Archive for Yahoo

Yahoo Pulls The Plug On China

Posted in Commentary with tags on November 2, 2021 by itnerd

Yahoo announced this morning that they were joining LinkedIn in pulling out of China. An AP report details why:

“In recognition of the increasingly challenging business and legal environment in China, Yahoo’s suite of services will no longer be accessible from mainland China as of November 1,” the company said in a statement.

It said it “remains committed to the rights of our users and a free and open internet.”

The company’s withdrawal coincided with the implementation of China’s Personal Information Protection Law, which limits what information companies can gather and sets standards for how it must be stored.

Chinese laws also stipulate that companies operating in the country must hand over data if requested by authorities, making it difficult for Western firms to operate in China as they may also face pressure back home over giving in to China’s demands.

Now, while Yahoo hasn’t been known for standing up for human rights seeing as they have handed over data related to Chinese dissidents in the past, it’s an interesting move and I now expect a domino effect of western companies leaving the country. Stay tuned to this space as I expect these announcements to become more frequent.

Yahoo Offers Up $118 Million To Settle Lawsuit Over Massive Data Breach

Posted in Commentary with tags on April 10, 2019 by itnerd

This might be the final chapter in the Yahoo data breach gong show, maybe, as Yahoo is offering to pay $117.5 million to settle its massive data breaches that compromised personal information, including email addresses and passwords. “The proposed settlement was announced on Tuesday, but still needs to be approved by U.S. District Judge Lucy Koh,” reports CNN:

Earlier this year, a different version of the class-action settlement was rejected by Koh, who wanted to see more benefit to consumers and a specific settlement amount. Yahoo was hit by multiple data breaches from 2013 to 2016. The 2013 breach affected every single customer account that existed at the time, which totaled 3 billion. Yahoo previously said names, email addresses and passwords were compromised but not financial information.

This dollar amount is a trivial amount of cash for Yahoo. They basically are settling this for pennies on the dollar and haven’t truly been punished. This highlights the fact that strong legislation to really punish companies who screw up like Yahoo does. And of course only the lawyers will win.


Introducing Reminders & Unsubscribe Features In Yahoo Mail

Posted in Commentary with tags on November 13, 2018 by itnerd

There are some new features for Yahoo Mail – Reminders and Unsubscribe.

  • Reminders: Users can now set reminders within emails to prioritize what matters the most to them. Real life example: just opened an email about the utility bill that’s due soon? Set a reminder to pay it in five days, and a notification will pop up then.
  • Unsubscribe: Implemented as an easy-to-find button when opening a message, the Unsubscribe feature lets users easily stop receiving emails without ever having to leave their Yahoo Mail inboxes.

For more information and to learn how to start using these on Android and iOs, check out the blog post on the topic.

New Group Messaging App Yahoo Together Launches Globally

Posted in Commentary with tags on October 5, 2018 by itnerd

There is a new group messaging app that launched globally today called Yahoo Together. The new app allows members to organize their group messaging experience to make it more productive and fun.

With messaging apps having 20% more monthly active users than social networks and with 36% of consumers using more than one messaging app, Yahoo Together is sure to be a perfect  fit for groups of friends, families, clubs and teams.

Some features include:

  • Topics – Replace the endless hard to follow group sms with organized groups/topics
  • Reminders – Get everyone in the right place at the right time doing the right things with smart reminders
  • Reactions – One tap reply with custom images/text/meme/in-jokes for your group
  • Attachments – Store the images, videos, music, documents, and anything else your group needs in the conversations where they matter
  • Search across conversations – Find anything later on
  • Privacy – Create as many private groups as you want, invite friends with a link with no address books needed

For more information, check out the blog post and video or you download it for free on Android and iOs.

If You Get Your Email Via Oath, They May Be Trolling The Contents Of Your Email To Sell To Advertisers

Posted in Commentary with tags , on August 29, 2018 by itnerd

There’s a story (assuming that you can get past the paywall) in the Wall Street Journal that Oath scanned millions of Yahoo/AOL mailboxes for things like receipts, invoices, loan agreements and such which they can then use for customer profiling purposes. Of course then those profiles get sold to advertisers so that Oath can make money. And Oath isn’t apologizing for this. Doug Sharp, VP, Data, Measurement & Insights at Oath had this to say:

Email is an expensive system, I think it’s reasonable and ethical to expect the ‘value exchange,’ if you’ve got this mail service and there is advertising going on.

