[meerkat]

Hello friends,

Have any of you guys ever shopped from the Wonderchef online store? Are they reliable? The reason I'm asking is that the thing I'm planning to buy is not available elsewhere. Thanks for any help.
.

[RavSam]

Quote:

Originally Posted by Jaguar

Of late, I am seeing that for many products, Amazon doesn't have a free return option, just a free replacement (with the same product). Maybe a post-covid change.

Lot of well to do people have ordered clothing on Amazon, used it for functions and returned it before the return period.

Although they should not completely eliminate the return policy but can atleast reduce the number of days.

[Prowler]

Quote:

Originally Posted by binand

You don't need to reduce the level of trust just because a site uses a cert issued by Let's Encrypt. That is a canard spread by for-$$$ certificate issuers because LE was eating into their profits.

I beg to disagree. If you are collecting sensitive information in your site you will need to fork out money to obtain EV certificate from proper authority. I will quote the checks they will perform before they issue your SSL certificate:

1. Make sure you’re a legal entity, registered officially e.g. LLC (US), Ltd. (UK), Pty. Ltd. (AUS), GmbH (Germany).
2. Verify you have a legitimate place of business which will be included in your EV Certificate i.e. your listed physical address is not a mail drop, P.O. box or third party address.
3. Call you using your publicly listed phone number to make sure it’s active. And the person who signs the SSL contract must be a full-time employee.
4. Verify your operational existence, meaning a check into official records confirming your business is financially and commercially active.


The first step any potential buyer will look for is credibility. The EV Green lock establishes that you are what you claim you are. I wouldn't trust a free SSL when I am asked to pay for a product or service from that site. Let's Encrypt was basically intended for all non commercial sites - never for ecommerce sites.

Let's encrypt issues a SSL certificate to any site requesting for it. There is no checking about the ownership or address verification.

[binand]

Quote:

Originally Posted by Prowler

I beg to disagree. If you are collecting sensitive information in your site you will need to fork out money to obtain EV certificate from proper authority.

All that EV certificates "from proper authorities" achieve is a lighter bank balance. Which is why pretty much all important players (Google, Mozilla, Apple - to name a few) have chosen to ignore them. Here is a screenshot from my computer. Tell me, which of these 4 sites are using EV certificates? Where is the green lock you talk about? This is state of affairs in the browser that has 70% market share.



It is not just me; it is industry observers with a lot more credibility that say this.

All the much-vaunted EV verification can be bypassed. It is all trivial. The whole EV concept was simply a money-grab exercise to which browser & policy makers got wise soon enough.

Here's Troy Hunt saying essentially the same thing, a year+ back:

https://www.troyhunt.com/extended-va...y-really-dead/

Edit: In the screenshot above, HDFC Bank's site is using an EV certificate. None of the others are.

[Prowler]

Quote:

Originally Posted by binand

All the much-vaunted EV verification can be bypassed. It is all trivial.

In the screenshot above, HDFC Bank's site is using an EV certificate. None of the others are.

I don't understand why we need to have this argument. The accepted best industry practices expect an ecommerce/financial companies of repute to buy an EV SSL certificate. If I start an ecommerce site, somebody of industrial standing has to say something positive about my company to establish some basic credibility. We don't run companies like Google, Apple or Microsoft.

EV verification process is not trivial. It took me nearly 2 months to get one for a client. The EV certificate's Green lock with the company name has been relegated to the Information box from the address bar. And the ICICI bank site you show is the first screen. When you select the option of Corporate/Personal Login part, it will take you to the primary banking section protected by the EV SSL as shown here:

[binand]

Quote:

Originally Posted by Prowler

The accepted best industry practices expect an ecommerce/financial companies of repute to buy an EV SSL certificate.

The whole point is, a few years back what you are saying was indeed considered a best practice (say, till 2016 or so), but it is no longer the case.

No EV examples (quick check):

* Ecommerce: Flipkart.com, Amazon.in, Swiggy.com.

* Finance: Hdfcsec.com, LicIndia.in, Paytm.com, incometaxindiaefiling.gov.in

* Other important sites: uidai.gov.in, digilocker.gov.in, pmcares.gov.in (this is on Let's Encrypt)

Quote:

Originally Posted by Prowler

When you select the option of Corporate/Personal Login part, it will take you to the primary banking section protected by the EV SSL as shown here:

Not enough people do all those steps to verify the EV-ness of the certificate rendering the whole thing meaningless. Hence the obsolescence. EV as it is currently defined is dead.

From the site owner perspective there is no ROI is spending that much extra and going through those additional hoops to get an EV cert. So as and when existing EV certs expire they will get replaced with non-EV equivalents.

From the end user perspective, most of us didn't bother with whether the site was on EV or not, so it is an irrelevant detail.

From the issuer perspective - yes, there is a loss of revenue and for good reason. You can't fool all the people all the time.

That's all to it.

[dmplog]

Ordered ASUS Laptop (ASUS VivoBook 14 M409DA-EK147T) which was needed for general usage (no gaming or heavy graphics work involved). It was ordered on 17th through Amazon.

* Delivery Date initially was 20-Oct on the date of ordering
* It got changed to 20 to 24 Oct on the next day
* Today, it's 21-Oct and still it's in "Preparing for Dispatch" status

I never had this experience from Amazon. Their initial delivery estimates were always on the dot.

Is anyone else experiencing similar slippages in deliver timelines?

