CassandrichFeb 26

PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

Show threadAndrew ZonenbergFeb 26
@dalias was this not already possible? like i'm not sure how wishlists would work if the seller didn't know how to ship the product?
Show threadCassandrichFeb 26
@azonenberg Previously you could select that you only accept gifts fulfilled by Amazon. They just took away that ability.
Show threadAndrew ZonenbergFeb 26

@dalias aha, ok.

I miss when amazon was a way to buy books directly from them and that was it...

Show threadAndrew ZonenbergFeb 26
@dalias (and I also hate the tendency of everything from walmart to digikey to turn into a "marketplace" lately. At one point you could buy oscilloscope software options on walmart's website because TEquipment had a storefront there)
Show threadAndrew Zonenberg
@dalias just make a store to sell your products, and let me know i'm buying from you, a company i presumably trust to some extent. that's it, do one thing, do it well
Feb 26 at 3:27pmWeb