Etsy privacy blunder makes buyers' purchases public
Posted on 15 March 2011.
Etsy, the popular online market for small scale artisans and crafters, might be on the right track for a future privacy lawsuit following last week's unveiling of its People Search tool.


In an effort to make the Etsy experience more "social", the tool allows anyone to search for sellers and buyers by their full names, which are often revealed during the setting up of accounts but were previously not exposed and searchable.

This is not that big of a problem with sellers (indeed, their full names were searchable before this) as it is with buyers, for the simple fact that along with the names, the searching party can now take a peak at the person's buying history.

If you have been buying jewelry, shoes, furniture or similar stuff, this might not seem like a big problem, but for those who bought some more personal items and are not eager to share that fact with anyone, the fact that these purchases are associated with their names in Google searches will definitely come as a big shock.

Ars technica reports that the issue was raised by some members of the Penny Arcade forums. "I just found a woman who's Etsy profile comes up on Google as the 5th link. I was expecting 6 or 7 pages down, but it's on the very first page, right after her online resumes," wrote one of them. "She signed up a year ago, under the old privacy policy, and hasn't logged in since 2010. And now I know what d*ldo she uses. Right down to the curvature and coloring."

The privacy settings of an Etsy user's profile can be set so that this information doesn't come up in searches, and the (often) full names contained in the profile can be modified, but it's highly unlikely that the majority of Etsy's users is aware of the privacy policy change regarding this matter when the service didn't notified them before automatically opting them into the People Search.

UPDATE
After publishing the story, we were contacted by the press manager at Etsy who commented: "We have responded to this issue by making all purchase and feedback on Etsy private by default." You can read more about the changes in their blog.






Spotlight

Emerging cloud threats and how to address them

Posted on 15 September 2014.  |  Public and community clouds can be appealing targets for hackers looking to disrupt or steal information from scores of organizations with one successful strike. Here are some emerging security threats and issues cloud providers and their clients should be aware of.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 15th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //