As a reminder, there is no legal expectation of privacy for the outside of your mail. Envelopes are no different than post cards. Anyone can legally read them.
Years ago, I'd signed up for the Informed Delivery service, which is where these images originate.
When I moved, I forgot to cancel the service and so received pictures of the next person's mail. It was simple to cancel.
After filing a change of address form, I got quite a bit of mail still going to the old address. The forwarded mail, if it arrived at all, was significantly delayed.
It also costs money after a period of time, then expires.
Therefore, the thicker the better and use privacy envelopes if you are really concerned.
You write that as if it's accidental.
Anyone with access to them. You can absolutely not read my postcards, for example, because you don't have a key for my mailbox.
> As a reminder, there is no legal expectation of privacy for the outside of your mail.
Just because it's legal doesn't make it a great thing to happen.
1. I get the pictures DAYS before the actual mail (weekends ignored). Why?!
2. I sometimes don't get pictures of the mail at all, particularly mail that's not bulk mail--it's from individual to individual.
I could give a flying fuck that I'm going to be getting 5 advertisements in a few days. I want to know when I'm getting ACTUAL mail and this system doesn't seem to capture that effectively.
Someone over at USPS had the brilliant idea to save the photos they were taking to sort the mail anyway and email it to people at the addresses that the mail was being sorted to, and to do it for free.
It's basically repurposing a critical piece of infrastructure to give you a little QoL bonus with your mail, and we should be really thankful anyone thought to do it instead of complaining about what's lacking. Especially when policymakers use every attempt to defund it so they can get their ultimate goal of privatizing mail and package delivery.
I'd bet it's because the envelopes are photographed in some central location, the photos get sent at the speed of light but the physical envelopes only start getting to the last mile physical delivery people after.
If you look at the email, the promise isn’t “coming today” but “coming soon”.
I've had many many bank statements from India.
I've had someone in California order a brand new BMW and got the details for collection.
I've had paypal invoices and statements (this is one funny because they refuse to action the delink).
I used to reach out and tell them I didn't sign up for their service. But honestly, after doing it for a few years I gave up.
Now, I mark as junk and move on.
The best one I had was a dating site in Canada, I got it while sat next to me partner.
I get DoorDash order notifications, Uber notifications, etc
I am not sure how they signed up with my email as I never got a sign up notification
Part of this also is because email / gmail is not case sensitive Jsmith@gmail.com is the same as jsmith@gmail.com. I see a lot of Jsmith vs jsmith (like how I actually use my email).
Nothing is getting stolen from me but not sure how this is actually working for people.
I understand from the security side why they wont, but I wish there was something they could do. I could easily log in and change a password then cancel the account, but I figure there's probably some legal trouble if I did that.
It's a little less true now with some of the newer protections, but only today I received a fairly subtle spam/scam supposedly from the main email address of a major retailer, so I think it's still sensible to never every trust the "From:" part of an email.
gmail is not case sensitive. email systems are allowed to be case sensitive, most choose not to be. This used to be an issue to deal with when pre-internet legacy email addresses (like Lotus Notes corporate email, or Outlook/Exchange systems) were put onto the internet.
So, assuming case matters is foolish.
> The local-part of a mailbox MUST BE treated as case sensitive.
The plausible deniability this email address gives you is remarkable
It's like regular people don't use email unless forced to and forget what it is when giving it out...
Google doesn't offer anything in the way of migration or consolidation of various email-linked data (e.g., store purchases) so I just let mail accumulate and delete everything manually once every few months.
The second one 'す' matched only 10 Japanese spam messages.
It did show me early on why web apps need to verify email ownership.
I always assumed that the "default" email addresses get flooded with spam nowadays. I can't imagine the email address lee@gmail.com or similar to be usable by now
My Floridian namesake has a troubled existence - I get emails from debt collectors, the police, court summons, and his employer, an HVAC company.
He also likes Dolly Parton and crystal meth, and goes to rennaisance fayres.
My namesake from BC likes to go to nightclubs and Costco, and is very busy on the gay dating scheme.
I find it sweet they like to keep me in the loop.
One bigger item was that people were sending details regarding an estate & inheritance. This included an attorney office in Finland (to be clear, I'm also originally from Finland). After finding out I sent email to their DPO as this likely qualifies as GDPR security incident as the emails contained things like names, SSNs, addresses & of course details regarding how inheritance was split. I never got an answer so I reported it to Finnish DPA. I got reply from them pretty quickly that they contacted the DPO and that DPO will be in contact with me soon & the case is closed from DPA side. This was 4 months ago, I'm yet to be contacted by them.
And he's actually not the only person doing this! As far as I can tell, the only unusual thing about my Gmail is that it's relatively short and has no numbers. I suspect people just forget to add the digits at the end of their own address.
