Redisplay Messages: Compact | Brief | All | Full Show Messages: All | Without Replies| Author: | Brickwilbo  | | Posted: | Feb 2, 2020 11:15 | | Subject: | Re: Feature which shows if BL member is active | | Viewed: | 31 times | | Topic: | Suggestions | |
| In Suggestions, yapke writes:
| | Hello,
I was wondering if a feature or timer, to see whether a BrickLink
member is active or has been active (like on FB messenger or WhatsApp), would
be a great idea.
|
What exactly can be considered as active, logged in or not?
| |
The reason why I'm wondering:
I'm sure there are members who logs in daily to see if another
member has reacted to their order('s invoice)/message, and are nervously
waiting until he/she/they react(s).
|
Be patient.
| |
It will also be handy to see if a member (who placed an order on your store)
is active on BL and isn't responding to your multiple messages (or just ignoring),
and easier to decide to cancel an order.
|
If the buyer doesn't respond you should start the NPB-process and complete
it before canceling the order.
| |
For example (my example):
There is a member (USA) who has placed an order on my store (Belgium) a few days
ago. I instantly filled in and sent the invoice to serve him and be able to send
the parcel (after payment) as quickly as possible. But until now, two days later,
he hasn't read the message nor has paid for the order. Now I'm just wondering
if he was active or not lately... cause the hole situation is making me nervous.
I know I should be patient... but I find it kind of weird he responded very quickly
to my last call for buying, and afterwards not responding anymore.
So if you recognize yourself in such a situation, maybe vote 'YES' and
perhaps selling on BL will be more pleasant and more serious. I'm sure there
is a lot of members thinking this way, isn't it?
Kindly greetings,
Yapke
|
|
 |
| Author: | jennnifer | | Posted: | Feb 2, 2020 11:04 | | Subject: | Re: Feature which shows if BL member is active | | Viewed: | 45 times | | Topic: | Suggestions | |
| In Suggestions, yapke writes:
| | Hello,
I was wondering if a feature or timer, to see whether a BrickLink
member is active or has been active (like on FB messenger or WhatsApp), would
be a great idea.
The reason why I'm wondering:
I'm sure there are members who logs in daily to see if another
member has reacted to their order('s invoice)/message, and are nervously
waiting until he/she/they react(s).
It will also be handy to see if a member (who placed an order on your store)
is active on BL and isn't responding to your multiple messages (or just ignoring),
and easier to decide to cancel an order.
For example (my example):
There is a member (USA) who has placed an order on my store (Belgium) a few days
ago. I instantly filled in and sent the invoice to serve him and be able to send
the parcel (after payment) as quickly as possible. But until now, two days later,
he hasn't read the message nor has paid for the order. Now I'm just wondering
if he was active or not lately... cause the hole situation is making me nervous.
I know I should be patient... but I find it kind of weird he responded very quickly
to my last call for buying, and afterwards not responding anymore.
So if you recognize yourself in such a situation, maybe vote 'YES' and
perhaps selling on BL will be more pleasant and more serious. I'm sure there
is a lot of members thinking this way, isn't it?
Kindly greetings,
Yapke
|
Yes, we used to have the ability to see when a buyer had last logged on. This
feature was just removed last month due to 'privacy' issues. It's
unfortunate as it was a valuable tool for sellers. Hopefully, they find a way
to restore it soon.
Jen
|
|
| Author: | yapke | | Posted: | Feb 2, 2020 10:51 | | Subject: | Feature which shows if BL member is active | | Viewed: | 101 times | | Topic: | Suggestions | | Status: | Open | | Vote: | [Yes|No] | |
| Hello,
I was wondering if a feature or timer, to see whether a BrickLink
member is active or has been active (like on FB messenger or WhatsApp), would
be a great idea.
The reason why I'm wondering:
I'm sure there are members who logs in daily to see if another
member has reacted to their order('s invoice)/message, and are nervously
waiting until he/she/they react(s).
It will also be handy to see if a member (who placed an order on your store)
is active on BL and isn't responding to your multiple messages (or just ignoring),
and easier to decide to cancel an order.
For example (my example):
There is a member (USA) who has placed an order on my store (Belgium) a few days
ago. I instantly filled in and sent the invoice to serve him and be able to send
the parcel (after payment) as quickly as possible. But until now, two days later,
he hasn't read the message nor has paid for the order. Now I'm just wondering
if he was active or not lately... cause the hole situation is making me nervous.
I know I should be patient... but I find it kind of weird he responded very quickly
to my last call for buying, and afterwards not responding anymore.
So if you recognize yourself in such a situation, maybe vote 'YES' and
perhaps selling on BL will be more pleasant and more serious. I'm sure there
is a lot of members thinking this way, isn't it?
Kindly greetings,
Yapke
|
|
| Author: | Erikmax | | Posted: | Jan 29, 2020 12:23 | | Subject: | Re: Address fields require clear labels | | Viewed: | 67 times | | Topic: | Suggestions | |
| In Suggestions, Teup writes:
| | In Suggestions, Erikmax writes:
| | From 1/1-2020 it is no longer possible to ship goods internationally in a letter
by PostNL. There has been a lot about this in this forum.
Professional dealers can still ship at a special rate using the online system.
But this online system requires filling in fields ´very strictly´ so street,
number, extra number, region, city, postcode.
We used to copypaste BL adresses, annd expected the local post to make the right
interpretation. But this is no longer possible.
Especially Asian adresses (S.Korea,Taiwan,Japan, China, Hong Kong) now gives
some questions, because it is not allways clear ´what is what´. Japanese addresses
come in the opposite order, sometimes there is as name or number, appartment
names and numbers that can be mixed up with a streetname, and there is the problem
that numbers come before streetnames on the label- streetnumbers are printed
AFTER the streetname. In many adresses it looks that things are mentioned twice,
but possible name of city and region are the same.
More postal administrations will adopt this new system thatis required by UPU,
(countries like USA will no longer accept and may even destroy shipments without
'prior notice of content', that's what postNL tells us) so this problem
would grow in the future.
