Solve : Unique Computer ID code - who can see this? Flash ID, and Ebay

1.	Solve : Unique Computer ID code - who can see this? Flash ID, and Ebay?
Answer» Hi all I've once again had to telephone EBay, sit on hold, go through several minutes of small talk and jibber jabber to re-verify my 'new' PC even though all I did was install a faster CPU. Seems each time you tweak something, well at least something major, your unique computer ID gets changed? Are there any links on this to get me up to speed? I wasn't aware it was changed if you just swapped a RAM stick. Anyway, it freaked me out a bit that Ebay knew I had changed my system before I was allowed to list an item for sale. They told me they do this via Flash, and not cookies. Where is THIS info stored? I would like to somehow hang onto my unique Flash identifier for any future tweaks so I don't have to call Ebay every time I change my system, and then try to list something. Is this possible, to cut and paste it like a cookie? And if it'snot Flash - Can any website see this alternative Unique Computer ID? Can any website install a Flash identifier? How does this affect anonymous browsing via Proxies etc, I guess they are almost useless in this case? How much info can they see? Any tips on this would be greatly helpful, I searched the forums first and the web to no avail... cheers! C Why does this surprize you? You rautomobile has an unique resistration and is visible. Your house hase a unique address and is visible. Many other things you nown or things that relatedto your life are rather unique and are visible to others. The CPIID was introduced by Intel in 1993. In a LAN every PC must be unique. If you want to be unseen, make yourself invisible. Quote from: Geek-9pm on September 05, 2011, 09:00:56 AM The CPIID was introduced by Intel in 1993. the CPUID instruction only identifies what the CPU is. the CPU serial number was introduced in Pentium 3 chips, and by default it was disabled and not something any software could query anyway. And they discontinued that because of the rampaging nerds from slashdot that felt their security was being violated. http://pages.ebay.ca/help/account/cookies-web-beacons.htmlThe link by BC leads to this: http://pages.ebay.ca/help/account/cookies.html Which indicates the coolie is only meaningfull to dBay and does not contain password or similar information that would be visible to nothers. The cookie identifies your to eBay, not to others. The cookie pointgs to an entry in database(s) kept by eBay. Quote from: Geek-9pm on September 05, 2011, 09:00:56 AM Why does this surprize you? You rautomobile has an unique resistration and is visible. Your house hase a unique address and is visible. Many other things you nown or things that relatedto your life are rather unique and are visible to others. The CPIID was introduced by Intel in 1993. In a LAN every PC must be unique. If you want to be unseen, make yourself invisible. What are your best suggestions to make myself invisible? As I understand it, if you can't hide your CPIID, even using a proxy surfer or anonymous surfing still means you are visible and identifiable by this. If I am, then you are. What do you do differently, may I ask? The links to cookies info are helpful but not relevant, I was questioning who else has the ability to see, keep or intercept this information, this non-cookie information, and can your computer and therefore you, be identified by the CPIID and your IP put together? Even if you surf anonymously from time to time, that ONE time you don't, you're able to be identified by the CPIID? Also, if you delete your cookies, web history, in fact EVERYTHING that CCleaner and Window Washer both remove, some websites still seem able to remember you. Why is this? The CPIID surely isn't used and stored by smaller websites such as a tiny regional newspaper website that seems to remember my past history when I visit no matter how many cleans have occurred. Quote from: chad on September 15, 2011, 03:17:00 AM The CPIID surely isn't used and stored by smaller websites It's not used by any websites.Quote from: BC_Programmer on September 15, 2011, 03:57:05 AM It's not used by any websites. any chance you could clarify this? How do they recognise you are suddenly on a new CPU and ask for new verification, if they aren't using it or some other unique PC identifying number/code/serial? I seem to be getting more questions from this forum, than answers. I'll look somewhere else. Quote from: chad on September 21, 2011, 06:58:57 AM any chance you could clarify this? Yes. CPUID is an instruction used in machine code to identify the processor. it was introduced with the 486, All it does is basically provide the processor type- the family. a 486 would say basically "I'm a 486". the "serial" number to which geek-9pm refers simply doesn't exist. It was implemented by the Pentium 3, disabled by default, and was intended to help audit a company's stock of computers. Only a native code program would be able to access this even if it was enabled. So unless a site uses an ActiveX control or you download something, that wouldn't work (and again, that was only for Pentium 3 machines). Quote How do they recognise you are suddenly on a new CPU and ask for new verification, if they aren't using it or some other unique PC identifying number/code/serial? The fact that you are connecting from the same IP address and the cookie they set when you visited previously is no longer present. You would get the same effect by clearing cookies. Either that or it inspected some of the other header values (things which may include screen resolution, browser, etc) and found it didn't match some sort of database for that IP address so it assumed it was a new PC. the former scenario is far more likely, though. Geek's POINT was that EVERY computer that connects to the internet obviously needs some sort of identification so that data intended for other machines don't get