Yahoo secretly scanned customer emails for US intelligence

Topic

New Reply

That’s what Reuters says, citing unnamed sources. Wonder which other companies have been complicit.
[See the full post at: Yahoo secretly scanned customer emails for US intelligence]

Reply | Quote

Replies

This is the same bunch of masters of the universe that recently was hacked and as a result is now credited with the biggest unintended release of customer information in history.

My Yahoo account now opens with a warning to change my user name and password. It’s a good thing I don’t use Yahoo for email.

Put two and two together: If Yahoo has been spying for the government, they apparently have collected much more information about users than their passwords. What confidence can users have that their emails etc. have not also been part of the hacked data, particularly since Yahoo has concealed the spying from them in the first place? To say nothing of whatever the spymasters are up to.

I have said before that Microsoft’s spying presents the risk that some hacker will obtain a gusher of user data someday.

Reply | Quote

Dirty truth is that all of these data snooping business models depend upon limited legal liability for data breaches. Open these companies up to real fines and sanctions and you will see “big data” migrate to “little date” in short order.

Reply | Quote

There should be much more concern about privacy from corporate than from govt. Companies like yahoo, google, yahoo, LinkedIn produce nothing and their entire business model is driven by data collection. They will stop at nothing to scrap everything they legally and illegally can or wont survive. I mean look at today’s google products. They are all about deeper data collection. Those who buy them deserve what they get.

Reply | Quote

And I bet it happens in the EU before the good ol’ USA.

Reply | Quote

you have to wonder who the real sponsors of the great Win10 giveaway are. Probably means that Great Aunt Mabels secret cookie recipie has been “compromised” (probably watched too many spy movies here) hehehe

Reply | Quote

I would happily see the company fold at this point; i hope this puts the final nail in the coffin of a verizon buyout and we can be rid of this dinosaur. They’re not the only ones to do this i’m sure but they have consistently flouted security over the years to the point where their emails were regularly hacked. As much as i loathe google with all of my being at least they have good security. So, take them round the back of the house and put a bullet in its head, they’re done.

Reply | Quote

They have better security bcoz they want the exclusive rights to hack their customers.

Reply | Quote

First off, Thanks Woody for the “No Bull” news blog. Congrats on the new book! Thanks to all posters for keeping it real simple for the past 16 months.

First post here. Had to be about a hack…sorry!
It’s sad that one can lose count of how many EULA, and TOS we are exposed to, and compelled to accept in order to use a device, or post a comment on some forum; even use a Smart TV/Thermostat/Refrigerator or any IOT device!

I could rant on, but I find my mind polluted by trying to delete Yahoo Legacy accounts, and evading the real purpose for visiting this site and I wish not to blemish the community further.

Thanks Woody!

ps Watch your CBS logs on slow to update Windows systems. Lots of disk activity on small IE updates. Mine gets cleaned every run of CCleaner/Winapp2/Trim and was over a gig just doing one tiny update.
C:WindowsLogsCBS

Reply | Quote

More of all, when to trust a government again?… after elections? whahahaha.

Reply | Quote

Naw, you won’t blemish this site. We’re wide open, and have many people visiting who have all sorts of security problems.

Reply | Quote

If you’re worried about that then MS are a more serious worry.

Computer Weekly recently published a review of the speech by Satya Nedalla, here is a snippet of what’s ahead:

“During the keynote speech, Microsoft shone a light on plans to expand the type of information Cortana can access, including
health and fitness data, to give enterprise users a comprehensive overview of their business and leisure plans for the day, so
they can see how work commitments may impede their exercise plans, for example.”

Would you really want to trust MS with your health data to be used as they see fit?

Here’s another snippet

“To emphasis this point, Nadella described Cortana as a “new organising layer” that will take its place alongside PC and mobile operating systems as a means of helping enterprises get stuff done.

For example, if a user has a meeting booked in their Outlook calendar, Cortana can alert users about scheduling conflicts andpull in data from LinkedIn about who else is invited.

“We are well on our way here with Cortana. In fact, we have 133 million active users each month, across 116 countries, and they’ve already asked 12 billion questions,” he said. “It can take text input, it can take speech input, [and] it knows you deeply. It knows your context, your family, your work. It knows the world. It is unbounded.”

Rather makes Orwell’s 1984 a bit tame in my view

Reply | Quote

I think your second Yahoo was in error, but let’s add Microsoft and Apple to the mix just for fun. These companies all do roughly the same things in the same ways as part of how they use email and other posting content to generate personalized ads, for the purpose of enticing more clikc-throughs. That’s how “free” services are paid for. No problem there. Everyone knows this happens.

What Yahoo did which is troubling (and what it is believed by many that AT&T does through its services) is to secretly collect (meta-)data on individuals, which is individually identifiable, and secretly share the metadata with the US and other governments, upon government requests which the customers never even see. There is no opt-out from secret spying programs.