In fact this requires a new way to display adresses ( "WITH LABEL") on brickink
to avoid `wrong` or incomplete adresses to be used.
Even more important because the lines on this label is limited and unneccesary
information pushes out important information from the line.
|
+1
It's good for two reasons - first to avoid mistakes as you describe, and
secondly, sellers automate the process in their own software, either with the
API or with CSV/Excel uploads. I want to do that too, but my software will only
be able to generate the right data if it in fact is told what is what. It saves
a significant amount of time doing it automated, but without clear fields, the
only way to do it is manually as it requires human common sense..
I'm sure it would be useful for more sellers than just the Dutch ones.
|
Yes I fully agree with this. And the importance of this will grow with the further
worldwide introduction of this electronic 'exchange' of shipping details.
So I hope we will get some more support to make some changes in the way Bricklink
displays the addresses. Fixed fields for all addres components is the best way
to achieve this.
|
|
| Author: | Teup | | Posted: | Jan 29, 2020 09:46 | | Subject: | Re: Address fields require clear labels | | Viewed: | 46 times | | Topic: | Suggestions | |
| In Suggestions, Erikmax writes:
| | From 1/1-2020 it is no longer possible to ship goods internationally in a letter
by PostNL. There has been a lot about this in this forum.
Professional dealers can still ship at a special rate using the online system.
But this online system requires filling in fields ´very strictly´ so street,
number, extra number, region, city, postcode.
We used to copypaste BL adresses, annd expected the local post to make the right
interpretation. But this is no longer possible.
Especially Asian adresses (S.Korea,Taiwan,Japan, China, Hong Kong) now gives
some questions, because it is not allways clear ´what is what´. Japanese addresses
come in the opposite order, sometimes there is as name or number, appartment
names and numbers that can be mixed up with a streetname, and there is the problem
that numbers come before streetnames on the label- streetnumbers are printed
AFTER the streetname. In many adresses it looks that things are mentioned twice,
but possible name of city and region are the same.
More postal administrations will adopt this new system thatis required by UPU,
(countries like USA will no longer accept and may even destroy shipments without
'prior notice of content', that's what postNL tells us) so this problem
would grow in the future.
In fact this requires a new way to display adresses ( "WITH LABEL") on brickink
to avoid `wrong` or incomplete adresses to be used.
Even more important because the lines on this label is limited and unneccesary
information pushes out important information from the line.
|
+1
It's good for two reasons - first to avoid mistakes as you describe, and
secondly, sellers automate the process in their own software, either with the
API or with CSV/Excel uploads. I want to do that too, but my software will only
be able to generate the right data if it in fact is told what is what. It saves
a significant amount of time doing it automated, but without clear fields, the
only way to do it is manually as it requires human common sense..
I'm sure it would be useful for more sellers than just the Dutch ones.
|
|
| Author: | Erikmax | | Posted: | Jan 29, 2020 09:16 | | Subject: | Address fields require clear labels | | Viewed: | 87 times | | Topic: | Suggestions | | Status: | Open | | Vote: | [Yes|No] | |
| From 1/1-2020 it is no longer possible to ship goods internationally in a letter
by PostNL. There has been a lot about this in this forum.
Professional dealers can still ship at a special rate using the online system.
But this online system requires filling in fields ´very strictly´ so street,
number, extra number, region, city, postcode.
We used to copypaste BL adresses, annd expected the local post to make the right
interpretation. But this is no longer possible.
Especially Asian adresses (S.Korea,Taiwan,Japan, China, Hong Kong) now gives
some questions, because it is not allways clear ´what is what´. Japanese addresses
come in the opposite order, sometimes there is as name or number, appartment
names and numbers that can be mixed up with a streetname, and there is the problem
that numbers come before streetnames on the label- streetnumbers are printed
AFTER the streetname. In many adresses it looks that things are mentioned twice,
but possible name of city and region are the same.
More postal administrations will adopt this new system thatis required by UPU,
(countries like USA will no longer accept and may even destroy shipments without
'prior notice of content', that's what postNL tells us) so this problem
would grow in the future.
In fact this requires a new way to display adresses ( "WITH LABEL") on brickink
to avoid `wrong` or incomplete adresses to be used.
Even more important because the lines on this label is limited and unneccesary
information pushes out important information from the line.
|
|
| Author: | Rick_S. | | Posted: | Jan 28, 2020 16:53 | | Subject: | Re: Attack of the Blusers | | Viewed: | 78 times | | Topic: | Suggestions | |
| In Suggestions, BLUSER13161 writes:
| | In Suggestions, yorbrick writes:
| | bluser numbers assigned already
but just happen to be known by our chosen usernames instead.
|
Yes, your bluser number can be seen by going to your Account Info page. The
second bit of information there is titled User ID. That's your bluser number.
Someday in the distant future, when we're all dead, they'll eject us
from the system and make us blusers, too. Not too fond of the idea, as I'd
rather be remembered as StormChaser, not BLUSER_13161.
Doesn't matter what I want, though.
|
I'm BLUSER 9140 
|
|
| Author: | infinibrix | | Posted: | Jan 28, 2020 16:41 | | Subject: | Re: Lego AMA Should we +1 questions? | | Viewed: | 58 times | | Topic: | Suggestions | |
| In Suggestions, Admin_Russell writes:
| | Please do not "+1" or otherwise comment on the AMA questions. If you want to
ask a question that has already been asked, ask it again in your own words as
a reply to the original post.
Thank you!
|
Okay thank you for confirming Russell
|
| Author: | Minifig_Central | | Posted: | Jan 28, 2020 16:37 | | Subject: | Re: Lego AMA Should we +1 questions? | | Viewed: | 46 times | | Topic: | Suggestions | |
| Can you please reply to my post in relation to site performance issues? I'd
like to at least know they've been acknowledged/started to be worked on.
|
|
| Author: | Admin_Russell | | Posted: | Jan 28, 2020 16:35 | | Subject: | Re: Lego AMA Should we +1 questions? | | Viewed: | 84 times | | Topic: | Suggestions | |
| Please do not "+1" or otherwise comment on the AMA questions. If you want to
ask a question that has already been asked, ask it again in your own words as
a reply to the original post.
