eBay

sandyoutlet · ‎10-17-2017

Starting today, you will see changes on eBay item description pages that contain non-compliant HTTP content. Google Chrome has pushed their browser update which includes stronger security standards. As a result, eBay will be adding a "see full item description" button to all listings that contain non-compliant HTTP content.

This new experience will look very similar to the way mobile buyers already see listing descriptions today. It also ensures that we comply with the Google mandate and prevents your buyers from seeing a “Not Secure” warning when they’re shopping on eBay

Please review our landing page for more information and tools to help you identify any of your listings that may contain non-compliant HTTP content.

EDIT 11/8/17 @ 12:23 PT

We are aware of an issue where the eBay HTTPS identification tool is showing listings that were revised to be HTTPS compliant after 10/31 as non-compliant. We are actively working on this issue and plan to have a quick fix for any new or revised listings. Any existing listings that have been updated to be HTTPS compliant but are still showing as non-compliant in the tool will continue to show as non-compliant until the listing is either revised or renewed. If you do not revise or relist, the issue will automatically correct after 30 days.

Please note that if your listings are compliant, they will show normally to buyers and have the “secure” message in the URL. You can confirm this experience by looking at the live listing. This issue is confined to our tool that identifies non-compliant listings, which is currently failing to update to show listings as compliant after you have updated your http content to be compliant.

We apologize for this issue and will update you here as soon as the issue is resolved.

shipscript · ‎11-26-2017

@ambleoutdoorsusa

eBay has already stated, some time ago, that stores will not be addressed until sometime in 2018. No sales occur on store pages. No secure transactions appear on store pages. Store pages are simply a gallery of other items the seller has available. Security is a non-issue.

One major reason eBay CAN'T convert store pages right now is that there are too many store owners who have created their own storefront pages from way back when eBay allowed that. Those stores would disappear (would be blocked by the browser) if eBay suddenly flipped the switch and made the site require "https" delivery. Are sellers more tolerant of having their stores disappear entirely or having a non-secure message in the browser address bar? Pretty soon buyers will notice that all stores have that message and will eventually ignore it.

eBay is still working on the new store format, and when that is ready, I assume old stores will be converted to new stores, bringing those old stores into compliance for https and active content. This will avoid forcing store owners through multi-staged updates of storefronts.

@ambleoutdoorsusa wrote:
[Our eBay sales are off 80 percent in the last 6 weeks. I suspect the above is a major contributing adverse factor.]

Everyone has been affected by the site overhaul, including the vast majority of sellers without stores. More likely, the change in the search formulas, the burying of non-compliant listings, the conversion to eBay catalog (inventory-centric) metrics, and the Active Content and site overhauls, have all contributed in some fashion to the general malaise many sellers are experiencing.

ShipScript has been an eBay Community volunteer since 2003, specializing in HTML, CSS, Scripts, Photos, Active Content, Technical Solutions, and online Seller Tools.

cermak70 · ‎12-06-2017

Not true. Two words: Packet injection

Comcast is piggybacking onto http:// pages seemingly at random all over everywhere and adding a bit of javascript at the end that displays a 'modem upgrade' popup. They are modifying ebay's pages, I assume without ebay's (and definitely without the user's) permission. If stores.ebay.com were encrypted like it should be since this is the year 2017 they can't do the packet injection thing. Nobody else can do the packet injection thing to modify pages en route either.

Now, one might argue that Comcast using this exploit to send important info to their customers may be a legitimate use, but there is nothing at all stopping others from using the exploit to add or replace a link in any non-secure page with something nefarious.

I have saved source code of http://stores.ebay.com that includes the unauthorized javascript at the end, if anybody from ebay cares.

berserkerplanet · ‎12-06-2017

But that requires a man-in-the-middle attack. That either means someone has physical access to your hardware, is exploiting a weak wifi setup, or is upstream of your ISP. If any of those are the case you have bigger problems than them getting a list of things you browsed on eBay.