Skip to main content

Garbage to gold: How Yahoo unethically sells your spam email

Image used with permission by copyright holder

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Yahoo’s golden era has passed and Yahoo Mail, once considered a serious competitor to Gmail, is now far less popular. It’s unlikely that you use it for your primary email account. So why should you care about its privacy policy?

According to a report from the Wall Street Journal, Yahoo’s parent company, Verizon, knows you don’t use that old AOL or Yahoo inbox. It knows they’re just full of spam. Yet strangely enough, it’s selling data pulled from it without telling you — and staying alive by doing so.

All your mail are belong to us

The beans were spilled by a leaked Yahoo sales pitch. It detailed the tactics Yahoo uses to collect and sell personal data gained from its email accounts. It’s all laid out in explicit description, outlining not only how Yahoo mines email accounts for data, but why.

Theresa Payton, former White House Chief Information Officer to the Bush Administration. Image used with permission by copyright holder

“This isn’t a new practice,” Theresa Payton told Digital Trends. Payton is the current CEO of Fortalice Solutions and the former Chief Information Officer at the White House. “What they do is scan emails, and then group similar users together for targeting. For example, if you have receipts from purchases you’ve made on Netflix or Hulu or Amazon Prime, they will group you and other email users that have similar receipts into a group, and then sell your data to media companies, TV outlets, and the movie industry.”

On paper, Yahoo isn’t doing anything unlike what Google has done in the past. For thirteen years, Google scanned the email of Gmail accounts and sold that data to advertisers on its Google Ads platform. Considering the amount of people that use Gmail, the amount of relevant data that could be mined was mind-boggling.

That practice has since been halted due to public outcry, but companies with less to lose — like Yahoo — have picked up on the idea and run with it.

Payton believes the Yahoo situation might be more sinister. Part of the problem is the raw capability of technology, which grows year by year, both in terms of processing power and maturity. According to Payton, behavioral-based, big data analytics are at a higher level of sophistication than they were just a few years ago. They can handle more data, so they collect more data.

“That human curation is maybe where the secret sauce is.”

Yet the biggest difference in Yahoo’s implementation is the human element. “There’s also the automated scanning process and then there’s a human curation process,” she said. “That human curation is maybe where the secret sauce is. Things are going to be done to this data that are going to be unique and different from how Google used to treat email accounts in the past.”

There’s no way to know exactly what human eyes scan at Yahoo, but the company’s privacy policies make clear that humans do read some emails. The policy posted by Yahoo’s parent company, Oath, states “when users click on the Spam and Not Spam buttons, information is sent to our anti-spam team or other spam compliance service providers for manual review, and aspects of these messages may be shared […].” The policy also references “manual review” for several other reasons.

Panithan Fakseemuang/123rf

Doug Sharp, Oath’s Vice President of Data, Measurements, and Insights, defended the practice when questioned by The Wall Street Journal. “I think it’s reasonable and ethical to expect the value exchange,” said Mr. Sharp, “if you’ve got this mail service and there is advertising going on.

So, Yahoo is reading emails that arrive in the 200 million inboxes it hosts. But who uses their Yahoo or AOL email account as their primary account these days, anyways? You probably don’t use Yahoo Mail as your main account, so it’s not your concern. Right?

Maybe not. Even the junk you’ve left behind in a secondary account is good enough to sell.

Mining spam for gold

“They actually talked about how a lot of people use their platform to forward their spam mail to,” said Payton. “So, they purely use it as an email address to hand out and let a bunch of marketing material go to. And that could be super helpful to marketers.”

Yahoo knows you don’t care about your Yahoo Mail account and has turned that into a selling point for marketers. Using the same scanning, grouping, and human curation described above, Yahoo has found a way to turn junk mail into sellable data. That might not sound bad, but Payton described a situation that could quickly go from harmless to dangerous.

“This could be their survival mode project to give them the cash influx they need.”

