PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize.
-
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias I don’t understand why anyone would ever want a public wishlist, even disregarding stalkers and the like. Seriously, how is it of public interest that you’d like a new bathrobe?
-
Note that even PO boxes are not particularly safe against a dedicated stalker. They can stake out the PO for someone picking up a distinctive package once they know what PO it's at.
@dalias must be missing decision log or something, like they fired the guy making the original assessment of the security issue and the information was lost -
PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:
Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.
In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.
@dalias Thankfully I have no wishlist. I just add items to the cart and leave 'em there indefinitely until I decide to purchase at a later date, or remove them if I don't. I rarely order anything at all online since most stores have what is commonly available.
-
@dalias so to be clear, just setting the lists private is an immediate mitigation?
I haven't touched this feature since... apparently 2020 (and have only ordered one thing from Amazon since WaPo declined to endorse Harris and I dropped Prime like a hot potato). if I can take it private now and reconsider the existence of these lists entirely when I have more time to do so, that is better for me.
@draNgNon That's my understanding.
-
@dalias I don’t understand why anyone would ever want a public wishlist, even disregarding stalkers and the like. Seriously, how is it of public interest that you’d like a new bathrobe?
@jpkolsen It's a way for fans to compensate people whose work they appreciate who can't easily take payment. AIUI one big place this comes up, and where doxing is a huge threat, is sex work. But really for anyone doing things where there's a parasocial relationship with an audience the same applies.
-
A Angela shared this topic
