Yahoo! is being criticised for the new Ts & Cs for its webmail service, which give it the right to scan your emails as well as making you responsible for telling anyone who might be emailing you, but the ICO has no problem with the changes. Such scanning has been common for some time; Google was the first to scan all messages. …
M$ Hotmail seems to be a reasonable alternative. Never thought I'd say that...
Reasonable but a bit shit
"Reasonable but a bit shit" - Microsoft's new advertising slogan
Oh, what a surprise... I'm beginning to understand the tech luddites.
Android mining your GPS, iOS doing the same, secretly, and now good old Yahoo doing precisely the same thing.. and still we let them do it because we are more concerned about emailing or putting up some comment on a$$book...
Webmail from google..... free
Webmail from yahoo... free
Getting rammed up the ass because you happen to be Pakistani and Yahoo forwarded your email to the police.... Priceless
For everything else - there's MS Exchange
Not that I agree with this on any level (as i don't), but I would presume that one would only be "rammed up the ass" by the police, if there was actually something in the E-mails, Pakistani or not. Although I wouldn't be surprised if more Emails were checked up on depending on race.
"Random" Security checks and all :).
Might as well say "nothing to hide, nothing to fear" and be done with it.
And before the abuse starts, no I don't mean it, I was being sarcastic.
I agree whole heartedly with your sentiment, its seems that running your own exchange server is the last bastion of email privacy with competent mobile connectivity... Long live small business server!
There are choices
I choose to pay to fastmail.fm (free version doesn't spy too) and still (!) use a Symbian running handset, Nokia E71 for stability and privacy.
So, if you can handle being called "old fashioned" and people staring at you because you dare (!) to use anything other than popular/free/trendy... You got a choice.
I had some thoughts in my mind for Yahoo mail (12 years here) but lets not keep the mod busy with rejection.
These email services are freely available...
....so is your data it seems.
It ceased to be yours the moment you dropped it onto a public service. You may have a certain expectation of privacy, but that is only insofar as your ability to hold the company to account if they take your "private" messages and dump them in a public place. I have always assumed that if you have your messages stored on somebody else's server, the admins can look at it whenever they like. Now it's put in the Ts&Cs so there's no doubt.
If I was really bothered, I'd get a static IP and run my own mailserver in the corner of the bedroom, and keep away from public services. Maybe not the answer for everybody, but I think the majority of us write messages that others would find mind-numbingly boring. I'm not bothered if my stuff gets read, half of what I say in emails is on my blog anyway...
Not that I totally disagree with you, but
The European Convention on Human Rights
Everyone has the right to respect for his private and family life, his home and his correspondence. ...'
I'm a wee bit rusty on this, but email falls under the remit of the 'correspondence' bit of Article 8
Also, our good friend the DP act comes into play here, as your email may contain 'sensitive personal data' as defined by the act in Part 1, Section 2 (specifically a,b,c,e and f - going by most email I've 'seen' - I used to look after MTAs and I used to content filter rather heavily), though, if you agree to the T&C, you're apparently fscked under Schedule 3, the bit where it states ' The data subject has given his explicit consent to the processing of the personal data. '
And yes, amongst the myriad email accounts I have, the most secure, spam-free are the ones on the mailserver running on the box in the corner of the bedroom.
The fact that the majority of my email correspondence is, as you put it, 'mind-numbingly boring' isn't at issue here (it really is pretty inane stuff these days), I've the technical ability to run a secure and private email server, firstname.lastname@example.org doesn't, that's why they use these services.
I don't think they understand that 'their' emails are actually really the property of 'yahoogoogleaolhotmail.whatever' who graciously allow them to access them on occasion. The issue isn't that the 'admins' have access to your email (we always have had) it's that they're asking
'... for consent to the extension of machine-scanning inbound and outbound emails to look for keywords and links to further protect you from spam, surface photos and in time, serve users with interest-based advertising '
' and in time, serve users with interest-based advertising '
Now, *you* may consent to them processing your email for these purposes, but your correspondents might have other ideas, after all, it is going to profile them as well.
mention the fact you've a new cat to someone @yahoo, get bombarded with 'interest-based advertising' from every kittie food manufacturer in sight, send an 'off colour' joke to a friend@yahoo, get a flood of adverts for rather 'personal' services, a message to a yahoo account with 'Mum's just died ' glorious sidebar advertising for funeral directors,coffins etc. etc. etc.
I can see the best way to have fun with all this is to keyword-spam yahoo accounts.
@AC - running a mail server
Doesn't this rely on
1. A very stable, reliable internet connection.
2. No power interruptions.
otherwise emails get lost in the ether or kicked back to the sender? Running your own server might be great but most ISPs don't allow it on anything but a business connection and getting too many server cannot be reached messages might put off senders.