I just canceled her membership in a bowling league, and when the league reached out to ask why, I told them I have no idea who <her name> is. I stopped getting email meant for her after that.
I've used my personal experience in a design meeting where some newer PMs were IMO unreasonably sure that users wouldn't mistype their own email address. Oh, let me tell ya, they absolutely 100% do.
I was expecting this person to be you.
I have the same issue. My gmail is {{my last name}}@gmail.com Just my last name. It's not that common, but there are about 500 people with it according to US Census data.
> I used to reach out and tell them I didn't sign up for their service. But honestly, after doing it for a few years I gave up.
Same here. It's surprising that most of the services don't use double-opt in before sending emails.
Some day, I want to use an LLM to identify those emails and label them.
I get my fair share of misaddressed mail but it doesn’t help that I share the same name as the CEO of a major hotel chain’s timeshare business so I’ve getting tons of complaints about that :/
GMail doesn't care about dots, so you could say your email address is f.i.r.s.t.l.a.s.t@gmail.com for all the good it does. Using the dot probably does more harm, as it makes people think it's a legit differentiator.
I left the catch-all on my domains email going for a year or two before I had to disable it. The sheer amount of house blueprints, sensitive information about transfers etc was overwhelming.
Still, bizarre that the situation was allowed to occur in the first place by Google. Clearly they need to beef up their account creation checks a bit.
Have you tested whether you can receive email directed to firstlast@gmail.com? Perhaps theirs is really firstlastt@gmail.com and all their contacts "correct" it.
They claimed that it was a typo and I believe them. Places don’t validate email and people make alot of typos.
The best one so far is I've been on a group e-mail chain from some folks in France (I'm in the US) who organize a skiing trip each year to the Alps. I initially sent a couple "I am not the Phil you are looking for!" e-mails, but they continue to re-add me. I have thought about one day just showing up since I've been "invited" and have all the details for booking and just seeing what hilarity ensues.
That email is my first name dot last name but at one point I had been able to secure both first name at email provider dot come and last name at email provider dot com which somehow I abandoned. I wonder what level of erroneous emails I would have received at them.
One lady, a general manager of a factory, sent a zip file with her VPN client, a list of backup MFA codes and a list of SCADA and IT systems for a large factory.
A police detective sent a video from a paratransit bus that was in an accident. I got a bitcoin years ago. One dude had a hobby of test driving luxury cars from almost every dealer in the Washington DC region. I have a $50 gift card for an Australian electronics store.
UPS has dropped the last 3 of my packages to my neighbor's house. They try to be helpful though. They took pictures of the packages, sitting against various walls and doors that I didn't recognize at all. I had to guess which of my neighbors.
I feel it’s a major invasion of privacy. I don’t want to know stuff about my neighbors like who they bank with, have student loans with or which doctors they go to. They also find out those things about me. But not much we can do about it.
I receive about 6 letters a year, though the average was 33 per person last year.
There's a new (well, it was several years ago) townhome in the town to the west that has exactly the same street address as mine, just a different city and ZIP code (just one digit different). We got their mail, packages, etc. a LOT for years. The best was when we got home and FedEx had dropped of a set of 4 overnighted tires on our porch.
The townhome is a rental, and sometimes, even when Amazon sends me a photo of their front porch, the townhome tenants claim they didn't get anything of ours. Either they're theives or they have a lot of porch pirates.
It's similar to if you hold a flashlight to the back of an envelope and can then see 'through' it to read the paper inside.
I also have a number of mailings from my bank that include things like account balances & numbers, with no privacy pattern. So it seems hit or miss.
Another vector is the plastic window many envelopes have to show the addressee printed on the paper inside. I have another healthcare related letter I can read through that.
Please stop getting people riled up about fake problems. You are pissing in the pool.
From what I can tell this was a capability the USPS has had for a while, probably going back to the days of anthrax spores being sent to politicians. The USPS was probably directed to track where every piece of mail came from and image the outside of it.
Informed Delivery was just a monetization of that system. Note that some pieces of mail trigger ads from third party companies.
> Note that some pieces of mail trigger ads from third party companies.
of course they do (although the mail itself is like 95% ads anyway with junk mail so I guess I won't really complain)
I don’t think that’s accurate. They already had the scanning/imaging pipeline for routing and sorting. It wasn’t until later that they realized it’d be a good service to email the images to the recipients every morning – hence, Informed Delivery. It’s like a side-project that grew into a bonafide feature.
The fact that you can get pictures from this system is the innovation but imaging has existed for much longer than this product.
I legitimately can't remember the last time I received actual mail in my mailbox. Everything goes to e-boks.dk.
Alternately, if you're away and something important is arriving, you can ask someone to check in on it for you. Maybe they would normally just stack it all up, but this one is interesting enough from the envelope that you'd like them to take a look inside.
