

Yahoo Starts Scanning Emails - Sami_Lehtinen
https://www.jottit.com/7a9fv/
https://www.jottit.com/7a9fv/
======
ghshephard
I've had GC (general counsel) after GC tell me, both in company wide
announcements, as well as during all-hands, to never send anything in email
that you wouldn't be comfortable seeing on the front page of the New York
Times. Indeed, I've had at least one colleague who sent something a little
"off color" to our internal lawyer (where you would think it would be
protected) at Netscape, actually land up in the New York Times - so this isn't
just a theoretical perspective.

In general, I consider email to be a public forum - It's probably been at
least 15 years since I wrote down anything that I wouldn't be completely
comfortable being published in public newspapers.

So, Yahoo (and google) are free to scan my email at will - I long ago gave up
any thought of it being secure.

~~~
pcrh
How then does one handle matters that are commercially sensitive?

~~~
ghshephard
Phone calls, in person meetings. The contracts are usually privileged, so
those can be shuffled around in email (the contents are still discoverable,
but things like pricing are usually redacted.)

At least two of the very largest deals in one company I worked for were never
discussed in email, and all parties met in person, and paper (!) notes were
taken. It was only once all the essential details were agreed to (Memorandum
of Understanding) and hammered out, that the final details were locked down by
attorneys via standard electronic means.

Note, this is particularly important, if you are discussing things that might
be coming close to (if not actually crossing) the lines of legality.

See:
[http://community.seattletimes.nwsource.com/archive/?date=199...](http://community.seattletimes.nwsource.com/archive/?date=19980517&slug=2751182)
for details of one such meeting.

~~~
yuhong
Of course, that is only a workaround, not a fix.

------
TheOsiris
2 things: 1) gmail has been doing this for years, and 2) yahoo mail has become
the spam inbox of the internet. I basically only use because some websites
have wised up to mailinator.com. So the only thing Yahoo is going to learn
about me from my inbox is that I get a ton of Cialis emails, and I have a lot
of relatives dying in nigeria leaving me lots of cash.

GMail, on the other hands, is where the problem lies. Too bad not that many
people care

~~~
pavs
I have gmail, yahoo and hotmail (outlook?) accounts. I use gmail for main
account and like you I used to use the other two for filtering spam. I have
recently logged in to my yahoo and hotmail account to see if anything changed
or new happening. From my limited first hand few minutes experience I felt
that both of them looked better and loaded faster than gmail have.

I have not spend enough time them to see if they provide all the granulated
and edge case features I have come to enjoy on gmail, but they have definitely
come a long way and I would say in some cases even better than gmail.

Gmail is starting to look old and has been really slow for me.

~~~
alan_cx
As a childish basic test, I timed loading gmail and yahoo mail. Chrome
browser, FWIW. Browser open, and I just clicked the related bookmarks. How
scientific of me!!!! Anyway....

5 secs for gmail. (used for junk, lots of mail) 2 secs for yahoo mail. (main
email) 1 sec, almost instant for outlook. (empty)

So, I think we can forget the outlook speed. But I was surprised at the
difference between gmail and yahoo. The cynical brain cells are also shocked
that gmail isn't some how accelerated in chrome.

~~~
pavs
On average gmail takes me 10-15 seconds to load. My inbox is almost always
empty.

------
pfortuny
I always assumed this was the case. Not that I use it but seems pretty
obvious.

As long as you do not see your email as exactly the same as your ordinary
mail: i.e. "your letters" you will not understand what it means that they are
"kept" by someone different from you.

Yes, this is a problem (no one has a private mail server out there except a
couple of people). But that is reality.

"Oh, my letters, aunt Anna keeps them after I read them and the ones I send,
she keeps a copy".

But Brutus is an honest man, as Mark Anthony says.

------
abrahamsen
Start? Doesn't Yahoo already have a virus filter? Or a spam filter? Or flags
phishing attempts? All of those require scanning and analyzing all emails.

