Options
"eBay is not willing to tolerate acts of fraud carried out on its site"
Apologies for this not being strictly coin-related, but with all the talk about fraudulent coins being sold on ebay I thought this might be of interest.
Here is an article that covers a presentation that an ebay employee gave to law enforcement officials regarding how ebay works to prevent fraud. Maybe readers who try to work with ebay on such issues will find it useful.
Here is an article that covers a presentation that an ebay employee gave to law enforcement officials regarding how ebay works to prevent fraud. Maybe readers who try to work with ebay on such issues will find it useful.
New collectors, please educate yourself before spending money on coins; there are people who believe that using numismatic knowledge to rip the naïve is what this hobby is all about.
0
Comments
i thought the fact that ebay logs the pages you surf on their site was mighty interesting.
Watch for this to be the next IRS hotspot. There's gonna be a lot of taxes being coughed up along with penalties and interest.
Ray
Look over the Privacy Act of 1974 & it's Amendments. Something more people should also be concerned with is freely giving out their Soc. Security Number to anyone who asks for it.
<< <i>I can walk up to ANY PC in this company right now, click on IE and browse e-bay without signing on to an IP or e-bay. There is NO possible way for E-bay to know who I am personally. >>
If you aren't logged in, that's true. If you are logged in, different story.
There's another story about the same conference (but with much less detail) here. The noteworthy quote is "eBay's 'generous privacy policy' doesn't require law enforcement agencies to obtain a subpoena for information other than customers' personal financial data."
New collectors, please educate yourself before spending money on coins; there are people who believe that using numismatic knowledge to rip the naïve is what this hobby is all about.
You're in for a rude awakening. This is what I do on a daily basis, so I'm familiar with what you can and can't learn about a user, either through physical investigation or simply asking the right questions in the right way. If your company uses logons, they can (and should) track everything you do, from any computer they own. If logons are lazily enforced, then a fraud committed from your company would likely become the responsibility of the company itself (if identifying the actual user was impossible). I design networks every day, and perhaps the quickest and easiest part is Internet access. Identifying users, controlling and monitoring their browsing habits, and identifying exactly EVERYTHING they do through a web browser or email is one of the few areas where the technology is simple and effective enough to not need excessive further development. From a technical standpoint, it is extremely easy, very accurate and effective, and is the prudent policy for any responsible company, large or small.
Now, as to "asking the right question in the right way," I once was working on a design for a Tier 1 provider in the SouthEast. It was an email system for a company with about 100,000 users and affiliates, and since the impact to backbone infrastructure had the potential to be signifigant, I had to coordinate with several ISPs. In that process, I simply asked to see what their daily traffic through email would be. 3 of the 15 companies contacted did the investigative work themselves, then provided me the information. Another 8 wanted me on site in order to enhance the security of conveying that information. The final 4 simply gave me administrative access to their routers and customer database, and 2 of these are HUGE ISPs (2 of the top 5 in the world). I had complete access to EVERYTHING THEY KNEW about EVERY ONE OF THEIR users. After the work was done, we went back and documented the entire process, then filed it away for future reference if (more likely when) the lawsuits commence. For the record, when I actually went to "look into" their routers and databases, I had the contractor's legal department present, as well as a notary, and I would only look at what they requested me to do (I was acting as their agent).
So, not only is it possible, it really is the norm now. And while they don't really care, your ISP likely has a log of everywhere you've ever been on the Internet, and everything you've ever done. The liability of not having that information is just to great.
"France said this week they need more evidence to convince them Saddam is a threat. Yeah, last time France asked for more evidence it came rollin thru Paris with a German Flag on it." -Dave Letterman
So say for example you browse Legend's or Anaconda's website before you go to eBay and compare prices THEY (Big Bro) know you were looking at high priced coins. Then after you leave eBay you come here to talk about it THEY know.
Or maybe you look at some items in the adult section and go click on some porn sites afterward THEY know where you have been and what you looked at.
The FBI has Carnivore which is a search engine that can scan email contents in ISPs so even when you delete the endless childporn and other nasty spam you get from overseas it's really still on your ISP and you could cause you a horrible nightmare for "possessing" illegal material you didn't even know you had. How would you like to go to prison simply because you looked at some sexy lingerie on eBay then clicked on the PlayBoy site and had deleted & unread porn spam in your email account and your vengeful ex-wife reports you to DHR as a child abuser because it's protocol in child custody proceedings to do that?
