Annoying new ebay scripting practice

[Ace-Garageguy]

For anyone who cares about and dislikes intrusive and potentially harmful data mining and cross-site-scripting practices, I noticed recently that whenever you look at a specific item on ebay, there's a scripting attempt made originating at doubleclick.net, among others, and coming through the ebay website.

Doubleclick is a google company involved in tracking computer usage and collecting and reselling marketing data. The company plants cookies and software in your computer to facilitate this, WITHOUT YOUR PERMISSION. It has been criticized on occasion for acquiring private and sensitive financial and personal information from online users, and for facilitating other malware and spyware insertions.

If your browser has a script-blocking feature, I'd suggest making sure it's operating.

Edited July 14, 2013 by Ace-Garageguy

[Eshaver]

Thanks for sharing this information. The real issue is the people that are so BEHOLDEN to this evil place . I go several times a day to a service station site I belong to . too many people there DEPEND upon this place to supplement their existence anymore . As for me actually buying something off of Evilbay, uh watch da ground . When de lil Red guy pops up outta de ground an sez "Hi ya kids , I may then . Until such time ............................

[Danno]

They're everywhere . . .

[slusher]

Thanks Bill l was wondering how that was happing. l get bombed with email from ebay now...

[Ace-Garageguy]

  On 7/14/2013 at 10:42 PM, slusher said:

Thanks Bill l was wondering how that was happing. l get bombed with email from ebay now...

Yes, me too. I've noticed it takes longer lately to get the site to come up all the way at login as well, and I suspect it's because of much additional tracking software being loaded. I used to rather like ebay, 'cause I could just log on and look for what I wanted in relative peace. Now, it's apparently been overrun with e-marketing dweeb types desperate to boost tomorrow's bottom line. They seem to think that tracking every keystroke and inundating users with "other people are looking at this" and "here are things similar to what you just bought" email messages is somehow going to get folks to buy more. Not me.

Surprise, ebay. The more your idiots try to pester me into buying more by loading up my inbox with junk mail, the more likely I'm going to be to stop using your damm site entirely. I'm so sick of hysterical corporate greed I could puke.

Same goes for the new improved google, now marketing-revenue-driven entirely, in direct betrayal of their original mission statement. Bing, anyone?

Edited July 15, 2013 by Ace-Garageguy

[Ace-Garageguy]

For what it's worth, ebay apparently has already responded to a slew of people complaining about why their computers were being hit with cross-site scripting attacks coming through ebay's site, and the problem seems to have been cleared up. Not that anyone seems to much care here anyway.

[TooOld]

  On 7/15/2013 at 4:36 PM, Ace-Garageguy said:

For what it's worth, ebay apparently has already responded to a slew of people complaining about why their computers were being hit with cross-site scripting attacks coming through ebay's site, and the problem seems to have been cleared up. Not that anyone seems to much care here anyway.

I noticed it several weeks ago and complained to ebay and double checked my script blocking .

It seemed to clear up yesterday for a while but then started again last night , I haven't checked today .

[PappyD340]

Thanks for the info Bill.

[MAGNUM4342]

I had those issues as well and made my complaint. It hasn't happened for me for several days.

[martinfan5]

  On 7/15/2013 at 4:36 PM, Ace-Garageguy said:

For what it's worth, ebay apparently has already responded to a slew of people complaining about why their computers were being hit with cross-site scripting attacks coming through ebay's site, and the problem seems to have been cleared up. Not that anyone seems to much care here anyway.

Bill, a few things to remeber

1. A lot of people here dont like Ebay and think its evil, so they avoid it

2. A lot of people here may not be as computer savoy as yourself, and may not have any idea what you are talking about, I do for the most part, but unsure is to what is we would be seeing on screen .

[chevyfever2009]

Yea but for some of us ebay is really the only option for getting models as my lhs doesnt carry hardly anuthing but stupid train stuff and the local wally world only carries the same thing all the time so either i drive two hours away to a decent hobby store or order from ebay or local people who are selling of their collection from time to time

[Ace-Garageguy]

  On 7/17/2013 at 1:09 AM, martinfan5 said:

Bill, a few things to remeber

1. A lot of people here dont like Ebay and think its evil, so they avoid it

2. A lot of people here may not be as computer savoy as yourself, and may not have any idea what you are talking about, I do for the most part, but unsure is to what is we would be seeing on screen .

Both excellent points.

1) I still look to Ebay for decent prices on non-current kits and gluebombs, because similar to what Brad said above, my LHS doesn't have much in car kits other than current releases.

2) If you have script-blocking, you'll get a message at the top of the browser window, below the toolbar, similar to the "redirect warning" message strip. It will let you know that something is trying to get in your computer, like an "XSS attack", and with a couple of clicks, you can see where the possibly malicious activity is coming from.

