jetman

Level 7
Verified
I normally search for items on ebay using my PC. I browse behind a VPN, signed out of ebay, and set my browser to delete cookies and site data upon exit. Recently, I have been searching for three particular items- a specific brand of camping backpack, a 1980s retro computer and a Nokia 3310 phone.

Today I looked at ebay on my iPad. Again, there is a VPN on the device, I was signed out of ebay, and I use Firefox Focus which clears everything upon exit.

I typed in the name of my backpack brand and alongside the listings were two "related search" suggestions- the 1980s retro computer and a Nokia 3310 phone.

How does ebay know this about me ???!!!
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Check WebRTC for any possible leaks.

 
Last edited:

Dave Russo

Level 14
Verified
Check WebRTC for any possible leaks.

IP/DNS Detect site seems to be down,are you able to connect?
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
IP/DNS Detect site seems to be down,are you able to connect?
Yeah, no problem.
 

jetman

Level 7
Verified
Well I am not signed in to Firefox, ebay or anything when I am browsing.

Fingerprinting doesn't make sense because I am using 2 different devices (a PC and an iPad). I only searched for these items using the PC previously. I only used the iPad for ebay once. Plus an iPad would presumably generate the same fingerprint as milions of others ?

All I can think of is that ebay's systems are not tracking me. Instead, the systems have learnt to associated one of the items I have searched for with some of the other things I search for. Given the millions of people using ebay each day, I find that unlikely- but its my best guess.
 
F

ForgottenSeer 823865

All I can think of is that ebay's systems are not tracking me. Instead, the systems have learnt to associated one of the items I have searched for with some of the other things I search for. Given the millions of people using ebay each day, I find that unlikely- but its my best guess.
That is called fingerprinting. (not in term of privacy intrusion, but ads targeting) ;)
 

security123

Level 26
Verified
It exist a lot of tracking ways to target a user over different devices.

I guess they use webRTC to get your real IP behind your VPN and then connect all your data to that, so your profile grows with many other data which identify you.

Browsers need to learn how to block that tracking stuff, as it doesn't make sense to block it on user side which mostly only create a unique ID.
You can try the Tor browser which is far from perfect but should help
 

TairikuOkami

Level 28
Verified
Content Creator
I use Firefox Focus which clears everything upon exit.
I doubt it does, especially since a browser can not remove files being opened, unless it uses a separate process for cleaning afterwards.
To partially exclude the browser from tracking, use a portable version. Unpack it, browse, remove it. But it will not prevent session tracking.

All I can think of is that ebay's systems are not tracking me. Instead, the systems have learnt to associated one of the items I have searched for with some of the other things I search for. Given the millions of people using ebay each day, I find that unlikely- but its my best guess.
You were looking for specific items, maybe a dozen of people searched for them in the past week. So it is very easy to connect it to you.

It exist a lot of tracking ways to target a user over different devices.
Exactly, it is a lost battle. People keep forgetting about offline tracking, tracking users's purchases and interests, like their subscriptions, etc.
Eg I ordered 2 dumbphones recently and Facebook just showed me AD for the exactly same model, not mention other stuff, like wolf t-shirts.
 

Stopspying

Level 10
I search Ebay while I'm not signed in to it too, with a VPN, using Firefox with a range of the better anti-tracking extensions installed and I'm not signed into a FF a/c or any other accounts. I use different PCs and a laptop at home to do this and don't get linked by ebay or any of its tracking methods to previous searches I have made. The devices have their DNS set through DNSJumper, to different addresses, its the only thing I can think of immeadiately that may be different to what the OP is doing.

I've been looking at various items recently, including a Nokia phone, but each item search has been done seperately. I hope Ebay isn't reading our posts here!
 

Lenny_Fox

Level 14
Verified
Well I am not signed in to Firefox, ebay or anything when I am browsing.

Fingerprinting doesn't make sense because I am using 2 different devices (a PC and an iPad). I only searched for these items using the PC previously. I only used the iPad for ebay once. Plus an iPad would presumably generate the same fingerprint as milions of others ?

All I can think of is that ebay's systems are not tracking me. Instead, the systems have learnt to associated one of the items I have searched for with some of the other things I search for. Given the millions of people using ebay each day, I find that unlikely- but its my best guess.
Yes, these are 'standard' services/plug-ins most webshops have. "People searching for AAA, also searched for BBB and CCC". Same functionality is offered at cart checkout (people buying AAA also bought BBB and CCC) or you even might get a discount' package deal ('combine AAA with BBB and CCC and save 10%).

Easy to check, just post what specific backpack you were searching on eBay and I can by doing a similar search explicitly mentioning that brand.
 

Sampei Nihira

Level 6
Verified
I normally search for items on ebay using my PC. I browse behind a VPN, signed out of ebay, and set my browser to delete cookies and site data upon exit. Recently, I have been searching for three particular items- a specific brand of camping backpack, a 1980s retro computer and a Nokia 3310 phone.

Today I looked at ebay on my iPad. Again, there is a VPN on the device, I was signed out of ebay, and I use Firefox Focus which clears everything upon exit.

I typed in the name of my backpack brand and alongside the listings were two "related search" suggestions- the 1980s retro computer and a Nokia 3310 phone.

How does ebay know this about me ???!!!

These are the eBay.com Fingerprinting tracking methods:

Immagine.jpg

There are actually many more, but the UBO extension with my filter lists helps to reduce this list.

In general, in this forum we hardly consider privacy as a better security protection.
Instead, gentlemen, it is so.
If you visit a web page containing malware with your browser, the first form of attack will be a violation of your privacy.
Finding every possible info on your system helps to develop the best attack strategy
Usually a well-structured browser on the privacy side helps to stop possible security attacks in the bud.
 
  • Like
Reactions: oldschool
F

ForgottenSeer 823865

These are the eBay.com Fingerprinting tracking methods:

View attachment 233966

There are actually many more, but the UBO extension with my filter lists helps to reduce this list.
In some sites, blocking just one fingerprint technique just break the whole site pages, so useless to even try in the first place.
Scripblockers are meant to block scripts in low-reputation/suspicious sites.

n general, in this forum we hardly consider privacy as a better security protection.
Instead, gentlemen, it is so.
If you visit a web page containing malware with your browser, the first form of attack will be a violation of your privacy.
Finding every possible info on your system helps to develop the best attack strategy
Usually a well-structured browser on the privacy side helps to stop possible security attacks in the bud.
i beg to differ on this particular point, if you visit a malicious page, the first attack is just a malicious script injecting code in your browser/memory or upload a malicious file in your system.
Modern Threat Actors don't waste time and resources studying each visitor system unless the in rare case they target a particular individual or small group. Today, they work by batch to maximize revenues and minimize time and resource cost.
Hackers won't try anymore to break through your router and firewall doing the good'ol historical ping and portscan with Netcat and Nmap or whatever technique it was in the 80-90's.
Data Entry/Spear Phishing, Social Engineering, malicious link redirection, weaponized emails; those are modern hacker attack vectors and way faster and easier.

Fingerprinting isnt a method widely used by threat actors but mostly by marketers.
 
Last edited by a moderator:
Top