Or are you doing things differently?
Yahoo does not deny the right
Yahoo does not take away the right. You can still get private correspondence elsewhere.
You may enter into an agreement with yahoo whereby you are allowed to use their service and they are allowed to read your mail.
The title is required, and must contain letters and/or digits.
What about *my* rights when I need to communicate with people using a yahoo email address?
Well, I only use gurgle mail for signing up to web sites, and my yahoo address has been idle since 1999. I do pay for mail.com, but they have become AOL which is deeply disturbing and I may well go back to running my own mail server, like I did in 1994.
Bugger the lot of them.
How is yours idle?
I only stopped using Yahoo mail because they deactivated my account every time I didn't use it for 3 months or so. I got fed up of adding extra digits and creating new ones.
You need a fixed IP which hasn't been to RBL
I guess you know already but lets warn people that it is not 1998 anymore and sending mail with a dynamic IP to any seriously managed server is impossible.
I mean smtp server on a dynamic IP.
Best is, get a real domain and choose a "mail only" hosting (IMAP/Cyrus) from a seriously managed/policy forced hosting provider. Just check spamcop.net and senderbase.org for reputation of their IP block.
I'm not an expert on SMTP...
"I guess you know already but lets warn people that it is not 1998 anymore and sending mail with a dynamic IP to any seriously managed server is impossible."
I've managed to configure sendmail and postfix to use my ISP's SMTP server as a relay and never had any issues.
Of course, it will work
Back in 1990s before this spam/zombie/bot nightmare, you could run your very own smtp server talking to the recipients smtp server *directly* without any ISP getting involved.
That has become impossible. Of course if there are any crazy mail admins who allows dynamic IP even to say "helo" in 2011, I just respect them ;)
Hotmail seems to be one of the few that doesn't scan your mail. Pity it is so naff.
Tell a friend...
Then lets lets tell EVERYONE. If that's what they want then lets do it. They actually want us to tell everyone we know that Yahoo is a privacy invasive jerk? Ok. Idiots will get what they deserve then...
Wonder what a court would make of this
If I email a Yahoo account but have not been informed of this by the account holder, it is STILL Yahoo's responsibility and liability, and I'm pretty sure that should a case of privacy invasion (or whatever) be brought against Yahoo, then a court would find the same.
Simply put, you can not shirk your legal responsibility or (more importantly) liability by simply saying it's someone else's problem. The law in most countries simply does not work like that.
Yahoo!s defense is that it would be impractical and impossible for them to actually warn all of your 'friends'.
There argument would go something like this...
There are two possibilities of e-mail communications between friends where one friend is a Yahoo! account holder and the other is not.
1) Non-account holder friend initiates the e-mail thread.
2) Non-account holder responds to e-mail from friend.
Ignoring scenario #2 and focusing on scenario #1, it would be impossible for Yahoo! to be omniscient. Because the friend is a non-account holder, we don't know who they are in advance. Therefore any e-mails sent to our servers would be scanned automatically, thus there is no expectations of privacy. At the same time, we have no way of notifying in advance to non-account holder that it is our practice to scan the inbound messages.
There is more to the argument, but the basis of the argument is that there are no technically feasible solutions that they themselves wouldn't violate the law(s) in multiple countries. Therefore the burden of notification falls to the user who agrees to the T's and C's. Its the simplest, legal, and cost effective manner of notifying the counter part to the e-mails.
"...thus there is no expectations of privacy."
You could just as easily conclude that there IS an expectation of privacy. I don't think anyone believes email is secure in any way at all, but I think for most people, there is an expectation that the service provider ISN'T going to snoop on your emails (with the possible exception of virus and spam scanning, which is automated anyway).
Of course your email may be intercepted on route and that is not the service provider's fault, but an assumption that there is no expectation of privacy from the SERVICE PROVIDER is very difficult to justify; other than for financial gain or just because they are being nosy (both of which would sound dodgy in court), what justification can there be for rummaging through someone's email?
As for the impracticality of informing everyone that may send email to it's servers, I could just as easily say it's not practical for me to check out the T's and C's of every host that I may send email to.
"There are two possibilities of e-mail communications between friends where one friend is a Yahoo! account holder and the other is not.
1) Non-account holder friend initiates the e-mail thread.
2) Non-account holder responds to e-mail from friend."
Not just 'friends' but 'contacts' - I see a frightening number of business who use free email services such as Yahoo! (well, sole traders mostly - ie Joe Bloggs t/a.. - but some small limited companies, and in some case individuals within companies using such address for work purposes) . These are people who might receive email out of the blue from people or other businesses who are not already in contact with them. At what point do these third parties get warned about Yahoo!'s new policy?
(Obviously, they shouldn't be using Yahoo! for that sort of thing - but that's besides the point.)
It's quite impractical to include a warning wherever the email address appears - such as on all business stationery. What a lovely thing to have to include as part of the letterhead!
And what of entering email addresses into forms on websites? Are all such forms now supposed to have a new field: "If there is anything we might wish to be aware of about your email provider, please use this box: ________________________________" (It would have to be done in a generic way in case another free email provider decides to be equally annoying.
The bottom line is that just as Yahoo! argues that it's not really practical for *them* to warn their users' contacts, it's just as impractical for their users to do so themselves in all circumstances.
Additionally, I have a number of contacts who have Yahoo! email addresses and not all of them will necessarily understand what they're being told when they read about this new policy - or even notice it in the first place. With that in mind, rather than it being Yahoo!'s customers' responsibility to warn their contacts... I somehow feel that it's *my* responsibility to warn *my* contacts who happen to be Yahoo! customers.
And something's not quite right with *that* picture!
It would be better if you actually cut and paste the entire comment in context.
As I was saying... when you send e-mail to a large site, you can expect to have your e-mail scanned automatically to determine if a) The content contains no viruses or harmful payloads. b) The e-mail isn't spam.
So there is no expectation of privacy. The owner of the server has the right to inspect any inbound internet traffic, specifically e-mail to their server so that they can prevent harm.
You can try your argument in court, provided you can get a lawyer to agree with you and of course you'll watch your case get dismissed.
Remember on a server like these, the good of the general public trumps the rights of an individual.
And this is a shock? T.A.N.S.T.A.A.F,L
Hasn't anyone heard of 'There aint no such thing as a free lunch'?
Yeah. Someone provides a free service and millions use these resources. So eventually the service is no longer free or the company offering the service finds a way to make money from the service.
Common sense right?
So anything you say that is unencrypted, sent from a server you don't own to another server you don't own isn't going to be private.
Yahoo! is just pointing out in their T's and C's is that you have no expectation of privacy and anyone you communicate with has no expectations of privacy when the said mail hits Yahoo!s servers.
At the same time they are not going to warn your friends... that's your job.
RE: And this is a shock? T.A.N.S.T.A.A.F,L #
To paraphrase a quote I read recently:
"If you're not paying for something, you're not the customer, you're the product being sold."
Pretty much every free email service on the planet is using you in some fashion for financial gain. If it's a price you're will to pay for free email, so be it. But don't assume they're ever doing it for the love of it.
I pay BT for internet service, advertised as including email. They use Yahoo.
Does BT pay Yahoo for this ?
And Yahoo throw plenty of advertising at me, so I am a benefit to Yahoo. They also use my address book to encourage me to Facebook.
Yahoo may be crawling to the spooks, or it may intend to send me targeted advertising. It is all done by machine although anything of security interest will be quick to eyeballs.
so does AT&T
... at least in the Dallas / Fort Worth area.
We did get pop3 access and it wasn't until I tried to get some technical support that I realized that that our @sbcglobal.net email accounts are essentially yahoo accounts; because I was redirected to yahoo to log in to my email account.
So, does yahoo scan those emails too and how exactly "will [I] see a pop-up, notifying them of the change" using thunderbird?
...Did anyone think eny email going over the internet was private and secure? It's your job to ensure that anything sensitive in an email is encrypted, and you should always assume that it can be intercepted and read by anyone at any point from leaving your computer for the great wide internet onward until the end of time. if you don't like that, don't use email over the internet.
Possible contravenes RIPA??
Yahoo's new T&C's could potentialy put them in breach of RIPA as such interception has to be notified to BOTH parties - even for unsolicited communications. Notification after the event would be too late - the interception has already happened without consent.
And since you logically cannot pre-notify unsolicitied communications you could end up with the peverse situation where Yahoo! could get sued by spammers for illegally intercepting communications to their targets without consent of both parties.
I'm surprised that Google has got away with it for so long.....
(**hears the lawyers eagerly sharpening the pencils....**)
Their problem *could* be unilateral changes to a contract which voids it (the traditional argument against "we put our T&Cs on a website which we don't date, and we'll change them frequently), ever if they email you the change won't stick unless you have an option to opt out.
The first problem is that Yahoo needs to have a UK office for rIPA to apply - if not, you won't stand a chance. The second issue is that Yahoo may state that it does not intercept as per RIPA as that implies catching traffic in transit. They just scan their own storage servers..
