Bitcoin Forum
November 07, 2024, 01:47:44 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Sharing eBay trust data?  (Read 2157 times)
phathash (OP)
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
March 14, 2011, 09:38:47 PM
 #1

Can this be done without breaking eBay's TOS? Some of us have 10 year old eBay accounts will hundreds in positive feedback.

Post a GPG public key in an auction body?

grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1080


View Profile
March 14, 2011, 09:56:24 PM
Last edit: March 14, 2011, 10:14:19 PM by grondilu
 #2

Not an entire public key, but the GnuPG fingerprint would be fine I guess.

You can also qrencode it and show the image in your profile.


PS.  This actually gave me the idea and I've just done exactly this for my avator on this forum Wink

PS#2:  you can also stenography your public key inside the photos of the items you're selling, although I suspect eBay is altering the pictures.

PS#3.  Nah I changed my mind and removed the qrcode 'caus it's ugly.

mndrix
Michael Hendricks
VIP
Sr. Member
*
Offline Offline

Activity: 447
Merit: 258


View Profile
March 14, 2011, 10:29:49 PM
 #3

eBay users can post arbitrary text content on their eBay My World pages: http://myworld.ebay.com/$username  A PGP key ID or fingerprint could be posted there.  I believe those pages are world-readable.
nanotube
Hero Member
*****
Offline Offline

Activity: 482
Merit: 501


View Profile WWW
March 14, 2011, 10:39:30 PM
 #4

actually, posting either just the key or just the id is not enough to verify anything, since i can post /anyone's/ key. what you need to do is post a clearsigned message saying "i, user <username> on ebay, hereby declare my ownership of <keyid>, as of <date>", signed with said key.

that'll prove to any onlooker, without having to do any additional steps like sending you encrypted email or whatnot, that you indeed own the key.

(date is included just in case ebay drops usernames, and someone else comes in to use it - the new guy's 'registered at' date would then be later than your posted date.)

now... question is where can one post a persistent bit of text (even a pastebin url) on your ebay account...

as it happens, there's a great place for that - your 'bio' on your 'my world' page ( http://myworld.ebay.com/<your_ebay_username> ).

we could even fix up some kind of standard, where a signed message containing your ebay nick, keyid, and a datestamp can be fetched by other places (e.g., the OTC bot Smiley ), and once verified with your authed GPG key id, spits out your feedback summary.

the wonders of GPG! Smiley

comments appreciated.

Join #bitcoin-market on freenode for real-time market updates.
Join #bitcoin-otc - an over-the-counter trading market. http://bitcoin-otc.com
OTC web of trust: http://bitcoin-otc.com/trust.php
My trust rating: http://bitcoin-otc.com/viewratingdetail.php?nick=nanotube
nanotube
Hero Member
*****
Offline Offline

Activity: 482
Merit: 501


View Profile WWW
March 14, 2011, 10:40:59 PM
 #5

eBay users can post arbitrary text content on their eBay My World pages: http://myworld.ebay.com/$username  A PGP key ID or fingerprint could be posted there.  I believe those pages are world-readable.

yes, i confirm that the myworld pages are in fact world-readable.

mndrix: your comments on my 'standardization' proposal would be appreciated.

Join #bitcoin-market on freenode for real-time market updates.
Join #bitcoin-otc - an over-the-counter trading market. http://bitcoin-otc.com
OTC web of trust: http://bitcoin-otc.com/trust.php
My trust rating: http://bitcoin-otc.com/viewratingdetail.php?nick=nanotube
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1080


View Profile
March 14, 2011, 11:11:32 PM
Last edit: March 14, 2011, 11:23:42 PM by grondilu
 #6

Well, it's not easy, since you must avoid quotes and anything that look like HTML, but I've managed to put "I am grondilu on eBay" in my contact information section on http://myworld.ebay.com/grondilu.

Carriage returns are skipped, too.

PS.  I've filtered GnuPG's output through xxd -p.  I think it's enough.

nanotube
Hero Member
*****
Offline Offline

Activity: 482
Merit: 501


View Profile WWW
March 15, 2011, 12:05:58 AM
 #7

Well, it's not easy, since you must avoid quotes and anything that look like HTML, but I've managed to put "I am grondilu on eBay" in my contact information section on http://myworld.ebay.com/grondilu.

Carriage returns are skipped, too.

PS.  I've filtered GnuPG's output through xxd -p.  I think it's enough.


yep, that works. unfortunate that they mangle input.

also, i notice that it is possible to create custom categories in the bio - so maybe that can go under 'pgp key' category Smiley

Join #bitcoin-market on freenode for real-time market updates.
Join #bitcoin-otc - an over-the-counter trading market. http://bitcoin-otc.com
OTC web of trust: http://bitcoin-otc.com/trust.php
My trust rating: http://bitcoin-otc.com/viewratingdetail.php?nick=nanotube
phathash (OP)
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
March 15, 2011, 08:27:23 AM
 #8

actually, posting either just the key or just the id is not enough to verify anything, since i can post /anyone's/ key. what you need to do is post a clearsigned message saying "i, user <username> on ebay, hereby declare my ownership of <keyid>, as of <date>", signed with said key.
...
comments appreciated.