Thank you!
In Suggestions, infinibrix writes:
| | With regards to the below part of the announcement Lego says they will update
the FAQ with our ‘MOST’ top-of-mind questions does that mean those questions
that get asked the most will more likely get answered? and in which case if I
have the same question as what someone else has already asked should I just +1
it or would that cause more confusion?
I would assume that all the main questions will remain on the far left and easy
for Lego to spot in fact any staggered +1’s underneath it should actually indicate
to Lego that several people are showing an interest in the same question but
at the same time I don’t know if it’s a good idea or not? Only repeating the
same questions again would seem even more confusing? Any thoughts?
“Please do add your questions in the thread below*. We will update the LEGO FAQ
on an ongoing basis with your most top-of-mind questions, until the closing of
the AMA on 31st January 2020 at 9AM EST.”
|
|
|
| Author: | infinibrix | | Posted: | Jan 28, 2020 16:25 | | Subject: | Re: Lego AMA Should we +1 questions? | | Viewed: | 47 times | | Topic: | Suggestions | |
| In Suggestions, SylvainLS writes:
| | In Suggestions, infinibrix writes:
| | With regards to the below part of the announcement Lego says they will update
the FAQ with our ‘MOST’ top-of-mind questions does that mean those questions
that get asked the most will more likely get answered? and in which case if I
have the same question as what someone else has already asked should I just +1
it or would that cause more confusion?
I would assume that all the main questions will remain on the far left and easy
for Lego to spot in fact any staggered +1’s underneath it should actually indicate
to Lego that several people are showing an interest in the same question but
at the same time I don’t know if it’s a good idea or not? Only repeating the
same questions again would seem even more confusing? Any thoughts?
|
As already been noted, people don’t read the FAQ before posting their questions.
Why do you believe they read all the previous questions? (Especially on a slooowwww
BL day, like this, er, month.)
But for some forum junkies, people just read the announcement and ask their question(s).
|
Well the high number of views against each post and the number of subsequent
comments would suggest they are being read and whilst some people are repeating
certain stuff from the FAQ including myself to a certain degree I think its just
because people are looking for a litttle more elaboration on what's previously
been anounced.
|
|
| Author: | SylvainLS | | Posted: | Jan 28, 2020 15:56 | | Subject: | Re: Lego AMA Should we +1 questions? | | Viewed: | 49 times | | Topic: | Suggestions | |
| In Suggestions, infinibrix writes:
| | With regards to the below part of the announcement Lego says they will update
the FAQ with our ‘MOST’ top-of-mind questions does that mean those questions
that get asked the most will more likely get answered? and in which case if I
have the same question as what someone else has already asked should I just +1
it or would that cause more confusion?
I would assume that all the main questions will remain on the far left and easy
for Lego to spot in fact any staggered +1’s underneath it should actually indicate
to Lego that several people are showing an interest in the same question but
at the same time I don’t know if it’s a good idea or not? Only repeating the
same questions again would seem even more confusing? Any thoughts?
|
As already been noted, people don’t read the FAQ before posting their questions.
Why do you believe they read all the previous questions? (Especially on a slooowwww
BL day, like this, er, month.)
But for some forum junkies, people just read the announcement and ask their question(s).
|
|
| Author: | infinibrix | | Posted: | Jan 28, 2020 14:31 | | Subject: | Lego AMA Should we +1 questions? | | Viewed: | 156 times | | Topic: | Suggestions | | Status: | Open | | Vote: | [Yes|No] | |
| With regards to the below part of the announcement Lego says they will update
the FAQ with our ‘MOST’ top-of-mind questions does that mean those questions
that get asked the most will more likely get answered? and in which case if I
have the same question as what someone else has already asked should I just +1
it or would that cause more confusion?
I would assume that all the main questions will remain on the far left and easy
for Lego to spot in fact any staggered +1’s underneath it should actually indicate
to Lego that several people are showing an interest in the same question but
at the same time I don’t know if it’s a good idea or not? Only repeating the
same questions again would seem even more confusing? Any thoughts?
“Please do add your questions in the thread below*. We will update the LEGO FAQ
on an ongoing basis with your most top-of-mind questions, until the closing of
the AMA on 31st January 2020 at 9AM EST.”
|
|
| Author: | HayTanBricks | | Posted: | Jan 28, 2020 06:12 | | Subject: | Re: New Payment Method | | Viewed: | 61 times | | Topic: | Suggestions | |
| Yes a blank option would be great. While AfterPay or Zippay won’t integrate with
Market place platforms, a blank option will give us the availability to use an
alternative payment solution
In Suggestions, LaygoAdelaide writes:
| | Would it be possible to add another payment method.
Afterpay
Zip Pay
or at least have a blank one so that we can input our own custom method.
|
|
|
| Author: | bb1301425 | | Posted: | Jan 27, 2020 07:39 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 55 times | | Topic: | Suggestions | |
| In Suggestions, patpendlego writes:
| | Please implement 2FA or some other additional login security to BrickLink account.
|
Please don't. I've dealt with 2FA supporting medical and financial software
for years. It's a pain to set up, and the training curve with too many users
is a vertical wall. I've yet to see a 2FA provider who doesn't have outages
every few weeks, and your phone is NOT secure. For what is a retail operation,
over complicated processes and ticked off customers lead to less of a retail
operation. Add in the expense of doing this internationally, and you will see
a notable jump in what TLG has to skim off the top for fees. Not something that
any of us want.
Use paypal, tie it to your credit card. That will give you security for your
money. If you're worried about some getting in and messing with your inventory....
