I wish there had been some intermediary (goverment run is fine) where you get a (shortish) personal code for things and you update the central intermediary with where that should target.
It wouldn't be a means to hide (any one registered to the system gets to do the lookup to area to calculate shipping etc) it just lets you do redirects simply and not have to worry about updating various places that need your address when moving.
I was thinking about how such a system would be architected. Simple HTTP get request, company uses an API key to authenticate and it costs some minimal amount per request. A request could be for one or more addresses, so companies can optimize costs to themselves by batching their requests, also reducing load on the system.
I stopped for a moment, concerned that this could allow anyone with a valid API key to get the address of anyone whose code they know. That risks large scale data brokers just scraping huge amounts of addresses to build up address histories and then associating those histories with a unique person as soon as either the person's key or any one address leaks. If the addresses include the recipient name, then it's even easier. Data brokers could just hit the API with batches of random codes and steal address information.
It wouldn't be the only way such entities steal PII to sell, but being a new system and if it is run by "the government" it'll be under a lot of scrutiny. "Government sells your address to scammers" would be the exact kind of headline that could kill the project, and be political poison for whatever politician set it up.
It would also risk providing a tool for anyone looking to harass or otherwise abuse a target if they can figure out the target's code. Imagine the likes of 4chan getting someone's code. SWATTing on demand. Easy access to mail death threats. Or in the worst case scenario straight up showing up at someone's home.
Stalker exes. Creepy fans showing up at streamers doors. And more.
At the bare minimum such a system would need to be strictly opt-in, with a trivial ability to delete your information from it at a later point. But even that might not be enough to mitigate the risks that come with this kind of unified attack vector.
And all this doesn't even get into what happens if the database is hacked.
