PSA because some people don't seem to know that. Those weird barcodes found on letters contain your zip/postal code (which in some places can point to really specific location). You may want to blur them out when posting photos of letters online.
@IceWolf If I remember correctly you live in the US, if you're interested how exactly they work USPS has speciation on it's website: https://postalpro.usps.com/storages/2017-08/2190_USPSB3200IntelligentMailBarcode4State_0.pdf
@gorol Better yet, sharpie over it and otherwise use solid color blocks, blurs can be undone at this point.
But yes, absolutely an easily overlooked part of opsec! Don't forget that cameras are good enough a discarded letter envelope in the background could very easily be read too..
@IrisKalmia I was thinking about adding this advice, but decided not to for clarity. Solid black block are the only way to censor something reliably, but they have to be applied correctly. Countles PDFs, PPTX presentations and vector images were censored with black boxes that can be removed. And that's not all; contract between EU and AstraZeneca although censored correctly had first 255 characters off all paragraphs in table of contents. OPSEC is hard.
@IrisKalmia Also sharpies are not ideal, sometimes little image manipulation can reveal what was underneath. GOOD OPSEC IS HARD
@gorol it is! Ultimately it's about raising how much effort an attacker would need to put it past their effort to give
@gorol Now you have me wondering what ink would be best. I bet lettering over the barcodes and such in a bic would be fairly reliable, but have no study materials
@gorol they also exist in the UK (albeit in a slightly different proprietary format) and are added by Royal Mail sorting equipment in UV sensitive ink, so can be easily overlooked (they are usually a fluorescent orange colour, and you will see them on envelops that have already been through the postal system delivered to your address)
@vfrmedia Similar ones are in use in Poland (I didn't know they were fluorescent! I just checked under a UV lamp and it glows!). I wonder is it some kind of standard encoding (maybe used by one of sorting equipment manufacturer?) or every postal operator uses a different one.
@gorol I think the same company sells the kit to postal services the World over; but what the data contains varies between each country.
The black readable 4 state barcodes do also exist in the UK (and this format or the contents isn't a secret and is widely shown online) but are more often used for bulk mail (especially marketing related mail) from larger companies...
@gorol I worked for a company doing bulk mailing in Australia, these barcodes contain the Delivery Point ID which helps in automatic sorting equipment, so they get a discount sending letters that have it. This data is just a numeric value that represents the address underneath it. But on longer ones you can add your own custom customer data which could be anything. Auspost has details here https://auspost.com.au/content/dam/auspost_corp/media/documents/barcoding-fact-sheet-oct14.pdf
@drlabman I have a really surface level knowledge about it, but what's in the barcode really depends on the country. For example in the UK as pointed out by @vfrmedia they are printed by the Royal Mail and are only used to simplify mail sorting. Something similar is used in Poland, although I'm not sure what exactly is encoded; all of the tracking of priority mail is done through a separate sticker with CODE 128 barcode.
@gorol I’d like to make one detail more explicitly clear: Depending on how much the sender wants to include, the barcode can include the “delivery point,” which corresponds 1:1 to your exact address, anywhere the USPS delivers to.
@gorol It's worse than that: the barcode encodes the complete address. You need a database to decode it, and I don't know how hard it is to get access to that, but given that lots of organizations print the barcodes on their outgoing mail themselves, I'm guessing not that hard.
(Technically what the barcode can reveal is the "delivery point", the location where USPS hands off responsibility for the mail, but that only differs from the complete address in cases where you're probably not concerned about the privacy of the address anyway, like a corporate mailroom.)
(Also I don't know how this works for international mail.)