Don't invent things to be scared of.
|
|
| Author: | leggodtshop | | Posted: | Jan 26, 2020 08:51 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 33 times | | Topic: | Suggestions | |
| In Suggestions, mfav writes:
|
| Author: | jonwil | | Posted: | Jan 26, 2020 08:07 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 35 times | | Topic: | Suggestions | |
| I support the idea of proper 2FA. Messages to a phone or mobile device (via SMS
or otherwise) is not proper 2FA. Supporting the U2F standard would be perfect
IMO, its designed to be a 2FA solution that avoids all the problems of using
phones as a 2FA solution. And its open and well documented (and AFAIK designed
to be easy for sites to implement)
It can (if implement correctly) even help stop phishing attacks (where someone
creates a fake web page designed to make you think its the real page and then
uses that fake page to steal login information or otherwise do nefarious things)
|
|
| Author: | HillbillyBricks | | Posted: | Jan 26, 2020 04:37 | | Subject: | Re: Ability to identify parts for a specific set | | Viewed: | 37 times | | Topic: | Suggestions | |
| In Suggestions, Brickwilbo writes:
| | In Suggestions, HillbillyBricks writes:
| | How can you get a list of parts that you have in your inventory for a specific
set.
|
On your My Inventory page in the extra options Search My Inventory you can enter
a set number.
| | In the price guide it will tell you how many parts you have in inventory
for a set. I want to know what those parts are.
|
Check the option Show Items in My Inventory to see if you've got the items
in your inventory on the Catalog page:
https://www.bricklink.com/catalogOptions.asp?viewFrom=P
Thank you. I'm lost. I do not see an option that works.
|
|
|
| Author: | CALBrickLAB | | Posted: | Jan 25, 2020 20:21 | | Subject: | USPS postage zones | | Viewed: | 148 times | | Topic: | Suggestions | | Status: | Open | | Vote: | [Yes|No] | |
| As I go through updating my postage for the USPS rate increase in effect on Monday,
I'm reminded that we still don't have the ability to use zone pricing
based on zip codes for shipping. We all use the same zone groupings, so we would
just need a chart set up like we do for international shipping, but with the
9 zone fields. I end up overcharging and giving refunds if the amount is excessive.
Thanks,
Romy
|
|
| Author: | yorbrick | | Posted: | Jan 24, 2020 13:37 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 43 times | | Topic: | Suggestions | |
| In Suggestions, SylvainLS writes:
| | In Suggestions, bje writes:
| | […]
+1^google*1^google
Enough said
|
Er, Jean, I’ve noticed you already used “+1^google*1^google” or something similar
a couple of times.
You do know 1^(whatever) is always 1, don’t you?
|
Not if it is 1^8 because then it is an emoticon wearing glasses doing a headstand.
|
| Author: | SylvainLS | | Posted: | Jan 24, 2020 13:06 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 25 times | | Topic: | Suggestions | |
| In Suggestions, bje writes:
| | […]
+1^google*1^google
Enough said
|
Er, Jean, I’ve noticed you already used “+1^google*1^google” or something similar
a couple of times.
You do know 1^(whatever) is always 1, don’t you?
|
| Author: | bje | | Posted: | Jan 24, 2020 12:58 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 36 times | | Topic: | Suggestions | |
| In Suggestions, Yo_Yo_Flamingo writes:
| | In Suggestions, patpendlego writes:
| | Admin,
Please implement 2FA or some other additional login security to BrickLink account.
2FA = 2-Factor-Authentication
It could help prevent hacking or stealing of accounts and account & inventory
information.
Of course this could be set as optional on the account.
Thank you.
|
I could not be any more opposed to this.
|
+1^google*1^google
Enough said
|
|
| Author: | SylvainLS | | Posted: | Jan 24, 2020 12:47 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 32 times | | Topic: | Suggestions | |
| In Suggestions, qwertyboy writes:
| | In Suggestions, SylvainLS writes:
| | The HAVE is not the phone, it’s the phone number, and that’s a KNOW. SMS can
be intercepted (both locally and remotely) and SIM cards can be duplicated.
As I said, it’s more difficult than just what script kiddies do nowadays, but
it’s only a 1k$ investment to intercept SMS remotely because the SMS protocole
is not secure. It might even already cost less.
And a malware that can intercept the SMS on the phone costs even less but you
need to put it on the phone but that is not that difficult.
So, again, yes, 2FA adds hurdles but the SMS hurdles are lower than you think
they are.
|
(I should know better than to argue with you - you always spin it around so you
are not wrong.)
|
What did I spin? 
In the local attack case, adding something to the same device that already has/knows
everything doesn’t add security, just a warm and dangerous feeling of security.
In the remote attack case, the SMS protocole is not secure and intercepting an
SMS locally or remotely is possible.
Once again, I never claimed 2FA isn’t worthy of interest, I said “please, no
SMS-2FA” and “beware having everything on the same device.”
| | I would love to see you, being in France, with any "1k$ investment" intercepting
a cell TXT message sent from BrickLink to my Canadian cell phone.
|
I’m not a criminal but I know what they are capable of.
Search for SS7, SMS and 2FA and you’ll know too.
Or keep believing in rainbow-producing unicorns.
|
|
| Author: | calsbricks | | Posted: | Jan 24, 2020 12:31 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 39 times | | Topic: | Suggestions | |
| In Suggestions, mfav writes:
Couldn't have summed it up better myself.
|
|
|
| Author: | calsbricks | | Posted: | Jan 24, 2020 12:23 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 39 times | | Topic: | Suggestions | |
| In Suggestions, Yo_Yo_Flamingo writes:
| | In Suggestions, patpendlego writes:
| | Admin,
Please implement 2FA or some other additional login security to BrickLink account.
2FA = 2-Factor-Authentication
It could help prevent hacking or stealing of accounts and account & inventory
information.
Of course this could be set as optional on the account.
Thank you.
|
I could not be any more opposed to this.
|
+10000000000000000000000000000000000000000000000000000000000000000000000000000000
Just adds more clumsiness to the site. The UK has recently adopted a multi authentication
system for online banking and shopping and to say the least it is a pain the
...., and as mobile phones are one of the most insecure devices on the planet
we simply do not understand how they can believe it is more secure. Far less
in reality/
This, perhaps, is what we see when an intellectual who sits behind a desk all
day comes up with ideas which bear no relationship to reality.
|
|
| Author: | Yo_Yo_Flamingo | | Posted: | Jan 24, 2020 12:16 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 29 times | | Topic: | Suggestions | |
| In Suggestions, patpendlego writes:
| | Admin,
Please implement 2FA or some other additional login security to BrickLink account.
