A monthly box of personalized beauty products may sound like a nice gift if you don’t have time to shop or if you suffer from decision fatigue, but opting in to receive a box of sample-sized junk shouldn’t come with the risk of getting doxed.
A Consumerist report revealed that when you get someone a Birchbox gift card or subscription, the company will share the recipient’s mailing address with you. In the event that you don’t have the address of the person you are sending a gift to, you can just put the recipient’s email address in. Birchbox will then prompt the recipient to provide their address. Once the gift is shipped, the company will send you the giftee’s address and tracking information.
When Consumerist asked Birchbox if there was a way for customers to withhold their mailing address from senders, the company reportedly responded with “not at this time.” We have reached out to Birchbox for comment.
Sharing your address without your permission is a gross invasion of privacy, and not affording someone the ability to opt out of it is a disregard for consumer security. If someone with malicious intent wanted to trick you into voluntarily handing over your mailing address, all they would need is an internet connection, your email, and $30—the price of a Birchbox gift subscription.
Update 12:28pm: Birchbox told us in a statement that it takes the privacy of its customers “very seriously” and that sending recipient’s mailing address “was an oversight.”
“We have taken immediate action to ensure that gift recipients’ addresses and box tracking information are no longer shared with the gift giver,” a Birchbox spokesperson said.