Alex Stamos (previously) is the former Chief Security Officer of Yahoo and Facebook. I've jokingly called him a "human warrant canary" because it seems that whenever he leaves a job, we later learn that his departure was precipitated by some terrible compromise the company was making -- he says that he prefers to be thought of as "the Forrest Gump of infosec" because whenever there is a terrible geopolitical information warfare crisis, he's in the background, playing ping-pong. Read the rest

Verizon wants to divest itself of Tumblr, having squandered much of the goodwill that made the platform so beloved by creating literally the stupidest censorship regime in the history of the internet; Tumblr became part of Verizon through the sale of Yahoo's media assets, and is part of a group Verizon dubbed "Oath" because everyone who encounters it ends up swearing. Verizon has admitted that it made a stupid, multi-billion dollar mistake when it bought Tumblr and its sister companies. (via Mitch Wagner) Read the rest

A friend who works in ad-tech tells me that Verizon's datasets from its Yahoo/AOL assets are "the creepiest" in the industry, but even with every dirty trick and every stupid, harebrained scheme, the companies formerly known as Oath (because everything Verizon did made their users swear uncontrollably) are basically worthless. Read the rest

Everything has a cost, especially in the realm of online services. It used to be a pretty common practice for providers of 'free' email services to scan their user's messages for data that'd be valuable to advertisers. The data got sold to keep the email provider's lights on, with in-browser advertising filling in the financial gaps. Most email providers abandoned the practice, years ago: they were amazed to find that it pissed off their users. Yahoo's parent company, Oath, however, is getting back on this particular brand of bullshit.

From The Verge:

Yahoo’s owner, Oath, is in talks with advertisers to provide a service that would analyze over 200 million Yahoo Mail inboxes for consumer data, sources told WSJ. Oath did not immediately respond to a request for comment.

Oath confirmed to the WSJ that it performs email scannings and said that it only scans promotional emails, usually from retailers. Users have the ability to opt out, it said. Oath’s argument is that email is an expensive system, and people can’t expect a free service without some value exchanged.

That's greasy.

Greasier still is the fact that even if you pony up the dough, on a monthly basis, for Yahoo's premium email services, your data will get scanned unless you opt to opt out. Finding the page that lets you do this, surprise, surprise is not easy to do. We've got your back, though. Follow this link to take control of your Oath-related privacy settings.

Oath swears that the data scraping method they use ignores personal information and personal identifiers. Read the rest

A Canadian man born in Kazakhstan has been sentenced to five years in prison for crimes connected to the massive Yahoo security breach that U.S. federal agents say was directed by Russian government spies.

“Karim Baratov, an FSB go-to guy for webmail hacking, was sentenced to 5 years in prison this morning, less than the nearly 8 years sought by the Justice Department,” says Daily Beast's Kevin Poulsen.

Below, why 5 years in prison is actually a good outcome for Baratov, who is 23. Read the rest

How the once mighty have fallen. Read the rest

Compuserve's sprawling, paleolithic forums were acquired along with Compuserve itself by AOL in 1998, and their fossil remains were augmented, year after year, decade after decade, by die-hard users who continued to participate there. Read the rest

Just over a year ago, Yahoo admitted that it had been hacked in 2013, and estimated that 500 million accounts had been compromised (the company blamed state-sponsored actors, and federal prosecutors have indicted two Russian spies for ordering the operation). Now the company has admitted that all three billion of its accounts were affected. Read the rest

Verizon's using its purchase of Yahoo for more than undermining the fight for net neutrality: it's also using its new acquisitions to make anti-competitive moves against its telcoms rivals, deploying the users of Flickr and Tumblr as hostages. Read the rest

Yahoo's sale to Verizon means that Yahoo's sub-companies -- Flickr, Tumblr and a host of others -- are now divisions of a phone company, and as you might expect, being on the payroll of a notorious neutracidal maniac with a long history of sleazy, invasive, privacy-destroying, monopolistic, deceptive, anti-competitive, scumbag shakedowns has changed the public positions these companies are allowed to take. Read the rest

It's been a decade since Yahoo got raked over the coals by Congress for helping the Chinese government spy on journalists and dissidents, some of whom were then arrested and tortured. Read the rest

Information security is a race between peak indifference to surveillance and the point of no return for data-collection and retention. Read the rest

Before today's anticipated announcement by the Justice Department, more details are already leaking out about who they're after: “two Russian spies, and two criminal hackers.” Read the rest

The ACLU raised $24M over the weekend of the #muslimban, six times its usual annual average, and now it is joining the Winter 2017 class at Y Combinator, a startup accelerator that has emerged a mixed bag of great and terrible companies, which has had to contend with controversy over its ties to Peter Thiel. Read the rest

Marissa Meyer is to leave Yahoo, which is to change its name to "Altaba" Read the rest

Just a few months after Yahoo disclosed a 2014 breach of 500 million user accounts, the company today revealed this was preceded by a 1 billion account breach in 2013, in which the hackers took everything: hashed passwords, names, email addresses, phone numbers, dates of birth, and possibly the tools necessary to forge login cookies that would bypass password checks altogether. Read the rest

What do you do if your ailing internet giant has been outed for losing, and then keeping silent about, 500 million user accounts, then letting American spy agencies install a rootkit on its mail service, possibly scuttling its impending, hail-mary acquisition by a risk-averse, old economy phone company? Just cancel your investor call and with it, any chance of awkward, on-the-record questions. (via /.) Read the rest