Nextdoor
I recently moved into a new neighborhood and soon after filling out an official change of address form I received an unusual letter claiming top be from one of my new neighbors inviting me to join some kind of online neighborhood communinty called NextDoor.
It was addressed to: "our neighbor at [my new residence address] From: "Your neighbor from [redacted]"
My address was complete by the From address just named the cross street nearest mine without a specific address.
What really caught my attention was that the web address my new "friend" wanted me to check out ended with a forward slash and a string of letters and numbers.
My belief is that string of characters is a unique identifier and had I viewed the web address in the letter even just out of curiosity this unique identifier could be used to tie my physical address to my IP address and web browser fingerprint.
Running a WHOIS on the web address showed that it was hosted on an Amazon server.
Doing a quick DDG search brought me to this article from MalwareBytes:
https://blog.malwarebytes.com/privacy-2/2019/08/nextdoor-neighborhood-app-sends-letters-on-its-users-behalf/
Biting the hand that feeds IT