“What if you’re subscribing to Wine & Whisky newsletters — and that information is sold to health insurance companies?” she proposed. “I’m not saying that’s what they’re doing, but the question is, once the data is sold to third-party marketers, how do you know how that data is or is not going to be used or safeguarded?”

It gets even more worrisome when you consider the company Yahoo has become. It was acquired by Verizon in 2017, where it was merged with AOL to form an umbrella corporation known as Oath. That means all the data collected from Yahoo and AOL email accounts are not only shared with third-party marketers, but also distributed throughout the massive company. We’re talking about a lot of data, and a lot of ways to put it to use.

Exploiting what few people it has left

We don’t know how successful Yahoo has been at selling people’s spam. In a post-Cambridge Analytica world, it feels a odd for a company to shamelessly mine personal data as if no one cared — and as if regulatory bodies weren’t paying attention.

Still, we shouldn’t be surprised. Yahoo, like most companies, needs to make money to justify its existence. Mining email data is another way to keep the lights on. The consequences could be severe, but anything can look viable to a company with a lot of red ink on its balance sheet.

Global PR

“Just think about the massive data breach they had and the legal fines that came from that,” said Payton. “This could be them thinking, ‘We’re sitting on a treasure trove of information that we can productize and monetize.’ This could be their survival mode project to give them the cash influx they need.”

Your Yahoo or AOL email accounts may have already been mined for data, but it’s worth heading over to deactivate it if you don’t currently use it. If you do happen to use Yahoo Mail as your primary account, we’d highly recommend disabling access to this kind of invasive scanning. It’s as easy as heading over to the Ad Interest Manager page and clicking on “Opt Out” under the Yahoo banner.

If nothing else, there’s one important lesson we can learn from all this. Data is still the most valuable commodity in the world, even if its out-of-date information tucked away in an abandoned corner of the internet.

Luke Larsen
Luke Larsen is the Senior Editor of Computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
Valve adds DLSS 3 to SteamOS backend, but don’t expect an Nvidia Steam Deck
Ghost of Tsushima running on the Steam Deck.

Valve has made a significant update to its Proton compatibility layer, which is the basis of the Linux-based SteamOS operating system on the Steam Deck. The update brings several improvements and bug fixes, but it also adds support for Nvidia's coveted DLSS 3 Frame Generation.

The update for Proton Experimental rolled out on November 12, and it was spotted by Wccftech. Proton is the bedrock for gaming on Linux, and up to this point, Nvidia users haven't had access to some of the best features of Team Green's latest graphics cards on Linux. The latest update not only supports DLSS 3 Frame Generation, but also Nvidia's Optical Flow API. Optical Flow is critical for DLSS 3 Frame Generation, though the dedicated hardware for the feature has been around since Nvidia's Turing GPUs.

Read more
This $3,390 Lenovo ThinkPad laptop is only $1,690 today
Engineer, wearing a hard hat, works on the Lenovo ThinkPad P14s as another engineer works in the background.

The Lenovo ThinkPad is one of the best workplace laptops money can buy, and has been for many years. From one generation to the next, Lenovo continues to bring improvements and new features to its longstanding ThinkPad lineup. When new ThinkPad models are released, older units tend to go on sale, and every once in a while, you’ll catch an exciting doorbuster discount on some premium hardware. That leads us to this offer:

Right now, when you purchase the Lenovo ThinkPad P14s through the manufacturer, you’ll pay $1,690. Usually, this model retails for as much as $3,390.

Read more
Yes, Reddit is down. Here’s everything you need to know
The Reddit app icon on an iOS Home screen.

Bad news, fellow Redditors. If you're trying to browse your favorite subreddit right now, you're probably unable to. Why? Because Reddit appears to be down due to technical difficulties.

What's going on with the outage? Do we know when it'll be back up? Here's a recap of everything we know.
Why is Reddit down?
On the Reddit status website, the company indicates an "unresolved incident" taking place on November 20. The company confirms "degraded performance for reddit.com," which appears to be accurate.

Read more