Stupid ebay/amazon question

Christopher Schmidt crschmidt at crschmidt.net
Thu Jun 29 10:48:00 EDT 2006


On Thu, Jun 29, 2006 at 10:31:20AM -0400, John Abreau wrote:
> Steven W. Orr wrote:
> 
> > 
> > Ok. I take it back. I thought this was a good explanation but I realize 
> > it's not. Let's try again:
> > 
> > I go to ebay and I log in. Now ebay knows who I am. Then I browse around 
> > and look at a bunch of different items. In no case am I providing anyone 
> > with my email address. Then, after a finish with ebay, for a few weeks, 
> > the number of ebay spam messages goes up. Yes, I did not discriminate with 
> > the cookies; I let them all be set. Is that enough for them to know how to 
> > get my address?
> > 
> 
> A lot of auction pages include images. If a page can use images hosted
> on a seller's server, and the img tag can be coded to include
> information such as your ebay login name, 

This would be the bad part, in my opinion -- when I'm logged into ebay,
it should not be possible for other people to insert code which would
have access to my ebay login name/user name/email address. If that is
the case, eBay is either deliberately or through incompetence allowing
advertisers to get access to your personal information in a way that is
completely inappropriate.

I don't know how likely that is, but there is no technical reason why
this should ever be a requirement, which means that if this is
happening, it would be either malicious or ignorant.

I did take a quick look through the ebay HTML, and didn't see anything
that would indicate that this is the case. No references to the username
in ways that an external advertiser would be able to easily exploit.

But that doesn't mean there aren't any. Just that I couldn't find 'em.
;)

-- 
Christopher Schmidt
Web Developer



More information about the gnhlug-discuss mailing list