Personal Security After Data Breaches

The US postal service appears to have created a new database that is going in to common use by most businesses. All valid addresses in the US are catalogued there. And there appear to be at least two levels of addresses found there.

I’ll explain. I get all of my mail from a private mail box service. All mail sent to my home gets “Return to Sender”. That’s how I set things up. When I make purchases online, I can enter the address of the mail box service company as my shipping and billing address. That general address to the mail box store has a suite number in it as a part of the general business address of the mail box service company. Therefore, I have to use a personal mail box (PMB number) in the second address line as a means to identify which box my mail should be delivered to. Increasingly, I am getting error messages with suggestions of valid addresses that I can pick from when I enter my mailing address online. None of those suggestions allow anything extra like my PMB number, in any part of the address. Typically, my added PMB number turns red with a warning that it is not valid. So clearly, some database is in use that lists, all addresses everywhere that are considered to be valid and that doesn’t allow for anything that is not already in that database. Over time, in many cases (more often over time) I can’t put the PMB number in to address input fields. So I have to rely on the people who sort the mail, to remember my name and which box my mail goes in.

Also, occasionally I do business with the Federal Government. They have told me that my private mail box address is not a valid address for their purposes and that they need a “real” business address. I have made the arguement that my private mail box address is a valid business address. They have told me outright that private mail box addresses are not considered to be valid for their purposes and that they require a “real” business address (frusterating that they get to decide what the definition of “real” is when it comes to my business).

So first, someone has catalogued every address everywhere and have decided that any address that is not in their database exactly as they show it, is not valid. In addition, this database tracks which addresses are at private mail box services, so that for certain purposes, other businesses and the government can chose to not do business with those private mail box addresses.

Also, I hate the political junk mail. Since I don’t use my home address to receive any mail what-so-ever, the only way to get my voting ballots is to regester my voting address at my private mail box. So technically, the state can toss out my ballot after it is cast, because they do not allow private mail box addresses. And, the state only allows people to vote if and only if you subject yourself to relentless political junk mail as the voting season approaches. If they can’t send you junk mail, then you don’t get a ballot. There is no way to opt-out of the political junk mail while keeping your ability to vote. You are forced to give your mailing address to every political candidate as a valid address through which they can harass you. The state gives them your address whether or not you want them to. The only way to opt out is to not register to vote. I will never look at a political postcard and decide from the information on that card, to change my vote.

So clearly, business and government is cataloging every corner of the world in which you might possibly choose to be anonymous, or to establish a wall behind which you might choose to hide your identity as they routinely assault your right to not share your private information or to simply avoid being harassed by people you don’t want to hear from.

I use a standard P.O. box for my wargaming newsletter so gamers who subscribe and DON’T use paypal can at least write me a check.

But I use it also in a pique of privacy. It also prevents the very same subscribers from knocking on my door on a weekend road trip.

Just for “fun”…
See if your address and phone number are publicly associated with your name (or co-habitants, or relatives). These are just a few sites that traffic in this stuff; you should be able to opt out on most of them directly, if your data is there:

(Remove the superfluous spaces. Probably applicable to US only, maybe also Canada.)

whitepages . com
neighbor . report
spokeo . com
thatsthem . com
freecallerlookup . com (no opt-out?)
numlookup . com
unitedstatesphonebook . com

How well are your privacy measures working?

Or: the USPS uses electronic sorting and expediting, and having the addresses written a certain way speeds up the process and precludes unnecessary human intervention. (Although they probably do maintain a database of all valid mailing addresses, of course, as they have to deliver mail to them.)

I think it’s probable that lots of mail-box-service addresses, in general, are catalogued somewhere as “non-residential.” Those services have to interact with the USPS, after all.
[EDIT: https://postalpro.usps.com/address-quality-solutions/residential-delivery-indicator-rdi , and check out the other products listed in the margin.]

Not registering, as you point out, would probably prevent some of that, although many campaigns might just do a shotgun blast to all residential addresses in certain areas.

Another way to cut down on the junk is to vote as early as possible, or so I’ve read, as campaigns that do use voter lists can and do also get periodic updates from the Registrar(s) of Voters. I’ve thought of getting a P.O. box so I could change my voter mailing address, but I imagine campaigns would then just have two places to spam me.

P.S. I believe some U.S. states allow the general voting public to keep their residential addresses private, even if they’re not in a risk group. Time to move?

The political junk mail makes good kindling but it ends beginning of November. Then the open enrollment for Medicare Advantage Plans junk mail stops the first week of December. (Pardon me if you don’t have a fireplace). The Summer season of Primary political junk mail I save until it gets cold again.

And the Disabled Veterans deliver monthly a new trash can liner bag for free in the mail. You’re supposed to fill them with old clothes and leave them on your front porch, but I repurpose them for the outer kitchen can liner. For the inner trash bag I use paper grocery store bags, they fit my kitchen trash can perfectly.

I tend to do both. Randomise first then request deletion.

If the service actually deletes then props to them but it was a small amount of my time wasted. If the service hides so that login no longer works but the data is retained “forever” by them then it’s a win for me. If the service ignores so that login continues to work “forever” then it’s a win for me.

