eBay secretly probes your computer – here’s how to stop it

eBay secretly probes your computer - here's how to stop it
© Vistby | Dreamstime.com

Millions of Americans have turned to online shopping for sheer convenience and more recently, as a means to stay safe from COVID-19. It just makes more sense to order online than taking the risk of exposure at a store.

And the trend has caught on fast. So much so that online shoppers spent more money every single day during the month of April than last year’s Black Friday. Tap or click here to see the staggering numbers.

But, one popular e-commerce site has some users up in arms about some recently discovered shady practices. It’s been running a program in the background to check up on details about your computer without telling you. Below is everything you need to know about it.

Where’s the transparency?

Security researchers at Nullsweep recently discovered a script that automatically runs in the background every time someone visits eBay. What’s actually happening is, eBay is scanning your computer for open ports.

If you’re wondering what exactly that means, ports let different kinds of information pass between your network and the internet. Port 80, for example, is used for general web traffic and port 143 is for IMAP email. If hackers find an exposed networking port on your computer, they can jump right in.

You may also like: Robocalls are about to get a lot worse – here’s why

And this is why it’s believed eBay is scanning users’ computers. A few years ago the site had a huge problem with hackers making fraudulent purchases.

The scam went like this: Hackers used Remote Access Trojans (RATs) to take control of a victim’s computer. Since many eBay users use cookies saved to their web browser to automatically log in to the site, a hacker would be able to access their account and make fraudulent purchases.

So now, eBay does a scan on 14 different ports, searching for remote access/remote support tools. The tools it’s looking for are all related to Windows, like Windows Remote Desktop, TeamViewer, VNC and more. It appears only Windows machines are impacted by these port scans. Linux users are thought to be safe.

Since the e-commerce site is actually looking to prevent fraudulent purchases you might think this is a good thing. And maybe, in the end, it is. However, it would be nice if eBay was upfront about it and tell users in advance what it’s doing. It’s secrecy like this that breaches users’ trust and eventually leads to them leaving a site.

Can I block port scanning?

Port scanning is not something that can typically be blocked. The fact is, anyone can select any IP address and scan it for open ports.

You may also like: Microsoft warns of massive phishing attack targeting PCs

The good news is there is a workaround for the eBay port scanning. As we mentioned earlier, eBay runs a script in the background on everyone’s PC when they visit the site that performs a port scan. The way to stop this is to remove JavaScript permissions for eBay. That way its script won’t be able to run when you visit the site.

NOTE: Removing JavaScript permissions for eBay could impact functionality of the site, keeping features like My eBay from working.

Since Google Chrome is one of the most popular browsers, we’ll go over how to remove JavaScript permissions for specific sites for Chrome. If you’re using a different browser the instructions may be a little different.

How to remove JavaScript permissions for sites in the Chrome browser:

  1. On your computer, open Chrome
  2. Go to ebay.com
  3. To the left of the web address, click the lock icon: Lock Lock
  4. A menu will appear that shows Certificate, Cookies, Site settings. Click Site settings
  5. Under Permissions, you’ll see a line with <> JavaScript and a drop-down menu. Change the setting in the drop-down menu to Block. Your changes will automatically save.

That’s it, now JavaScript is blocked from running on eBay and the script running the port scan will no longer work on the site. There is another option to stop eBay from running a port scan. Change browsers.

There is a relatively new browser available called Brave and it has some security protections that other browsers don’t offer. It makes blocking cookies easy, tracks software and removes ads.

With its easy-to-use controls, it can also block phishing. Turn on the ad blocker and the phish blocker at the same time and you’ll get to see just how bad some sites are. Tap or click here for details on Brave and other mobile browser options.

As we said, port scanning isn’t the worst offense you’ll find online but it would be nice if companies like eBay were more transparent on how it operates. It just comes down to trust, and that’s important to have with websites you frequent.

Tags: advertisements (ads), eBay, Google Chrome, JavaScript, Linux, Microsoft Windows, online shopping, phishing, retail sites, transparency, trust, web browser