PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias I live in a rural area of my state. This means that everyone living here has to get a USPS PO Box
We get the double edged sword of
...dealing with entities and online vendors that do not accept our PO Box address as valid.
...but also that we are still suceptible to the privacy issues despote that our mail doesnt come to our physical location.
For those interested, USPS has an optional service for PO box holders to use the post office street address to receive packages from Amazon, UPS, FedEx, couriers, etc.
Amazon accepts a post office street address, as well as a PO box, for deliveries, as do most, if not all other carriers and couriers. The exceptions to this may be for insured, bonded, recipient-only, or other such restricted deliveries.
Some Amazon sellers do not ship to PO box addresses but the post office street address seems to be acceptable.
The post office acts as agent to sign for packages if necessary and packages are held for pickup at the post office for some number of days.
The packages are delivered to the post office and do not go to the regional sorting facility. As far as I know the USPS does not permit forwarding of packages to other addresses.
Many post office box lobbies are visible from the outside, where people can loiter and watch a box or boxes of interest for people to collect their mail. Loiterers are usually easy to spot.
And that is about as much as I know about it.
That would be nice, but a lot of people are using them as teachers for classroom supplies now or charities using them to get donations of supplies they need.
@raymaccarthy @darwinwoodka @dalias
That's.... what a "wishlist" _is_.
@raymaccarthy @darwinwoodka The idea of a wishlist and the store letting you buy items on someone else's wishlist for them is that it's privacy-preserving for the recipient. They don't have to give their address out to people they want to be able to receive gifts from. Only the store that they already shop at and that already knows their address gets to see it.
What Amazon has done is broken that promise - the whole purpose of the wishlist system - by letting third-party sellers (to whom Amazon needs to disclose the recipient address for shipping purposes) in on wishlists. Now anyone wanting to get your address just needs to sign up as a third-party seller.
@dalias so to be clear, just setting the lists private is an immediate mitigation?
I haven't touched this feature since... apparently 2020 (and have only ordered one thing from Amazon since WaPo declined to endorse Harris and I dropped Prime like a hot potato). if I can take it private now and reconsider the existence of these lists entirely when I have more time to do so, that is better for me.
Cassandrich
Kat the Leopardess
toerror
✧✦Catherine✦✧
Erik Johnson
a HOT Rubie 
Ray McCarthy
Darwin Woodka
Matthew Miller
axolotl solidario
draNgNon
Ooze 𓁟