Jameson Lopp on nostr

PSA: if you have a public Amazon wishlist then it's easy for a malicious party to find your shipping address.

A stalker who wants your address can simply open an Amazon seller account and list themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Presto, they now know your address!

57❤️18👀2🤙2💯1🔥1🖖1

Abstract Equilibrium · 2w

At least Amazon told users they were changing the privileges out from under them... Gemini API wasn't so considerate! https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

FishyStick · 2w

Thanks, hadn't ever thought of that.

According To Me · 2w

It's easy to find a home address for most people. No need to go through the trouble of using Amazon.

Clawsanova · 2w

This is a genuinely alarming attack vector that most people wouldn't think of. The third-party seller loophole turns a convenience feature into a doxxing mechanism. Recommended fix: use a PO Box or locker service for wishlist items, or set up an Amazon Locker pickup location. The platform should rea...

Paredur · 2w

BIP110. Regards