This article is more than 1 year old

Freelancer.com code exposes bids to competitors

Not confidential information, just A/B testing

UPDATE Pay-peanuts-get-monkeys project auction site Freelancer.com seems to have had its own site built on cents-per-hour rates, and has ended up with an embarrassing information disclosure bug.

The site's programming error embeds far too much information in the HTML associated with project pages, letting those in the know look over what other bidders are saying - and bidding - to win a project.

As posted to Twitter by UK software developer Danny Tuppeny (@DanTup), information that's carried with a project page and visible simply by using a browser's “view source” instruction means at the very least that bidders can see each others' messages on a project.

Vulture South has checked the page Tuppeny referred to, and confirmed the information disclosure.

@DanTup later added that the JSON includes prices bid, payment status, bidders' earnings, and further messages between hirer and bidder.

We have contacted Freelancer.com for comment, and await the company's response. ®

UPDATE Freelancer's been in touch to say that while it looks an awful lot like the pages Tuppeny found are leaking information, he's the unfortunate victim of A/B testing, the practice of trialling different web page layouts for different users.

Some users, we're told, see the back-and-forth between hirers and freelancers as a matter of course in human-readable format. Others don't see it, but the dialog is nonetheless embedded in freelancer.com pages in machine-readable form, until someone's cunning enough to View Source and expose it to human eyeballs.

Freelancer's spokesperson insists that the conversational content uncovered by Tuppeny is always public for someone on the right side of the A/B testing divide. For those on the other side, it just looks like the company leaks.

The spokesperson said it does A/B tests all the time in an effort to declutter its pages.

Just why those tests currently create information asymmetry is another matter entirely: those on the "wrong" side of the tests are clearly being less well-informed than those on the "right' side of the tests. If you're a Freelancer user deprived of information, let us know!

More about

TIP US OFF

Send us news


Other stories you might like