True.

clearsigned message -> SHA256 -> eBay my world ?

Of course it doesn't help if the eBay account was hacked.
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1080


View Profile
March 15, 2011, 02:35:38 PM
 #9

True.

clearsigned message -> SHA256 -> eBay my world ?

Of course it doesn't help if the eBay account was hacked.

Well, if your account has been hacked, then you need to publish a message saying:

"I used to be xxxx on eBay, but my account was hacked in 20xx."

nanotube
Hero Member
*****
Offline Offline

Activity: 482
Merit: 501


View Profile WWW
March 16, 2011, 03:55:12 AM
 #10

please check out the rfc for the gpg identity protocol, posted in this thread:
http://wiki.bitcoin-otc.com/wiki/GPG_Identity_Protocol

comments appreciated. Smiley

Join #bitcoin-market on freenode for real-time market updates.
Join #bitcoin-otc - an over-the-counter trading market. http://bitcoin-otc.com
OTC web of trust: http://bitcoin-otc.com/trust.php
My trust rating: http://bitcoin-otc.com/viewratingdetail.php?nick=nanotube
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1080


View Profile
March 16, 2011, 06:49:28 AM
 #11

please check out the rfc for the gpg identity protocol, posted in this thread:
http://wiki.bitcoin-otc.com/wiki/GPG_Identity_Protocol

comments appreciated. Smiley

Instead of "gpg_identity=", what about some URI style format such as "GPG:"?

nanotube
Hero Member
*****
Offline Offline

Activity: 482
Merit: 501


View Profile WWW
March 16, 2011, 09:30:56 PM
 #12

please check out the rfc for the gpg identity protocol, posted in this thread:
http://wiki.bitcoin-otc.com/wiki/GPG_Identity_Protocol

comments appreciated. Smiley

Instead of "gpg_identity=", what about some URI style format such as "GPG:"?


is there any benefit to going uri-style?

Join #bitcoin-market on freenode for real-time market updates.
Join #bitcoin-otc - an over-the-counter trading market. http://bitcoin-otc.com
OTC web of trust: http://bitcoin-otc.com/trust.php
My trust rating: http://bitcoin-otc.com/viewratingdetail.php?nick=nanotube
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1080


View Profile
March 16, 2011, 09:39:42 PM
 #13

is there any benefit to going uri-style?

Not much, it's just shorter.  Doesn't really matter anyway.  I think one could just put nothing in front of the base-64, since this data is not supposed to be automatically parsed anyway.

nanotube
Hero Member
*****
Offline Offline

Activity: 482
Merit: 501


View Profile WWW
March 16, 2011, 10:01:40 PM
 #14

is there any benefit to going uri-style?

Not much, it's just shorter.  Doesn't really matter anyway.  I think one could just put nothing in front of the base-64, since this data is not supposed to be automatically parsed anyway.


mmm you seem to be missing the whole point - it /is/ supposed to be automatically parsed.

Join #bitcoin-market on freenode for real-time market updates.
Join #bitcoin-otc - an over-the-counter trading market. http://bitcoin-otc.com
OTC web of trust: http://bitcoin-otc.com/trust.php
My trust rating: http://bitcoin-otc.com/viewratingdetail.php?nick=nanotube
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1080


View Profile
March 16, 2011, 10:46:54 PM
 #15

mmm you seem to be missing the whole point - it /is/ supposed to be automatically parsed.

Why?  It's one time thing, isn'it?  Couldn't a human make the verification?

mndrix
Michael Hendricks
VIP
Sr. Member
*
Offline Offline

Activity: 447
Merit: 258


View Profile
March 16, 2011, 10:54:47 PM
 #16

Why?  It's one time thing, isn'it?  Couldn't a human make the verification?

The idea is to facilitate repeated ownership verifications.  So I leave a signature on my ebay account permanently.  CoinPal, OTC and others can all verify that I control the account without my intervention.
nanotube
Hero Member
*****
Offline Offline

Activity: 482
Merit: 501


View Profile WWW
March 16, 2011, 10:55:54 PM
 #17

mmm you seem to be missing the whole point - it /is/ supposed to be automatically parsed.

Why?  It's one time thing, isn'it?  Couldn't a human make the verification?


so say you're running some site like... maybe coinpal Smiley, and you want to allow people to prove to you that they own an ebay account with X feedback. would you prefer to (a) do this automagically with some gpg verification code, or (b) hire a verifymonkey to do it manually?

or, say you're on #bitcoin-otc and someone fairly new is offering a trade, and claims that he has a good ebay or amazon rating. would you rather go to their claimed ebay profile, and manually copy the string and verify gpg key, or run "getebaytrust <nick>" (or getamazontrust <nick>) and have automatic verification done for you?

hope you get the idea. Smiley

EDIT: heh, mndrix has stated the issue much more concisely, and with less snark, to boot. Smiley

Join #bitcoin-market on freenode for real-time market updates.
Join #bitcoin-otc - an over-the-counter trading market. http://bitcoin-otc.com
OTC web of trust: http://bitcoin-otc.com/trust.php
My trust rating: http://bitcoin-otc.com/viewratingdetail.php?nick=nanotube
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1080


View Profile
March 16, 2011, 11:02:21 PM
 #18

Ok I get it now.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!