The only new thing seems to be that the same automated procedures that protect
the user against spam, viruses and phishing will now also provide targeted
advertising.

~~~
The_Sponge
I think the difference here is use. They're using your personal data for their
own gain versus a virus scanner which in theory serves to protect and work for
only you.

------
dvydra
Wait, just like Google have been doing for 8 years?

~~~
Sami_Lehtinen
That's exactly why I don't ever use Google for anything which isn't 100%
public and I wont allow publicly to be archived forever. For rest of stuff, I
run my own servers, where I control my own privacy policies. Whenever I
communicate with Yahoo or Gmail users, I simply send HTTPS links, which also
require password before the content can be accessed. Yes I know, I should also
use PGP, which I do with advanced users, but with others HTTPS & password is
enough, when things are simply private and not secrets.

~~~
onedev
That's all a little too extreme for me. I'd rather just let Google read my
mail.

~~~
shock
People like you piss me off :) (I'm sure I'll go to negative karma over this)

~~~
onedev
Haha why people like me piss you off? Interested in knowing :p

~~~
shock
Because your apathy (well, not yours in particular, but of all the people
behaving/feeling like you do) has an effect on everyone. Imagine if most
people would be active in demanding their privacy be respected instead of just
a minority.

I find your rhetoric of relaxed indifference "I don't care much about X
reading my mail" very similar to the "I've got nothing to hide" rhetoric. It
pisses me off because a couple years back when everyone was grilling me about
not wanting a facebook account and me mentioning all the privacy implications,
their response was: "oh, I have nothing to hide!" but at the same time they
didn't feel like sharing with me their computer password.

Finally, in 2008 when I was looking to buy an apartment I had to pay the
inflated price just like everyone else. It didn't matter that I paid cash. Why
was the price inflated? Well, because people didn't bother to care much for
the price of the apartment as long as they could get the loan from the bank. I
had a friend that wanted to buy a house and all he could think about was what
to do to be able to take the highest loan he could get. Never mind how he was
going to pay for it later. Fast forward a couple years and now all those who
bought apartments with the bank's money are looking for my sympathy because
it's so hard for them to pay their mortgage and the bank might take their
home.

I wish there was a country for people who cared. I'd move there.

------
belorn
We need default secure email, and we need it yesterday. It is long past the
days where email was treated as private communication, as if it was a mailed
letter going through the post office.

Default encryption is not that hard. In the earlier days, key management was
seen as the major hindrance to ubiquitous encryption but in 2013 that is not
as big issue anymore. There are workable solutions, be that through extending
what's in DNS, exchanging QR codes between smartphones, BTNS or even the mess
of using the centralized systems of CA's.

Mail servers can have certificates. Domain names can have DNSSEC. DNS can even
have keys for mail addresses (RFC 4398). So how hard would it really be to for
mail relays to automatically retrieve a key and encrypt the email before
sending it forward to its destination?

~~~
amirmc
_"It is long past the days where email was treated as private communication,
as if it was a mailed letter going through the post office."_

Was email ever 'secure' in the way you're describing? As far as I'm aware,
email gets sent in the clear. The analogy to the postal system would be
sending postcards (as opposed to sealed letters).

Edit: fwiw I'm thinking about mail servers, online identity and DNSSEC with a
view to pulling together a product in this space.

~~~
cdjk
There has been a shift in privacy with cloud storage. When everyone was using
POP3 to get email with a 2MB quota on the mail server email didn't stick
around on the ISP's computers for long - it was generally stored on a device
owned by the recipient, and searching that required all the usual fourth
amendment protections.

The Stored Communications Act [1] makes a distinction between unread mail
stored on a server for more than 180 days, and does not require a warrant to
access such email. It appears that read email still does require a warrant,
however, as it is considered a "Remote Computing Service." I didn't know that
until just now, and am not sure how the legal requirements for accessing that
differ from a hard drive sitting on my desk at home.

A secure email product would be interesting. I'd be interested to know where
deniability (i.e. OTR) would fit into your plans.

[1] <http://en.wikipedia.org/wiki/Stored_Communications_Act>

------
DanBC
Email has never, ever, been private. Email has never, ever, been reliable.