sent to it and vice versa. If nothing else, the IP address. Of course, one can "mask" ones IP address by going through proxies, but the fact remains that to a adequately determined observer on the other end they can trace back and find you. websites however simply work off what they are given. basically, they have your IP address, check for a locally stored cookie, and any server-side database they keep (which would have to be limited to be PCI compliant, I imagine). it's basically the same as asking how a program knows it hasn't been run yet (for those that say stuff like "this is your first use of the program, would you like a tutorial" type thing. They basically set a piece of data that says "yes, I started" and inspect that when they start. Same for websites. If you access your e-mail or other services using the same IP address for three years, and then suddenly you are using a new IP address, that can make them "suspicious" and ask for further Identification to make sure it's really you. When you use a different computer the cookies aren't set, so obviously you will need to enter your login info. Quote I seem to be getting more questions from this forum, than answers. I'll look somewhere else. What you call "tracking" I call good design; whether the site uses the information or not, it still has it. Some sites just try to use it more intelligently than others to improve the user experience, and some privacy zealots seem to dislike the fact that they can't hide their affinity for russian midget dinosaur pornography as easily. It's not really anything to worry about. As for your original post, I've no clue what you are talking about, to be honest. Chances are your IP address changed (sometimes that can happen when you reboot the modem). I've used over 5 PCs on this connection and haven't had any problems with some sort of "verification" process. Oh ,and I might point out, they are extra careful with ebay users who are sellers (which you imply being as you wish to list an item), because there has been a lot of fraudulent account usage. Somebody might be selling handmade doilies, and then suddenly 'they' are selling Toyota Camry's. of course they aren't, rather, their account was hijacked. The thing is, the people doing the hijacking will always be at a different IP address, so if Mrs. Doily maker is at one IP address in the UK and has been for say 3 years, only selling doilies, it's going to be suspicious when they log in from Thailand using a completely different IP and start selling counterfeit footwear. If nothing else, these checks are implemented to prevent fraudulent usage of your account, not to track your usage of their service (which is only a means to the end). basically, Ebay probably does several things: Flash cookies, as well as normal cookies. Both of which store tidbits of data on your machine. IP address: as noted above, if you connect from the same IP address for three years, and then are suddenly connecting from another, they'll add extra checks to make sure it is you and not somebody trying to fraudulently use your account. the IP address they of course have because your computer has to send it in order to get any data back (the receiver needs to know where to send the data, after all). Cookies and flash cookies are probably far less important. I don't think flash can inspect hardware configuration (it might) but I can see why that might be added. More likely it was a coincidence that your IP address changed when you upgraded to a faster CPU (or did you swap a RAM stick? I can't really tell). If you try to use ebay through a proxy, you will almost definitely get the same prompt. You might consider reading their Privacy Policy, which lays out quite clearly exactly what they collect. That is the information they would be using to throw up additional prompts if your account usage suddenly falls outside expected norms. One portion that is probably relevant: Quote You agree that we may use your personal information to: ... * prevent, detect, and investigate potentially prohibited or illegal activities, and enforce our User Agreement; 'personal information' being defined previously in there as the various web headers, IP address, and other information. I cannot find a single usage of flash anywhere in the site, so I doubt that is being used at all. ebay does use normal cookies (I have several set from ebay.ca as well as ebay.com), so those may be used as well. A more technical description of the various header fields sent by most browsers can be found here.Here is a video about cookies. http://video.about.com/netforbeginners/What-are-Internet-Cookies-.htm As to the harm of cookies, that is debatable. The link above claims they are harmful. As BC said, even when coolies are disabled, there has to be a WAY to ID one PC during a the time you are visiting a web site. The exception would be a broadcast that is going out to anybody who wants nit. But otherwise, a web site has to have a unique path to your computer. A proxy can be used to hide your identity, to some degree,. The proxy knows your computer, but only gives the information to an authorized agency. Another video about cookies: http://www.youtube.com/watch?v=Ye8mB6VsUHwI have changed computers several times and ebay has never made me verify anything, and I am a seller. Some of my bank accounts will give me a message that says this isn't the computer you usually use and I have to answer a verification question and then say whether or not I want to save this computer as my permanent one, but it is all online. If you are worried about being monitored, you should look into a VPN or at least install Peerblock. You would be surprised if you saw how many companies are GATHERING data about you and your internet activity. Actually I don't know what I am doing now but I think something is blocking ebay cookies because I have to log in again to bid even if I am already logged in and looking at my account.