2FA = 2-Factor-Authentication
It could help prevent hacking or stealing of accounts and account & inventory
information.
Of course this could be set as optional on the account.
Thank you.
|
I could not be any more opposed to this.
|
|
| Author: | qwertyboy | | Posted: | Jan 24, 2020 11:45 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 27 times | | Topic: | Suggestions | |
| In Suggestions, SylvainLS writes:
| | The HAVE is not the phone, it’s the phone number, and that’s a KNOW. SMS can
be intercepted (both locally and remotely) and SIM cards can be duplicated.
As I said, it’s more difficult than just what script kiddies do nowadays, but
it’s only a 1k$ investment to intercept SMS remotely because the SMS protocole
is not secure. It might even already cost less.
And a malware that can intercept the SMS on the phone costs even less but you
need to put it on the phone but that is not that difficult.
So, again, yes, 2FA adds hurdles but the SMS hurdles are lower than you think
they are.
|
(I should know better than to argue with you - you always spin it around so you
are not wrong.)
I would love to see you, being in France, with any "1k$ investment" intercepting
a cell TXT message sent from BrickLink to my Canadian cell phone.
Niek.
|
|
| Author: | popsicle | | Posted: | Jan 24, 2020 11:12 | | Subject: | Re: Persistent issues… | | Viewed: | 57 times | | Topic: | Suggestions | |
| In Suggestions, popsicle writes:
| | agulus’s input in this thread has reignited a persistent and nagging thought
of mine: https://www.bricklink.com/message.asp?ID=1176265
It’s a valid point made by member agulus, that has unfortunately been ongoing
as an issue, in the face of contrary input towards the feedback policy.
I’ve brought it up in the past, that a neutral should be just that, neutral,
and not effect your feedback percentage number displayed, up or down.
Beyond the obvious reasons, is the fact that there are many newish buyers that
mistakenly see BL’s neutral, as neutral. Silly people Meanwhile, it continues
to result in an amount of havoc in that arena of BrickLink.
I look forward to reading your honest thoughts
|
The thinking on this has been brought up from time to time, going back a while.
This member stated his case well, two years ago: https://www.bricklink.com/message.asp?ID=1081558
|
|
| Author: | SylvainLS | | Posted: | Jan 24, 2020 11:00 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 42 times | | Topic: | Suggestions | |
| In Suggestions, qwertyboy writes:
| | […]
| | Remote: someone copies your credentials (login+password), your KNOW.
Oh, it’s okay, they don’t have the HAVE!
But of course they do! Because your HAVE is only a phone number, which is actually
a KNOW.
|
No, you don't understand. In the case OP described, the HAVE is implemented
by a TXT message to a registered cell phone number.
- The site registers a login with username/password (the KNOW);
- It sends a TXT message to a registered cell number (the HAVE);
- User needs to type that TXT message in a separate box on the login page.
You (as a hacker) won't be able to see that TXT message because you don't
HAVE that cell phone, so you can't type that message in, and hence you can't
complete the authentication process.
Please let me know how "SylvainLS" in France can type in the secret code that
was sent to my cell phone in Canada.
|
The HAVE is not the phone, it’s the phone number, and that’s a KNOW. SMS can
be intercepted (both locally and remotely) and SIM cards can be duplicated.
As I said, it’s more difficult than just what script kiddies do nowadays, but
it’s only a 1k$ investment to intercept SMS remotely because the SMS protocole
is not secure. It might even already cost less.
And a malware that can intercept the SMS on the phone costs even less but you
need to put it on the phone but that is not that difficult.
So, again, yes, 2FA adds hurdles but the SMS hurdles are lower than you think
they are.
|
|
| Author: | qwertyboy | | Posted: | Jan 24, 2020 10:35 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 33 times | | Topic: | Suggestions | |
| In Suggestions, SylvainLS writes:
| | In Suggestions, qwertyboy writes:
| | […]
2FA is also referred to "something you know, and something you have". 2FA is
not meant to make sure it is you that is using your phone. Rather, it is meant
to do a second check after "someone" logged in (and used the "something you know")
by making sure that person also clears the "something you have" hurdle.
Saying 2FA implementations are generally flawed because they don't check
you are using the same device makes no sense. It is not meant to do that check.
It is meant to prevent "SylvainLS" in France to log into account "qwertyboy".
Good luck doing that if 2FA sends my Canadian phone a txt.
|
Let me be clearer. There are two types of attack: remote and local.
Local: someone steals or hacks your device, your HAVE.
Oh, it’s okay, they don’t have the KNOW!
But of course they do! Because everything is stored on your phone, including
the KNOW.
Remote: someone copies your credentials (login+password), your KNOW.
Oh, it’s okay, they don’t have the HAVE!
But of course they do! Because your HAVE is only a phone number, which is actually
a KNOW.
|
No, you don't understand. In the case OP described, the HAVE is implemented
by a TXT message to a registered cell phone number.
- The site registers a login with username/password (the KNOW);
- It sends a TXT message to a registered cell number (the HAVE);
- User needs to type that TXT message in a separate box on the login page.
You (as a hacker) won't be able to see that TXT message because you don't
HAVE that cell phone, so you can't type that message in, and hence you can't
complete the authentication process.
Please let me know how "SylvainLS" in France can type in the secret code that
was sent to my cell phone in Canada.
Niek.
|
|
| Author: | popsicle | | Posted: | Jan 24, 2020 09:40 | | Subject: | Re: Persistent issues… | | Viewed: | 46 times | | Topic: | Suggestions | |
| In Suggestions, Pippyblocks writes:
| | I say yes to this too, I had my first neutral quite early on and it killed my
100% there and then. It was a positive too and the customer wasn't sure how
to change it. On the flip side it means you don't ever have to worry about
maintaining 100% anymore But yeah feedback I believe has become more and
more dated across platforms. I only ever bother to look at feedback if it's
a significant amount I'm spending.
|
Fantastic input!