Translation: If you’re not paying for the service, you are the product.

Now, frequent readers may be saying “Wait…. That sounds familiar.” And it should. This was the chief reason that Canadian telco Rogers faced an epic backlash earlier this year when the terms of service changed for Rogers customers to allow Oath who serves up email for Rogers to scan the inboxes of those who used Rogers e-mail addresses. Now while this blowback was addressed in Canada (Mostly… The Privacy Commissioner of Canada is still looking into this and a further smackdown may yet inbound), the rest of world now has to deal with this. That’s why when this issue flared up in Canada, I offered up this option and this option in terms of email providers that don’t demand that you become the product. Thus if this whole idea of Oath reading your email bothers you, and you don’t want to be bothered with turning off the scanning on the relevant AOL or Yahoo Privacy pages, you can go elsewhere and deprive Oath of some money. .

Yahoo Hacker Jailed Big Time

Posted in Commentary with tags on May 29, 2018 by itnerd

The computer hacker who worked with Russian spies was sentenced to five years in prison Tuesday for his role in a massive security breach at Yahoo. “U.S. Judge Vince Chhabria also fined Karim Baratov $250,000 during a sentencing hearing in San Francisco,” The Associated Press reports.

Baratov, 23, pleaded guilty in November to nine felony hacking charges. He acknowledged in his plea agreement that he began hacking as a teen seven years ago and charged customers $100 per hack to access web-based emails. Prosecutors allege he was “an international hacker for hire” who indiscriminately hacked for clients he did not know or vet, including dozens of jobs paid for by Russia’s Federal Security Service. Baratov, who was born in Kazakhstan but lived in Toronto, Canada, where he was arrested last year, charged customers to obtain another person’s webmail passwords by tricking them to enter their credentials into a fake password reset page. Prosecutors said Russian security service hired Baratov to target dozens of email accounts using information obtained from the Yahoo hack.

“Deterrence is particularly important in a case like this,” the judge said during the hearing. He rejected prosecutors call for a prison sentence of nearly 10 years, noting Baratov’s age and clean criminal record prior to his arrest. Baratov has been in custody since his arrest last year. He told the judge Tuesday that his time behind bars has been “a very humbling and eye-opening experience.” He apologized to those he hacked and promised “to be a better man” and obey the law upon his release. The judge said it is likely Baratov will be deported once he is released from prison.

Let’s be clear, there were some Russians that were indicted as part of this. However they were out of reach or prosecutors. That means that this guy was the fall guy. So this makes a great headline, but there are other parties out there that need to be punished.

How To Move Your E-Mail And Contacts Off The Rogers Yahoo/Oath E-Mail Platform

Posted in Commentary with tags , on April 27, 2018 by itnerd

Because of the change of the terms of service of the Yahoo/Oath e-mail platform that Rogers uses, I have been asked how can users move off that platform because of the privacy issues that have been uncovered. I can tell you that it does take some work, but it is possible for the average person to move off that platform by downloading e-mails and contacts.

Let’s start with the contacts as that’s easy:

  • In Rogers Yahoo Mail, click the Contacts icon .
  • Click Actions | select Export.
  • Select a format to export (if you’re unsure, I recommend Yahoo CSV).
  • Click Export now.

This will download your contacts to a file that you could use to import into an e-mail client like Microsoft Outlook or some e-mail service like Gmail. Next you want to delete your contacts by doing the following:

  • Go to contacts and check the select all check box. Yahoo displays the number of contacts selected in the right side panel.
  • “Delete Contacts”

Now to the hard part which is to download the e-mail. You’ll need an e-mail client to pull this off and I recommend Mozilla Thunderbird as that will download and save your emails in MBOX format. You then have to set it up to download all your email. General instructions on setting up Mozilla can be found here with options for setting things up manually and automatically. You may need the server settings for Rogers which are:

Incoming Server or
Incoming Port 993
POP Authentication Email address: Enter your full Rogers Yahoo! email address
Username: Enter your full Rogers Yahoo! email address
Password: You’ll need to create an app password in the Rogers Member Centre.
Outgoing Server or
Outgoing Port 465
SMTP Authentication Email address: Enter your full Rogers Yahoo! email address
Username: Enter your full Rogers Yahoo! email address
Password: You’ll need to create an app password in the Rogers Member Centre.

