A bug in the Ebay web pages allows sellers to make up their own seller information, according to claims in PC-WELT, the German computer magazine.

Ebay, the leading auction site in the Internet, provides bidders with information about the seller whose products they are bidding for. As a virtual auction house, Ebay never sees the products that are auctioned off on their site and so they have no direct way to control the honesty of buyers and sellers. Instead, the 'seller information' tells potential bidders in the Ebay auctions how long the seller has been registered, how large a percentage of the seller's feedback (provided by other users) is positive and whether the seller is an Ebay 'Power Seller'. The information is the lynchpin of Ebay's reputation-based system, designed to assure buyers that they are not dealing with an online cyberfraudster.

Unfortunately, with the help of a few snippets of JavaScript embedded in the product details, PC-Welt was apparently able to take a newly opened account and make it look like it belonged to a 'Power Seller' with almost 2000 Ebay sales and a 99.8% positive feedback rating. The JavaScript, apparently freely available on the Net, rewrites the data used to display the seller information. When the user clicks on the seller information they get a page with more details, but this link can also be forged by the seller, sending the hapless buyer off to a page of the seller's own devising. By combining this problem with the spoofing bug in Internet Explorer the devious seller can make the subterfuge very hard to spot.

Ebay has already been made aware of the problem, but it seems that flashy web pages are more important than building a community where people can trust each other. At any rate, instead of merely banning Javascript which would make their sellers' web pages 'boring' according to a company spokesman they are looking for a better solution. Says a spokesman for Ebay (our translation):

"This problem is not unique to Ebay. We allow Javascript so the users can make their web pages as attractive as possible. Plain text web pages are boring. We are working hard to find a long term solution. We are able to identify and remove auctions like this".

In the meantime you can be sure to see the right seller information if you switch off Javascript when using Ebay.

The Inquirer