Having recently introduced a new "Informed Delivery" service that could potentially allow snoops to read scanned images of another person's or business' mail, the US Postal Service is reportedly now sending out snail mail notifications to individuals to make sure that they knowingly have been signed up for the program.
According to security expert Brian Krebs, the Informed Delivery service poses a potential privacy threat due to a weak knowledge-based authentication process when signing up for the advance notification service, which sends users emails containing scanned images of the front of each envelope that will soon be arriving in the mail. Krebs also warned that the opt-out process is too difficult.
After exposing the privacy concerns last October, Krebs followed up with a new blog post yesterday, reporting that the USPS has responded -- informing him that as of 16 February, the government agency has been sending the aforementioned mailed alerts to any address that signs up for Informed Delivery.
Krebs further reported that if someone who previously registered for the service posts a change of address request, the USPS "sends a mailer with a special code tied to the new address and to the [online] username that requested the change. To resume Informed Delivery at the new address, that code needs to be entered online using the account that requested the address change."
The USPS reportedly told Krebs that roughly 8.1 million accounts have been created for the Informed Delivery service, and that post offices managed about 50,000 Informed Delivery notifications during of the week of 16 February.