Archive for Yahoo

Yahoo Offers Up $118 Million To Settle Lawsuit Over Massive Data Breach

Posted in Commentary with tags on April 10, 2019 by itnerd

This might be the final chapter in the Yahoo data breach gong show, maybe, as Yahoo is offering to pay $117.5 million to settle its massive data breaches that compromised personal information, including email addresses and passwords. “The proposed settlement was announced on Tuesday, but still needs to be approved by U.S. District Judge Lucy Koh,” reports CNN:

Earlier this year, a different version of the class-action settlement was rejected by Koh, who wanted to see more benefit to consumers and a specific settlement amount. Yahoo was hit by multiple data breaches from 2013 to 2016. The 2013 breach affected every single customer account that existed at the time, which totaled 3 billion. Yahoo previously said names, email addresses and passwords were compromised but not financial information.

This dollar amount is a trivial amount of cash for Yahoo. They basically are settling this for pennies on the dollar and haven’t truly been punished. This highlights the fact that strong legislation to really punish companies who screw up like Yahoo does. And of course only the lawyers will win.



Introducing Reminders & Unsubscribe Features In Yahoo Mail

Posted in Commentary with tags on November 13, 2018 by itnerd

There are some new features for Yahoo Mail – Reminders and Unsubscribe.

  • Reminders: Users can now set reminders within emails to prioritize what matters the most to them. Real life example: just opened an email about the utility bill that’s due soon? Set a reminder to pay it in five days, and a notification will pop up then.
  • Unsubscribe: Implemented as an easy-to-find button when opening a message, the Unsubscribe feature lets users easily stop receiving emails without ever having to leave their Yahoo Mail inboxes.

For more information and to learn how to start using these on Android and iOs, check out the blog post on the topic.

New Group Messaging App Yahoo Together Launches Globally

Posted in Commentary with tags on October 5, 2018 by itnerd

There is a new group messaging app that launched globally today called Yahoo Together. The new app allows members to organize their group messaging experience to make it more productive and fun.

With messaging apps having 20% more monthly active users than social networks and with 36% of consumers using more than one messaging app, Yahoo Together is sure to be a perfect  fit for groups of friends, families, clubs and teams.

Some features include:

  • Topics – Replace the endless hard to follow group sms with organized groups/topics
  • Reminders – Get everyone in the right place at the right time doing the right things with smart reminders
  • Reactions – One tap reply with custom images/text/meme/in-jokes for your group
  • Attachments – Store the images, videos, music, documents, and anything else your group needs in the conversations where they matter
  • Search across conversations – Find anything later on
  • Privacy – Create as many private groups as you want, invite friends with a link with no address books needed

For more information, check out the blog post and video or you download it for free on Android and iOs.

If You Get Your Email Via Oath, They May Be Trolling The Contents Of Your Email To Sell To Advertisers

Posted in Commentary with tags , on August 29, 2018 by itnerd

There’s a story (assuming that you can get past the paywall) in the Wall Street Journal that Oath scanned millions of Yahoo/AOL mailboxes for things like receipts, invoices, loan agreements and such which they can then use for customer profiling purposes. Of course then those profiles get sold to advertisers so that Oath can make money. And Oath isn’t apologizing for this. Doug Sharp, VP, Data, Measurement & Insights at Oath had this to say:

Email is an expensive system, I think it’s reasonable and ethical to expect the ‘value exchange,’ if you’ve got this mail service and there is advertising going on.

Translation: If you’re not paying for the service, you are the product.

Now, frequent readers may be saying “Wait…. That sounds familiar.” And it should. This was the chief reason that Canadian telco Rogers faced an epic backlash earlier this year when the terms of service changed for Rogers customers to allow Oath who serves up email for Rogers to scan the inboxes of those who used Rogers e-mail addresses. Now while this blowback was addressed in Canada (Mostly… The Privacy Commissioner of Canada is still looking into this and a further smackdown may yet inbound), the rest of world now has to deal with this. That’s why when this issue flared up in Canada, I offered up this option and this option in terms of email providers that don’t demand that you become the product. Thus if this whole idea of Oath reading your email bothers you, and you don’t want to be bothered with turning off the scanning on the relevant AOL or Yahoo Privacy pages, you can go elsewhere and deprive Oath of some money. .

Yahoo Hacker Jailed Big Time

Posted in Commentary with tags on May 29, 2018 by itnerd

The computer hacker who worked with Russian spies was sentenced to five years in prison Tuesday for his role in a massive security breach at Yahoo. “U.S. Judge Vince Chhabria also fined Karim Baratov $250,000 during a sentencing hearing in San Francisco,” The Associated Press reports.

Baratov, 23, pleaded guilty in November to nine felony hacking charges. He acknowledged in his plea agreement that he began hacking as a teen seven years ago and charged customers $100 per hack to access web-based emails. Prosecutors allege he was “an international hacker for hire” who indiscriminately hacked for clients he did not know or vet, including dozens of jobs paid for by Russia’s Federal Security Service. Baratov, who was born in Kazakhstan but lived in Toronto, Canada, where he was arrested last year, charged customers to obtain another person’s webmail passwords by tricking them to enter their credentials into a fake password reset page. Prosecutors said Russian security service hired Baratov to target dozens of email accounts using information obtained from the Yahoo hack.

“Deterrence is particularly important in a case like this,” the judge said during the hearing. He rejected prosecutors call for a prison sentence of nearly 10 years, noting Baratov’s age and clean criminal record prior to his arrest. Baratov has been in custody since his arrest last year. He told the judge Tuesday that his time behind bars has been “a very humbling and eye-opening experience.” He apologized to those he hacked and promised “to be a better man” and obey the law upon his release. The judge said it is likely Baratov will be deported once he is released from prison.