Thanks
|
|
| Author: | SylvainLS | | Posted: | Jan 24, 2020 09:29 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 35 times | | Topic: | Suggestions | |
| In Suggestions, qwertyboy writes:
| | […]
2FA is also referred to "something you know, and something you have". 2FA is
not meant to make sure it is you that is using your phone. Rather, it is meant
to do a second check after "someone" logged in (and used the "something you know")
by making sure that person also clears the "something you have" hurdle.
Saying 2FA implementations are generally flawed because they don't check
you are using the same device makes no sense. It is not meant to do that check.
It is meant to prevent "SylvainLS" in France to log into account "qwertyboy".
Good luck doing that if 2FA sends my Canadian phone a txt.
|
Let me be clearer. There are two types of attack: remote and local.
Local: someone steals or hacks your device, your HAVE.
Oh, it’s okay, they don’t have the KNOW!
But of course they do! Because everything is stored on your phone, including
the KNOW.
Remote: someone copies your credentials (login+password), your KNOW.
Oh, it’s okay, they don’t have the HAVE!
But of course they do! Because your HAVE is only a phone number, which is actually
a KNOW.
Granted, a KNOW a bit more difficult to use than login+password, but still very
usable.
I’m not saying 2FA is bad. I’m saying 2FA isn’t a panacea, one-device 2FAs less
of one, and SMS-2FA even less of one.
I’m not advocating not to add 2FA, I’m just saying “careful with SMS-2FA.”
Anyway, all this is moot because BrickLink, and BrickLink and phones….
|
|
| Author: | SylvainLS | | Posted: | Jan 24, 2020 09:28 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 33 times | | Topic: | Suggestions | |
| In Suggestions, patpendlego writes:
| | In Suggestions, patpendlego writes:
| | In Suggestions, SylvainLS writes:
| | In Suggestions, patpendlego writes:
| | […]
Obviously the idea behind 2FA is that you're NOT using the same device.
|
Yeah, that’s the idea but unfortunately, that’s not the common practice.
|
Apparently it is not YOUR practice. Don't generalize what you don't know.
|
|
Apparently nothing, because it’s not my practice.
I’m talking about what I see people do while you’re assuming your case is the
general one.
| | | | | | | | I
personally never use the same device. Also, besides SMS there are authentication
apps which are secured by a pincode. In general, 2FA is regarded as the standard
safe login method today whereas 1FA is considered not safe enough anymore. Hence
the suggestion.
|
I understand the suggestion. I’m just pointing one pitfall.
“Regarded” is the problem here: people feel confident when in reality the implementation
is generally flawed.
How many websites check you’re not using the same device?
None, because it can’t be done.
|
2FA is not meant to be 100% safe,
|
|
Nothing is 100% safe, that’s not my point.
My point is things being presented as safer than they are.
| | | | just SAFER than 1FA. You do not have to use
it if you don't want to. But, if the passwords were stolen, they can login
with 1FA but not with 2FA.
|
|
Except that, if they have your phone number, — and they will get it when they
get your passwords —, they can intercept your SMS.
Granted, it demands a little bit more investment than what script kiddies are
used to _now_, but SMS-2FA is less safe than other 2FAs.
And what one-device 2FAs do is actually replace a KNOW, your login+password,
with a HAVE, your device, because the device already KNOWS everything.
| | Even if you have just one device only, as you have Sylvain
|
Assume, assume….
|
|
| Author: | Pippysblocks | | Posted: | Jan 24, 2020 08:57 | | Subject: | Re: Persistent issues… | | Viewed: | 48 times | | Topic: | Suggestions | |
| I say yes to this too, I had my first neutral quite early on and it killed my
100% there and then. It was a positive too and the customer wasn't sure how
to change it. On the flip side it means you don't ever have to worry about
maintaining 100% anymore But yeah feedback I believe has become more and
more dated across platforms. I only ever bother to look at feedback if it's
a significant amount I'm spending.
In Suggestions, popsicle writes:
| | agulus’s input in this thread has reignited a persistent and nagging thought
of mine: https://www.bricklink.com/message.asp?ID=1176265
It’s a valid point made by member agulus, that has unfortunately been ongoing
as an issue, in the face of contrary input towards the feedback policy.
I’ve brought it up in the past, that a neutral should be just that, neutral,
and not effect your feedback percentage number displayed, up or down.
Beyond the obvious reasons, is the fact that there are many newish buyers that
mistakenly see BL’s neutral, as neutral. Silly people Meanwhile, it continues
to result in an amount of havoc in that arena of BrickLink.
I look forward to reading your honest thoughts
-Cory
|
|
|
| Author: | agulus | | Posted: | Jan 24, 2020 08:56 | | Subject: | Re: Persistent issues… | | Viewed: | 29 times | | Topic: | Suggestions | |
| In Suggestions, crxefx writes:
| | Same feeling exactly. As much as I love the 100% feedback score our store has,
I will admit that we have made mistakes that should have received neutral feedback
at some point. On the other hand, If you have 1000 positives and 10 neutrals.
Should you still have 100% feedback score? I'm not sure myself how to approach
the feedback system. To compound on that thought, When ordering I never bother
to check a sellers feedback rating so... Does it matter? Does everyone take the
time to check? I don't know.
-Andy
|
For me as a seller the best meaning for neutral would be for example
that in worst scenario there were problems with order but
it was easy to work on the issue with seller but the buyer
is not 100% satisfied because he/she got only a refund not the part
he/she needed. I wouldn't mind to get a neutral in those
situations if this feedback wouldn't change the percentage.
Sometimes I buy parts on BL and I always look at feedback.
It gives you a lot of information about the seller.
-Agnes
|
|
| Author: | popsicle | | Posted: | Jan 24, 2020 08:36 | | Subject: | Re: Persistent issues… | | Viewed: | 35 times | | Topic: | Suggestions | |
| In Suggestions, crxefx writes:
| | Same feeling exactly. As much as I love the 100% feedback score our store has,
I will admit that we have made mistakes that should have received neutral feedback
at some point. On the other hand, If you have 1000 positives and 10 neutrals.
