PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize.
-
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias A couple of guys I trained with in martial arts, are in a paramilitary group, and are now planning a para-doxing welcoming committee.
-
-
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias holy shit, wow. I appreciate that heads up. Thank you.
-
@alex They obviously knew about it since the beginning. That's why gifts were limited to fulfilled-by-Amazon. Then some piece of shit manager with no understanding of safety wanted to make the sketchy marketplace more lucrative to sellers to compete in race to bottom.
@dalias exactly. They could also have trivially made wishlists with that setting private, which would at least limit the immediate harm, but that doesn't goose the wishlist metrics
-
@dalias
Never make a "wishlist" public, or share it.That would be nice, but a lot of people are using them as teachers for classroom supplies now or charities using them to get donations of supplies they need.
-
@dalias
Never make a "wishlist" public, or share it.@raymaccarthy @dalias true and even if this is how 'streamers' and 'content creators' grift, this is also used as a tool for mutual aid.
-
@raymaccarthy @dalias true and even if this is how 'streamers' and 'content creators' grift, this is also used as a tool for mutual aid.
@erikcats @raymaccarthy I'm not sure how accepting gifts from ppl who enjoy you entertaining them is "grift".
-
@erikcats @raymaccarthy I'm not sure how accepting gifts from ppl who enjoy you entertaining them is "grift".
@dalias @raymaccarthy i'm sorry, probably too jaded - milking parasocial relationships goes into the grift pigeonhole immediately. Your phrasing is a lot more generous, you're right
-
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias With all of the current digital surveillance we are subjected to, that should not have been possible
-
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias wait, does this coincide with the Mail I got from Amazon about third party sellers being allowed. Guess I'll delete my wishlist now. Haven't used it in years anyway
-
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias Again I Think logistic companies coming as intermediaries can serve to shield our Addresses since only their addresses will be given
-
Note that even PO boxes are not particularly safe against a dedicated stalker. They can stake out the PO for someone picking up a distinctive package once they know what PO it's at.
@dalias Thanks for the heads up on this. Deleted all my wishlists and set the default to private.
-
That would be nice, but a lot of people are using them as teachers for classroom supplies now or charities using them to get donations of supplies they need.
@darwinwoodka @dalias
They can share what they need as an item that the donor buys? No need to share an account's "wishlist". -
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias I did not understand this. Thank you for letting us know!
-
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias Thanks for this. Does this apply to Audible too?
-
The only mitigations are refraining from using public wishlists entirely (set any wishlists you may have to private) or using a PO box or reshipping service to conceal your real physical/final address.
@dalias id go a step further and recommend people stop making Jeff Bezos richer in general.
-
@Ragashingo @dalias that's what they're taking away, as I understand it. So I think it's the case _now_, it will shortly _not_ be the case.
So if you're lucky, you can now get the same thing from a third-party seller. If you're mid-lucky, you can get something passing itself off as the same listing from a third-party scammer. If you're unlucky, your address gets leaked to a third-party stalker.
Clearly I wasn't the only person who read that mail this morning and thought "oh no".
-
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias fixed and told the family
-
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias
Come on guys, we sit on mastodon lamenting the sorry state of the world, and then everyone signs into an amazon account??? If our actions are to give money to an organization that aggressively works to destroy the middle class and liberal democracies world wide, then our words are meaningless...
Quoting The Disposable Heroes of Hip-Hopricy: hypocrisy is the greatest luxury....
-
@Ragashingo @dalias that's what they're taking away, as I understand it. So I think it's the case _now_, it will shortly _not_ be the case.
So if you're lucky, you can now get the same thing from a third-party seller. If you're mid-lucky, you can get something passing itself off as the same listing from a third-party scammer. If you're unlucky, your address gets leaked to a third-party stalker.
Clearly I wasn't the only person who read that mail this morning and thought "oh no".
@_calmdowndear @Ragashingo Amazon should have been stopped in their tracks when they first allowed third parties to link their counterfeit items as just being a different seller for the same genuine item, rather than a separate product listing.
The whole late-capitalist fascist hell we're in is a consequence of letting companies do things that were long-illegal and would have been prosecuted as racketeering if not for "with computers" tacked on to the business plan.
