News Opinions Privacy

eBay is port scanning your system when you visit their website

Something that caught my attention on The Register today – eBay appears to be port scanning computers of their users when they connect to the website.

Potentially, they are doing this to try and prevent those with malware from using their service in an attempt to decrease fraud? It does raise some concerns though. Is what they are doing legal? I know that if I started port-scanning eBay, it definitely would not be considered legal, so why can they do it?

When you visit their website, JavaScript code is executed within your browser which attempts to probe various ports on your system. This JavaScript is executed locally within your browser, so bypasses any restrictions you have in your router firewall. Not only are they testing these ports without consent of their users, but the test being executed is ran locally on a users machine (from within the users network), so is potentially revealing network services that are not even exposed to the outside-world.

In the article written by The Register, it appears they are testing at least 13 different ports. This data then appears to be sent to ThreatMetrix, who are no doubt helping collate this information for eBay.

If you haven’t got a JavaScript blocking plugin installed in your browser (such as NoScript), now is definitely the time to consider installing one. There is no legitimate reason they should be doing this. This is a step too far.