There are gaps in my strategy.

I’m sure that the USPS does do that but that doesn’t really, um, address the point being made, which is: you enter your address on a web form and the web form rejects the address up front because the address is not in “a database”.

Wouldn’t you put the PMB number in the name? The name is typically not considered part of the address and therefore will not be validated against the address database. The only challenge is that the web site in question would need to support two name fields viz. the delivery name field (will hold the PMB number) and the billing name field (would want to match the credit card being used to pay).

Why not stop using online websites registration? I have a few but only to receive my electric, and waters bills on email. One thing I notice after I stopped using online websites, especially those to buy things online is that I buy much less things, only what I truly need.

Behavioral changes are not easy to implement for most people. Quite often, convenience is king.

The website could be simply enforcing the preferred format used by the USPS, but the site could be checking it against a list of known USPS addresses in real time, I suppose. That would probably require either some ad hoc link to a USPS database (possibly visible in, e.g. NoScript, so that would be one way to confirm), or the site itself maintaining its own updated national (or international?) list(s), periodically updated.

The only thing I’ve ever seen is that if I enter a street address by splitting it over 2 lines, the form then presents me with the option of consolidating it on a single line (a la the approved USPS format). It also converts my all-caps to dual case letters.

I do this, too.

This might work for some things, but unless one plans to withdraw from the modern world and live in a cave, one will have to complete some actions online. An alternative might be to only conduct business by telephone, with hours spent on hold, talking to bots, or uninformed customer service reps, but for me, … hell no!

I’ll just continue to protect and secure my digital interactions as usual.

The convenience factor doesn’t affect how many purchases I make anyway. My brain is still largely wired for how things used to be. I still make more Amazon purchases from inside of various retail stores, than I do from home. So I drive to the local hardware or electronics store as a first step to making the average purchase. Upon arriving there and not finding what I came for anywhere on the store shelf, I bring up the Amazon app, as I stand in the store aisle, disappointed that I can’t make many purchases the same way I used to buy things. After I swipe the “Buy” button in the Amazon app, I leave the store, telling myself that maybe one day I’ll learn to not bother to even drive to the store when I want to buy something.

So the former in your case.

Generally, I only use Amazon for online purchases. Even if the price for a given item is higher on Amazon, I use Amazon. Rather than risking my credit card information and having the added burden of maintaining multiple online accounts at different places. But unavoidably, that strategy is not fullproof. The water company has its own logins. The power company has its own logins. Everyone who wants you to conform to their automated electronic system, requires their own logins. Often, if you don’t go along with their requirements, you will never be able to reach a real person who will help you. But if there are two providers and one does not force me to login, I always pick the one that does business the old fashioned way.

The worst part about junk mail isn’t about the disposing of it. If I have only five pieces of mail that I want and nothing more, I may open one immediately and save the other four for later because I already know what they are and that they are not time critical. That takes five to ten seconds to remove the mail from the mail box and then I am on my way.

When I have twenty pounds of junk mail to sort through, I am forced to sort through that twenty pounds of mail to get to just those five pieces that I want. As my eyes pass over the other pieces of mail, the advertiser wins. They get to give me a sales pitch in writing, when my intent is to pretend that they do not even exist. They waste my time and mental energy. Yes, I do have a large resistance to their crap. But they also disguise their junk in many cases, to apoear to be legitimate. Sometimes, I have to open and read something, just to be sure that I am not ignoring something from my mortgage holder or another legitimate source. This sorting process can take me twenty minutes or more. It makes me angry because my mail box belongs to me, not them. They are just vultures, people who diminish the quality of life (even if only for a few minutes) for the rest of us. In other parts of our lives, we can get court orders to stop harassment. But with respect to your mail, there is no such alternative. The US government participates in this harassment. They get paid for every piece they deliver. There is no way to opt-out. How is this fair?

If someone is sending you something unwanted that is extremely pornographic via the US postal service, you can get the post office to stop that. The law refers to that as “obscene materials”. But the government gets to decide for me what is and is not obscene. The unwanted harassing ads are not considered by the government to be “obscene” by them.

Yes, there is, and it works pretty well: How To Stop Junk Mail | Consumer Advice

It won’t stop political campaign mail, though.

In addition, make sure you disallow marketing in all your accounts: mortgage lender, credit cards, banks, etc.

Also, review the links I posted throughout this thread.

That is a good lead. Thanks!

It might be nice to find out who the officers and board members of the Direct Marketing Association are, along with their respective home addresses. We could all make up rubber stamps with that information. Then, everywhere you go, you use the rubber stamp to enter contests, subscribe to newsletters, and to submit product inquiries. We could do the same to the corporate mail box. Ultimately, none of those guys could get access to any of their mail without sorting through all of the crap that we generate for them. Maybe the marketing association could sell us lists that we could use to generate this junk mail for them, from. With enough people generating this crap for such a small number of people, they could get 100x the amount of junk that you or I get. Maybe they’ll understand then just how preditory their business really is.

Yes, and there are similar opt-out programs for Canadians too.

We could sign up all the political campaign headquarters for lots and lots of catalogs.

I would rather reduce the amount of trees being cut for marketing purposes if I have the power to do so.