Should you still have 100% feedback score? I'm not sure myself how to approach
the feedback system. To compound on that thought, When ordering I never bother
to check a sellers feedback rating so... Does it matter? Does everyone take the
time to check? I don't know.
-Andy
|
Valid thoughts. Good input.
Thanks
|
|
| Author: | popsicle | | Posted: | Jan 24, 2020 08:30 | | Subject: | Re: Persistent issues… | | Viewed: | 36 times | | Topic: | Suggestions | |
| In Suggestions, leopard37 writes:
| | In Suggestions, infinibrix writes:
| | In an ideal world if the feedback system was worded a little differently we'd
see a more meaningful feedback system perhaps where sellers could actually get
better recognition when they go above and beyond the norm! i.e If it was worded
something like this:-
Please rate this transaction:-
Bad - (Problems with the transaction)
Good - (Smooth transaction)
Outstanding - (Seller went beyond expectations!)
Imagine you have two sellers with 500 feedback where one has 492 Good and 8 Outstanding
the other has 425 Good and 75 Outstanding this would give a whole new meaning
to the feedback system and how we see sellers overall rather than the somewhat
redundant Neutral which seems to be seen as a minor negative!
|
How many new users rate the postal system not the order. This is also a flaw.
Especially if the seller doesn't accurately say when the package was shipped.
Tyson.
|
Good point!
Thanks
|
|
| Author: | popsicle | | Posted: | Jan 24, 2020 08:29 | | Subject: | Re: Persistent issues… | | Viewed: | 54 times | | Topic: | Suggestions | |
| In Suggestions, infinibrix writes:
| | In an ideal world if the feedback system was worded a little differently we'd
see a more meaningful feedback system perhaps where sellers could actually get
better recognition when they go above and beyond the norm! i.e If it was worded
something like this:-
Please rate this transaction:-
Bad - (Problems with the transaction)
Good - (Smooth transaction)
Outstanding - (Seller went beyond expectations!)
Imagine you have two sellers with 500 feedback where one has 492 Good and 8 Outstanding
the other has 425 Good and 75 Outstanding this would give a whole new meaning
to the feedback system and how we see sellers overall rather than the somewhat
redundant Neutral which seems to be seen as a minor negative!
|
What a novel idea. I like it. A seller can better work at negating the effects
of mistakes or unjust feedback
Thanks
|
|
| Author: | BrickCompulsion | | Posted: | Jan 24, 2020 06:11 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 35 times | | Topic: | Suggestions | |
| In Suggestions, patpendlego writes:
| | Admin,
Please implement 2FA or some other additional login security to BrickLink account.
2FA = 2-Factor-Authentication
It could help prevent hacking or stealing of accounts and account & inventory
information.
Of course this could be set as optional on the account.
Thank you.
|
I would fully support and do fully encourage this to happen
|
|
| Author: | infinibrix | | Posted: | Jan 24, 2020 05:36 | | Subject: | Re: Persistent issues… | | Viewed: | 48 times | | Topic: | Suggestions | |
| In Suggestions, leopard37 writes:
| | In Suggestions, infinibrix writes:
| | In an ideal world if the feedback system was worded a little differently we'd
see a more meaningful feedback system perhaps where sellers could actually get
better recognition when they go above and beyond the norm! i.e If it was worded
something like this:-
Please rate this transaction:-
Bad - (Problems with the transaction)
Good - (Smooth transaction)
Outstanding - (Seller went beyond expectations!)
Imagine you have two sellers with 500 feedback where one has 492 Good and 8 Outstanding
the other has 425 Good and 75 Outstanding this would give a whole new meaning
to the feedback system and how we see sellers overall rather than the somewhat
redundant Neutral which seems to be seen as a minor negative!
|
How many new users rate the postal system not the order. This is also a flaw.
Especially if the seller doesn't accurately say when the package was shipped.
Tyson.
|
But if you let the buyer know when the goods were or will be shipped most buyers
will be understanding and take that into consideration. Sometimes you may be
penalised because of the fault of the courier but as sellers we are all in the
same boat and if you nearly always ship same day or next business day this in
the long term will be reflected overall in your feedback rating whereas if a
seller usually ships within 3-4 days it stands to reason that their rating might
not be so good for instance an 'Outstanding' rating might be given where
a buyer pays for their order right at the end of the day 4-5pm and is surprised
and overwhelmed to get their goods next day therefore they might decide leave
an oustanding instead of Good.
|
|
| Author: | crxefx | | Posted: | Jan 24, 2020 01:44 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 46 times | | Topic: | Suggestions | |
| Lol! what if you only have one device thought  |
| Author: | leggodtshop | | Posted: | Jan 24, 2020 01:28 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 37 times | | Topic: | Suggestions | |
| In Suggestions, patpendlego writes:
| | Admin,
Please implement 2FA or some other additional login security to BrickLink account.
2FA = 2-Factor-Authentication
It could help prevent hacking or stealing of accounts and account & inventory
information.
Of course this could be set as optional on the account.
Thank you.
|
To clarify: with the current 1FA if Bricklink accounts were stolen all accounts
can be logged on to, with 2FA that can't.
|
|
| Author: | leggodtshop | | Posted: | Jan 24, 2020 01:23 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 42 times | | Topic: | Suggestions | |
| In Suggestions, patpendlego writes:
| | In Suggestions, SylvainLS writes:
| | In Suggestions, patpendlego writes:
| | […]
Obviously the idea behind 2FA is that you're NOT using the same device.
|
Yeah, that’s the idea but unfortunately, that’s not the common practice.
|
Apparently it is not YOUR practice. Don't generalize what you don't know.
| |
| | I
personally never use the same device. Also, besides SMS there are authentication
apps which are secured by a pincode. In general, 2FA is regarded as the standard
safe login method today whereas 1FA is considered not safe enough anymore. Hence
the suggestion.
|
I understand the suggestion. I’m just pointing one pitfall.
