How to Shop Online Privately Without Causing a Scene

Yesterday, Naomi Brockwell released a video in which she shared the struggles one of her community members experienced trying to buy a new guitar online. The longer the video went on, the more I found myself saying things like "well obviously that caused problems" and "why would you do that?" So this week, I'd like to dig in to this video step by step and examine what this person did and what I'd recommend they (and you) do differently next time to have a smoother online shopping experience while also protecting your privacy.

Before I begin, I want to make it clear: I'm not trying to criticize Naomi Brockwell or imply that she's wrong or dumb or anything like that. For starters, this is allegedly someone else's story that she's merely relaying, not her own. Also, I really like Naomi Brockwell. I think her videos are well made, entertaining, educational, and accessible - exactly what I aspire to be. I think she's doing fantastic work and I fully support her. (Also I'm not the kind of person to torture myself by ingesting content from people I fundamentally disagree with just to bash them later.) So this isn't me trying to write some kind of "EXPOSED!" takedown drama garbage. This is me going "ah, I see a lot of learning opportunities here," and I wanted to comment on them because truthfully I've made some of these mistakes myself at various times.

Shipping: Naomi's video begins with the person placing the order. They say that for the shipping address they used a private mailbox that they secured under a fake name. I'm all about this, and this is actually one reason I've started to prefer private mailboxes over PO Boxes in the US. Whenever I get a USPS PO Box, they're pretty stringent about using my real name on it (despite constantly putting the old person's mail in my box). The first time I opened a private mailbox, however, they straight up asked me what other names I wanted to put on it, and didn't bat an eyelash when I gave them Nathan Bartram, The New Oil Media, and a few others. I still had to submit ID and proof of address and such, but I can now receive mail as Nate, The New Oil, or anyone else I need to.

Billing: Here is - in my opinion - probably the first real mistake this person made. The person said they used privacy.com - which is great, I use and endorse privacy.com myself - but (quoting the video) "since privacy.com doesn't require a name or billing address, I just made one up." I can attest from past experience that this is a huge mistake. For one, this is probably what tripped the fraud department that the person had to deal with later (more on that in a moment). For another, it also doesn't make any sense. Based on my research, the payment processor (and possibly other parties involved in this supply chain) is able to see both billing and shipping information, so using different information isn't really accomplishing anything from a privacy perspective. But the biggest mistake here was making up an address. Back when I first started using privacy.com, I used to make up addresses - including, yes, I am shamed to admit this, "123 Main St." I realized very quickly that this was a surefire way to trip the fraud flags. Most payment processors verify that the address you entered is at very least a real address. So rather than making up an address, always use a real address. I personally switched to using a hotel downtown (because the address was very easy to memorize) and never had any issues on that front again, but you could also use a library, city hall, or pretty much any building.

Email and phone number: Next, the viewer said they made up a SimpleLogin email address. This is another great idea. On rare occasions I have had issues getting emails delivered or having the email address rejected, so one tip I recommend is using a custom domain. (Bonus tip: you can set this domain to be the default for new addresses in SimpleLogin for a seamless experience.) Last, the viewer said they used Cloaked. This is a service I admittedly haven't had time to dig into, but I really want to. I've been putting it off because Cloaked seems a bit limited - you can't really make calls the way you can with stuff like MySudo or Hushed - but it does seem like it would be absolutely perfect for this kind of use case here, sort of a SimpleLogin- or Addy-type solution but for phone numbers.

The fraud department: The final mistake came a few days later when the viewer received a call (the video didn't clarify from who, but I'm going to assume it was the vendor) asking to verify some of the information. The exchange started with the vendor asking "who am I speaking with?" so the viewer gave the name on the shipping address. The vendor then asked "so who's [name on the billing address]?" Again, this whole situation could've been avoided by simply using the same information in both cases, but instead the viewer gave what I would argue is a pretty facepalm-worthy reply: "Oh that's nobody. Just a name I made up." According to the viewer, this instantly resulted in a very confused and awkward back-and-forth as the vendor attempted to understand while the viewer attempted to explain.

I've experienced this many times myself. I used to name my emails after where I used them, such as amazon@mydomain.tld or dominos@mydomain.tld. I stopped doing that because people got very, very confused. For example, when applying for a new apartment I would put propertyname@mydomain.tld and I could see the visible confusion on the leasing agents' faces when they'd go "wait... so you work for the property?" "No, it's just an email address." "But then how do you have an @propertyname email address?" I didn't, of course, but most people don't even know what a domain is, so even if it was propertyname@gmail.com it would still confuse them. Eventually I got tired of explaining things and just started going back to randomly generated email addresses.

Obviously I'm all about sharing the message of privacy: I have The New Oil, I took on a full-time role with Privacy Guides, and I sit on the board of EFF Austin. This stuff is incredibly important to me. But I think there's a time and a place, and trying to explain complex privacy strategies to someone who's just trying to do their job and keep food on the table is, in my honest opinion, kind of in poor taste and gives off strong "main character energy." You've gained nothing and lost a lot of time and energy. You're not going to raise awareness or leave a positive impression and they're not going to ask you more about these tools. In many cases, company policy prohibits them from asking if they can contact you again after work even if they wanted to learn more, and it'll look bad on their performance reviews if they stay on the phone too long anyways.

The New Oil lists a number of organizations you can get involved with on our website. If you really want to evangelize and make a difference, I'd recommend starting there or a similar local organization. Keep your online shopping smooth and convenient (but still private, of course).

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here.