Solve : Unique Computer ID code - who can see this? Flash ID, and Ebay?

Answer»

Hi all

I've once again had to telephone EBay, sit on hold, go through several minutes of small talk and jibber jabber to re-verify my 'new' PC even though all I did was install a faster CPU.

Seems each time you tweak something, well at least something major, your unique computer ID gets changed? Are there any links on this to get me up to speed? I wasn't aware it was changed if you just swapped a RAM stick.

Anyway, it freaked me out a bit that Ebay knew I had changed my system before I was allowed to list an item for sale. They told me they do this via Flash, and not cookies. Where is THIS info stored? I would like to somehow hang onto my unique Flash identifier for any future tweaks so I don't have to call Ebay every time I change my system, and then try to list something. Is this possible, to cut and paste it like a cookie?

And if it'snot Flash - Can any website see this alternative Unique Computer ID? Can any website install a Flash identifier? How does this affect anonymous browsing via Proxies etc, I guess they are almost useless in this case? How much info can they see?

Any tips on this would be greatly helpful, I searched the forums first and the web to no avail...

cheers!
C
Why does this surprize you?
You rautomobile has an unique resistration and is visible.
Your house hase a unique address and is visible.
Many other things you nown or things that relatedto your life are rather unique and are visible to others.

The CPIID was introduced by Intel in 1993.
In a LAN every PC must be unique.

If you want to be unseen, make yourself invisible. Quote from: Geek-9pm on September 05, 2011, 09:00:56 AM

The CPIID was introduced by Intel in 1993.

the CPUID instruction only identifies what the CPU is.

the CPU serial number was introduced in Pentium 3 chips, and by default it was disabled and not something any software could query anyway. And they discontinued that because of the rampaging nerds from slashdot that felt their security was being violated.

http://pages.ebay.ca/help/account/cookies-web-beacons.htmlThe link by BC leads to this:
http://pages.ebay.ca/help/account/cookies.html
Which indicates the coolie is only meaningfull to dBay and does not contain password or similar information that would be visible to nothers. The cookie identifies your to eBay, not to others. The cookie pointgs to an entry in database(s) kept by eBay. Quote from: Geek-9pm on September 05, 2011, 09:00:56 AM

Why does this surprize you?
You rautomobile has an unique resistration and is visible.
Your house hase a unique address and is visible.
Many other things you nown or things that relatedto your life are rather unique and are visible to others.

The CPIID was introduced by Intel in 1993.
In a LAN every PC must be unique.

If you want to be unseen, make yourself invisible.

What are your best suggestions to make myself invisible? As I understand it, if you can't hide your CPIID, even using a proxy surfer or anonymous surfing still means you are visible and identifiable by this. If I am, then you are. What do you do differently, may I ask?

The links to cookies info are helpful but not relevant, I was questioning who else has the ability to see, keep or intercept this information, this non-cookie information, and can your computer and therefore you, be identified by the CPIID and your IP put together? Even if you surf anonymously from time to time, that ONE time you don't, you're able to be identified by the CPIID?

Also, if you delete your cookies, web history, in fact EVERYTHING that CCleaner and Window Washer both remove, some websites still seem able to remember you. Why is this? The CPIID surely isn't used and stored by smaller websites such as a tiny regional newspaper website that seems to remember my past history when I visit no matter how many cleans have occurred.

Quote from: chad on September 15, 2011, 03:17:00 AM

The CPIID surely isn't used and stored by smaller websites

It's not used by any websites.Quote from: BC_Programmer on September 15, 2011, 03:57:05 AM

It's not used by any websites.

any chance you could clarify this? How do they recognise you are suddenly on a new CPU and ask for new verification, if they aren't using it or some other unique PC identifying number/code/serial?

I seem to be getting more questions from this forum, than answers. I'll look somewhere else. Quote from: chad on September 21, 2011, 06:58:57 AM

any chance you could clarify this?

Yes. CPUID is an instruction used in machine code to identify the processor. it was introduced with the 486, All it does is basically provide the processor type- the family. a 486 would say basically "I'm a 486". the "serial" number to which geek-9pm refers simply doesn't exist. It was implemented by the Pentium 3, disabled by default, and was intended to help audit a company's stock of computers. Only a native code program would be able to access this even if it was enabled. So unless a site uses an ActiveX control or you download something, that wouldn't work (and again, that was only for Pentium 3 machines).

Quote

How do they recognise you are suddenly on a new CPU and ask for new verification, if they aren't using it or some other unique PC identifying number/code/serial?

The fact that you are connecting from the same IP address and the cookie they set when you visited previously is no longer present.

You would get the same effect by clearing cookies. Either that or it inspected some of the other header values (things which may include screen resolution, browser, etc) and found it didn't match some sort of database for that IP address so it assumed it was a new PC. the former scenario is far more likely, though.

