CassandrichFeb 26

PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

Show threadCassandrichFeb 26
The only mitigations are refraining from using public wishlists entirely (set any wishlists you may have to private) or using a PO box or reshipping service to conceal your real physical/final address.
Show threadCassandrichFeb 26
Note that even PO boxes are not particularly safe against a dedicated stalker. They can stake out the PO for someone picking up a distinctive package once they know what PO it's at.
Show threadKat the Leopardess

@dalias I live in a rural area of my state. This means that everyone living here has to get a USPS PO Box

We get the double edged sword of

...dealing with entities and online vendors that do not accept our PO Box address as valid.

...but also that we are still suceptible to the privacy issues despote that our mail doesnt come to our physical location.

Feb 26 at 3:24pmWeb