Yahoo, Bucking Industry, Scans Emails for Data To Sell Advertisers

The U.S. tech industry has largely declared it is off limits to scan emails for information to sell to advertisers. Yahoo still sees the practice as a potential gold mine. From a report: Yahoo's owner, the Oath unit of Verizon Communications has been pitching a service to advertisers that analyzes more than 200 million Yahoo Mail inboxes and the rich user data they contain, searching for clues about what products those users might buy, said people who have attended Oath's presentations as well as current and former employees of the company. Oath said the practice extends to AOL Mail, which it also owns. Together, they constitute the only major U.S. email provider that scans user inboxes for marketing purposes.

Slight correction

[asackett]

Together, they constitute the only major U.S. email provider that [admits that it] scans user inboxes for marketing purposes.

Re:Slight correction

Yahoo is a company that has had no reason to exist for the last 10+ years. Now that Marissa Mayer has driven the last nails into the coffin and floated away on her golden parachute, Yahoo might as well just be as evil as possible and squeeze out a few extra Shekels while they still can. What have they got to lose?

Re: Slight correction

[SirSlud]

Tech companies admit all sorts of lousy things in their TOSes. Moreso, something like targetted advertising based on email contents is really easy to validate. And if every tech company is lying about what they do with your data, why do they even write novel length privacy policies and TOSes to begin with? Security researchers turn up backdoors and bugs all the time, and sure, the occasional clear violation or outright lie between a TOS and actual practice, but if every one lied about this stuff, why on earth would YAHOO mail admit to doing it (let alone any of the other marketing oriented data collection they engage in across all their other services.)

Re:Slight correction

[dcw3]

Yahoo is a company that has had no reason to exist for the last 10+ years. Now that Marissa Mayer has driven the last nails into the coffin and floated away on her golden parachute, Yahoo might as well just be as evil as possible and squeeze out a few extra Shekels while they still can. What have they got to lose?

I would have agreed with you up until Google did away with the iGoogle portal. I'd been using both yahoo and igoogle portals since they started up, and was ready to drop yahoo until suddenly Google decided to drop theirs for no apparent reason, only claiming that everything was available through apps...well, sure it is, but I want it all on one page thank you very much. I've seen nothing else that allows me to put my mail, weather, sports, calendar, news, stocks prices, local movies, etc. all on a single page...that is until yahoo dicked around and removed the calendar, and pissed me off again. With this news, I'm probably going to stop using the email address I've had with them for 20 years...sigh.

Another Reason

[TheReaperD]

Yet another reason to avoid Yahoo (and, by extension, Verizon).

Re:Another Reason

I don't know if I can stop laughing long enough to type this.

Yahoo's owner, the Oath unit of Verizon Communications has been pitching a service to advertisers

One crook, scamming other crooks

that analyzes more than 200 million Yahoo Mail inboxes and the rich user data they contain

Rich user data? From morons using Yahoo for e-mail? Who is stupid enough to actually believe this?

Re:Another Reason

[JMJimmy]

Not a moron here and still using Yahoo mail. Not as a primary email but simply due to momentum. The account existed long before gmail did and the number of accounts tied to it are countless. Gmail became my personal email while Yahoo became the one I gave out to 3rd parties for account creation purposes.

How does one even start to unwind a 15+ year old account tied to hundreds of services? The moment I saw their privacy policy change I wanted to cut and run but unless I am going to scour every forum/business/etc that I ever signed up with, I'm stuck.

Re:Another Reason

[LucasBC]

All they'll glean from me is that I'm a pornography-obsessed kinky nymphomaniac, because that's the only thing I use my old Yahoo! Mail account for anymore. As far as I'm concern, the account is disposable. I haven't agreed to the new terms of service yet, and the moment it becomes mandatory, I'll abandon the account.

Re:Another Reason

I'm in the same boat. However, there are options to distance from it. For example, create a new email account, then forward your Yahoo messages there. Start using the new one as your primary, then update your accounts on sites that are still contacting your Yahoo address. You could have these filtered into an inbox labeled "unconverted", then switch them over. If you have any long-lost accounts anywhere that you suddenly need access to, that will appear in the new inbox when you need it. Or I guess a label would work instead of a whole 'nother inbox, depending on the service/preference

Re:Another Reason

[JMJimmy]

It represents a bigger problem though. If an email provider can unilaterally make such a massive change to privacy rights then is it safe to use any provider? If we have to use home servers to maintain privacy, who do we entrust to guard us from spam/phishing/data loss?

For that matter what is to stop the yahoos at Yahoo from charging for forwarding services?

Re:Another Reason

[dcw3]

Ditto. I've had my Yahoo account for ~20 years, and use it now primarily for accounts and anyone who I don't want to give my main email to.

fake news

[Reverend+Green]

More fake news from a semi-official propaganda outlet. EVERYONE knows that Google and Facebook datamine your inbox, your browsing habits, and absolutely anything else they can find. And sell that data to repressive gover... er, I mean, advertisers.

Re:fake news

It seems Google does not scan emails for advertisement purposes, though they do scan your emails:

https://variety.com/2017/digital/news/google-gmail-ads-emails-1202477321/

Also from the horses mouth:

https://support.google.com/mail/answer/6603?hl=en

Re:fake news

[KiloByte]

It seems Google does not scan emails for advertisement purposes. Also from the horses mouth:

And I never have lecherous thoughts when passing by a hot woman on a sidewalk, honest!

Re: fake news

[SirSlud]

Why the fuck would google say "we read your e-mails" at all if they're just going to lie about it?

Someone should start a service

[bobstreo]

to poison the well of email scanning.

It wouldn't take much to dump some emails with personal or financial lies into your inbox.

Extra points for references to non-existent medical conditions or upcoming illegal transactions.

For example

You'll scan people's private email for gun control text and sell the NRA that advert.
You'll scan people's private emails for political discussion and sell that to Russian trolls.
You'll scan people's private email discussions for Net Neutrality and sell them to.... *Verizon*, i.e. you, so you can use the content of their discussions for your anti- NN bullshit.

The contents of people private emails are there to be scanned for keyphrases and sold to advertisers, because every private conversation needs to be sold to whoever will pay for data on it according to Verizon.

I'm sure Ajit Pai will step in an regulate his former (and future) employer.....not!

Verizon's Moto

[Gravis+Zero]

Verizon: sociopathy!

Many people in Europe have Yahoo adresses

[houghi]

Many people in Europe have Yahoo adresses. Some will even have Yahoo.com and not e.g. Yahoo.fr or Yahoo.co.uk adresses.

So what is 4% of their annual turnover? (Hint: GDPR)

Re:Many people in Europe have Yahoo adresses

[whoever57]

Many more people have email addresses that are not @Yahoo.com, but are run by the former Yahoo (Oath). Entire ISPs outsourced their email infrastructure to Yahoo.

Re:Many people in Europe have Yahoo adresses

[dcw3]

And don't forget about @AOL...Oath has taken over the AOL campus.

Re:Guess why I didn't accept the new ToS

[asackett]

Violating my policy of not responding to AC's:

Perhaps more importantly, is there some way I can poison the data first (including the email, but presumably other personal data, too)?

Unless you want to spew feces at your correspondents, there's no easy means I can see to fuckerize their data. Even at that, there are surely ostensibly smart people anticipating it anyway. The naive and perhaps effective approach for them is to discount data obtained from those who've radically changed their habits shortly after the article was published. Since most of their users are in the IDGAF column this would be sufficient for most purposes. The hot ticket is just to bolt and accept that what's already known is already known.

The broader problem is the general public's willingness to equate no-or-few-dollars-surrendered to some-greater-efficiency. There's no way to prove that Googod and/or others aren't conducting industrial espionage and/or hostile mass surveillance, and given that they're offering a no-dollar-cost solution in a commercial market there's no reason to assume that they're not doing so. People like to think that they'll be lost in the noise, most of them completely unaware of the means by which they can be discriminated. So it goes.

Professional paranoia is one of my marketable skills, so take from this what you will.

