The USPS says that "information from a mail cover often provides valuable investigative leads," but adds that it "is confidential and should be restricted to those persons who are participating in the investigation."

Should.
posted by ricochet biscuit at 9:10 PM on November 29, 2017

I use this service, and it's convenient because I don't bother checking the mailbox unless there's something I want to see or it's probably filling up. But the signup process is indeed horribly insecure, especially if you wanted to snoop on a family member or someone for whom you can more easily guess the challenge questions.

They're the post office. It shouldn't be hard for them to, I don't know, send a verification letter or something first?

They also have plans to try to sell services around it to direct marketers, so the junk mail you already throw away can turn into "click here" links in emails you delete. Naturally, they haven't specified any privacy protections around that either.
posted by zachlipton at 9:12 PM on November 29, 2017 [1 favorite]

...stalkers, jilted ex-partners, and private investigators also can see who you’re communicating with via the Postal mail.

That is indeed a serious issue; but I literally guffawed when I read this because my first thought was that pretty much all of my mail is bulk advertising and sales flyers, dodgy credit card offers, AARP invitations, utility bills, and the like. I am obviously not a target demographic for this service.
posted by Greg_Ace at 9:30 PM on November 29, 2017 [3 favorites]

(also, +1 for the pun in the title)
posted by Greg_Ace at 9:31 PM on November 29, 2017 [6 favorites]

Step 1: Sign up some political enemy for the service;

Step 2: Ascertain that they get mail from both e.g., Nordic Knights of Heterosexual Christendom as well as The Giant Gay Dildo Company, Inc.

Step 3: Send their USPS access details to local activists and gossip columnists.
posted by Joe in Australia at 9:47 PM on November 29, 2017 [1 favorite]

Right... But it’d be trivial for you or anyone else to sign them up for those mailing lists, so what would that prove?

What this would be *really* useful for is finding out what bank someone uses, for the purpose of targeting them for phone or email spoofing scams. (Or, what zachlipton said, sort of)
posted by Sys Rq at 10:16 PM on November 29, 2017 [1 favorite]

I've had a USPS account for years. It was useful for ordering priority boxes and stamps. When MyUSPS launched it added a feature where it automatically sends tracking data for any package shipped to my address. When Informed Delivery showed up a few months back, my first reaction was why; to be honest, it still is.
posted by zinon at 4:22 AM on November 30, 2017

I checked my existing usps account and I'm being sent photos of the person's mail who lives where I did three moves ago. Not secure at all!
posted by KleenexMakesaVeryGoodHat at 7:46 AM on November 30, 2017 [1 favorite]

If they allowed me to play a flash game of Duck Hunt to "delete" junk mail to stop it from getting to my door, I'd seriously consider it, even at cost. Harry and David catalogs - 10 points, U-Line 50.
posted by hoborg at 10:01 AM on November 30, 2017 [1 favorite]

And now the USPS lets you mail cover yourself, using a frighteningly insecure protocol - knowledge-based authentication.

I use it and love it. I have a PO Box, so it's the thing I check to see if I need to go to the post office (I went there just today and learned a thing)

I've given up believing that I can keep most people from knowing most things about me so I just use really secure ever-changing passwords on the stuff that really matters. I'd like to government to do better at protecting my information and I found the Krebs article really interesting. Not everyone has the lack of caring that I do about their privacy. The Post Office should do better.
posted by jessamyn at 11:27 AM on November 30, 2017 [1 favorite]