It’s been a week since Spotify’s messaging feature emerged from the ashes, and it’s already turning heads.

For reference, the music streaming giant used to offer a social messaging feature in its app, but it was killed off in 2017 because of “very low engagement.” Now, with the feature making a comeback, Spotify is giving users more control, complete with encryption “in transit and at rest,” an option to reject message requests from other users, and the option to opt out of the feature outright.

Despite said measures, though, the feature does inadvertently introduce a doxxing risk by tying you to people you’ve shared music with in the past.

Brought to light by users sporoni122 and Reeceeboii_ on Reddit (via Android Authority), Spotify’s messaging feature has the potential to reveal your identity to complete strangers — strangers you’ve shared Spotify links with in the past.

For example, let’s say you’re in a Discord gaming group with people you know online, but not in real life. You’d like to keep it that way, and that’s precisely why you don’t use your real name or other identifiers on Discord. The same scenario could apply to any other messaging and social apps like WhatsApp and Reddit. You know you have a good taste in music, and would like to share it with others in the group. You do so by sharing a Spotify link. Not a link to your profile or anything, but simply to a track.

Congratulations, you and the person/all the people that clicked on that link are now connected, at least in the eyes of Spotify’s new messaging feature.

This applies to Spotify links you’ve shared in the past too, before the streaming giant’s messaging feature rolled out. That’s mainly because each Spotify link you share has a unique suffix attached to it. Whenever someone else taps that link, Spotify is able to connect the dots between person A sharing a link and person B clicking on it, allowing it to come to the conclusion that the two know each other.

This is where the new messaging feature’s ‘suggestions’ come into play. Because Spotify can connect said dots, it can suggest you as a potential ‘suggestion’ to anyone who has ever clicked on one of your shared Spotify links. Users are then free to explore your profile, see your name and photo, send you a message, and reportedly even see a history of Spotify links exchanged between the two of you. The latter would allow others to connect your real-life Spotify identity with your pseudonymous presence on other platforms like Discord, Reddit, or WhatsApp.

This could be a jarring experience for users that want to keep their identity private. A simple solution is to opt out of the streaming giant’s new messaging feature via the app’s settings. However, if you’d like to retain the messaging functionality, stripping your Spotify account of any personal information is your best bet.