CassandrichFeb 26

PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

Show threadCassandrichFeb 26
The only mitigations are refraining from using public wishlists entirely (set any wishlists you may have to private) or using a PO box or reshipping service to conceal your real physical/final address.
Show threadCassandrichFeb 26
Note that even PO boxes are not particularly safe against a dedicated stalker. They can stake out the PO for someone picking up a distinctive package once they know what PO it's at.
Show threadtoerrorFeb 26
@dalias Or just mail you a tracker.
Show thread✧✦Catherine✦✧
@toerror @dalias this. even my stalkers are not dedicated enough for potentially multi-week stakeout, but an apple tag is super easy
Feb 26 at 3:57pmWeb