How Auctiva fits with new eBay security protocol...

I don't see how this could possibly cause any problems...you're still using the same computer when you're using Auctiva, right?

quote:

Auctiva's IP addresses

Sorry if I didn't make sense (wouldn't be the first time) but the above statement, to me at least, sounds like you'd be logging in from one of Auctiva's computers..not one of the ones you would normally use.

BTW, Ebay already has our IP addresses....

No I'm not saying anything about Auctiva..When you register on Ebay they will keep your IP address, it's one of the different ways they can investigate reports of shill bidding (for instance) and/or other serious offenses.

Anyway, unless you are actually listing from a hotel or airport, I doubt they will be calling you

My point was the scheduling feature, actually.

I do it a lot because I am in a different time zone and often am still at work when I want the listings to post.

I assumed that in the case of a scheduled post, it's Auctiva's IP addresses that are logged.

Wish we could get an Auctiva staffer to weigh in.

We don't pass any info to eBay right now. We've asked them in the past to collect this info because all it does is encourage the fraudsters to list with us instead of eBay which uses our our servers and time instead of eBay's. It's stupid for eBay to implement this but not have a way for us to give them the same data because all the hackers just end up using 3rd party sites. Of course eBay probably loves that because it narrows down where they have to look for the hackers but it sucks for us.

I've specifically asked them for this for 2 years in a row at eBay Live to the person in Trust and Safety department. It's like talking to a wall though.

So... does this mean that everyone who posts from here is going to be seen as a ghost and thus be called for confirmation?

Sigh.

The Ebay Chatter Blog has some questions answered. It appears that Ebay is going to be tracking your computer through cookies and something with Flash rather than tracking your ISP.

They did address the question of third party listing services ... not sure I understand their answer but then that's Ebay.

Q: How will listings submitted through a 3rd party listing service be handled?

A: You should not be affected unless you need to authorize 3rd party access to your eBay account. During that process, you will need to go through identity verification if we do not recognize that computer.

Thanks, I'll go read the blog. And you're right -- I don't understand the answer, either. If we "may" not be affected, it tells me that once they see we've authorized Auctiva, they're fine with it -- no phone call.

But the scammers would certainly figure that out and if they hijack an account, they could tell if Auctiva was used in the past pretty easily.

Sounds like a security weakness to me. It would be better if Auctiva DID share user IP addys. That way they could see if someone using an entirely different address may have hijacked.

Someone asked about this on one of the Ebay Ink Blogs and this was the answer that was given. I still don't understand how this is gonna work though.

5. How will listings submitted through a listing service like Auctiva be handled?
Third party services will continue to work for our sellers. At the time you need to authorize, aka “Auth&Auth”, a new or existing service, you will need to need to be on a recognized computer to be able to grant that authorization.

quote:

Picture of rubberduckproductions

Posted April 23, 2008 07:02 AM Hide Post
that sounds like they are only talking about when the token is initially generated?

Yes. And that could be a problem. A hijacker could easily see who uses Auctiva and use this site to post, I would think.

Of course, this would ASSUME that the user ID and password for Auctiva is the same one used at eBay. I have a different ID/password here.