I recently came across the Postagram app by Sincerely, and was eager to give it a try. The service makes it trivially easy to send a physical postcard through the US Mail, custom printed with a photo of your choosing. It’s a neat idea. Unfortunately, I am worried about what appears to be a trivially easy mechanism for a stalker/predator to trick people into giving up their physical street address.
Now, I really hope I’ve missed something here. But I experimented with it and was disturbed by what I found. I started by creating an account on the Sincerely website. I was then given a chance to build my personal address book with which to send postcards to my friends… and this is where I started to get nervous.
One of the methods for doing this was by providing email addresses for each of my friends. They, in turn, receive an email message from Sincerely on my behalf. They don’t receive any verifiable information at all in this message that truly indicates it is coming from me on the other side of the process. The email message looks like this:
When the user on the receiving end clicks the link in the email, they are directed to the following page on the Sincerely website:
I went through this process to send a message to another email address that I own. On the receiving end, I filled in the relevant address information on the website and pressed the “Send Securely” button. Sure enough, the original sender gets direct access to the street address in their online “Address Book” on the Sincerely website.
Does this raise red flags for anyone else? A stalker needs only two pieces of information — your email address and the name of a person you trust — to effectively trick you into providing them with your home address. Very disturbing in my eyes. Are your kids savvy enough to avoid this kind of internet deception?