If you are waiting on a particular piece of mail it sometimes can be handy to know it'll be in your box soon instead of repeatedly checking the tracking or double-checking with the sender. If you don't receive mail every day, and your mailbox is at all exposed to the elements, it can remind you to check the box that day.
And if your mail is delivered where other people have access to it—a spouse, kids, roommates, etc.—it can let you know to check in with them if you don't see something that they may have put in an unusual place.
I am the treasurer for an organization related to my job. We don’t usually get mail and the PO Box is located a few towns over. I rely on the emails to know when I need to visit the PO Box. It saves me gas and time, so I love it. Even if the PO Box was nearby, the emails would still save me time and hassle.
That said, it's not really terribly unusual to actually just receive someone else's mail. I've gotten mail that was meant to go to my neighbors a number of times. So I reckon that an issue like this probably isn't a big deal in the long run; if it was that big of a concern, then actually accidentally delivering to the slightly-wrong-address would be worse.
They send the daily digest saying "You have 1 mailpiece arriving soon." Instead of the usual picture of the 'mailpiece', it's an image illustrating the episode. There is no physical mail corresponding to this alert, it's electronic junk mail. Spam. Ugh. There is no opt out for these apart from canceling the service entirely.
Informed Delivery also highlights mail lost in (some part) of the delivery process. Such as delivered to the wrong PO Box or the wrong address, or who knows what other creative methods they might think of. Then there is a process to point that out and "trigger a search"... and get only automated "Eh, what are you gonna do" kinds of answers.
Can't wait for being able to stop receiving paper entirely. Which will be a while because the other guys (the online guys) also love to build broken systems.
i stopped using the email notifications and check it occasionally now
That said I do also get misdelivered mail, which I don't get Informed Delivery for. I've gotten tax documents, jury summons, settlement checks, you name it. People really need to file a change of address.
More than Occasionally
I’m not sure that any of the cases are that big of a privacy breach: It’s more inline with either getting the neighbor’s mail in your mailbox (which in my experience happens at about the same rate) or getting previous residents‘ mail in your mailbox (although my current carrier, after checking with me, intercepts most of these on her own initiative so I don‘t have to deal with them).
My belief is that the informed delivery system is using optical recognition while the sorters are using the barcodes.
Just having thought once in a while about how complicated addresses are, I can only imagine all the things that can go wrong. (both for the post office, and for example, credit cards/banks that have to use addresses in validation of purchases, etc)
Imagine an apartment building with many units. Think of how people differently specify on the address lines which unit they live in? What if they leave off their unit #? What about apartments that are numbered "345 1/2 Second Street"?
What about a new person with the same last name that appears at an address? What do you do about that? Is an address that differs by a very subtle letter a different household? E.g. "345b Second Street"? Should you ship a package there or approve a credit card, or is that likely to be an attempt to fraudulently divert mail to someone else who is nonexistent?
I'm sure it's endlessly complicated, and I have no idea. But I know it will be complicated.
For example, my address is 150 Main Street and it would send me photos of mail addressed to 158 Main Street.
I don't consider this a vulnerability, per se. This is the the usual level of uncertainty when dealing with physical objects.
I sometimes only check the box once a month, and it's not uncommon it's full of bill pay checks for people's rent lol.
At one point, I entered the wrong address when I was forwarding my mail. As a result, I got my mail sent to a strangers PO Box. As a side effect, I then began to receive Informed Delivery for this stranger to this very day.
In addition, I once had the Post Office disable my address. It was like a 101B address and they didn’t consider it legitimate with the city. As a result, they were unable to forward mail when I left that house, and once again, and they were unable to disable the informed consent for this house.
As a result of this, I see every piece of mail that two separate strangers receive. I have gone to the post office a half dozen times in the last 5 years to try to disable this, and have repeatedly been told there is absolutely nothing that can be done.
Contact your federal senators and/or federal house reps, and tell them that USPS is sending pictures of other peoples' mail.
Or if you dont want to do that, then contact USPS Office of Inspector General. uspsoig.gov/
The IG's are absolutely terrifying if you're on the wrong side. And you're 100% in the right, and they're in the wrong.
What was your experience with an IG?
One was when our group was under OIG review over a 3rd party breach. User uploaded data they shouldn't have had to an unapproved platform. Comedy of errors ensued, nobody was wronged (I caught it before bad happened). I was matter-of-fact about my actions. Boss fucked up by supporting an unapproved platform. Was eventually considered a non-issue.
Other time was when I reported a USPS employee theft. Credible allegation backed by other people on route with similar. OIG got a search warrant to carriers house and vehicles. Confiscated almost anything of value. Was nuts. Was made whole, but the search warrant was basically everything mail sent over 6 months.
Probably half of people get their mail in an unlocked mailbox that anyone can casually open and peek at before you get home from work. And every postal worker can of course see the information as they handle the mail.
Not saying that's ideal, but just pointing out that this doesn't represent a tremendous loss of privacy.
