@aral I imagine it's for tech support scams where scammers get remote-desktop access to computers saying they'll fix something and do nasty stuff, maybe?

I can't think of even a malicious reason why eBay would do this, except "just for the sake of it".

@cadadr @aral a site like eBay or PayPal would be very invested in making sure that trades aren't happening via proxies, bots, or scammers as well. If they take a counterinsurgency approach like FB does, it'll just be one indicator of many that maybe a user isn't legit.

^^^ :( I don't know how many times I've run something with 'it's only listening on localhost, it's fine' .. bokeh serve comes to mind, a few other things, but I know I've done it more often than just that. Ugh. WebSocket should not be allowed to do this.

@aral That practice is around since some years.
theregister.co.uk/2018/08/07/h

As the scan is limited to some well known ports with malicious intent, I would think it's really more a protection than a surveillance method. But it's creepy that it's possible.

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!