I may have missed something, but IMHO there's no chance you'll be able to use RIPA. And that's without mentioning the HUGE effort of getting the cops sufficiently interested. The NotW affair has shown that to be challenge in itself..
"Yahoo told PC Advisor that anyone who didn't like the changes should simply keep using their old account.
Appears to contradict what they have been telling customers. In an automated email from Yahoo last week:
"If you’ve already upgraded to the latest Yahoo! Mail, thank you.
"If not, in about a month from the date of this email, when you sign in to your Yahoo! Mail account, we will ask you to upgrade to the newest version of Yahoo! Mail. But you don't have to wait. You can have the newest Yahoo! Mail today.
"You can upgrade now to the newest Yahoo! Mail if your browser is Internet Explorer 7, Firefox 3, Safari 4, or Chrome 5, or newer.
Fortunately I use Opera so none of this applies to me :-)
You can't go back!
When I accidentally "upgraded" and tried to go back, I found this, which would make Michael Howard proud:
"Can I switch back to a previous version of Mail?
Last Updated: 21 June 2011
We have removed the "Return to Original Mail" link from the help menu as we're strongly encouraging all users to migrate to the newest version of Yahoo! Mail. We will continue to invest heavily in the latest version of Yahoo! Mail, further improving it and delivering more compelling features to our users.
We know that changing to a new interface can seem daunting, so we’ve done everything possible to make the transition easy. We have created help pages specifically for users who have recently switched to the newest version of Yahoo! Mail, highlighting differences that you may notice: http://help.yahoo.com/l/uk/yahoo/mail/ymail/migrating/.
We hope you’ll give this new version a try. It’s our fastest version of Yahoo! Mail yet, with improved protection against spam and advanced features like in-line photos and videos."
In other words - far fewer words - NO!
letters and/or digits
I've had enough of these free webmail services. Last week I registered a new .co.uk domain with only 3 digits in it for £6 for 2 years, and paid for a years email mailbox for £10 with webmail and IMAP. It's a small price to pay.
I was going to use my ISP email - but as they use Gmail I thought better of it. Do these T&Cs effect the millions of BT Broadband customers on their Yahoo! powered mail too?
How to go back...
At least it seems to work for me and others..
Re-enable JS and you're good to go. At least for now. And who is to say your emails are not being scanned in any case, but I digress.
For less than £10 a year, 1&1 provide five mailboxes with IMAP or POP access; a domain is only about £7 for two years - beats being email@example.com.
Will try it.
Good, as the new version is crap on the eeePC, making certain assumptions about the display dimensions, thus sizing the edit box right off the bottom of the screen...
Too much to hope?
That while scanning they will kill junk mail?
Yes - much too much to hope
Nope - your usual spam service will continue unabated. I'd suggest changing to another vendor - but before you leave, post a couple of messages to the alt newgroups with the old yahoo address in clear text.
Why are you still using Yahoo Mail? It is the most miserable mail experience I've ever used, worse even that Hotmail.
there is a need to inform anyone that is likely to email me, so all I need to do is draft a quick mail stating this...
open the Global, Global addressbook, select ádd all... hit send....
hey presto everyone on the planet will recive notification about my news... now if everyone with a yahoo account does this, then the problem will be sorted!!!
"People should have the right to send messages without Yahoo! snooping through them," said Sarah Kidner editor of Which? Computing. (BBC Tech Pages)
err no akshully. If that's the T&C (changed or not) that's the deal. if you don't like it, pay a few quid for an email service you cheapskate.
Oh and can you remove the three tracking cookies from your site please ?
minus the chocolate
As useful as a teapot?
So they're as useful as a teapot? I like tea, I'd find that quite useful.
How about saying they are as tasty as a dog stools teapot?
Shock! Horror! Shock and Horror!
Does this mean that email messages are not secure?
No, your email messages are totally secure: Yahoo! has a copy.
Why so gripey
This article seems worded badly... Are you guys making a big deal because they scan your emails for viruses? A quick search suggests you can turn that off... http://answers.yahoo.com/question/index?qid=20110106122022AAAQGxO
Virus checking is fine, but "a person intercepts a communication .... to make some or all of the contents ... to a person other than the sender or intended recipient (RIPA definition in section 2) - and the consent exception 3 (1) requires both ends. Whilst google mail presumably heads to the US at some stage, the sender cannot assume the recipient is in the UK, but, at least for a yahoo.co.uk address, one could reasonably expect it to comply with RIPA.
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Intel's Raspberry Pi rival Galileo can now run Windows
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Microsoft and HTC are M8s again: New One mobe sports WinPhone
- Worstall on Wednesday Wall Street woes: Oh noes, tech titans aren't using bankers