USPS shared customer postal addresses with Meta, LinkedIn and Snap

Original Article ↗ Hacker News Discussion ↗

Scope of the USPS Issue

  • USPS’s Informed Delivery and change-of-address pages included third‑party “tracking pixels” (often full JS tags) from Meta, LinkedIn, Snap, etc.
  • Form fields (including postal addresses) were reportedly templated into pixel requests, leaking PII to ad platforms.
  • Some call the article title “clickbait” because USPS likely didn’t mean to share data; others argue intent is irrelevant because the data left anyway.
  • Debate over whether this was simple negligence, gross negligence, or possibly corrupt arrangements; no evidence in the thread, so true intent is unclear.

Government Sites and Third‑Party Content

  • Strong sentiment that government sites should not load any third‑party content, let alone adtech.
  • Others note many governments worldwide run ads and third‑party scripts; the U.S. is “better than many,” but still problematic.
  • USPS and other agencies justify analytics and marketing, but critics say public services shouldn’t be doing surveillance-style attribution at all.

USPS Business Model, Junk Mail, and Data Sales

  • USPS is a constitutionally grounded federal service but structured to self‑fund, creating pressure to market and monetize data.
  • Junk mail and products like NCOALink (change-of-address data licensing) are seen as revenue mechanisms that degrade service and privacy.
  • Some view USPS as net negative (spam, data sales); others argue it’s essential infrastructure and a counterweight to private carriers.

Privacy, Surveillance, and Mail Scanning

  • Informed Delivery relies on scanning the front and back of all mail; images are stored and accessible to law enforcement.
  • Some report letter contents visible through envelopes or scanner artifacts, raising concerns about “dragnet” surveillance.
  • Others note physical addresses have long been quasi‑public (voter rolls, real estate), so expectations of secrecy are limited.

Adtech, Regulation, and User Defenses

  • Pixels are described as general-purpose tracking/attribution tags, not just 1×1 images; they can and do exfiltrate sensitive fields.
  • Marketing and executive pressure to “make platforms work” drives widespread, often uncritical pixel deployment.
  • Proposed fixes: ban or tightly regulate tracking pixels, make possession of PII legally “radioactive,” adopt GDPR-style laws, or a national privacy act.
  • Practical user responses: ad/tracker blockers, disabling remote email content, avoiding permanent USPS COA, and general distrust of both corporations and agencies.