Hacker News user “Hacker” is an interesting case study.
This is the person who created a blog called “Hacking Canada,” where he posted a link to a site called “Birthday Gift Delivery,” in which he was attempting to get flowers delivered to his girlfriend.
The recipient was not a regular flower vendor, but rather an online flower vendor called “Holiday Tree,” and the delivery date was December 23.
“Halloween is coming, and the gift of a holiday is to be delivered to a friend or family member who has already made arrangements,” he wrote.
“I will give them the name of the person or people that will be delivering and a brief description of what is to happen, and then I will wait for them to respond with a gift.”
As soon as the user clicked on the link, the site crashed.
It took less than a minute for Hacker to figure out that he had entered his own address into the site.
A screenshot of the page Hacker posted on his blog shows the delivery notification page, which was supposed to be “full” and open.
But in a screenshot posted on Hacker’s website, the page was empty.
The user could not access the page and could only see a text box that said, “You are now a member of our mailing list.”
The user then clicked the “Send” button, which opened a “private” section.
A “Send-To” section appeared.
This section was blank, and a reply message appeared.
The message read, “Please click on the following link: http://www.holidaytree.ca/d/holiday-tree-prices/purchasing/shipping-details/holiday_tree_prices_purchaser_details.htm?”
Hacker explained to me that this section was used to create a mailing list for Holiday Tree to send flowers and other packages to.
In this section, Hacker added his own personal information and a delivery confirmation number, which he used to verify that he was indeed the recipient of a parcel.
He did not tell Holiday Tree about his delivery number, and Holiday Tree did not reply to his email requesting an explanation of the situation.
The “Send To” section, however, was accessible to everyone who subscribed to the mailing list.
The messages that Hacker posted to Holiday Tree’s mailing list contained messages that included the same information as the ones he sent to Hacker’s blog, but without any identifying information.
The site has since taken down the message Hacker sent to Holiday Trees subscribers, but he continues to receive emails from Holiday Tree.
Hacker has received multiple complaints about the issue, including from his girlfriend, who wrote in an email to me: “Hackers post on this mailing list is not a public service, it is a private communication that I cannot access or access to anyone else.”
Hacker told me that Holiday Tree has since changed its practices.
“This is an area that is being actively addressed.”
Hacker’s girlfriend did not respond to my request for comment.
Hacker told the story of Holiday Tree after his girlfriend asked him to help her make a donation to a local charity.
He said he did not think he should be making a donation on Holiday Tree, and he suggested that the charity should use a different site, such as Amazon, to deliver flowers and gifts.
“What I wanted to do was to make a point,” Hacker said.
“It’s not a bad idea, but I should have done it before.”
Hacker added that Holiday Trees “has been really responsive to the concerns that I’ve been raising.”
Hacker explained that Holiday is not an online service, but instead a delivery platform, which means that it’s “designed to deliver your packages to a specific address, and it does this through Amazon’s CloudFlare network.”
However, Holiday Tree does not have a website, so it is not possible for customers to find out if the company is doing business with the recipient.
Hacker said he would not make any donations on Holiday Trees.
“My advice is not to go there,” Hacker told TechCrunch.