Recognizing your computer via cookies? IP? Flash Objects? - New proposed EBAY policy

imjustme · #**111** 04-28-2008

What we need to do is not block the flash cookies, but work with them so that we don't need to verify via phone every time we list something.

imjustme · #**112** 04-28-2008

Yeah, but at least they support retards by employing them.

M-NYC · #**113** 04-28-2008

Quote:

Originally Posted by imjustme

Yeah, but at least they support retards by employing them.

Very funny! Ebay is really getting to be ridiculous.

Thanks for the information everyone. I've been selling on ebay for years and used to have lots of problems with paypal until one of my accounts somehow did not get "limited," unlike every other paypal account I've ever had. This account has worked fine for about a year and a half.

Now I'm starting to have a hard time building up an ebay account and being able to sell with it. Lately I always get suspended after listing one or two items, but hopefully now I can take certain measures to avoid this in the future.

Thanks again!

adventmma · #**114** 04-28-2008

I would like to mention how Microsoft, for example, tells the difference if you're using a different PC to install their software products on. Bear with me, for I'm trying to explain why I believe eBay won't easily be able to do the same. Say you install Windows on PC1. After it's been installed, you're asked to validate your copy of the software. Let's say, the validation is complete and you're set to use Windows. What happens if your Windows crashes? No problem, you can reinstall it and validate again. The validation routine won't complain. However, if you were to install this copy on a different PC, the validation won't go through. This validation routine actually looks at the hardware component makeup of the original computer you validate your copy on. It communicates that makeup to Microsoft's server and stores it. That's why if you signicantly upgrade your PC, thereby changing the hardware component makeup, even though it's still the "same" computer as far as you're concerned, the validation may fail.

Tracking by way of IP and cookies doesn't require any routines running on your PC to actually scan the underlying hardware and determine its makeup. Applets or other various browser objects can potentially do that, software applications can do that too. Javascript cannot. A scripting language just doesn't have the provision for that. But anything that can actively sit in memory and perform its task until you terminate this process has the potential to access the underlying hardware layer. While you have your browser running with a browser object or applet running as pretty much a browser plugin, it is in memory until you terminate the browser itself. So there is potential (if the capability has been embedded into the object) for being screwed. That's how malware works and that's how some viruses gain access to the windows registry... For ebay to get you like this, it could be done through any software you may allow to be installed. Paypal tool bar, Ebay tool bar, PP plugin or an actual ActiveX component that you've allowed to run on your computer. TurboLister is another example. Anything that's installable (from a technical point of view), with or without your knowledge. So avoid all of the above.

Other than that, it's basically those little email images, IP and cookies.

NowWhat · #**115** 04-28-2008

adventmma, thanks for the explanation. Although I am non-technical, I now understand more than I did.

Fiev · #**116** 04-28-2008

-- del -- don't need anymore

guitarca18 · #**117** 04-28-2008

Quote:

Originally Posted by imjustme

I think you may have had something else there. I checked the Macromedia (flash developers) website and they state that flash cookies can only be placed in the flash directory. In Vista, that would be C:\Users\USERNAME\AppData\Roaming\Macromedia\Flash Player

What happens if we marked that specific directory for ebay Read-Only so the flash object couldn't be written in?

I'm suspended and can't try this but does anyone else want to try?

imjustme · #**118** 04-29-2008

They're definitely planting them now. I just got my first one this evening. They're called "ebayLSO.sol" and are planted by "secureinclude.ebaystatic.com". The cookie is 156 bytes and has only 1 variable:

Name: token
Type: string
Value: ADSJDUU8nck205k3nfhdkfpsje20db2v10ch2fnd

That's all the content.

ebayaintstupid · #**119** 04-29-2008

and only you. Pretty cool huh.

imjustme · #**120** 04-29-2008

My guess is that they also that way identify the users who run multiple accounts. If you have a .SOL file with account1's string and log into account2 with it, they link you.

Bad luck for eBay, though. I just finished creating 20 Windows user accounts, each with their own little directory for flash cookies. Start putting them, eBay. I don't care. :D

adventmma · #**121** 04-29-2008

Quote:

Originally Posted by imjustme

My guess is that they also that way identify the users who run multiple accounts. If you have a .SOL file with account1's string and log into account2 with it, they link you.

Bad luck for eBay, though. I just finished creating 20 Windows user accounts, each with their own little directory for flash cookies. Start putting them, eBay. I don't care. :D

Very nice! Windows also provides a "fast user switch" capability (has to be enabled to work) to easily switch between user accounts. Keeping the IP factor under control, of course, it creates a nice fluid setup that keeps you protected.

ambercolour · #**122** 04-29-2008

If you go here %appdata%\macromedia\flash player\#sharedobjects, I believe this is where the FLASH cookie is held at.