Geek's POINT was that EVERY computer that connects to the internet obviously needs some sort of identification so that data intended for other machines don't get sent to it and vice versa. If nothing else, the IP address. Of course, one can "mask" ones IP address by going through proxies, but the fact remains that to a adequately determined observer on the other end they can trace back and find you.

websites however simply work off what they are given. basically, they have your IP address, check for a locally stored cookie, and any server-side database they keep (which would have to be limited to be PCI compliant, I imagine).

it's basically the same as asking how a program knows it hasn't been run yet (for those that say stuff like "this is your first use of the program, would you like a tutorial" type thing. They basically set a piece of data that says "yes, I started" and inspect that when they start. Same for websites. If you access your e-mail or other services using the same IP address for three years, and then suddenly you are using a new IP address, that can make them "suspicious" and ask for further Identification to make sure it's really you. When you use a different computer the cookies aren't set, so obviously you will need to enter your login info.

Quote

I seem to be getting more questions from this forum, than answers. I'll look somewhere else.

What you call "tracking" I call good design; whether the site uses the information or not, it still has it. Some sites just try to use it more intelligently than others to improve the user experience, and some privacy zealots seem to dislike the fact that they can't hide their affinity for russian midget dinosaur pornography as easily. It's not really anything to worry about.

As for your original post, I've no clue what you are talking about, to be honest. Chances are your IP address changed (sometimes that can happen when you reboot the modem). I've used over 5 PCs on this connection and haven't had any problems with some sort of "verification" process.

Oh ,and I might point out, they are extra careful with ebay users who are sellers (which you imply being as you wish to list an item), because there has been a lot of fraudulent account usage. Somebody might be selling handmade doilies, and then suddenly 'they' are selling Toyota Camry's. of course they aren't, rather, their account was hijacked. The thing is, the people doing the hijacking will always be at a different IP address, so if Mrs. Doily maker is at one IP address in the UK and has been for say 3 years, only selling doilies, it's going to be suspicious when they log in from Thailand using a completely different IP and start selling counterfeit footwear. If nothing else, these checks are implemented to prevent fraudulent usage of your account, not to track your usage of their service (which is only a means to the end).

basically, Ebay probably does several things:

Flash cookies, as well as normal cookies. Both of which store tidbits of data on your machine.
IP address: as noted above, if you connect from the same IP address for three years, and then are suddenly connecting from another, they'll add extra checks to make sure it is you and not somebody trying to fraudulently use your account.

the IP address they of course have because your computer has to send it in order to get any data back (the receiver needs to know where to send the data, after all). Cookies and flash cookies are probably far less important. I don't think flash can inspect hardware configuration (it might) but I can see why that might be added. More likely it was a coincidence that your IP address changed when you upgraded to a faster CPU (or did you swap a RAM stick? I can't really tell).

If you try to use ebay through a proxy, you will almost definitely get the same prompt. You might consider reading their Privacy Policy, which lays out quite clearly exactly what they collect. That is the information they would be using to throw up additional prompts if your account usage suddenly falls outside expected norms. One portion that is probably relevant:

Quote

You agree that we may use your personal information to:

...

* prevent, detect, and investigate potentially prohibited or illegal activities, and enforce our User Agreement;

'personal information' being defined previously in there as the various web headers, IP address, and other information. I cannot find a single usage of flash anywhere in the site, so I doubt that is being used at all. ebay does use normal cookies (I have several set from ebay.ca as well as ebay.com), so those may be used as well.

A more technical description of the various header fields sent by most browsers can be found here.Here is a video about cookies.
http://video.about.com/netforbeginners/What-are-Internet-Cookies-.htm

As to the harm of cookies, that is debatable. The link above claims they are harmful.

As BC said, even when coolies are disabled, there has to be a WAY to ID one PC during a the time you are visiting a web site. The exception would be a broadcast that is going out to anybody who wants nit. But otherwise, a web site has to have a unique path to your computer.

A proxy can be used to hide your identity, to some degree,. The proxy knows your computer, but only gives the information to an authorized agency.
Another video about cookies:
http://www.youtube.com/watch?v=Ye8mB6VsUHwI have changed computers several times and ebay has never made me verify anything, and I am a seller. Some of my bank accounts will give me a message that says this isn't the computer you usually use and I have to answer a verification question and then say whether or not I want to save this computer as my permanent one, but it is all online.
If you are worried about being monitored, you should look into a VPN or at least install Peerblock. You would be surprised if you saw how many companies are GATHERING data about you and your internet activity.
Actually I don't know what I am doing now but I think something is blocking ebay cookies because I have to log in again to bid even if I am already logged in and looking at my account.

Solve : Unique Computer ID code - who can see this? Flash ID, and Ebay?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment