Yahoo! reads! your! emails! Yahoo! is being criticised for the new Ts & Cs for its webmail service, which give it the right to scan your emails as well as making you responsible for telling anyone who might be emailing you, but the ICO has no problem with the changes. Such scanning has been common for some time; Google was the first to scan all messages …
Oh, what a surprise... I'm beginning to understand the tech luddites.
Android mining your GPS, iOS doing the same, secretly, and now good old Yahoo doing precisely the same thing.. and still we let them do it because we are more concerned about emailing or putting up some comment on a$$book...
or
Webmail from google..... free
Webmail from yahoo... free
Getting rammed up the ass because you happen to be Pakistani and Yahoo forwarded your email to the police.... Priceless
For everything else - there's MS Exchange
Not that I agree with this on any level (as i don't), but I would presume that one would only be "rammed up the ass" by the police, if there was actually something in the E-mails, Pakistani or not. Although I wouldn't be surprised if more Emails were checked up on depending on race.
"Random" Security checks and all :).
I choose to pay to fastmail.fm (free version doesn't spy too) and still (!) use a Symbian running handset, Nokia E71 for stability and privacy.
So, if you can handle being called "old fashioned" and people staring at you because you dare (!) to use anything other than popular/free/trendy... You got a choice.
I had some thoughts in my mind for Yahoo mail (12 years here) but lets not keep the mod busy with rejection.
It ceased to be yours the moment you dropped it onto a public service. You may have a certain expectation of privacy, but that is only insofar as your ability to hold the company to account if they take your "private" messages and dump them in a public place. I have always assumed that if you have your messages stored on somebody else's server, the admins can look at it whenever they like. Now it's put in the Ts&Cs so there's no doubt.
If I was really bothered, I'd get a static IP and run my own mailserver in the corner of the bedroom, and keep away from public services. Maybe not the answer for everybody, but I think the majority of us write messages that others would find mind-numbingly boring. I'm not bothered if my stuff gets read, half of what I say in emails is on my blog anyway...
The European Convention on Human Rights
'ARTICLE 8
Everyone has the right to respect for his private and family life, his home and his correspondence. ...'
I'm a wee bit rusty on this, but email falls under the remit of the 'correspondence' bit of Article 8
Also, our good friend the DP act comes into play here, as your email may contain 'sensitive personal data' as defined by the act in Part 1, Section 2 (specifically a,b,c,e and f - going by most email I've 'seen' - I used to look after MTAs and I used to content filter rather heavily), though, if you agree to the T&C, you're apparently fscked under Schedule 3, the bit where it states ' The data subject has given his explicit consent to the processing of the personal data. '
And yes, amongst the myriad email accounts I have, the most secure, spam-free are the ones on the mailserver running on the box in the corner of the bedroom.
The fact that the majority of my email correspondence is, as you put it, 'mind-numbingly boring' isn't at issue here (it really is pretty inane stuff these days), I've the technical ability to run a secure and private email server, joe.public@yahoogoogleaolhotmail.whatever doesn't, that's why they use these services.
I don't think they understand that 'their' emails are actually really the property of 'yahoogoogleaolhotmail.whatever' who graciously allow them to access them on occasion. The issue isn't that the 'admins' have access to your email (we always have had) it's that they're asking
'... for consent to the extension of machine-scanning inbound and outbound emails to look for keywords and links to further protect you from spam, surface photos and in time, serve users with interest-based advertising '
please note
' and in time, serve users with interest-based advertising '
Now, *you* may consent to them processing your email for these purposes, but your correspondents might have other ideas, after all, it is going to profile them as well.
mention the fact you've a new cat to someone @yahoo, get bombarded with 'interest-based advertising' from every kittie food manufacturer in sight, send an 'off colour' joke to a friend@yahoo, get a flood of adverts for rather 'personal' services, a message to a yahoo account with 'Mum's just died ' glorious sidebar advertising for funeral directors,coffins etc. etc. etc.
I can see the best way to have fun with all this is to keyword-spam yahoo accounts.
Doesn't this rely on
1. A very stable, reliable internet connection.
2. No power interruptions.
otherwise emails get lost in the ether or kicked back to the sender? Running your own server might be great but most ISPs don't allow it on anything but a business connection and getting too many server cannot be reached messages might put off senders.
Or are you doing things differently?
I guess you know already but lets warn people that it is not 1998 anymore and sending mail with a dynamic IP to any seriously managed server is impossible.
I mean smtp server on a dynamic IP.
