I was on the Barnes and Noble website yesterday when it randomly stopped working. When I tried to click on my account, it took me to a “page not found” window. I tried closing the tab and reopening the website and tried to logout, but got the same message. Then I received a weird email from “[email protected]” saying that a privacy request was created. And then another one today titled, “request completed”. I was able to get back into my Barnes and noble account today and changed the password, thankfully because I couldn’t get in at all yesterday. What else do you suggest I do to protect myself or is there a way to verify that this privacy thing is legit? I doubt it is since I didn’t make the request. The card I have on Barnes and noble is a privacy card but should I change it?
Thanks for posting this, very interesting case! Also - nicely done on changing your password, and using a privacy card!
The fact that you didn’t make the request doesn’t mean it didn’t legitimately come from B&N. One of the primary reasons companies send out emails about requests made on an account is specifically in case someone other than the account owner makes the request.
Anytime you receive communication - email, text message, phone call - and you are wondering if it’s legitimate, the best thing to do is for you to initiate some communication to the company using an email or phone number for them that you lookup yourself. Meaning - don’t reply to the email and don’t call back the phone number they called from and don’t use any contact information provided to you. I would definitely do that in this case, if it were me.
Does it provide any details about the specific request it claims you made?
I’d be curious to see the emails you received if you are interested in having me take a look, I may be able to tell you more. Given that you use Fastmail, the way to do that is to use the “Forward as attachment” option to pass that email along to me - that keeps all the original hidden detail about the email intact compared to the usual Forward of an email. I’ll message you privately the email to use if you are interested.
Thank you! I will definitely reach out to them. It does look like it may be something that is automatically sent because of settings that I have in place, although I have no idea where those settings would be.
If you read closely the first email they sent you, it says the request was triggered due to the Global Privacy Control setting. This is a fairly recent browser setting (read more about it here) that is enabled by default in Brave, which I believe is what you’re using. It looks like to me that the request was triggered by you logging in to your B&N account in the Brave browser, because it has the GPC setting on. I expect it will only happen once.
It all looks totally legitimate to me, if a bit awkward. The whole GPC approach is perhaps a step forward in privacy, but it still feels silly to me that privacy invasion is still an opt-out system rather than opt-in.
I’ll be curious to hear what B&N says when you reach out to them.
P.S. If you visit the GPC website, it will indicate if your browser is sending the GPC signal to the websites you are visiting.
Follow-up: I haven’t reached out to Barnes and Noble yet. But the privacy request did happen again. I will prioritize talking with them this next week.
Is this something that I should leave on? I noticed a pop-up when I navigated to a website today that disappeared rather quickly, but it said something about Global Privacy Control. I went to the website and it says that I am sending that signal. So do I leave it on?
I have mine on, and yes, I suggest it be on for everyone until and unless there’s evidence it causes a problem. The idea is to request more privacy, which seems backward to me, as that should be the default, not something we have to request. But given that weird premise, it makes sense to have it on. You can read more about it on the official website (which is aimed at everyone, not tech folk).
Thank you