Etsy comes under fire for revealing buyers’ names, purchase histories

etsy comes under fire for revealing buyers names purchase histories picture 7

3/16/2011 Update: In response to growing privacy concerns, Etsy has stopped linking feedback to purchased items. Etsy CEO Rob Kalin and COO Adam Freed explain the changes here in a blog post.

Etsy could probably stand to take a few lessons from Facebook on the perils of shifting privacy policies. Earlier this month, Etsy, an online marketplace for crafts and vintage goods, launched the Find Your Friends tool,  an effort to make the indie shop more social network-y by scouring users’ e-mail address books to sync contacts with Etsy “friends.”

“Did you know that your coworker and sister-in-law are shopping and favoriting just around the corner from your favorite Etsy shop? It’s time to rendezvous,” read a blog post from the company.

No big deal, right? Some Etsy users might have even welcomed such a service. The problem, as Etsy members are now beginning to realize, is that the Find Your Friends tool comes with a lot of baggage. Baggage of the sort that is potentially humiliating and down right intrusive.

As part of the Find Your Friends’ rollout, Etsy opened up its search system to cover the full names of its users. And not just the names of sellers — those had previously been searchable — but the real life names of buyers. Even more troubling, is that it’s now possible to access buyers’ purchase histories, list of “favorited” items and posted reviews.

The reason this is a big deal is that some, perhaps even most, Etsy shoppers would, understandably, rather not have their real names linked to their purchases and disclosed for all of the Internet to see. Take, for example, the case of user cited in a report by Ars Technica whose adult toy purchase turned up just below her online resume.

“I just found a woman who’s Etsy profile comes up on Google as the 5th link. I was expecting 6 or 7 pages down, but it’s on the very first page, right after her online resumes,” wrote a user on the Penny Arcade forums and cited by Ars Technica. “She signed up a year ago, under the old privacy policy, and hasn’t logged in since 2010. And now I know what dildo she uses. Right down to the curvature and coloring.”

Yes, Etsy apparently has its fair share of “mature” craft items among the steampunk-inspired keychains and six-pack holders for bikes.

We should note that Etsy does not require that buyers give their full names when they register for an account, but it’s likely that many have done so unwittingly — it’s not immediately obvious that the information is optional. We should also point out that the only way to connect a user’s purchase history with their name is through feedback given or received; purchase histories are not an explicit feature of Etsy’s new Find Your Friends tool, just an unfortunate side effect.

Compounding the situation, is the way that Etsy chose to roll out the changes. Basically, unless you were monitoring the company’s blog or forums, you probably didn’t notice anything amiss. As far as we can tell, Etsy didn’t send out any e-mail announcing the changes to its users.

Facebook has previously found itself in hot water for a similar privacy snafu (see the Beacon fiasco of 2007), which eventually attracted the attention of the Federal Trade Commission (FTC). And, given the reports that we’re seeing now, Etsy is moving dangerously close to becoming the target of its own government investigation or, perhaps, class action lawsuit.