I look at AK47 (maybe I should be PC and say semi-auto MAC-90) accessories on eBay sometimes then I might go to a gun bulletin board and since I have a habit of clicking on links so I might end up somewhere on an anarchist site reading about making pipe bombs or land on a skinhead site then the next thing I'm on a KKK site and of course they're all downloading their graphics to my history & cache files so that automatically makes me a violent racist terrorist than belongs to a militia group in the eyes of the law.
I've clicked on sites that I "shouldn't have been to" and I quickly dump my files and run programs to delete cookies and spyware & adware from my harddrive and overwrite empty disk space 7 times but I know deep in the Windows & Systems folders there are still traces of my activities waiting to nail me.
Maybe I'm just paranoid but the whole time I'm surfing the net I feel like the Big Bro, Law Enforcement, the Government or somebody is sitting behind me watching over my shoulder.
We kept our logfiles for 3 years of history. Today its even longer, and everywhere a user went, everything they looked at, when they logged on and off, and from where...its all there. Scary stuff.
"France said this week they need more evidence to convince them Saddam is a threat. Yeah, last time France asked for more evidence it came rollin thru Paris with a German Flag on it." -Dave Letterman
Sorry, your not 100% correct my esteemed colleague. It may be the norm for companys to snoop on their workers, and I'm quite sure I'm being watched to some extent, but it IS quite possible for me to browse e-bay all day and they may know some PC was on there, or some one of the companys PC was on there, but they could never identify ME specifically, and personally as the user. I could look at radical Islamic crap all day and they'll see and know someone was looking at it, and it will run up their red flag, but all the'll have is an IP address, and probably a machine ID number, but thats all they would know. I would not be signed on to the network, I don't need to be, and I certainly would not be signed on to any IP or other connection service, I don't need to be. I also would not be logged in to e-bay unless I intended to bid or check out my personal items. All I would do is turn a machine on and click the IE ICON and I am on the web, no ID, no sign on. The person whos desk I was at could even be signed on to their PC via Windows and even the network, and they may be asked if they were using the web to browse e-bay, but unless someone explicitly saw me physically at a machine and physically identified me there is no way for them to identify my personal identity or who may have been doing the browsing. Further, they can have all of the keystroke capturing devices and cookies they want installed, and they are easily circumvented. Sometimes its as simple as installing a personal firewall like ZoneAlarm and forbidding any unknown software from sending out the captured info, and then knowing what to delete. There is always a way.
Senior Applications Support Specialist
<< <i>I wonder if they volunteer information to the IRS and the various state's tax boards. >>
K6AZ,
Since these agencies have "enforcement" arms, my guess would be that if they requested information, and assuming the quotes in the article are accurate, the answer would be yes.
Edited to add: The IRS is the single largest buyer of consumer marketing databases in the world.
Russ, NCNE
Zone Alarm will cut way down on your privacy invasion from hostile sites but tracking cookies do not acess the net on their own, the information is stored in several cookies locations on your harddrive and the information is transfered when you access the site.
For example if I have a doubleclick.com tracking cookie it doesn't do anything until I click on a site that's part of the doubleclick.com marketing network then it logs me but Zone Alarm doesn't alert. Of course I can set Zone Alarm so that it rejects cookies but then the website I'm trying to view won't work.
The best thing to do is constantly delete your cookies. The Zone Alarm folks make a program called Pest Patrol which does a great job of detecting & identifing bad cookies. Myself uses a program called spybot. I used to use AdAware but AdWare will say I'm clean but spybot will detect 10x the stuff that's still in my browser files, play list for MS Media Player, Real Player, browser address bar, recently acessed Word files, registry entries and a hundred other privacy invading features of the Windows OS.
Anyway, getting back on topic here it's funny eBay keeps track of everything you do forever but if you can't access closed auctions after 30 days because they say it's no longer in the system or you only have XX days to file fraud!
We tend to think eBay revolves around the coin section and they should quickly investigate our fraud complaints but there are only about 70,000 coin auctions going on at any time while there are 20,000,000 other new listings added every day. Our coin section is such a small part and barely generates any income to eBay they really could care less about the $100 fake Chinese Trade Dollars, $50 AT Morgans and the ocassional seller that takes your $500 and runs. Unless it's a big felony going on like the car theft rings or pirate software which generates billions of $$ and makes eBay look bad they simply don't give a crap.
Oh, but endanger $5 or $10 eBay's income by preventing a bad sale and get booted quickly.
But did you notice 1 thing in the article? If law enforcement asks them, eBay gladly turns over records to law enforcement agencies doing criminal investigations so what does that tell you? Don't report fraud to eBay because they will simply sweep it under the rug-report fraud to the REAL police and let them contact eBay!!!!
K S