You will have to likely create an app password to make this work. Here’s how you do it.

  1. Go to the Rogers Member Centre sign-in page.
  2. Enter the Rogers Yahoo! email address and password for the account you’d like to create an app password for, then select Next.
  3. Mobile: Select the menu icon ( Menu icon ) in the top-left corner, then select Account Information.
    Desktop: Select Account Information in the top-right of your browser window.
  4. Select Authorized Applications.
  5. In the Name your password field, label your app password with the name of the email program it’s for, then select Generate. A pop-up containing a randomly generated app password will appear.
  6. Write down the password or copy it to your clipboard.
  7. Enter this password during your email set-up when prompted. When finished, select Done in the pop-up.

You can download all the mail once everything is set up. It snags everything in your inbox and outbox along with any other folders that you might have in your e-mail account. From there to export your mail, I would suggest that you use this Mozilla Thunderbird add on to make it easy to export your mails in MBOX format. That way you can import it into another e-mail program.

Once you export your e-mail, you can use Thunderbird to delete it all from the Yahoo/Oath servers. Because as I said here, you want to delete your e-mail and contacts to keep Yahoo/Oath from reading your e-mail.

Give this a shot and leave a comment to let me know how it goes.


So What Does The Yahoo/Oath Terms Of Service Change Actually Mean For Rogers Customers?

Posted in Commentary with tags , on April 25, 2018 by itnerd

I was asked by a reader if I could distill down the change in the terms of service that Rogers e-mail users are upset about. But to be clear, the change in the terms of service really come from Yahoo/Oath who provide e-mail services for Rogers. Thus Rogers is not responsible for this. However, this does apply to anyone who uses Yahoo/Oath e-mail. With that in mind, the goal of this article is to get to the key points of what this change means to Rogers users. In short, Yahoo/Oath has changed their terms of service to allow them the following rights:

  • Yahoo/Oath now claims ownership your e-mail, its contents and any attachments.
  • Yahoo/Oath can do whatever it wants with your e-mail. As in scan it for keywords that allow them to provide targeted advertising to you for example.
  • Yahoo/Oath states that you have obtained permission of all of the people that you contact thru e-mail, and they have agreed to have their e-mail to you scanned as well.
  • Yahoo/Oath also states that it can send email, on your behalf to your contacts. Presumably to sell them stuff.

Here’s the kicker. If you don’t like the above, and to be frank most people reading this wouldn’t, and you don’t agree to the terms of service, you don’t get to use the Yahoo/Oath e-mail platform. But…. If you don’t accept the terms of service by May 25th, you would have been deemed to have accepted them. So, what’s so significant about May 25? That’s when the new General Data Protection Regulation (GDPR) comes into force. So this is clearly meant to tie into that. And even if you don’t agree to this change in the terms of service, you’re going to agree to this change to the terms of service.

Based on the above the only way I can see to avoid this is to somehow download your contacts and your e-mail and delete them from the Yahoo/Oath servers. Then either delete the account if it isn’t tied to anything else, or keep the account open so that it can’t be recycled by someone and used for illicit purposes. I’d be leaning towards the latter and set up a vacation notice to let people know where they can actually e-mail you. But if I did that, I would also stop that account from accepting e-mail.

I am currently working on an article to help you to help you to move off the Yahoo/Oath platform if that’s what you wish to do. The process isn’t exactly straightforward, but doable by most people. Expect that on Friday.





If You Don’t Want To Use Rogers Yahoo/Oath E-Mail Because Of The Terms Of Service Change, Here’s An Option For You

Posted in Commentary with tags , on April 24, 2018 by itnerd

Yesterday I wrote about the fact that Yahoo/Oath have changed their terms of service for their e-mail offering, and as a result of that Rogers customers are up in arms because Rogers uses the Yahoo/Oath e-mail platform and people feel that their privacy might be under threat. Overnight, I got 7 or 8 e-mails from users asking me what options exist for users who want to switch from using Rogers e-mail service and still have their privacy.

In my mind, there’s really only one option that balances the need for privacy with ease of use and support for a variety of OSes and devices. That option is ProtonMail. Based in Switzerland, these guys are free (Though they do have a paid option. More on that in a moment) and use open source software to provide their services. They guarantee that nobody can see your e-mails. And they do mean nobody. Not your ISP. Not a national government. Not even them. In fact, if you forget your password, you lose your e-mail if you don’t have a recovery account set up. You don’t get more secure than that. Another plus is that these guys don’t store IP address info. Because when you send an e-mail, the external IP address of the network you sent it from is usually logged. That can allow someone to track you down in theory. That can’t happen with these guys.

The free version of ProtonMail supports 500 MB of email storage and limits your usage to 150 messages per day. You can pay for the Plus or Visionary service for more space, e-mail aliases, priority support, labels, custom filtering options, auto-reply, built-in VPN protection, and the ability to send more e-mails each day. There’s also a Business plan available. So you do have options depending on your e-mail needs. But I suspect that most Rogers users would be fine with the free option.

Are there any downsides to using ProtonMail? The only one that I can see is that it does not support IMAP, SMTP, or POP3 protocols. Likely to ensure your security. Thus you’re stuck using their web interface or their iOS or Android app. But they are all easy to use so I don’t think that’s too much of a hardship.

Thus if you’re a user of Rogers e-mail, and you’re not thrilled with the change to the terms of service from Yahoo/Oath because of the privacy implications related to that, you might want to check out ProtonMail as you get privacy and security for your e-mail with them.


I Am Not Sure Why Rogers Customers Are Shocked That Their E-Mail Is Being Read By Yahoo

Posted in Commentary with tags , on April 23, 2018 by itnerd

Over the weekend a number of stories appeared about a change to the terms of service to Yahoo e-mail. Yahoo, which you can also call Oath as that’s the name given to it by Verizon who bought the company last year said in their new terms of services that they analyze “‘content and information,’ including e-mails, photos and attachments ‘when you use our services.’”

In other words, they read your e-mail.

Now how does Rogers fit into this? Rogers e-mail services are powered by Yahoo/Oath. Thus when users got notified about this change to their terms of service, it led to stories like this one and this one being published.

The thing is, I am not sure why anyone is surprised here. After all Google’s Gmail e-mail service used to read your e-mail to serve up targeted ads. Until they dialed that back  to read your e-mail for other reasons. So one could safely assume that others that offer up e-mail services were doing the same thing.

In short, if you use a third party e-mail service, anyone, or anything could be reading your email. Thus you should have no expectation of privacy. Ever. If you want privacy when it comes to you’re e-mail, you can always do what I do which is build and run your own e-mail server and host it out of a data center. That way you control the e-mail that you receive and that you send. What happens to it after you click send though is completely out of your control. Which means that you’re only marginally ahead in the privacy game.

One other thing. There’s a bunch of people who are mad at Rogers for this. I’m going to go out on a limb here and say that Rogers is just collateral damage in this as they are essentially a customer of Yahoo/Oath. So while there are things that Rogers does that deserve the ire of their customers, this isn’t one of them.

Finally the story written by Ellen Roseman of Toronto Star which is linked to above has this in it:

Rogers Yahoo email customers need to press for more information. What is the deadline for agreeing to Oath’s updated terms? Will they be cut off without access if they don’t agree? Can they get help moving all their emails to another provider?

Those are fair questions to ask. Hopefully Rogers and Yahoo/Oath answers those questions and does so quickly. Though I suspect that I can answer question three for them. I cannot see a scenario where Rogers or Yahoo/Oath would help a customer move their e-mail to another provider. There’s no value in doing so. But the other two Rogers and Yahoo/Oath can and should answer.

UPDATE: I just had a chat with a Rogers Tech Support rep who informed me that if users don’t agree to the new terms of service, they can’t use Rogers e-mail. Also, users who have contacted me directly have said the same thing.