Just because there's other privacy issues with physical mail doesn't mean there ought to be even more when it comes to digital mail notifications.
The first time I noticed this was after I had renewed my passport. I got a notification saying that I was expecting a package in Tacoma. I was so confused, thinking maybe someone has stolen my CC number. The ln I remembered my passport should be on the way. I freaked out, contacted my ex and asked her to go back there and talk to the current resident to see if they had my passport. Then I got another notification, logged into the USPS website, and saw that I had notifications for this guy's mail at my old house.
I know this because after I moved out of a place and started traveling for a while, I set up forwarding to my parents' address, and after clicking the "informed delivery" checkbox I immediately started getting photos of all my parents' mail.
duxup•11h ago
My post office for a good year was horrendous about delivering me my neighbor's mail. I felt like a Jr. Mail Carrier in training ;)
Last few years they've been SPOT on.
I tried informed delivery but honestly it's more of a hassle for me as my wife says "this should have arrived today" and of course it doesn't so she thinks it's stolen and ... it arrives 3 days later.
nemomarx•11h ago
duxup•11h ago
Amusingly, for some obscure software, I write those emails ;)
pwg•11h ago
I feel like this one happens because the driver needs to meet quota today, so they scan the package delivered today, then when they are in the area tomorrow they actually deliver the package.
Unfortunately, this makes "delivered today" not a reliable indicator of "I actually received the package today".
stetrain•11h ago
I have multiple times seen an "Out for Delivery" package switch to "Delivered" or "Delivery Attempted" at 10pm, presumably when the driver ended their shift and didn't want to be penalized for the undelivered packages. They usually showed up the following day.
crazygringo•7h ago
Exactly this, it's infuriating.
And you can usually tell because a) it's marked as delivered at a time rounded to a perfect hour, like 2:00 pm or 9:00 pm (not 8:34 pm), and b) there's no delivery photo, when there always is otherwise.
But yeah, it's the driver not being able to make all deliveries (probably not their fault), but needing to fake the metrics. Usually they drop it off the next day or two days later, but other times it just gets lost, and it's harder to get a refund from the seller because it says delivered. So e.g. eBay will side with the seller in a dispute.
zippergz•11h ago
crazygringo•9h ago
They tend to package and label orders as they come in, that's the only thing you can do to be efficient -- you can't let them build up.
But then they only drop off (or get pickup) 2x/week, e.g. Tues and Fri. Which might be fine if that's what their shipping times indicate.
But then the buyer gets confused because they assume it was mailed immediately, which it wasn't. But there's no way for a seller to print shipping labels from eBay in advance without eBay marking it as "shipped".
It gets even more confusing because with bulk pickups or dropoffs, they often don't even get scanned when the carrier receives them. They won't show as actually in the carrier's hands until they reach the first major hub, which can easily be a day or even two later.
nobody9999•4h ago
AIUI, Amazon's policy is that credit cards don't get charged until the order ships.
As such, some shadier folks will create the label long before the item is actually shipped. However, since the label has been created, the order is now marked as "shipped" and the credit card is charged even though nothing has been packed, let alone actually shipped.
Symbiote•3h ago
I assume they do this to avoid complaints of slow delivery when the sender takes a whole to post the item.
kube-system•11h ago
duxup•11h ago
Yes I'm aware of that ;)
JohnFen•11h ago
Mine still is. Misdelivered mail has done more to help me get to know my neighbors than anything else. It's pretty community-building.
wombatpm•11h ago
sitzkrieg•6h ago
saghm•5h ago
pwg•11h ago
Same here (minus the "stolen" part). Wife overlooks the disclaimer on the page saying "delivery soon" and assumes that today's photos should be of today's deliveries. Continually pointing that fact out has not (yet) dissuaded her from this belief of "today's photos equal today's deliveries"
Spooky23•56m ago
The gotcha is that the staff shortfalls and prioritization of Amazon and parcels means your route based mail may not be serviced correctly.
saghm•11h ago
After college, I lived in an apartment for over four years where apparently the woman who had previously been in it switched to a different apartment in the same building (which was quite large, so I don't think I ever met her). In the first couple of weeks, we for a couple pieces of mail of hers that we'd leave with the doorman, and he'd give it to her (or maybe have it put in her mailbox instead), and this stopped happening after that for a while. A few years later, we started getting some mail for her again out of nowhere, and the first time I brought it down to the doorman, he mentioned that the person delivering mail to our building had switched recently. I have no clue why someone who hadn't delivered to the building before would be inconsistently delivering mail to her old address, but it basically never stopped happening during my remaining time there.
duxup•11h ago
If I got a bad delivery I got a lot of other people's mail, like someone not paying attention and just grabbing multiple addresses at once and tossing them in my mailbox.
PopePompus•10h ago
UncleOxidant•7h ago