Best is, get a real domain and choose a "mail only" hosting (IMAP/Cyrus) from a seriously managed/policy forced hosting provider. Just check spamcop.net and senderbase.org for reputation of their IP block.
"I guess you know already but lets warn people that it is not 1998 anymore and sending mail with a dynamic IP to any seriously managed server is impossible."
I've managed to configure sendmail and postfix to use my ISP's SMTP server as a relay and never had any issues.
http://cri.ch/linux/docs/sk0009.html
http://www.gungeralv.org/notes/archives/2003/06/howto_configure_postfix_to_use_a_remote_smtp_relay_host.php
Back in 1990s before this spam/zombie/bot nightmare, you could run your very own smtp server talking to the recipients smtp server *directly* without any ISP getting involved.
That has become impossible. Of course if there are any crazy mail admins who allows dynamic IP even to say "helo" in 2011, I just respect them ;)
If I email a Yahoo account but have not been informed of this by the account holder, it is STILL Yahoo's responsibility and liability, and I'm pretty sure that should a case of privacy invasion (or whatever) be brought against Yahoo, then a court would find the same.
Simply put, you can not shirk your legal responsibility or (more importantly) liability by simply saying it's someone else's problem. The law in most countries simply does not work like that.
Yahoo!s defense is that it would be impractical and impossible for them to actually warn all of your 'friends'.
There argument would go something like this...
There are two possibilities of e-mail communications between friends where one friend is a Yahoo! account holder and the other is not.
1) Non-account holder friend initiates the e-mail thread.
2) Non-account holder responds to e-mail from friend.
Ignoring scenario #2 and focusing on scenario #1, it would be impossible for Yahoo! to be omniscient. Because the friend is a non-account holder, we don't know who they are in advance. Therefore any e-mails sent to our servers would be scanned automatically, thus there is no expectations of privacy. At the same time, we have no way of notifying in advance to non-account holder that it is our practice to scan the inbound messages.
There is more to the argument, but the basis of the argument is that there are no technically feasible solutions that they themselves wouldn't violate the law(s) in multiple countries. Therefore the burden of notification falls to the user who agrees to the T's and C's. Its the simplest, legal, and cost effective manner of notifying the counter part to the e-mails.
"...thus there is no expectations of privacy."
You could just as easily conclude that there IS an expectation of privacy. I don't think anyone believes email is secure in any way at all, but I think for most people, there is an expectation that the service provider ISN'T going to snoop on your emails (with the possible exception of virus and spam scanning, which is automated anyway).
Of course your email may be intercepted on route and that is not the service provider's fault, but an assumption that there is no expectation of privacy from the SERVICE PROVIDER is very difficult to justify; other than for financial gain or just because they are being nosy (both of which would sound dodgy in court), what justification can there be for rummaging through someone's email?
As for the impracticality of informing everyone that may send email to it's servers, I could just as easily say it's not practical for me to check out the T's and C's of every host that I may send email to.
It would be better if you actually cut and paste the entire comment in context.
As I was saying... when you send e-mail to a large site, you can expect to have your e-mail scanned automatically to determine if a) The content contains no viruses or harmful payloads. b) The e-mail isn't spam.
So there is no expectation of privacy. The owner of the server has the right to inspect any inbound internet traffic, specifically e-mail to their server so that they can prevent harm.
You can try your argument in court, provided you can get a lawyer to agree with you and of course you'll watch your case get dismissed.
Remember on a server like these, the good of the general public trumps the rights of an individual.
"There are two possibilities of e-mail communications between friends where one friend is a Yahoo! account holder and the other is not.
1) Non-account holder friend initiates the e-mail thread.
2) Non-account holder responds to e-mail from friend."
Not just 'friends' but 'contacts' - I see a frightening number of business who use free email services such as Yahoo! (well, sole traders mostly - ie Joe Bloggs t/a.. - but some small limited companies, and in some case individuals within companies using such address for work purposes) . These are people who might receive email out of the blue from people or other businesses who are not already in contact with them. At what point do these third parties get warned about Yahoo!'s new policy?
(Obviously, they shouldn't be using Yahoo! for that sort of thing - but that's besides the point.)
It's quite impractical to include a warning wherever the email address appears - such as on all business stationery. What a lovely thing to have to include as part of the letterhead!
And what of entering email addresses into forms on websites? Are all such forms now supposed to have a new field: "If there is anything we might wish to be aware of about your email provider, please use this box: ________________________________" (It would have to be done in a generic way in case another free email provider decides to be equally annoying.
The bottom line is that just as Yahoo! argues that it's not really practical for *them* to warn their users' contacts, it's just as impractical for their users to do so themselves in all circumstances.