[PPS]

Quote:

Originally Posted by dmplog

* Delivery Date initially was 20-Oct on the date of ordering
* It got changed to 20 to 24 Oct on the next day
* Today, it's 21-Oct and still it's in "Preparing for Dispatch" status

When I booked my iPhone 11 on 16th , the delivery date was shown as 24th October, but it arrived much ahead of schedule on 18th! While on the other hand, 32gb pen drive which was booked on 18th is yet to be dispatched.

[anoop.u]

Quote:

Originally Posted by Prowler

I don't understand why we need to have this argument.

At the risk of going OT, a few points I wanted to add:

1. All vallid SSL certificates (EV,DV,OV) offer the same industry-standard encryption strength. You do not get more protection from EV than DV—it’s exactly the same.

2. The only differentiating factor is that in the case of EV you can be certain that the URL (website) opened by you is being served by the intended provider protecting you from phishing provided you make sure to check the SSL certificate of each and every website you visit.

3. An EV certificate does not guarantee that the company you are dealing with isnt shady. An EV SSL valid for 3m/6m/1 year will continue to show the so called green bar, even if the physical company goes under the bus for whatever reason after the certificate was issued.

4. Regular SSL certificates should be enough as long as the eCommerce website does not accept card payemnts directly on its website. Usually all such payments are routed to a 3rd party payment gateway provider where the actual transaction takes place and the transaction details are then passed on to the ecommerce website. (This might not apply for the bigger players like amazon, flipkart etc)

5. A few references:
https://www.flipkart.com : Uses DV
https://www.amazon.in : Uses DV
https://www.onlinesbi.com : Uses EV
https://www.icicibank.com : Uses DV
https://infinity.icicibank.com : Uses OV


NOTE:
EV: Extended Validated (green bar, business name)
OV: Oraganization Validated (no green bar, only business name)
DV: Domain Validated (no green bar, no business name)

No disrespect meant to any of the views mentioned above, I just wanted to share what I know. Do let me know if I have got anything wrong above, i'm no expert either.

Regards,
Anoop

[msdivy]

Quote:

Originally Posted by Prowler

EV verification process is not trivial. It took me nearly 2 months to get one for a client.

Quote:

Originally Posted by binand

Which is why pretty much all important players (Google, Mozilla, Apple - to name a few) have chosen to ignore them.

Security-wise EV doesn't offer anything extra than DV.
DV + red-tape = EV.

[Sebring]

Amazon delivered an empty bottle of Arielmatic liquid detergent (Ordered during the Sale). I got so offended (Felt like a fool, opening the big carton and seeing the singular empty bottle inside). Gave them a piece of my mind over the phone and got my money back

[SS80]

Recently I ordered a exide UPS 1050va and a 42amp smf battery. The UPS came with broken warranty seal and battery was cracked with positive terminal bent (probably due to a fall). For the UPS they accepted the return, but for the battery they are investigating the matter and would give a resolution by tomorrow.

[meerkat]

Quote:

Originally Posted by Sebring

Amazon delivered an empty bottle of Arielmatic liquid detergent (Ordered during the Sale). I got so offended (Felt like a fool, opening the big carton and seeing the singular empty bottle inside). Gave them a piece of my mind over the phone and got my money back

Was it a "Fulfilled by Amazon" order? Who was the seller in any case, if I may ask?

I almost exclusively place only "Fulfilled by Amazon" orders, and even so, mostly from Cloudtail or Appario, -- or only if the seller is a highly rated big name one. Similar policy for Flipkart purchases too ("fAssured"). Thankfully, so far haven't faced anything like what you have above!

Quote:

Originally Posted by SS80

Recently I ordered a exide UPS 1050va and a 42amp smf battery. The UPS came with broken warranty seal and battery was cracked with positive terminal bent (probably due to a fall). For the UPS they accepted the return, but for the battery they are investigating the matter and would give a resolution by tomorrow.

Which e-commerce site did you order from?

Quote:

Originally Posted by nagr22

I ordered a Blaupunkt car stereo during the big billion day sale from Flipkart .....
.
.
The invoice mentioned 'B5' as the serial number but the product has 'BPxxxxx075'. Basically they just entered the first and last digit of the serial number on the invoice instead of the 14 digits which the actual serial number had. Now I had to raise another complaint for this serial number mismatch and they have escalated this issue with the seller and told me that "if" the seller agrees that it's a mistake then he will update the invoice and then I can raise a return. Now I am at the mercy of the seller. ...

How can the seller deny a clear mistake when the "serial number" on the invoice was not even a legitimate one (only 2 characters instead of the expected 14) ?! -- Again, was it an "fAssured" order?
.

[Sebring]

Sold by Cloudtail and fulfilled by Amazon, unfortunately

Quote:

Originally Posted by meerkat

Was it a "Fulfilled by Amazon" order? Who was the seller in any case, if I may ask?I almost exclusively place only "Fulfilled by Amazon" orders, and even so, mostly from Cloudtail or Appario, -- or only if the seller is a highly rated big name one

[balenoed_]

I am not sure if this is a new scam, but it happened yesterday.

My wife have ordered some lip balms through Amazon few days back. Yesterday she received a call from a courier guy saying he is in front of the house to deliver and it is in COD mode. Wife could not suddenly recall whether she made the online payment earlier or by COD, because in the hurry to pick it up, she did not realize and then paid and collected it.

After opening it up, she realized it is not from Amazon not the lip balm what she ordered. She also verified that her actual Amazon order was already paid and is in process. And this new parcel came from some Sonali in Delhi. No address, no nothing and the product was some cheap lip balms.

Looks like we are fooled. So does this mean that our data from Amazon has been leaked to some third party like this.

Ridiculous!