Educate by sharing

[XB-70]

Please share this article far and wide and advise friends and colleagues of this practice and offer them alternatives.

I use ProtonMail.com. what do you good Slashdot readers recommend?

Re:Educate by sharing

[asackett]

If you correspond with users of ESP's it doesn't much matter what you use on your end of it. Therein lies the rub.

I recommend encrypted email, for all things, all the time. Your mail might still be scanned, but at least they'll have to work for it.

No, this isn't a workable solution in a world of people who don't give a fuck. But it's what I recommend.

Re:Educate by sharing

[DaMattster]

I self-host everything. I have a VM churning away on vultr.com and do all of my own email, web, blogging, and personal cloud storage stuff. I just use my gmail address as a throw-away now.

Re:Educate by sharing

[whoever57]

I self-host everything. I have a VM churning away on vultr.com

It's getting more difficult to self-host these days. Many email services appear to be hostile to email that doesn't come from a massive email provider.

No one is going to blacklist email from Gmail, but blacklisting a single VM that puts out a few hundred emails per month: they will do that in a heartbeat.

It's also easy to get caught up in a blacklist on your network IP range because someone else sent something that a recipient thought was spam.

Re:Educate by sharing

[lactose99]

You blog? GTFO. People still do that? What is this 2003?

Re:Educate by sharing

[asackett]

It's getting more difficult to self-host these days. Many email services appear to be hostile to email that doesn't come from a massive email provider.

I've not had that problem, perhaps because I employ SPF and DKIM, and HELO using the name given by the DNS PTR record.

Yahoo Mail has gone steadily downhill

I was so early to the Yahoo Mail game that I was able to get firstname.lastname as an address. It was great for the better part of a decade. I even upgraded to the "Mail Plus" package to get some extra features and to naively show my support for their great product.

Over the past couple of years, they've made some business decisions that have driven me away inch by inch.
- They moved all of the features of the paid-tier to the free-tier, except for ads. Now the only reason to pay is to remove ads.
- The webmail interface has gone through 2-3 updates that make it slower and more difficult to use with each revision.
- Your reward now for having an empty inbox is "watch this random video!". It actually incentivizes me to keep mail in my inbox so I don't have to see it.

I decided that it was time to abandon free email providers and bought my own domain. Now I can jump ship if my current provider (Fastmail) ever disappoints me and not have to go through the headache of changing email addresses.

How ironic

[zarmanto]

Ironically, the only e-mail messages that come into my (largely defunct) Yahoo account are from... ummm... advertisers. That is to say, that's the address I give out to websites and/or companies that I never actually want to hear from again. So, did I buy something from those companies? Maybe... but just as likely not. So sure, Verizon; knock yourself out -- though, I have little faith that you're going to get much real value out of scraping my inbox.

(Also... it baffles my mind that there are people who still use legacy AOL accounts.)

Re:How ironic

[dcw3]

"(Also... it baffles my mind that there are people who still use legacy AOL accounts.)"

Why? I know at least half a dozen folks who still use AOHell. I even still have a 3 letter account name there, but haven't logged in in about a year. BTW, Oath has taken over the AOL campus near me.

That's fine

[kqc7011]

This is Ok with me as I use a Yahoo address for my "you want my email?", here it is response.

Re:That's fine

[WCMI92]

That is a good idea of what to do with my old Yahoo email. Which I haven't used in 10 years.

Good

[nullsec]

Considering the majority of email will be spam for Viagara, does this mean Yahoo will finaly admit their part in spams enablement?

It's been my long held belief that email providers themselves intentionally facilitate spam because it perpetuates their scummy business model. What I'd LOVE is some way to say "this email {domain | address} cannot be routed through nor used by the following providers" - of which Google, Yahoo, LinkedIn, Micrsoft and Amazon would all be at the top. I 've used domains I knew were blacklisted smply because they stood a very low chance of being archived. Prety ironic.

More I think of this.. hmm. I know Microshaft and Google have domain signing and some companies use it for IDP AM's (Adobe for example), what I those were intentionally bogus. Or, even better, any mx /spf dns records to those providers..

