[stfnfhrmnn]

I also use a Unique-per-service email address with Paypal, and I noticed that Paypal actually passes on that email address to the retailer when I pay with Paypal. I receive order confirmation emails (from those retailers) and quite a few unwanted newsletters to my unique paypal address now.

I have no idea what Paypal is trying to achieve by passing on this fairly personal piece of data. I always have to enter a separate email address with the retailer anyway, and because of this scheme, those two of course never match.

[throwanem]

Paypal is great at that kind of unintentional disclosure. Six or eight years back, because I liked what she had to say, I used it to donate to someone who was then speaking under a pseudonym as a result of some fairly credible threats. Imagine my surprise when, in the process of transferring funds, Paypal showed me her full legal name and domicile address in the UI!

Of course I let her know about it, and I seem to recall her saying she'd addressed it successfully, but if she described how, I no longer remember. It quite astonished me that this was even a thing that could happen, though. One hopes it no longer does.

[ramblerman]

This sounds like she just set up her full name and address with paypal.

It's like her giving out her email address and it being firstname.lastname@gmail.com

I'm not sure the fault lies with the service.

[throwanem]

It's been a while, so that might be true and I just don't remember, but it would be a surprising mistake to make for someone with a great deal of professional experience in operational security.

[syshum]

>>>I have no idea what Paypal is trying to achieve by passing on this fairly personal piece of data.

For years the Paypal API sucked, and even today their are many companies that do not have full integration with paypal, so this is a way to match payment records as for 99% of shoppers the email address for the order/account will match the paypal email address.