I'm back with some test results, as well as with the result of some research I conducted.
- - - - - -
TL;DR: I neither could replicate having eBay present me with a complaint that my browser was out of date (despite using Chrome 49 on UBot Studio v5.9.55) nor could I replicate eBay crippling my experience on their site with Captcha's despite browsing around their site for over 10+ minutes. I genuinely believe the OP's experience on eBay *is* being crippled by Captcha's, I just couldn't get eBay to cripple my experience. I cleared cookies before starting to use the eBay site. Here's a sped up version of my experience captured via Screencast-O-Matic: https://www.youtube....h?v=GdjgQZHhQWs
- - - - - -
Some questions that I wondered about in a previous post that I wanted to try and get some answers to that might be helpful to others.
1) How does eBay (or any website, for that matter):
a ) determine the content and number of cookies that are stored on a user's computer system,
It does not (not shouting, just bolding for emphasis in a sea of text) appear as though eBay can determine the content and number of cookies that are stored on a user's computer system except for cookies that may have been set by eBay itself or by third-parties which collaborate with eBay.
Here's more information regarding the exception for situations where "syndicated sites" are involved:
First yes. Simply put, if you allow a site to save your cookies, they will often share them with other syndicated sites, so that when you go to other syndicated sites, you will be prioritized to show what you've searched for.
If you want to avoid this, there are three ways:
1.Use browser focused on privacy(eg: Private Browser). Using Private Browser will keep you from being tracked, and once you exit, all of your records and passwords will be erased by default, which is the most convenient method.
2.Turn on privacy mode of the normal browser(eg:Chrome,UC,Firefox). Main browsers generally have privacy mode, and you can usually find it directly from the menu or the bottom bar and turn on it. But some also reflect that these modes are not completely private.
3.Keep Clear Browsing history. It means that each time you exit the browser, you need to go to setting>clear data. It's relatively cumbersome.
b ) determine the content and size of various cache files stored on a user's computer system, and
Maybe I wasn't sure how to research this the right way, but I couldn't find any information about how a website (be it eBay or any other site) could somehow "scan" a user's system to determine the content and size of various cache files. It's entirely plausible this happens every time someone visits eBay, I just couldn't find any information on how this would be done.
c ) read the web browsing history contained in whatever web browser a user happens to be using.
I found a very similar question to this on StackExchange, which reads in part:
The relevant reply reads in part:
The short answer is yes, though it is not as easy as you might think.
The browser stores cookies independently for each domain. That means that www.foo.com cannot access the cookies made by www.bar.com and vice versa.
The vulnerability (or loophole) is in included pages. Most advertisements come from a different domain than the page itself, so they create their own sets of cookies. When another site includes an ad from the same ad provider, they can read their own cookies created earlier and they know you visited that page earlier. This way they can only track you on sites that host their ads. This is the strategy Google uses to serve relevant ads.
Also Facebook and other social networks can do this because of their ubiquitous like, tweeet, pin etc. buttons, which are also included content. This is not avoidable without disabling cookies altogether or using private browsing, but that could be a major burden (Cookies do make the Internet convenient). I personally choose not to be paranoid of these things.
So it appears as though *some* degree of surveillance is possible -- not through the ability to scan every cookie and one's complete browsing history (or at least that's not my understanding based on the reply), but by being able to piece together information based on some of the technology described in the aforementioned StackExchange reply.
2) Would a user who routinely clears their browser cookies/cache/history be subjected to Captcha roadblocks when visiting eBay?
This is from the 'Google reCAPTCHA: Prevention of automated access' section of the eBay website:
1.5 Google reCAPTCHA: Prevention of automated access
We make use of Google reCAPTCHA ("reCAPTCHA") within the provision of our Services. reCAPTCHA is used to check and prevent interactions through automated access, for example through so-called bots (computer programs that perform tasks automatically and independently). reCAPTCHA is used in particular to check whether data input in connection with our Services (e.g. in a contact form) is carried out by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the user on the basis of various characteristics. This analysis automatically begins as soon as the user connects with the online service, e.g. visits the website. For the purposes of this analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, duration of the user's visit to the online service or the user's mouse movements). The data collected during the analysis is forwarded to Google. The analyses by reCAPTCHA are carried out entirely in the background.
It appears as though the triggering of reCaptcha, which is what eBay appears to use, is now heavily dependent on a set of subjective in-house criteria that can be established by websites to determine what constitutes so-called "suspicious" behavior -- based on a "score" provided to websites by Google.
This is a great description of the evolution of the Google reCAPTCHA system as outlined on the Google Webmaster Central Blog:
Over the last decade, reCAPTCHA has continuously evolved its technology. In reCAPTCHA v1, every user was asked to pass a challenge by reading distorted text and typing into a box. To improve both user experience and security, we introduced reCAPTCHA v2 and began to use many other signals to determine whether a request came from a human or bot. This enabled reCAPTCHA challenges to move from a dominant to a secondary role in detecting abuse, letting about half of users pass with a single click. Now with reCAPTCHA v3, we are fundamentally changing how sites can test for human vs. bot activities by returning a score to tell you how suspicious an interaction is and eliminating the need to interrupt users with challenges at all. reCAPTCHA v3 runs adaptive risk analysis in the background to alert you of suspicious traffic while letting your human users enjoy a frictionless experience on your site.
# # #
I'm actually really happy that I dug into this because the process of researching some of these questions helped educate me about several things that I really hadn't quite understood. In some ways, I'm still not entirely sure that I fully understand some of these things.