie is created. You hit the server, the beacon flags the softawre on the server and a cookie is placed on your system.

So, if a beacon exists in a mail message, you should see a cookie get created when you read your email. If the cookie were already there, it would be read, you would be linked and possibly suspended as a result of that link.

OK, here is your simple test, and if you don't believe it after this test, you aren't just a doubter, you need help.

1. Open FireFox or Cookie Monster and examine the cookies on your system.

2. Delete them all. Every one. No EBAY cookies exist.

3. Open FireFox's View Cookies Window or Cookie Monster's View Cookies dialog.

4. Open your EBAY email and allow the mailer to display the images within.

5. Check for a new EBAY cookie.

If there is an EBAY cookie placed on your system when you read your mail, you found a beacon. It is the only explanation, there is no other. So come up with one if you still don't believe.

What I found is that the emails from buyers and sellers do NOT have beacons in them. No cookie gets created. But as I suspected, all the happy little nothing emails from EBAY, like "You sold an item", "Congratulations", "Welcome", every single one create cookies on the system. I already knew this, you can visibly see the beacons when the images are blocked.

Beacons. Plain as day for you to see. Now tell me EBAY is stupid and doesn't use these in their emails like every other marketer on the planet.

The cookie created by these sneaky little buggers is just waiting for the next time you slip up.

[aspkin]

Good find, anyone else verify this?

[ebayaintstupid]

Firefox cookies are not seen by Internet Explorer tools and visa versa.

The way i proved this is using purely Firefox. I deleted all cookies in Firefox. I opened my email within Firefox. I saw the new cookies for the email site created.

Then, I opened ebay messages one at a time and was able to pick off exactly which ones created cookies. All within Firefox. Of course, Cookie Monster would be oblivious to the Firefox cookies and would not show anything.

To do the same in Explorer with Cookie Monster. Use Cookie Monster to delete all the cookies. Open up yoru emails in the Explorer browser (used incidentally by Outlook and Outlook Express). Cookie Monster will show which messages generate cookies. However, I have noticed Cookie Monster not being totally accurate all the time. Liek i will show no cookies and you say delete cookies and it says it deleted 3.

So, you may have to stop and restart cookie monster to actually see anything. Should have a refresh button.

But Firefox is your best detective because it gives the most integrated control over cookies.

[sss99]

Question: Lets say I log into my email to check up on any emails I may have received from my email address registered with a suspended eBay account.

1. If I click on one of those "Message from eBay Member" emails (just click on it to read it. Nothing else), can that get me linked?

2. If I click on one of those emails and reply to it (reply directly, NOT replying through eBay), can that get me linked?

Just wondering if eBay can grab your IP address by opening up one of the emails that's sent through the eBay system

Thanks

[jayt]

I think it's OK to open the mail, but NOT OK to click any link inside.

[The_Nightfly]

I am in the process of opening up a new account after having had 3 previous accounts suspended because they were linked to my originally suspended account. This was before I found your site with all of the information on exactly what eBay tracks, I had no idea they were tracking my IP and all of that.

Now, I've been extra careful not to open the emails eBay has sent to me that were linked to suspended eBay accounts. They send things like 'eBay Research: Please answer these questions', etc. which are obvious attempts at grabbing my new IP address. I have deleted these without problem, but today, I got a message from an eBay member about an item I sold them that I know is legitimate. I couldn't resist reading the mail, in case there was an issue with the order that I needed to resolve. Before opening the mail, I turned off automatic image loading so that hopefully my IP wouldn't be tracked. My question is, should I be OK if I just read the email without loading its images (no reply)? Also, does eBay include these tracking images in messages from members, or only the bogus research and questionnaire messages they send? Can they get my new IP by opening an e-mail with another method besides an image? Thank you