I know what you're buying: Privacy breaches on eBay

Tehila Minkus, Keith W. Ross

    Research output: Chapter in Book/Report/Conference proceedingConference contribution


    eBay is an online marketplace which allows people to easily engage in commerce with one another. Since the market's online nature precludes many physical cues of trust, eBay has instituted a reputation system through which users accumulate ratings based on their transactions. However, the eBay Feedback System as currently implemented has serious privacy flaws. When sellers leave feedback, buyers' purchase histories are exposed through no action of their own. In this paper, we describe and execute a series of attacks, leveraging the feedback system to reveal users' potentially sensitive purchases. As a demonstration, we collect and identify users who have bought gun-related items and sensitive medical tests. We contrast this information leakage with eBay users' privacy expectations as measured by an online survey. Finally, we make recommendations towards better privacy in the eBay feedback system.

    Original languageEnglish (US)
    Title of host publicationPrivacy Enhancing Technologies - 14th International Symposium, PETS 2014, Proceedings
    PublisherSpringer Verlag
    Number of pages20
    ISBN (Print)9783319085050
    StatePublished - 2014
    Event14th International Symposium on Privacy Enhancing Technologies, PETS 2014 - Amsterdam, Netherlands
    Duration: Jul 16 2014Jul 18 2014

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume8555 LNCS
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    Other14th International Symposium on Privacy Enhancing Technologies, PETS 2014

    ASJC Scopus subject areas

    • Theoretical Computer Science
    • General Computer Science


    Dive into the research topics of 'I know what you're buying: Privacy breaches on eBay'. Together they form a unique fingerprint.

    Cite this