Home   |  TAGnotes   |   TAGblog   |   TAGchat   |   Services   |   Contact Us   |   Site Map
 
 
Back
ebaY's Snitch Program Security Breach
 

Or the law of Karma, and how ebaY tried to break the spirit of the Discuss New Features Board, and got caught in their own mess.
Editorial 26 Apr 2003

For those of you who don't know, the ebaY Discuss new Features board is and always has been the "REBEL" board on the ebaY site. It is where the critics and dissenters gather. Where the disgruntled come to yell and scream and vent their frustrations with the ebaY Monopoly. It is also one of the places where help is always available 24/7 if the problem is a house fire, a sick child, a recipe for an upcoming brunch, a malfunctioning computer, or an inability to list using Turbo Lister. No matter what the issue, usually there will be someone along within a few minutes who can help solve just about anything.

ebaY recently moved this scrolling chat board from ebaY's servers to a third party service provider, LiveWorld. LiveWorld has been running ebaY's threaded boards for about a year or so. This move was looked upon by DNFers as a bad thing for a few reasons, but primarily because LiveWorld utilizes the fascist based snitch policy for monitoring their boards. There is a button on every post where posters and lurkers can report the posts of others they don't like. The report goes to the ebaY/liveworld "moderators" who then decide what to do with the post - leave it, remove it, warn the poster or suspend them. Of course the snitchers have the expectation that their identity will remain secret so they can snitch with impunity.

The morning of the 23rd Jan - MGCAntiques (also marginal*antics - a joke ID from when one of the ebaY leadership called many of their users "marginal sellers") on ebaY received a "pink slap" warning to remove links from her About Me page on ebaY. Jan helps so many people on the ebaY DNF board, ebaY should be PAYING her and giving her service awards - NOT slapping her. She is a universal favorite and her pink slap annoyed the heck out of all the regulars on the board and set the tone for the day. Folks were angry at the snitch (unknown) and at ebaY/LiveWorld moderators, who were interpreting ebaY rules to suit their desires. In their email to Jan they said -
"You have some great information compiled on your About Me page and I was amazed at the amount of excellent information you are providing. The tone of your About Me page reflects a frustration with the processes and procedures of eBay's customer support and I hope you will take some time to help us improve by submitting suggestions at a link with which I am sure you are familiar: http://pages.ebay.com/help/basics/select-support.html" It takes gall to pink slap someone like Jan and then ask for her "suggestions" . Of course to really frost the cake, ebaY took the About Me page down anyway, even though Jan removed the information as directed by ebaY. You can view exactly what was on her About Me page HERE.

As the day wore on, more and more DNFers were getting pink slaps and sanctions, and the anger and frustration level increased. It appeared that a vendetta was on geared towards intimidating the DNF posters and squelch their criticism of ebaY. At 20:33:24 PT another DNF poster received a pink slap for a link she had on her About Me page to her website. She went to her website and found that she had a visit from an ebaY/LiveWorld board monitor. This ebaY/LiveWorld person left behind their URL as most visitors to websites do. The DNF poster then placed this link on the DNF board and it was discovered that the link led to all of the thousands of snitch records that ebaY/LiveWorld kept on all ebaY users. These records were posted on publicly accessible boards, open to anyone who had the URL address, which had been provided by ebaY/LiveWorld. Several people went and took a look, and many took pictures of what was posted. As the observers realized just what they were seeing, and how vulnerable such information was to email harvesters, a group of users then posted multiple messages in order to scroll the URL off the boards so it would no longer be visible. To see what was actually posted on the DNF board, Go HERE

To view a mock up of what the observers saw, Go HERE

What appeared on the page was the post reported by the snitch, the User ID (with a clickable link to a summary page) and email address of the person reported, their IP address, the time/date the post was made, how many initial complaints were made, how many subsequent complaints were made, the User ID of the snitch (with a clickable link to a summary page) the board it was on, the server it was on, an identifier code and an area for comments such as disposition. the top of the page had a toolbar that allowed the board monitor to Reject Complaint, Approve Complaint and Delete Post, Set Post to 'Pending' Status, or Email Report. Now a bot with an email harvester would probably have a field day with this site, provided by live world, containing thousands and thousands of email addresses and User IDs. For all anyone know this site has had been open to the public since LiveWorld took over the ebaY threaded boards. TAG wonders if this site was being harvested by email sucking bots, because it sure could have been! In addition all those snitches who thought they were safe to go snitching with impunity, had suddenly had their snitch tendencies exposed to the world at large. TAG got to view over 60 pages of this snitch record, and it was not a pretty thing to see. It exposed ebaY users at their worst, exactly what these fascist type programs count on, and unfortunately exposes. Yes there are many people with fascist tendencies, who get to express them thanks to sites such as ebaY. We have a list of the user IDs of 45 snitches - you all know who you are, and maybe soon everyone else will also.

Soon after the URL was scrolled off the site, things got back to normal, with only an occasional reference to the security slip, and the snitches. This lasted until about mid day on 24 Apr, when ebaY/LiveWorld went on a post pulling rampage, issuing threats, and suspensions to all the participants and witnesses of the previous nights activities of the breach in security ebaY had. By the time the day was over approximately 15 users were suspended from posting on the boards. TAG gathered up all the factual data available to us and contacted an award winning MSNBC reporter. On 25 Apr, TAG and the MSNBC reporter spent the day working on the article that was published by MSNBC. View the article HERE.

When contacted by MSNBC, ebaY's reaction was to threaten to remove the DNFers from ebaY completely, and no longer allow them to buy and sell on ebaY. ebaY also said they were reviewing state and federal statutes to see if they had any grounds for prosecution, though persecution seemed to be more the order of the day. TAG was not surprised to see ebaY making a mistake and trying to blame it on someone else. ebaY never takes responsibility for its mistakes and always attempts to shift the blame when things go wrong. TAG also wonders what rule in the User Agreement was broken by ebaY users going to view pages posted on a publicly available board? A board, in fact, that is not even owned by ebaY.

This entire incident raises several concerns. The first is the fact that all ebaY/LiveWorld's records were posted on publicly accessible boards, and appear to have been so for over a year. TAG wonders how many scam artist and email harvesters have exploited this security breach, and just kept quiet about it. It just amazes TAG that anyone could post such sensitive material on publicly accessible boards. This might be a partial answer as to how the scam emailers are able to get so many of the email addresses of people who use ebaY and ONLY have a user ID on ebaY. Another concern is about the subcontractor ebaY is using for their boards. What other information does this obviously inept company have access to? In addition, Users should be concerned that ebaY is using fascist tactics to try to control their users, and resorting to sanctions and threats when things go wrong. The snitches should now also be concerned that maybe they are one of the ones revealed, and that information might yet be made public.

For now, the DNF board is virtually deserted. For just about the first time in its history, there are more than 24hours of posts on the board. ebaY HAS succeeded in silencing the DNF, as removing hundreds of posts a day and suspending almost anyone who posts is a very effective way to stop conversation. Of course this is ebaY cutting off its nose to spite its face, but TAG has to imagine that ebaY is happy with it. ebaY has a habit of shooting itself in the foot, but TAG would highly recommend ebaY remove the foot from their mouth FIRST - as much less damage would ensue.