Etsy privacy blunder makes buyers' purchases public
Posted on 15 March 2011.
Etsy, the popular online market for small scale artisans and crafters, might be on the right track for a future privacy lawsuit following last week's unveiling of its People Search tool.


In an effort to make the Etsy experience more "social", the tool allows anyone to search for sellers and buyers by their full names, which are often revealed during the setting up of accounts but were previously not exposed and searchable.

This is not that big of a problem with sellers (indeed, their full names were searchable before this) as it is with buyers, for the simple fact that along with the names, the searching party can now take a peak at the person's buying history.

If you have been buying jewelry, shoes, furniture or similar stuff, this might not seem like a big problem, but for those who bought some more personal items and are not eager to share that fact with anyone, the fact that these purchases are associated with their names in Google searches will definitely come as a big shock.

Ars technica reports that the issue was raised by some members of the Penny Arcade forums. "I just found a woman who's Etsy profile comes up on Google as the 5th link. I was expecting 6 or 7 pages down, but it's on the very first page, right after her online resumes," wrote one of them. "She signed up a year ago, under the old privacy policy, and hasn't logged in since 2010. And now I know what d*ldo she uses. Right down to the curvature and coloring."

The privacy settings of an Etsy user's profile can be set so that this information doesn't come up in searches, and the (often) full names contained in the profile can be modified, but it's highly unlikely that the majority of Etsy's users is aware of the privacy policy change regarding this matter when the service didn't notified them before automatically opting them into the People Search.

UPDATE
After publishing the story, we were contacted by the press manager at Etsy who commented: "We have responded to this issue by making all purchase and feedback on Etsy private by default." You can read more about the changes in their blog.






Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //