Your analogy might apply to a port scanner running over the Internet and looking at what ports are open on Internet-facing servers. (Though I would still argue the analogy is flawed there: port scanning Internet-facing servers is more like going up to each locked door on the street and writing down what kind of lock it has, in case you want to try to pick it later.)
But a port scanner running inside the browser on my local machine is equivalent to someone sneaking into my house and going through each room seeing what valuables are there.
I agree. It's foolish to give websites permission to do that kind of thing. There's a very simple solution: don't give them permission. Turn off javascript. Yes, ebay will complain but it'll still work. The power is in your hands. No one is forcing you to use eBay either.
Giving arbitrary websites the ability to run arbitrary code on your machine is just asking for trouble. It's like someone who opens and executes every email attachment they receive. Try out NoScript temp-whitelist only mode that blocks by default and requires manual permission giving.
> (Though I would still argue the analogy is flawed there: port scanning Internet-facing servers is more like going up to each locked door on the street and writing down what kind of lock it has, in case you want to try to pick it later.)
I disagree, there is no security mechanism in port numbers. It's just a door that opens for you or not. Checking whether a door opens for you does in no way imply that you're perhaps planning a crime.
But a port scanner running inside the browser on my local machine is equivalent to someone sneaking into my house and going through each room seeing what valuables are there.