The problem seems to have been cleared up on Ebay, for now. It would be my guess that something like this was responsible for the recent shutdown of this forum.

-----------------------------------------------------------------------------------------------------------------------------------------------------------

A lot of computer freezes and annoying delays are caused because some computers, especially older ones, aren't capable of dealing simultaneously with all of the trash various websites are trying to run on them (marketing videos running in sidebars, for example). They also load your hard drive up with garbage that degrades computer performance over time. I don't like the idea of having to buy a new, faster computer to accommodate a bunch of marketing BS.

There is add-on software that can identify a lot of this garbage 'content' and selectively block it. Most browsers offer something pretty good for free. One is called NoScript. Since ads tend to be rich graphics served via javascript, NoScript usage, which blocks the javascript, can reduce bandwidth consumption by approximately 42% and reduce computer resource conflicts that can lead to freezing and other annoying behavior. In the process of doing its job, this software also warns when some website is trying to insert code into a machine. This can be anything from relatively harmless "cookies" to a hidden program trying to gain access to passwords and other sensitive information.

This is from the Acunetix Web Application Security site:

Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages, with HTML and JavaScript (others being VBScript, ActiveX, HTML, or Flash) as the prime culprits for this exploit. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed.

In a typical XSS attack the hacker infects a legitimate web page with his malicious client-side script. When a user visits this web page the script is downloaded to his browser and executed. There are many slight variations to this theme, however all XSS attacks follow this pattern.

------------------------------------------------------------------------------------------------------------------------------------------------

There's an in-depth article here for anyone who wants to know more: http://www.acunetix.com/websitesecurity/xss/

Edited July 17, 2013 by Ace-Garageguy

[Draggon]

This must be why, when I try to view one of multiple pics in a listing I get the little timer thingy in the window going around and around and no pic showing.....soemtimes for 5 or more minutes.

[Edsel-Dan]

Sadly, if you Have to have Pay-The-Bay now, I can't ever list there.

I lost 2 built kits I paid for and never received. (62 Thunderbird Hardtop & 72 Road Runner)

I dumped that EvilPay back system Very fast after.

It closed the case on me about the time the seller closed their account

on the evil Auction site.

Had I sent a Postal Money Order, I would have not only either gotten my money back, or the

models, But the seller would have had the chance to be Criminally charged!

Learned my lesson on that deal!!

[Tom Geiger]

  On 11/12/2013 at 2:57 AM, Edsel-Dan said:

Sadly, if you Have to have Pay-The-Bay now, I can't ever list there.

I lost 2 built kits I paid for and never received. (62 Thunderbird Hardtop & 72 Road Runner)

I dumped that EvilPay back system Very fast after.

It closed the case on me about the time the seller closed their account

on the evil Auction site.

Had I sent a Postal Money Order, I would have not only either gotten my money back, or the

models, But the seller would have had the chance to be Criminally charged!

Learned my lesson on that deal!!

I don't get it. eBay and Paypal go way overboard to guarantee deals for buyers. How did you not get reimbursed by them??

[Mike Kucaba]

I don't either. I'd like to hear eBay's side. There is always two sides to anything. I don't get all the clever nomenclature for ebay & paypal. Why not just call it the anti-Christ!! It just seems so immature.

[chevyfever2009]

  On 11/12/2013 at 2:57 AM, Edsel-Dan said:

Sadly, if you Have to have Pay-The-Bay now, I can't ever list there.

I lost 2 built kits I paid for and never received. (62 Thunderbird Hardtop & 72 Road Runner)

I dumped that EvilPay back system Very fast after.

It closed the case on me about the time the seller closed their account

on the evil Auction site.

Had I sent a Postal Money Order, I would have not only either gotten my money back, or the

models, But the seller would have had the chance to be Criminally charged!

Learned my lesson on that deal!!

I have been buying and selling on ebay since 08-09 and never had this happen to me. Yes of course from time to time you will have a problem with a seller\buyer but that's what the resolution center is for . After you open a case if the seller/buyer doesn't reply in a few days esclate the case otherwise it will be closed. Then ebay will try and contact them and if they don't reply back to you or them they will reimburse you and ban the other party from buying or selling on there

[Skydime]

One of the companies I work with uses a lot of things related to Google. I express my disgust with this at every opportunity. I always log out of everything when logging into evilbay. I even use my nonpreferred browser of IE there.

Edited November 14, 2013 by Skydime

[Danno]

[niteowl7710]

Get a real anti-virus program and the problem is moot. I use Avast (FREE I might add), and I get a little button on the top RH corner below the "X" to close the window that tells me who's try to track me, and that it's being blocked. It blocks everything, including Google AdSense...*cough*

Computer security is a serious issue, but it's not scary rocket science either.