Let’s be clear, there were some Russians that were indicted as part of this. However they were out of reach or prosecutors. That means that this guy was the fall guy. So this makes a great headline, but there are other parties out there that need to be punished.

How To Move Your E-Mail And Contacts Off The Rogers Yahoo/Oath E-Mail Platform

Posted in Commentary with tags , on April 27, 2018 by itnerd

Because of the change of the terms of service of the Yahoo/Oath e-mail platform that Rogers uses, I have been asked how can users move off that platform because of the privacy issues that have been uncovered. I can tell you that it does take some work, but it is possible for the average person to move off that platform by downloading e-mails and contacts.

Let’s start with the contacts as that’s easy:

  • In Rogers Yahoo Mail, click the Contacts icon .
  • Click Actions | select Export.
  • Select a format to export (if you’re unsure, I recommend Yahoo CSV).
  • Click Export now.

This will download your contacts to a file that you could use to import into an e-mail client like Microsoft Outlook or some e-mail service like Gmail. Next you want to delete your contacts by doing the following:

  • Go to contacts and check the select all check box. Yahoo displays the number of contacts selected in the right side panel.
  • “Delete Contacts”

Now to the hard part which is to download the e-mail. You’ll need an e-mail client to pull this off and I recommend Mozilla Thunderbird as that will download and save your emails in MBOX format. You then have to set it up to download all your email. General instructions on setting up Mozilla can be found here with options for setting things up manually and automatically. You may need the server settings for Rogers which are:

Incoming Server or
Incoming Port 993
POP Authentication Email address: Enter your full Rogers Yahoo! email address
Username: Enter your full Rogers Yahoo! email address
Password: You’ll need to create an app password in the Rogers Member Centre.
Outgoing Server or
Outgoing Port 465
SMTP Authentication Email address: Enter your full Rogers Yahoo! email address
Username: Enter your full Rogers Yahoo! email address
Password: You’ll need to create an app password in the Rogers Member Centre.

You will have to likely create an app password to make this work. Here’s how you do it.

  1. Go to the Rogers Member Centre sign-in page.
  2. Enter the Rogers Yahoo! email address and password for the account you’d like to create an app password for, then select Next.
  3. Mobile: Select the menu icon ( Menu icon ) in the top-left corner, then select Account Information.
    Desktop: Select Account Information in the top-right of your browser window.
  4. Select Authorized Applications.
  5. In the Name your password field, label your app password with the name of the email program it’s for, then select Generate. A pop-up containing a randomly generated app password will appear.
  6. Write down the password or copy it to your clipboard.
  7. Enter this password during your email set-up when prompted. When finished, select Done in the pop-up.

You can download all the mail once everything is set up. It snags everything in your inbox and outbox along with any other folders that you might have in your e-mail account. From there to export your mail, I would suggest that you use this Mozilla Thunderbird add on to make it easy to export your mails in MBOX format. That way you can import it into another e-mail program.

Once you export your e-mail, you can use Thunderbird to delete it all from the Yahoo/Oath servers. Because as I said here, you want to delete your e-mail and contacts to keep Yahoo/Oath from reading your e-mail.

Give this a shot and leave a comment to let me know how it goes.


So What Does The Yahoo/Oath Terms Of Service Change Actually Mean For Rogers Customers?

Posted in Commentary with tags , on April 25, 2018 by itnerd

I was asked by a reader if I could distill down the change in the terms of service that Rogers e-mail users are upset about. But to be clear, the change in the terms of service really come from Yahoo/Oath who provide e-mail services for Rogers. Thus Rogers is not responsible for this. However, this does apply to anyone who uses Yahoo/Oath e-mail. With that in mind, the goal of this article is to get to the key points of what this change means to Rogers users. In short, Yahoo/Oath has changed their terms of service to allow them the following rights:

  • Yahoo/Oath now claims ownership your e-mail, its contents and any attachments.
  • Yahoo/Oath can do whatever it wants with your e-mail. As in scan it for keywords that allow them to provide targeted advertising to you for example.
  • Yahoo/Oath states that you have obtained permission of all of the people that you contact thru e-mail, and they have agreed to have their e-mail to you scanned as well.
  • Yahoo/Oath also states that it can send email, on your behalf to your contacts. Presumably to sell them stuff.

Here’s the kicker. If you don’t like the above, and to be frank most people reading this wouldn’t, and you don’t agree to the terms of service, you don’t get to use the Yahoo/Oath e-mail platform. But…. If you don’t accept the terms of service by May 25th, you would have been deemed to have accepted them. So, what’s so significant about May 25? That’s when the new General Data Protection Regulation (GDPR) comes into force. So this is clearly meant to tie into that. And even if you don’t agree to this change in the terms of service, you’re going to agree to this change to the terms of service.

Based on the above the only way I can see to avoid this is to somehow download your contacts and your e-mail and delete them from the Yahoo/Oath servers. Then either delete the account if it isn’t tied to anything else, or keep the account open so that it can’t be recycled by someone and used for illicit purposes. I’d be leaning towards the latter and set up a vacation notice to let people know where they can actually e-mail you. But if I did that, I would also stop that account from accepting e-mail.

I am currently working on an article to help you to help you to move off the Yahoo/Oath platform if that’s what you wish to do. The process isn’t exactly straightforward, but doable by most people. Expect that on Friday.