Some companies have been good enough to provide email that appears to be
private and reliable, and some people have made the mistake of thinking that
email is now private and reliable.

Changing terms at a provider aren't much fun, but people should have been
assuming that their email was being scanned anyway.

------
Mitchella
The Yahoo inbox has been broken for years. It's one of the main reasons I
switched over to google. Honestly I'm impartial to the idea of them using it
for targeted advertising, the majority of sites I visit have a retargeting
system or something else.... plus, I'm a facebook users.

This new email targeting change is making me believe more and more that the
purchase of tumblr was in fact related to yahoo's shift towards improving
revenues from advertising.

~~~
alan_cx
How is it broken?

I have used yahoo mail for something like 15 years. Mail comes in, mail goes
out. It is stored, and very easily manageable. On top of that, I have never
ever been let down by it.

So, what are talking about? How is it broken.

And you switched to gmail? I have one of those too. Cant stand it. Yeah, it
works perfectly well, but I personally cant get on with its design and
interface at all.

------
deeqkah
Seems like a subtle advertisement for StartMail, honestly. Google has been
doing this for years. I see the op has a previous submission for StartMail,
too.

Any reason for that or is it just an attractive application/service to you? I
mean, if it's something we should have a better look at, let us know.

~~~
arindone
Exactly -- if the general public really cared about this, Outlook.com would be
more popular and Gmail would be in the basement.

~~~
venomsnake
You think MS don't scan emails? Than how are the naked pictures my next
girlfriend sends me as attachments are automatically sorted in the quick views
named pictures?

~~~
yesplorer
uhmmm.. because there is something called 'file extension' that will sort
pictures from say .docx?

~~~
venomsnake
which once again mean the mail has been scooped while received since these are
unread mails (I use outlook as a backup mail for gmail)

~~~
yesplorer
it doesn't mean your email has been _scooped_ it only means a computer algo
sorted it _automatically_

------
alan_cx
I never used yahoo mail because I thought they were not scanning emails. I use
it because it works, and has done for me for 15 odd years, pain free.

All I see here is them belatedly catching up with all the other privacy abuses
by larger internet companies. Given that is how they make money to run and
exist, and it is perfectly legal, sadly, yahoo would be stupid not to. I'm too
tight to pay for a service and appreciate that it is free, so right there I
give up my right to complain about how they finance their service.

Good to know, sure, but I don't see any thing to get especially concerned
about over an above everything else large internet companies get up to. Its
not like Im going to get better privacy easily else where.

------
Friedduck
So _are_ there any decent services out there that'll provide a yahoo/gmail-
like experience but without the content scanning? I just want mobile, a fast
web interface, and a basic feature set.

I'll pay. I'd upgrade to Yahoo pro if it'd get rid of the scanning.

And incidentally, I still don't understand the gmail preference. Yahoo's
interface works flawlessly, is fast, and much better than gmail for the
basics.

~~~
Sami_Lehtinen
Yes, It's called postfix & roundcube.

------
tn13
Does anyone know if Google Apps emails are already read by Google ? I know
they do it for Gmail.

~~~
abrahamsen
Do Google Apps filter spam? If so, they are "read by Google".

------
fifa8a
I'm really new to this email security stuff, and I feel like I know nothing...
Would using third party end-to-end encryption service be a good idea?
Something like a free service like penango.com?

------
smegel
Targeted ads don't concern me nearly as much as "abuse protection"

~~~
abrahamsen
Spam, virus, phishing all fall under "abuse". Targeted advertising is the only
new thing here.

------
gcb0
You do realize email travels in plain text right?

~~~
gergles
Email between large providers rarely does; almost every major SMTP server
supports STARTTLS.

~~~
Sami_Lehtinen
Yahoo doesn't use SSL/TLS.

------
csdreamer7
So the exact same thing as gmail? Considering that Yahoo handed off dissents
to the Chinese government years ago it's small beans.

------
wavefunction
Mrissa Myer in the heezy fo sheezy bringin some o that G-Funk bounce to
this...

