Site icon Sophos News

Why Yahoo scanning user email is no cause for panic

The Wall Street Journal yesterday published an unsettling report that Yahoo has been quietly analysing the emails of its 200 million users to sell to advertisers.
On the face of it, this is a privacy-smashing move by a company that already has an image problem after suffering the largest data breach in history – one that affected three billion user accounts.
However, Yahoo’s interest in commercial email sniffing has been on the table since Verizon subsidiary Oath updated the service’s privacy policy in April. When users logged in for the first time a few weeks later, after the updates took effect, they were clearly informed that:

Oath will also provide personalised ads to you on our partners’ products and analyse your communications, like emails, to tailor content and ads you see. […]
When you let our partners use cookies to collect similar data that we do on our sites, they can provide ads on our sites that they think match your interests, like deals related to products you love, and measure, report and analyse your interactions with them.

Ironically, Oath’s outline of its service (which also applies to AOL Mail) arguably offers users one of the clearest descriptions of how the company plans to make money from them in return for the free service of online email.
For all that you might not like the idea of what amounts to commercial email surveillance, Oath makes it pretty obvious what the company is up to.
Not all emails are included: interactions with retailers – receipts, notification of loans ands on – and mailing lists are monitored, apparently, while personal emails are not. (How Oath analyses an email to figure out it shouldn’t analyse it is not clear.)

Opting-out

Before Yahoo users head for the virtual door in disgust, it’s worth mentioning that you can opt out of the monitoring by visiting Yahoo’s Ad Interest Manager and clicking ‘opt out’ for both ‘across the web’ and Yahoo itself (make sure you’re logged in when doing this so the setting applies to all devices).
The National Advertising Initiative (NAI) explains how this opt-out (or opt-in) works from the advertiser’s perspective.
Curiously, even users who pay for the ad-free version of Yahoo at $3.49 per month don’t escape this monitoring by default and must choose to opt out too.
Post-breach, Yahoo has been declining in popularity, as consumers migrate to other offerings, such as Gmail. In 2017, Google announced it had turned off its own controversial monitoring of Gmail, stating that:

Consumer Gmail content will not be used or scanned for any ads personalization after this change.

This year it transpired that this statement didn’t include third-party apps, some of which might still be able to read emails if given permission.
Where next?
Will Yahoo follow Google and turn email monitoring off, given that it probably has plenty of other less controversial ways to track its users for commercial gain?

Exit mobile version