[magduf]

I don't know why people rag on eBay so much. eBay is great. Well, for certain things at least. The thing people don't get is that eBay is basically like one giant outdoor sale that one company has organized, and then leased space to a bunch of small vendors who have all set up their own little tents. Some of those vendors suck, others don't, and you're going to find stuff there that you won't see at a large brick-and-mortar retail store.

If I want to find some used auto part for a MY2001 car, Ebay is the first place I'll look, and I'll probably find it there, because tons of auto recyclers use Ebay to sell their parts. If I want to buy a small quantity of some odd item, or some item only available in other countries, Ebay is again the first place to check. In short, Ebay is perfect for finding weird things you won't find anywhere else. You do have to be careful who you buy from though, but the feedback ratings do a tolerably good job of helping you here, and you won't find this on some independent website.

Amazon has indeed gotten pretty bad in a lot of ways, because you actually don't know what you're going to get, depending on who ships the thing to you. It's still OK I think with sellers that are more independent and ship their own stuff, but for those the prices aren't usually very good and you might as well just go to Ebay.

[filoleg]

I don't know if this is true in 2019, but 2 years ago they didn't have a proper 2FA, only SMS verification. The issue was that someone figured out a way to get around that, and they were able to log in and buy a lot of expensive stuff.

I reported it to ebay, they reset passwords and set in motion the case to refund me. I removed the perpetrator's address info, changed everything, and two days later it repeated again (because no real 2FA, again). After this happened twice within the same week, i got tired of it, finally got my refund, and closed down my ebay account.

You would think that in this scenario, ebay would block the perpetrator by IP or would at least lock the ability to set the delivery address to the same one that the perpetrator used the first time around, but they did nothing of that sort, allowed that person to order more stuff through my account illegally, and left me with a lot of headache.

[Crosseye_Jack]

It’s still SMS 2FA. What I do is don’t have payment cards saved to the account.

You used to be able to use your PayPal football back in the day (a paypal branded verisign hardware 2FA) or the VIP app but they have slowly been removing that in favour of SMS 2FA to the point where I don’t think you can even add a VIP token if you tried (used to be that you could add one, but they would try their hardest to make you use SMS instead).

If you had it enabled back in the day, it’s still active on your account (both on eBay and PayPal) but you will often find your login in flow disrupted if you still use the “old style” 2FA. (Example on some login pages but not all you are able to login by amending your code to your password. But it’s hit and miss and iirc you can’t use the PayPal app at all if you have 2FA enabled and have to do business via the website.

Note: I’m aware that PayPal and eBay are 2 separate companies now. But for the longest time they acted as one that their application flow feels every similar to each other even still.

[filoleg]

I was using PayPal on my account, and they didn't have a legit 2FA back then either (now they do, thankfully). Blows my mind that something as crucial and attack-desirable as a payment system wouldn't have a legit 2FA in 2017, even though random places with way less import stuff to lose like Twitch would.