Got my parcel from ebay, I decided to leave a small response.
Everything was fine, i like so many informational mail (four overall: two from all4btc site, one from paypal about payment status, one about order status from ebay seller). But it would be better if the text in one of letters was in English, but not German.
And i fully support what 01BTC10 said:
And fees are pretty high if compare with bitsumo. I paid 7 usd fees with order price 18.16 usd, it's almost half!
Everything was fine, i like so many informational mail (four overall: two from all4btc site, one from paypal about payment status, one about order status from ebay seller). But it would be better if the text in one of letters was in English, but not German.
And i fully support what 01BTC10 said:
The problem is that once an order get confirmed you get a link that contains purchasse, order status and personnal information. This page is unprotected and any observing adversary get the name and delivery address by simply visiting that link. This page also let you contact support directly and show previous support message history. It could then be possible to change the delivery address since there is no verification that the support request is made from the legitimate buyer. Support message forwarding to email is optional and not enabled by default making this attack trivial. If email forwarding has been enabled then you can simply call them directly. I asked to a german speaking friend to call for me to change delivery address but it could have been a social engineering attack as well. Security should be increased.
And fees are pretty high if compare with bitsumo. I paid 7 usd fees with order price 18.16 usd, it's almost half!