Thursday, September 25, 2008

eBay Anonymous

Once again eBay has turned Australian users into guinea pigs with their September 23rd announcement implementing the 'anonymisation' of emails between potential buyers and sellers.

Sue at Tamebay pointed out some potential security risks.

Currently, eBay are not verifying that the email used to reply is the “correct” one - i.e. that it matches up with the eBay account to which the message was sent. This is, they say, a “short grace period”, presumably to allow members to ensure their registered email addresses match the ones their email client uses.

So today I’ve been able to reply to trial messages with emails registered with other eBay accounts, and emails that aren’t linked with any eBay account at all, and in all cases, messages sent from the ‘wrong’ email address still arrive with eBay subject lines suggesting they’ve come from the correct eBay member.

Like Sue I did a little testing with an Australian seller friend, Kevin. My first email arrived in Australia very rapidly. It gave the Kevin my eBay ID, the address for him to reply was a series of letters and numbers My response from him had a similar address. Copies of my query and the reply were sent to my registered eBay address. Neither email appeared in My Messages on My eBay.

I asked a second question using my AOL mail and interestingly the links in my signature went through intact. My friend Kevin responded saying I could contact direct but that email address was stripped out, as expected.

A second question on a different user ID showed that the address 'anonymization' is per query. In other words we both got a different address. Kevin was able to respond directing me to a different eBay listing.

The usual 'coding' used on the boards works in the 'anonymized' messages.

So far it works, sort of. The seller is supposed to have access to the buyer's address when a purchase is made, but Kevin says

the buyer who emailed me on Friday sent it from the auction that she won on the prior Monday, but it came through anonymised (but okay).

What is going to happen when eBay suffers the inevitable glitch?

I really can't figure out why it is needed.
Almost everyone who buys on eBay will have a throwaway freebie address, used only on eBay and one that can easily be changed when the spam burden gets too great.
In what way does this protect the potential buyer?
What are we protecting the buyer from? The evil seller?

Just think. When the evil seller mails the package he will know the buyers address! eBay needs to come up with a fix for that ASAP!

Y'all come back

Related Stories and Links:

The eBay Roadmap to Anonymity

1 comment:

Kevin_T said...

Quote: "Kevin was able to respond directing me to a different eBay listing."

Just for clarification that was sent as a URL link, which I assume arrived intact.

Some other points of note:
The email received from a potential bidder no longer has a yellow button to enable answering on the Ebay site. While this is convenient, as you can now reply directly to those who used to "hide" their email address, and make you log into Ebay to reply to an enquiry - this also means that that type of buyer who will check my Ebay to make sure that the reply is legitimate will NO LONGER see the reply in My Ebay, and may not trust that any replies are legitimate.

The intitial enquiry does go into My Messages in My Ebay, so it is still possible to log into Ebay to open and answer the enquiry if you feel that the buyer may be more comfortable seeing the reply there.

When asking a question of a seller this quote is near the bottom of the form: "eBay may block or delay messages that may be fraudulent or violate our policies." I assume that there is no way of knowing if your question or answer is rejected, and that instead a seller will tend to be deemed non responsive and unsuitable to deal with when they do not receive or answer a buyer's enquiry.

Not surprisingly, glitches were being reported from the first day by people who were unaware of the changes to the system (e.g. Oddly enough, some people use Ebay as a trading site to do commerce, make a living, or just sell some surplus stuff, rather than it's intended use as a place to test out bad computer code. No wonder Ebay's market domination is falling.