Skip to content
Naked Security Naked Security

Yahoo email privacy lawsuit settled

Yahoo can no longer intercept your emails in transit but can still analyze them after they hit your inbox.

By this point, we’ve seen plenty of class-action lawsuits over internet giants pawing through our email to either snoop on us or target us with advertising.

For example, Google got sued in 2014 for scanning millions of students’ emails to build up profiles of users’ interests so it could target advertising at them. The search giant was then hit again a few weeks ago over scanning email, potentially in violation of wiretapping laws.

Meanwhile, Facebook’s spent time in courtrooms over allegedly intercepting users’ communications.

Regular Jane and Joe Schmoes like you and me don’t see payouts from these types of class action lawsuits. But, the thinking goes, these lawsuits are more about righting a privacy wrong than scoring a jackpot that’s divisible by the number of parties.

However, when it comes to the latest privacy class action against Yahoo, you can take that notion of do-gooding, tie your sack of $zero payout around its neck, and toss it into the San Francisco Bay.

You may recall that in May 2015, a US District judge OKed a class action lawsuit accusing Yahoo of pawing through emails sent to Yahoo users, without consent, for the purpose of delivering targeted ads.

The non-Yahoo Mail users, who claimed that sharing that data with third-party advertisers was a violation of federal and California state laws, were seeking an injunction that would block the alleged interceptions.

Boy, that injunction would have hurt if it stuck. The BBC reported at the time that 79% of Yahoo’s revenue came from search and display advertising in 2014.

Well, the injunction didn’t stick.

In January, it got watered down to this: Yahoo would keep right on scanning email, but it would tweak the timing so that it scans only after the email reaches a user’s inbox or appears in the sent folder.

As Ars Technica tells it, in a report that’s wondrously titled “The most absurd Internet privacy class-action settlement ever,” the deal is that Yahoo has to do this for a mere 3 years.

Yahoo has said it’s going to continue with the new scanning protocol after that deadline, even though Yahoo’s Senior Manager of Engineering claims that it’s a pain both technically and financially.

From the recently published settlement, written by US District Judge Lucy H. Koh:

Plaintiffs have achieved their stated goal in this litigation: Yahoo will no longer intercept and analyze emails in transit for advertising purposes.

Instead, for the next three years, Yahoo may only analyze incoming email after the email reaches a Yahoo Mail users’ inbox, and Yahoo may only analyze outgoing email after the email is in a Yahoo Mail users’ sent email folder.

These changes, according to Yahoo’s Senior Manager of Engineering, will require “a considerable investment of time, money, and resources.”

Days ago, Koh signed off on the settlement, and the case is now closed.

Yahoo will keep scanning emails regardless of non-Yahoo users’ lack of consent. (Yahoo users, of course, already consented by signing up for the service.)

The lawyers went home with an award of $4 million. Consumers got nothing – except, that is, for the 4 named plaintiffs in the case, who will receive $5,000 each.

1 Comment

You know, no one school wants all of it, I’ll also require a considerable investment of time, money, and resources to sell all the parts from my meth lab.

The courts were *so* unfair in forcing me to do that.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?