What you'll learn:
The specific privacy protections Amazon is removing
How third-party seller access exposes your home address
Which groups face the highest doxxing risk
Immediate steps to protect your address before March 25
Privacy-focused alternatives to Amazon wishlists
What Amazon is removing from Wishlist privacy controls
Amazon notified users with public or shared wishlists via email. Previously, you could lock your wishlist so only Amazon-fulfilled items could be purchased, keeping your address out of third-party sellers' hands entirely.
That option goes away on March 25.
Feature | Before March 25, 2026 | After March 25, 2026 |
|---|---|---|
Third-Party Seller Controls | Users can block third-party seller purchases | No option to block third-party sellers |
Address Sharing | Address shared only with Amazon for fulfillment | Address shared with third-party sellers |
Gift Privacy | The gift purchaser does not see the recipient's address | The gift purchaser may see the address in tracking |
Privacy Control | User controls privacy level | Amazon controls the privacy level |
Amazon's notification states: "Starting March 25, 2026, we will remove the option to restrict purchases from third-party sellers for list items. When this change takes effect, gift purchasers will be able to purchase items sold by third-party sellers from your lists, and your delivery address will be shared with the seller for fulfillment."
The company recommends users "use a P.O. box or non-residential address for any list you share with public audiences", effectively shifting responsibility for address protection from Amazon to individual users.
How third-party seller access creates doxxing risks
When Amazon handled fulfillment in-house, your address stayed private. This change opens up three specific exposure points:
Third-party sellers receive your full address. Unlike Amazon's direct fulfillment, you have zero visibility into how these sellers store or use your information.
Gift purchasers can see address details in tracking. Shipping updates routinely display your city, neighborhood, or partial street address. Anyone who buys an item from your wishlist (whether a genuine fan or someone with bad intentions) gets a window into your location that you never agreed to share.
There's no way to verify intent. Someone could purchase an inexpensive item from your public wishlist specifically to get your address. There's nothing stopping that.
Privacy Risk | Impact | Who’s Affected |
|---|---|---|
Doxxing | Home address exposed through tracking | Content creators with public wishlists |
Stalking / Harassment | Digital harassment becomes a physical threat | Public figures, influencers |
Data Broker Sales | Address sold to marketing databases | Anyone with shared wishlists |
Unwanted Discovery | Family or employers learn your location | Creators maintaining privacy from personal contacts |
Content creators face particular vulnerability. One Twitch streamer wrote: "This is absolutely bonkers! I also have a publicly viewable wish list for people to send me gifts, but I don't want them knowing my address!"
Who's most vulnerable to address exposure
The people who rely most on wishlists, creators building community connections, are the same people this change puts in the most vulnerable position.
Group | Specific Risk | Common Use Case |
|---|---|---|
Streamers & YouTubers | Public wishlists shared with the audience | Fan gifts, unboxing streams |
Social Media Influencers | Follower gift-giving expectations | Community engagement |
Wedding / Baby Registries | Shared with the extended network | Life event celebrations |
Domestic Violence Survivors | Location privacy from abusers | Maintaining safety |
Activists & Journalists | Targeted harassment campaigns | Public-facing work |
Amazon's P.O. box recommendation fails creators
Amazon suggests using a P.O. box or "non-residential address" for public wishlists. This solution ignores the reality of how content creators actually use the platform.
Limitation | Reality for Creators |
|---|---|
Annual Cost | $60–$200+ per year; additional expense for privacy previously covered by Amazon |
Limited Access Hours | Must pick up during business hours |
Size Restrictions | Many gifts won’t fit standard boxes |
In-Person Setup | Not always convenient or accessible |
The real issue here isn't P.O. boxes, but that Amazon removed your ability to make this choice at all. The previous system let wishlist owners decide. Now Amazon has decided for you, in favor of third-party seller access over your privacy.
What to do before March 25
Review every wishlist you have. Log into Amazon and check your sharing settings. Any list set to "public" or "shared" is a potential exposure risk after this change.
Make public wishlists private or delete them. To update settings: go to Amazon Lists → select the wishlist → click "More" → "Manage list" → change Privacy to "Private." Doing this before March 25 eliminates the risk entirely.
If you're keeping a public wishlist, update your shipping address. Switch it to a P.O. box, UPS Store mailbox, or commercial mail receiving service before the change takes effect.
Update your public links
If you have wishlist links in your bio, stream description, or channel page, swap them out before March 25 and let your audience know why. Normalizing privacy protection is a good thing.
Your information is exposed in more places than you realize
If Amazon can expose your home address with a policy change, what else is already out there? Your personal information exists across data broker databases, public records, leaked datasets, scraped social media profiles, and tracking pixels on thousands of websites.
Most people discover that their information has been exposed only after it's been exploited.
Ceartas monitors 75+ million websites daily, detecting and removing leaked personal information, impersonations, and unauthorized use of content before they become serious problems. Our 24/7 AI-powered scanning, combined with WIPO-certified account managers, provides continuous protection with a 94% takedown success rate.
If everyday platforms like Amazon can expose your address with a policy update, your digital footprint needs active protection.
