Helping people with computers... one answer at a time.
Online shopping is generally very safe, but online stores do need to make sure to keep each customer's information safe from the eyes of others.
When visiting an online shopping site I didn't log on - I just clicked the site from a google search. Someone else's shopping cart and info popped up. I'm concerned because I ordered from them recently. Of course it gave the option 'if I'm not "user name" click here', but why would I get someone else's information in the first place?
That's a little scary.
I'd want to see the amount of information that was presented before I passed final judgment, but even so - even if it was something as simple as their full name I'd consider that a privacy breach.
And I'd seriously reconsider shopping at that site again.
Let me review how this might have happened.
We typically think of web sites using cookies to keep track of who you are while you're logged in and when you return. Cookies, of course, are local to your machine and are not visible to search engines and the like, so they represent a fairly reasonable way to do the job.
But they're not the only way.
In practice, many sites use a combination of cookies and parameters on the URL to keep track of what's happening.
What do I mean by "parameters on the URL"? Well, consider this link to a fictitious online retailer:
That'll take you to a site, and you'll be greeted as "visitor".
Now consider this variation:
You'll be greeted as "Leo". Change the "Leo" to whatever you like, and it'll greet you by whatever you've entered. That "Name=" after the question mark is a parameter - in fact on any URL, everything after the question mark is one or more parameters to the page.
Now, if you've looked, you're probably more likely to see parameters of the form:
... pf_rd_r=1QZ1KA166NCC9TNETGMW ...
In other words, parameter names are names that make no sense, and values that are indecipherable.
To you and me, maybe, but to the online store you might be visiting that might well be a customer ID reference, from which they can then pull your information from their databases so as to personalize your page.
Give someone else the link with that parameter and in a poorly designed system "they" could suddenly be "you".
So how'd a link with someone else's customer ID (or whatever might be encoded there) get into a search engine?
A few different ways.
Essentially any technique that search engines use to "discover" pages on the internet is fair game. That means:
Perhaps it really is a link on a web page somewhere on purpose. Not sure why, but it could happen.
Perhaps someone shared a link with someone ("hey, look at this cool product") and copied the entire URL including the encoded information into a discussion group that was later spidered by a search engine and added to the search index. This is actually pretty common as people don't clean up URLs before posting.
Perhaps the person shopping was using a toolbar provided by a search engine. Often toolbars also report back to the search engine URLS viewed, and these URLs are then added to the search index.
Regardless, it's there and apparently relevant enough to rank highly for whatever it is you searched for.
It's that simple.
I mentioned above that in a poorly designed system "they" could suddenly be "you".
That shouldn't happen.
What you've experienced - visiting a link and then seeing someone else's information for someone that was never on your computer - simply shouldn't happen. It's a privacy issue at least - even if you can't see anything else I don't want my name along side my shopping cart to be visible to anyone but me.
There are enough techniques available to web site designers to make sure that it doesn't happen.
I'd report the issue to the shopping site's customer service.
And then I'd think hard about whether I'd shop there again.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.