A few days after a remark on hn, while the thread was still active, I received a mysterious package I didn't order from a weird drop shipping service where the original sender is unknown and undiscoverable to you the recipient. It didn't contain anything bad just a single surgical mask (during covid, common valueless item basically). The message was just that they could find my home address. It was a stupid message since I obviously do not hide my identity on hn. But it means you're not wrong to be careful, both in general, and on hn in particular.
Hmm, my first guess would have been that you have been a target of "brushing" [1].
In a Reddit thread from 2020 [2], multiple people mention that they received surgical masks they did not order.
The package came from a US company in Texas not China. Not directly, the mask could have been made anywhere, but the package did not contain any other mail labels like when you get something from China. And never happened before, never happened again, and was literally only a single mask.
Still, seems to fit anyway because the brushing descriptions do vary in the details a little. My example still fits.
Or maybe it still was the hn guy and this just the method they used because they knew about it.
It's always scary, no matter how innocuous. I'm glad it did not escalate into something else for you!
Without getting too deep into it, there are some things I know how to do with computers that I probably shouldn't, so my thought is this; if I, a random idiot who just happened to learn a few things, can do X, then someone smarter than me who learned how to attack a target in an organized way probably has methods that I cannot even conceive of, can do it easier, and possibly without me even knowing. It's this weird vacillation between paranoia and prudence.
For me, it's really about acknowledging what I know I don't know. I do some free courses, muck about with security puzzles, etc, even try my own experiments on my own machines, but the more I learn, the more I realize I don't know. I suppose that's the draw! The problem is when you learn these things in an unstructured way, it's hard to piece it all together and feel certain that you have covered all your vulnerable spots.