Re: Oh hell no!

[Camarillo+Brillo]

Yes indeed, Thats what ProtonMail is set up to do,

Yahell

[beep54]

I cannot fathom why this thing still exists. They were famous years ago for screwing up everything they touched.

Re: Wall Street Journal

[retroworks]

How does ReverendGreen's baseless claim that the WSJ is a propaganda outlet get 4 point mod up? It's probably the best and fairest news source out there.

Do they also Mine the Reply and Incoming Emails?

[retroworks]

Article was silent on this point, but it would be a far greater portion of email traffic if they are scanning INCOMING and REPLIED-TO emails to sell to marketers (and would make Gmail, MS and others who ceased that activity somewhat toothless in their guarantee). [and as the one who made this WSJ submission, who is MSMASH and why do all submissions come from MSMASH today?)

Things Yahoo has done right in the last 18 years..

[wardrich86]

1.

Re:Guess why I didn't accept the new ToS

Violating my policy of not responding to asackett:

Your policy of not responding to AC's is stupid, and pointing it out like that is pretentious. When AC posts are just racist tripe, it makes sense to ignore them and nobody deserves a medal for it. When AC posts are meaningfully contributory to a conversation, it makes sense to respond to them, and there is nothing noble about a policy that would block such a response.

Assholes.

[Rick+Schumann]

They're nothing short of that.

AOL mail was rehosted to the Yahoo mail platform

[kriston]

In related news, AOL mail was rehosted to the Yahoo mail platform quite some time ago.

Re:Guess why I didn't accept the new ToS

[Rob+Y.]

This might be a good opportunity to legislate the difference between "sell your information" and "make money by letting marketers ask us to target ads to you based on what we know about you - without revealing that information".

People (and, apparently, a lot of Slashdot posters) think Google does the former, when they only do the latter. Facebook does both (or at least at the time of the Cambridge Analytica fiasco they did). It sounds like Yahoo is planning to follow the Google model, which might not be so bad. But there's no reason Congress can't pass a law that makes it illegal to sell your information directly - without your granting explicit permission (in writing, perhaps - as opposed to clicking some "I Agree" box). That kind of law would put some reasonable constraints on internet services and define some consistent rules that users could understand and, more importantly, assume are being followed by all the services they use.

Instead we have Trump tweeting that he wants a low to require that search engines return links to 'both sides' of an issue, regardless of what's actually out there as determined by popularity (or whatever their algorithm is these days).

Yahoo still has email? Who knew?

[DickBreath]

Even more surprising is that Yahoo is still even around.

Re: Guess why I didn't accept the new ToS

[asackett]

Is it a wrong perspective, or just a different facet? Of course all mail should be encrypted, but I've never had any luck convincing any significant number of correspondents to do so. I, personally, do not trust any encryption to keep my garbage permanently safe. I see it as the means by which I try to keep my data safe for long enough that it's no longer of value when it's discovered.

The problem I see in the use of the monopolistic providers' services is that it makes surveillance even easier than it already is. We don't have any choice in the matter when it's a state actor, but we do when it's a corporation whose services we can choose or not. Whether my garbage is encrypted or not, the longer I can deny access to $BAD_GUY the longer my garbage stays safe. If it takes $BAD_GUY a week to decrypt my garbage but I keep it out of his hands for a few years, I get a few years and a week. If I instead hand it over to $BAD_GUY because I'm too trusting, I get only a week. If $BAD_GUY can never get it, then the encryption, though prudent, is superfluous. (No, I don't believe there's a reliable way to ensure that $BAD_GUY can never get my garbage.)

Re:Guess why I didn't accept the new ToS

[neoRUR]

He didn't respond to an AC, he responded to the people doing the data mining in the email, now they know all the good tricks...

What about others?

[antdude]

Google, AOL, etc.

Re:What about others?

[dcw3]

AOL is part of it already...Oath took over their campus here in VA.

Re:Yahoo still has email? Who knew?

[dcw3]

Um, get out of the basement once in a while, and you'd see it in many people's mail. AOL too.