Additionally, I have a number of contacts who have Yahoo! email addresses and not all of them will necessarily understand what they're being told when they read about this new policy - or even notice it in the first place. With that in mind, rather than it being Yahoo!'s customers' responsibility to warn their contacts... I somehow feel that it's *my* responsibility to warn *my* contacts who happen to be Yahoo! customers.
And something's not quite right with *that* picture!
Hasn't anyone heard of 'There aint no such thing as a free lunch'?
Yeah. Someone provides a free service and millions use these resources. So eventually the service is no longer free or the company offering the service finds a way to make money from the service.
Common sense right?
So anything you say that is unencrypted, sent from a server you don't own to another server you don't own isn't going to be private.
Yahoo! is just pointing out in their T's and C's is that you have no expectation of privacy and anyone you communicate with has no expectations of privacy when the said mail hits Yahoo!s servers.
At the same time they are not going to warn your friends... that's your job.
To paraphrase a quote I read recently:
"If you're not paying for something, you're not the customer, you're the product being sold."
Pretty much every free email service on the planet is using you in some fashion for financial gain. If it's a price you're will to pay for free email, so be it. But don't assume they're ever doing it for the love of it.
I pay BT for internet service, advertised as including email. They use Yahoo.
Does BT pay Yahoo for this ?
And Yahoo throw plenty of advertising at me, so I am a benefit to Yahoo. They also use my address book to encourage me to Facebook.
Yahoo may be crawling to the spooks, or it may intend to send me targeted advertising. It is all done by machine although anything of security interest will be quick to eyeballs.
... at least in the Dallas / Fort Worth area.
We did get pop3 access and it wasn't until I tried to get some technical support that I realized that that our @sbcglobal.net email accounts are essentially yahoo accounts; because I was redirected to yahoo to log in to my email account.
So, does yahoo scan those emails too and how exactly "will [I] see a pop-up, notifying them of the change" using thunderbird?
...Did anyone think eny email going over the internet was private and secure? It's your job to ensure that anything sensitive in an email is encrypted, and you should always assume that it can be intercepted and read by anyone at any point from leaving your computer for the great wide internet onward until the end of time. if you don't like that, don't use email over the internet.
Yahoo's new T&C's could potentialy put them in breach of RIPA as such interception has to be notified to BOTH parties - even for unsolicited communications. Notification after the event would be too late - the interception has already happened without consent.
And since you logically cannot pre-notify unsolicitied communications you could end up with the peverse situation where Yahoo! could get sued by spammers for illegally intercepting communications to their targets without consent of both parties.
I'm surprised that Google has got away with it for so long.....
(**hears the lawyers eagerly sharpening the pencils....**)
Their problem *could* be unilateral changes to a contract which voids it (the traditional argument against "we put our T&Cs on a website which we don't date, and we'll change them frequently), ever if they email you the change won't stick unless you have an option to opt out.
The first problem is that Yahoo needs to have a UK office for rIPA to apply - if not, you won't stand a chance. The second issue is that Yahoo may state that it does not intercept as per RIPA as that implies catching traffic in transit. They just scan their own storage servers..
I may have missed something, but IMHO there's no chance you'll be able to use RIPA. And that's without mentioning the HUGE effort of getting the cops sufficiently interested. The NotW affair has shown that to be challenge in itself..
"Yahoo told PC Advisor that anyone who didn't like the changes should simply keep using their old account.
Appears to contradict what they have been telling customers. In an automated email from Yahoo last week:
"If you’ve already upgraded to the latest Yahoo! Mail, thank you.
"If not, in about a month from the date of this email, when you sign in to your Yahoo! Mail account, we will ask you to upgrade to the newest version of Yahoo! Mail. But you don't have to wait. You can have the newest Yahoo! Mail today.
"You can upgrade now to the newest Yahoo! Mail if your browser is Internet Explorer 7, Firefox 3, Safari 4, or Chrome 5, or newer.
Fortunately I use Opera so none of this applies to me :-)
When I accidentally "upgraded" and tried to go back, I found this, which would make Michael Howard proud:
"Can I switch back to a previous version of Mail?
Last Updated: 21 June 2011
We have removed the "Return to Original Mail" link from the help menu as we're strongly encouraging all users to migrate to the newest version of Yahoo! Mail. We will continue to invest heavily in the latest version of Yahoo! Mail, further improving it and delivering more compelling features to our users.
We know that changing to a new interface can seem daunting, so we’ve done everything possible to make the transition easy. We have created help pages specifically for users who have recently switched to the newest version of Yahoo! Mail, highlighting differences that you may notice: http://help.yahoo.com/l/uk/yahoo/mail/ymail/migrating/.
We hope you’ll give this new version a try. It’s our fastest version of Yahoo! Mail yet, with improved protection against spam and advanced features like in-line photos and videos."
In other words - far fewer words - NO!
http://help.yahoo.com/l/uk/yahoo/mail/ymail/migrating/fromclassic/mltamnoswitch.html
I've had enough of these free webmail services. Last week I registered a new .co.uk domain with only 3 digits in it for £6 for 2 years, and paid for a years email mailbox for £10 with webmail and IMAP. It's a small price to pay.
I was going to use my ISP email - but as they use Gmail I thought better of it. Do these T&Cs effect the millions of BT Broadband customers on their Yahoo! powered mail too?
At least it seems to work for me and others..
Use Firefox with the NoScript plugin (or any other way to prevent Javascript from running). Yahoo new mail won't work without JS running, so you are presented with two options: Run the old mail just this once, or switch back for good to the old version.
Re-enable JS and you're good to go. At least for now. And who is to say your emails are not being scanned in any case, but I digress.
there is a need to inform anyone that is likely to email me, so all I need to do is draft a quick mail stating this...
open the Global, Global addressbook, select ádd all... hit send....
hey presto everyone on the planet will recive notification about my news... now if everyone with a yahoo account does this, then the problem will be sorted!!!
"People should have the right to send messages without Yahoo! snooping through them," said Sarah Kidner editor of Which? Computing. (BBC Tech Pages)
err no akshully. If that's the T&C (changed or not) that's the deal. if you don't like it, pay a few quid for an email service you cheapskate.
Oh and can you remove the three tracking cookies from your site please ?
Virus checking is fine, but "a person intercepts a communication .... to make some or all of the contents ... to a person other than the sender or intended recipient (RIPA definition in section 2) - and the consent exception 3 (1) requires both ends. Whilst google mail presumably heads to the US at some stage, the sender cannot assume the recipient is in the UK, but, at least for a yahoo.co.uk address, one could reasonably expect it to comply with RIPA.
ain't no such thing as.
Really, if you want private email, your not going to get it for free - you'll have to pay for it.
If your running your main account via a free webmail service such as Gmail or Yahoo - heck, what do you expect?
Those T's&C's also contain a tasty old "We can change our T's&C's whenever we want, so nyah" (well, maybe not worded exactly like that)
Besides, waddaya gonna do? Sue them?
Good luck with that then...
You want decent, private email? Get your wallet out.
"You get what you pay for"...
More targeted advertising - what fun. I remember reading somewhere about how with Google mail, if you have the word "death" in your email they remove their advertising completely to avoid those accidental bad taste adverts. i.e. adverts for a new car after someone has been killed in a road crash.
I know at least one person who started to add a quote in all of his email about death... and saw a lot less advertising in his account.
I wonder if Yahoo will have a similar word list?
The only reason the newest mail exists is to get you to agree to the new T&Cs. If you go back to classic mail now you won't be forced to switch from new mail to the newest mail and you won't have to agree to the new T&Cs.
Anyway, time to crank up Thunderbird and download it all with POP3.
Many moons ago I had a conversation with someone who told me that all emails can be read by the government. Rubbish I thought, I know how point to point email transactions work and smugly I run my own Exch servers, so he was talking rubbish IMHO.. at the time!
Then a new contract came to play and I met up with the Cisco Aeon server which did bit level packet inspection and my whole view on data privacy changed right then and there. I still run my own exchange servers and I'd prefer that over the free mail providers any day but I'd be kidding myself if I ever considered the information secure. The moment it leaves my server, anyone on the route could get at it and open, read and change the details without me knowing.
Such is life.
its to stop the email being scanned for whatever purpose yahoo! thinks necessary, which is the topic under discussion?
ROT13 or other obfuscation could also be used, but may be easily defeated, encryption id more difficult. Then of course they will only allow real text, or images, haha lets use steganography.
ob·fus·cate/ˈäbfəˌskāt/Verb
1. Render obscure, unclear, or unintelligible.
2. Bewilder (someone).
re
Yahoo! is being criticised for the new Ts & Cs for its webmail service, which give it the right to scan your emails
What happens if you consent to receiving specific marketing email from an company you trust and Yahoo sells your details to their biggest competitor? You get blitzed with marketing from the competitor which the trusted company can't match because they're bound by the Data Protection Act.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
