Everything has a cost, especially in the realm of online services. It used to be a pretty common practice for providers of 'free' email services to scan their user's messages for data that'd be valuable to advertisers. The data got sold to keep the email provider's lights on, with in-browser advertising filling in the financial gaps. Most email providers abandoned the practice, years ago: they were amazed to find that it pissed off their users. Yahoo's parent company, Oath, however, is getting back on this particular brand of bullshit.

From The Verge:

Yahoo’s owner, Oath, is in talks with advertisers to provide a service that would analyze over 200 million Yahoo Mail inboxes for consumer data, sources told WSJ. Oath did not immediately respond to a request for comment.

Oath confirmed to the WSJ that it performs email scannings and said that it only scans promotional emails, usually from retailers. Users have the ability to opt out, it said. Oath’s argument is that email is an expensive system, and people can’t expect a free service without some value exchanged.

That's greasy.

Greasier still is the fact that even if you pony up the dough, on a monthly basis, for Yahoo's premium email services, your data will get scanned unless you opt to opt out. Finding the page that lets you do this, surprise, surprise is not easy to do. We've got your back, though. Follow this link to take control of your Oath-related privacy settings.

Oath swears that the data scraping method they use ignores personal information and personal identifiers. Read the rest

A Canadian man born in Kazakhstan has been sentenced to five years in prison for crimes connected to the massive Yahoo security breach that U.S. federal agents say was directed by Russian government spies.

“Karim Baratov, an FSB go-to guy for webmail hacking, was sentenced to 5 years in prison this morning, less than the nearly 8 years sought by the Justice Department,” says Daily Beast's Kevin Poulsen.

Below, why 5 years in prison is actually a good outcome for Baratov, who is 23. Read the rest

How the once mighty have fallen. Read the rest

Compuserve's sprawling, paleolithic forums were acquired along with Compuserve itself by AOL in 1998, and their fossil remains were augmented, year after year, decade after decade, by die-hard users who continued to participate there. Read the rest

Just over a year ago, Yahoo admitted that it had been hacked in 2013, and estimated that 500 million accounts had been compromised (the company blamed state-sponsored actors, and federal prosecutors have indicted two Russian spies for ordering the operation). Now the company has admitted that all three billion of its accounts were affected. Read the rest

Verizon's using its purchase of Yahoo for more than undermining the fight for net neutrality: it's also using its new acquisitions to make anti-competitive moves against its telcoms rivals, deploying the users of Flickr and Tumblr as hostages. Read the rest

Yahoo's sale to Verizon means that Yahoo's sub-companies -- Flickr, Tumblr and a host of others -- are now divisions of a phone company, and as you might expect, being on the payroll of a notorious neutracidal maniac with a long history of sleazy, invasive, privacy-destroying, monopolistic, deceptive, anti-competitive, scumbag shakedowns has changed the public positions these companies are allowed to take. Read the rest

It's been a decade since Yahoo got raked over the coals by Congress for helping the Chinese government spy on journalists and dissidents, some of whom were then arrested and tortured. Read the rest

Information security is a race between peak indifference to surveillance and the point of no return for data-collection and retention. Read the rest

Before today's anticipated announcement by the Justice Department, more details are already leaking out about who they're after: “two Russian spies, and two criminal hackers.” Read the rest

The ACLU raised $24M over the weekend of the #muslimban, six times its usual annual average, and now it is joining the Winter 2017 class at Y Combinator, a startup accelerator that has emerged a mixed bag of great and terrible companies, which has had to contend with controversy over its ties to Peter Thiel. Read the rest

Marissa Meyer is to leave Yahoo, which is to change its name to "Altaba" Read the rest

Just a few months after Yahoo disclosed a 2014 breach of 500 million user accounts, the company today revealed this was preceded by a 1 billion account breach in 2013, in which the hackers took everything: hashed passwords, names, email addresses, phone numbers, dates of birth, and possibly the tools necessary to forge login cookies that would bypass password checks altogether. Read the rest

What do you do if your ailing internet giant has been outed for losing, and then keeping silent about, 500 million user accounts, then letting American spy agencies install a rootkit on its mail service, possibly scuttling its impending, hail-mary acquisition by a risk-averse, old economy phone company? Just cancel your investor call and with it, any chance of awkward, on-the-record questions. (via /.) Read the rest

A week after the revelations that Yahoo illegally allowed American spies to access all Yahoo users' email (possibly via a dangerous rootkit), and two weeks after admitting that 500,000,000 Yahoo Mail users' passwords were leaked years previously, possibly to a "state actor," the company has disabled email forwarding for Yahoo Mail users. Read the rest

Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources -- at least one of whom worked on the security team -- say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool. Read the rest

Yahoo email accounts were scanned by the company on behalf of U.S. intelligence services from last year. This represents the first example of a U.S. service provider providing complete access to "all arriving messages," reports Reuters.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to the two former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

It might not seem terribly meaningful to users, given the revelation that 500m Yahoo accounts (surely all of its users, or close to it) were hacked anyway, but there's a difference between a one-off break-in and a standing invitation. Over four years of Mayer's leadership, Yahoo suffered a "stunning collapse in valuation" and was sold to Verizon for $4.83bn. Completion of the deal is reportedly threatened by the recent stories about Yahoo's security failings. Read the rest