Ebay and their encryption double standard

9 May

I am not often using Ebay, but every so often it happens to be one of the only options for a specific kind of purchase. I recently bought a product to expand my MPC’s internal memory, and tried to communicate with the seller by using my email account (as an Ebay “guest” user).

I have been automatically signing my emails with PGP for a while now, and haven’t had any major problem (except for a Brisbane council issue that somehow filtered my emails because of the unrecognised attachment, an issue that was fixed a while ago, at least in the particular section I have been volunteering at).

Interestingly enough, Ebay rejected my signed (unencrypted) email, with the following explanation:

To better protect our members from identity theft and unwanted emails, we don’t allow encrypted emails. Because your recent email message to [xxx] was encrypted, we didn’t send it.

Please remove the encryption and resend your message.

The notification email links to a messaging help page [snapshot] that states the following:

Emails that are encrypted before they are sent (or are automatically encrypted when sent) will not be delivered through eBay Messages. Encryption is a way of scrambling or coding information before it’s sent, and then decoding the same information when it’s received. If you’re using encryption software, you may need to turn it off before sending messages.

At first, I thought I sort of understood why they would filter out encrypted emails: so they can apply a keyword-based spam filter. However, I still haven’t heard about spammers making use of encryption. It seems to me that encrypting is an obvious massive obstacle to the main objective of spamming: sending large amounts of emails that are not specifically targeted. Encrypting would require the spammer to collect each recipient’s public key and scramble each separate message accordingly… It does not sound likely to become a common spamming practice, which leads me to think that there might be other incentives for Ebay to only have plain-text messages transiting through their servers (data collection and analysis, anyone?).

Add to that the fact that Ebay obviously does a terrible job at telling apart signed plain-text emails from encrypted emails…

In their help page titled “Keeping you safe on Ebay” [snapshot], they state the following:

We use procedural and technical safeguards, including firewalls, encryption and Secure Socket Layers (SSL) to help protect your personal information against loss, theft and unauthorised access and disclosure by users inside and outside the company.

In “Protecting your privacy” [snapshot], it is said that Ebay provide:

Secure communication for all external parties—including customers, vendors, and any business partners outside of eBay—by monitoring every email message, except in countries that have laws prohibiting monitoring of email. If an email contains private information, it will be encrypted through our eBay Secured Email system.

However, the users using encryption themselves (or even just PGP signatures) are considered a threat and denied privacy. What about people who want to make sure they are keeping a particular transaction private from a member of their family, a threatening community, a potential online criminal organisation, or from an oppressive government, for whatever reason?

Funnily enough, at the time of writing, the link to “eBay Secured Email” is a dead link, so good luck if you want to find out more about this particular “system”…

This issue draws me further away from Ebay – as if I needed more reasons.

Advertisements

One Response to “Ebay and their encryption double standard”

  1. Bernard R 2017-02-27 at 01:13 #

    Well,,,huh…you got my name (required 4 replying) but I never caught yours.
    Of course Obay is–& always has been–afraid of its members corresponding w/o the company moderating. Clearly your encryption might state something like, “Hey, why don’t you sell me 6 of those things U have listed for X amount of $ transferred to your Paypal acct? Here’s my shipping address…” Obay would sooner slaughter an entire village than lose out on a “listing” and “final value fee”.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: