CassandrichFeb 26

PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

Show threadCassandrichFeb 26
The only mitigations are refraining from using public wishlists entirely (set any wishlists you may have to private) or using a PO box or reshipping service to conceal your real physical/final address.
Show threaddraNgNon

@dalias so to be clear, just setting the lists private is an immediate mitigation?

I haven't touched this feature since... apparently 2020 (and have only ordered one thing from Amazon since WaPo declined to endorse Harris and I dropped Prime like a hot potato). if I can take it private now and reconsider the existence of these lists entirely when I have more time to do so, that is better for me.

Feb 26 at 8:48pmWeb
Show threadCassandrichFeb 26
@draNgNon That's my understanding.