“Regarded” is the problem here: people feel confident when in reality the implementation
is generally flawed.
How many websites check you’re not using the same device?
None, because it can’t be done.
|
2FA is not meant to be 100% safe, just SAFER than 1FA. You do not have to use
it if you don't want to. But, if the passwords were stolen, they can login
with 1FA but not with 2FA.
|
Even if you have just one device only, as you have Sylvain
|
|
| Author: | leggodtshop | | Posted: | Jan 24, 2020 01:19 | | Subject: | Re: 2FA or some other additional login security | | Viewed: | 54 times | | Topic: | Suggestions | |
| In Suggestions, SylvainLS writes:
| | In Suggestions, patpendlego writes:
| | […]
Obviously the idea behind 2FA is that you're NOT using the same device.
|
Yeah, that’s the idea but unfortunately, that’s not the common practice.
|
Apparently it is not YOUR practice. Don't generalize what you don't know.
| |
| | I
personally never use the same device. Also, besides SMS there are authentication
apps which are secured by a pincode. In general, 2FA is regarded as the standard
safe login method today whereas 1FA is considered not safe enough anymore. Hence
the suggestion.
|
I understand the suggestion. I’m just pointing one pitfall.
“Regarded” is the problem here: people feel confident when in reality the implementation
is generally flawed.
How many websites check you’re not using the same device?
None, because it can’t be done.
|
2FA is not meant to be 100% safe, just SAFER than 1FA. You do not have to use
it if you don't want to. But, if the passwords were stolen, they can login
with 1FA but not with 2FA.
|
|
| Author: | crxefx | | Posted: | Jan 24, 2020 01:10 | | Subject: | Re: Persistent issues… | | Viewed: | 53 times | | Topic: | Suggestions | |
| Same feeling exactly. As much as I love the 100% feedback score our store has,
I will admit that we have made mistakes that should have received neutral feedback
at some point. On the other hand, If you have 1000 positives and 10 neutrals.
Should you still have 100% feedback score? I'm not sure myself how to approach
the feedback system. To compound on that thought, When ordering I never bother
to check a sellers feedback rating so... Does it matter? Does everyone take the
time to check? I don't know.
-Andy
|
|
| Author: | leopard37 | | Posted: | Jan 23, 2020 23:04 | | Subject: | Re: Persistent issues… | | Viewed: | 45 times | | Topic: | Suggestions | |
| In Suggestions, infinibrix writes:
| | In an ideal world if the feedback system was worded a little differently we'd
see a more meaningful feedback system perhaps where sellers could actually get
better recognition when they go above and beyond the norm! i.e If it was worded
something like this:-
Please rate this transaction:-
Bad - (Problems with the transaction)
Good - (Smooth transaction)
Outstanding - (Seller went beyond expectations!)
Imagine you have two sellers with 500 feedback where one has 492 Good and 8 Outstanding
the other has 425 Good and 75 Outstanding this would give a whole new meaning
to the feedback system and how we see sellers overall rather than the somewhat
redundant Neutral which seems to be seen as a minor negative!
|
How many new users rate the postal system not the order. This is also a flaw.
Especially if the seller doesn't accurately say when the package was shipped.
Tyson.
|
|
| Author: | infinibrix | | Posted: | Jan 23, 2020 22:47 | | Subject: | Re: Persistent issues… | | Viewed: | 53 times | | Topic: | Suggestions | |
| In an ideal world if the feedback system was worded a little differently we'd
see a more meaningful feedback system perhaps where sellers could actually get
better recognition when they go above and beyond the norm! i.e If it was worded
something like this:-
Please rate this transaction:-
Bad - (Problems with the transaction)
Good - (Smooth transaction)
Outstanding - (Seller went beyond expectations!)
Imagine you have two sellers with 500 feedback where one has 492 Good and 8 Outstanding
the other has 425 Good and 75 Outstanding this would give a whole new meaning
to the feedback system and how we see sellers overall rather than the somewhat
redundant Neutral which seems to be seen as a minor negative!
|
|
| Author: | popsicle | | Posted: | Jan 23, 2020 21:32 | | Subject: | Re: Persistent issues… | | Viewed: | 64 times | | Topic: | Suggestions | |
| In Suggestions, Captain_Q writes:
| | In Suggestions, popsicle writes:
| | agulus’s input in this thread has reignited a persistent and nagging thought
of mine: https://www.bricklink.com/message.asp?ID=1176265
It’s a valid point made by member agulus, that has unfortunately been ongoing
as an issue, in the face of contrary input towards the feedback policy.
I’ve brought it up in the past, that a neutral should be just that, neutral,
and not effect your feedback percentage number displayed, up or down.
Beyond the obvious reasons, is the fact that there are many newish buyers that
mistakenly see BL’s neutral, as neutral. Silly people Meanwhile, it continues
to result in an amount of havoc in that arena of BrickLink.
I look forward to reading your honest thoughts
-Cory
|
I think Bl's feedback system is somewhat dated. Neutral's should be
more benign rather then similar to negatives.
CURRENT BL FEEDBACK SYSTEM
Positive: accurate
Neutral: overly harsh / may encourage retaliation
Negative: accurate yet may encourage retaliation
I think emulating the eBay model would be a good adaptation. The feedback percentage
is more reflective of a seller's current feedback reputation of the last
12 months vs lifetime like on Bricklink. Meaning a single negative from 6 years
ago doesn't hold the overall feedback percentage down beyond a year, that
is if the seller has cleaned up their act and do no accrue any more negatives/neutrals.
I see frequent enough comment threads here on Bricklink that have complaints
about a seller or buyer receiving retaliation feedback or expressing fear that
they may receive one if they leave accurate feedback. Negatives are warning signs
for sellers to work harder and make improvements. But if the punishment is too
harsh then message may not be received properly.
This mindset has potential to create a retaliatory like atmosphere.
- Captain Q
|
Interesting thoughts and great input, as usual. Thanks!
|
|
Next Page: 5 More | 10 More | 25 More | 50 More | 100 More
|