Jonas · #**123** 04-29-2008

Will ebay ever possibly just give you new ones if you log in and out enough so they won't call you?

kevinxu · #**124** 04-29-2008

Quote:

Originally Posted by imjustme

They're definitely planting them now. I just got my first one this evening. They're called "ebayLSO.sol" and are planted by "secureinclude.ebaystatic.com". The cookie is 156 bytes and has only 1 variable:

Name: token
Type: string
Value: ADSJDUU8nck205k3nfhdkfpsje20db2v10ch2fnd

That's all the content.

which folder does ebay plant them?

ambercolour · #**125** 04-30-2008

Not sure if you folks want to delete the cookie or save the cookie so eBay can monitor you or not. However if you use IEPrivacyKeeper it deletes the flash cookie for you

memphis · #**126** 05-02-2008

Does anyone use paypal shipping with the java apps? Can they identify computers threw that?

becca073 · #**127** 05-02-2008

I'm sorry but all this technical stuff has me totally lost and I wouldn't even know where to look to find these tokens you are taking about. I guess if it comes done to that us who aren't computer savy are eBay out of luck for running multiple accounts.

blackdahlia · #**128** 05-02-2008

Just a quick question. I know ebay tracks sellers using all those thing mentioned before but what about if you are just a buyer and have absolutely no desire to sell at all?

Would you have to change your ip and everything else mentioned in the ebooks? I figured maybe they wouldn't track buyers as much as sellers? The worst thing buyers really do is not pay for items which isn't good but sellers aren't out anything as they can even have their fees for the unpaid auction refunded but sellers can collect payment for auctions and not send the items which is much worse.

The only exception would be the stupid nigerian scammers who try to scam sellers by sending ⊗⊗⊗⊗ money orders or by sending the seller a ⊗⊗⊗⊗ paypal letter saying the seller has to give paypal a tracking number before payment can be released and therefore trick the seller into shipping when the payment is bogus but sellers have to be really stupid to fall for that.

As of right now I can still open up buyers accounts without using a credit card because I use the email through my ISP. I have a few accounts. One was suspended today for being linked to a suspended account but that could be one of 2 things. My sister logged into my account last week and then a few days later she was suspended for something pretty friggin minor to everyone but ebay. The other thing which I just thought of a couple of minutes ago might also be what did me in. On an older buying account I had a seller I bought from regularly. I was extremely friendly with this woman. she lived about half hour drive from me. I even on one occasion went to her house to pick up an item. We were friends or so I thought. Well that account got suspended because I had purchased a couple of items from different sellers and then had gotten into a car accident and all my money for the auctions had to pay for the car repairs. I tried contacting the sellers and to them know and was hoping there was a way to work it out. Anyways the sellers could care less and filed NPB reports and I got suspended. I opened up another account about a month and half ago. bought a few things paid for everything. I happen to see the seller, whom I bought from on the other account and whom I was very friendly with, she was selling something I was very interested in but she had a requirement that you had to have at least 10 feedback to bid on her items and I didn't yet have 10 feedback. I sent her a message and explained who I was and that I had just opened a new account and would it be Ok for me to bid on her item since I had bought from her many times in the past and I always paid her and always left her glowing feedback. Well that was probably either last week or beginning of this week. Well I never heard back from her and her auction that I wanted to bid on ended. I wondered why she didn't get back to me but I didn't think too much about it. Then this morning I am trying to log in and it says something about suspended users not being to login. I go to outlook express to read my mail and there was the suspension letter so when I first read the suspension this incident didn't even cross my mind but now that I sit here thinking about it It is very possible this bitch reported me to ebay. I never would have thought in a million years that she would do something like that as we were very friendly. I have learned my lesson though I will not buy from any seller that I have bought from in the past with a now suspended account. What a friggin ebay brown noser. Anyways I am just so friggin pissed thanks for letting me vent.

imjustme · #**129** 05-03-2008

I've been checking all my seller accounts for a few days now. Didn't get any flash cookie selling on any of the others, just on this one.

GreenBean · #**130** 05-03-2008

IJM, was that any different from your other accounts?

imjustme · #**131** 05-03-2008

I think I just figured out the flash cookies and when/why they are placed by eBay.

The account I got it on, I logged in with a different dial-up account (different provider, different IP range) than I usually use for this account. And *POOF* that's when the flash cookie magically appeared. On all the other accounts, where I always logged in, and still login, with the same IP range (same provider) I have since the account was created, I never received a flash cookies.

I'm thinking eBay first checks for the IP range. If that is different, it checks your flash cookies and places one on your computer to identify you for the future, in case you use a different IP range again.

ebayhateluv · #**132** 05-03-2008

Imjustme, where exactly do you see these flash cookies? On your screen as a pop up?