Then we hear of a data breach which Yahoo sat on for over two years. Why? To avoid alarming their shareholders. At the risk of letting their customers, and some of us still pay, sit there like ducks in a row, waiting for the slaughter. Let’s hope the New Boss (Verizon) is better than the Old Boss. And that we Don’t Get Fooled Again.

AT&T like Yahoo, is rapidly becoming a dinosaur in the consumer level Internet Services sector. Sad but true.

My recent experience with (Sept Win 10 Pro, three PCs) MS Updates breaking my access to certain Domains may have been due to AT&T DNS deliberately breaking https and ssl security to engage in spying on their customers, as some tech press reports have claimed they routinely do.

Solution in this case — since Microsoft itself was a broken Domain and I could not connect through Windows 10 to any Microsoft site anymore via U-Verse Internet Services, I changed the DNS servers to OpenDNS and — voila! I was reconnected to the Microsoft Domain. Updates and downloads could resume, and my Internet searches (Google, Duck Duck Goose) became faster and pages transitioned faster. I gained on SpeedTest as well.

Not proof of the claim, but I’m smelling something very phishy about AT&T DNS Services (also known as Pace DNS). Paranoid? Maybe, but with a simple alternative available, why take the chance?

I will be switching to Comcast at the end of my term with AT&T for other reasons, which have also been widely publicized. (Over the wire TV services are being terminated by AT&T and don’t get me started about their streaming Direct TV service. No satellite dishes for my apartment complex.) I only hope AT&T doesn’t try to prevent me from quitting with them the way Earthlink used to do to people before their well-deserved near-demise a few years back.

Reply | Quote

Footnote — under Linux, which did not receive the MS Updates patches, my access to the Microsoft Domain is unbroken. Very suspicous, but of what? I don’t know, but this looks to me like a security difference, introduced somewhere in the Sept. Windows 10 v.1511 patches. Maybe someone has a further clue?

Reply | Quote

From yesterday’s Wall Street Journal op-ed page:

“This was by far the largest consumer-data cyberbreach ever recorded. But the stock market seemed to yawn in response…”

“Investors seemed to believe that the damage to Yahoo–in expected lawsuits, a tarnished brand, and lost customer reputation–worked out to approximately $1.2 billion… or $2.40 per record stolen…”

[Research shows] that the average cost of remediating a stolen record is $221. The stock market reckons that 1% of that cost is borne by the investors in the breached company. Why such a big mismatch?”

“It is clear that the breached companies do not internalize a large portion of the cost they impose on customers whose accounts have been compromised. Yet the same companies capture all the benefits of gathering confidential customer data via more targeted advertising and cross-selling opportunities…”

The article goes on to recommend ways to change that:

1.) Tort actions and measures to make it less likely that judges will so routinely dismiss them.

2.) Requiring companies to disclose data breaches in regulatory filings (primarily SEC, I assume).

3.) Cybersecurity audits with teeth.

4.) Federal Trade Commission action to penalize breached companies.

—Shiva Rajgopal and Suraj Srinivasan, “Why the Market Yawned When Yahoo Was Hacked,” October 4 WSJ.

Reply | Quote

At least these changes are documented. AT&T plays cloak and dagger, as has Yahoo, we now know.

Reply | Quote

What makes this potentially troubling is that both political parties in this country have little interest in protecting an individual’s privacy rights by provision of legally enforceable opt out prerogatives. So many people only see the benevolent uses of this data collection through electronic records cross-referencing, national security, etc. They often are slow to perceive that this information is power and, concentrations of power throughout human history will often be abused. Also, the costs associated with identity misappropriation can be substantial, so much so that many individuals will experience economic hardship bearing the legal and other costs of rebuilding their personal reputations when their data is misused. This is not “tinfoil hat” stuff; it is hard reality.

Reply | Quote

even the EU stance is smoke and mirrors

“power corrupts, absolute power gets you a job at the FBI/NSA/GCHQ”

Reply | Quote

Just got a backdated updated rape agreement from hotmail/outlook – the name change makes perfect sense when you read it.

Still illegal to open snail mail btw :/

Scary

Reply | Quote

“Wonder which other companies have been complicit”

Just read their Privacy Policy and Terms of Service. Everything is there.

Before someone asks: Google does the same. So does Microsoft.

And no matter what e-mail provider you use, it will be scanned anyway if it ever steps through some internet routes.

Reply | Quote

Also, why wouldn’t the government entities be looking at suspected people’s browsing habits? It should not be too difficult to go to the ISPs to take a look at a suspect’s account and see what they are looking at. I figured this has been happening since i first got on the Internet 20 years ago.

Remember E. Gordon Liddy of the famed Nixon clan invading the Democratic National headquarters? He was ex-FBI. He said basically, “Phooey whether the FBI needs a court order to do surveillance, you do it for the intelligence, not whether it can be used in court.” That was back in the 1970’s!

And yet the terrorism stuff still slips through the cracks, sometimes. Ever wonder how much stuff they actually get to stop? I bet it is a lot.

Reply | Quote