Yahoo’s New Privacy Policy Leaves No Doubt: Privacy is Dead

If you thought that Facebook was abusing your privacy by using your personal information for its own financial benefit, just wait to you hear what Yahoo now plans to do.

To understand the full extent of this policy, it is first necessary to identify the infrastructure of which Yahoo is actually just a small part. Verizon bought Yahoo in 2015, even though, at the time, Yahoo was a failing company. However, it is now clear what Verizon really wanted. They wanted Yahoo’s treasure trove of personal data on billions of people around the world. Although known mainly as a telecommunication service provider, Verizon has a large digital content division known as, Oath. Oath controls Yahoo, AOL, and a number of other companies, some of which are shown in the graphic below.

yahoo oath

 

Thus, Yahoo’s privacy policy reflects the privacy policy of Oath. In fact, when you see the Yahoo privacy policy, you will be directed to the Oath privacy site. However, Yahoo will give you the following, somewhat sobering, synopsis of this policy stating what they control.

yahoo control

Let’s get right to the point. They can exploit any information you give them, whether it is in emails, attachments, photos, or chat sessions. It’s not clear what “other communications” refers to, but, perhaps, it includes your phone calls. It also includes your interactions with the other sites in their group of companies.

And it doesn’t stop there. Oath goes on to elaborate that they will collect information such as “device IDs, cookies, and other signals, including information obtained from third parties, to associate accounts and/or devices with you”. They will collect information “when you use our Services to communicate with others or post, upload or store content (such as comments, photos, voice inputs, videos, emails, messaging services and attachments).” “Oath analyzes and stores all communications content, including email content from incoming and outgoing mail.”  This means that they can also exploit your contacts. And, perhaps most disconcerting of all, they will collect information “When you sign up for paid Services, use Services that require your financial information or complete transactions with us or our business partners, we may collect your payment and billing information.”

And as if this wasn’t enough, Oath installs web beacons “on sites, apps, videos, emails, and other services”. For those who don’t know, web beacons are transparent, one pixel, images that contain programs to watch how you interact with a web page or service. And it’s not just on their sites that they allow beacons. “we allow certain Third Parties to include their own beacons & SDKs within our sites and apps.”. These third parties include Facebook, Twitter, LinkedIn, and Google, among many, many others.

That may seem to cover all that they want from you, but it’s not. They only stop short of asking for custody of your first born child. Here’s a sobering explanation of what they want control over.

“When you upload, share with or submit content to the Services you retain ownership of any intellectual property rights that you hold in that content and you grant Oath a worldwide, royalty-free, non-exclusive, perpetual, irrevocable, transferable, sublicensable license to (a) use, host, store, reproduce, modify, prepare derivative works (such as translations, adaptations, summaries or other changes), communicate, publish, publicly perform, publicly display, and distribute this content in any manner, mode of delivery or media now known or developed in the future; and (b) permit other users to access, reproduce, distribute, publicly display, prepare derivative works of, and publicly perform your content via the Services, as may be permitted by the functionality of those Services… You must have the necessary rights to grant us the license described in this Section 6(b) for any content that you upload, share with or submit to the Services.”

 So what, you may ask, do they need all of this information for? That’s an easy answer. They want to monetize your personal information. They do this by selling all the data they collect to target-advertising firms. Here is the list of advertises that Oath gives your personal information to. I have entered information about them, mostly in their own words, to help you understand how your data is being used.

oath

Oath also shares information with Audience Partners which provides a number of services. In politics they “target specific voter segments by party affiliation, vote frequency (including the number of primaries and general elections voted), donation history, political geographic segments including congressional district, State Senate district, State House district, local jurisdictions, and tens of thousands of additional data points.” In healthcare, they allow “marketers the ability to micro-target prospective customers based on insurance status, health propensity, geographic, demographic, attitudinal, and behavioral attributes. Healthcare professionals (doctors, nurses, pharmacists, et al) can also be targeted by specialty, or based on custom lists.” Audience Partners does a lot more than this, but this should help you understand why getting so much data from Yahoo via Oath can be important. The more these advertisers can target individuals, the happier their clients are and the more money they can make. Oath makes money by selling them the data that they want.

Of course, Oath has a different take on all of this. Oath claims they are doing you a favor by giving you more relevant ads. You should be thanking them for all the work they’re doing on your behalf. They claim they will protect your data., well, of course, unless law enforcement agencies need it. Oath claims, however, that they will not give these agencies, including government agencies, your data without a fight. “We push back on those requests that don’t satisfy our rigorous standards.” Really? Here’s the statistics for January through June of 2017.

oath govt

Only 3.6% of government requests for user data were rejected. Somehow that doesn’t seem like much of a push back to me.

Let me make this clear. I have no problems with companies trying to make money. After all, if they didn’t make profits, we wouldn’t be able to use their products or services. However, there are some ethical guidelines that should be followed. For example, no one thinks a company should make money by using slaves. In terms of targeted advertising, it’s a matter of degree. Should they be allowed to monetize any content they get their hands on whether you agree or not? In this respect, Oath and its comrades seem to go too far. You will have some limited control over what they do by going here. It will take some effort on your part, but you can, at least, stop some targeting, if only for a while.

The other problem I have with Oath is their self-righteous attitude. You may be surprised to hear that they are, in fact, helping the world by monetizing our personal data. In their own words: “Building. It’s not just about brands for us. It’s about building a better world, too… Let’s do something good together.” And then there is their list of principles that guide them. Here are a few.

“After months of listening, writing, soul searching, rewriting and gut-checking, we landed on these galvanizing statements. They are the touchstones for how we create, code, build brands, give back and lead the future.

Put consumers first

The only judge of our success is our consumer, period.”

(That goes without saying. Angry consumers are bad customers.)

Speak the truth

Transparency builds trust, and trust builds love.”

(This seems like a non sequitur. Transparency may build trust, and trust may build more loyal customers, but whether this will result in love is a bit of a stretch.)

Right not easy

This is simple: behave in ways we are proud of.”

(So are you saying it’s not easy to behave in ways you are proud of? After all, if behaving in ways you are proud of is easy, it wouldn’t be right because being right doesn’t come easy. I’m confused.)

I realize few people read the user agreements for the services these online companies offer. Maybe that’s what these companies hope will be the case. Yet, when users learn, as was the case with Facebook, that their information was used in multiple ways, they are indignant. Whose fault was that? Probably everyone bore some responsibility.

Zuckerberg, however, apologized for the misunderstanding. “It was my mistake, and I’m sorry. I started Facebook, I run it, and I’m responsible for what happens here.” But as I was writing this post, I received the new privacy policy from Facebook. To put it bluntly, it’s a take-it-or-leave-it option. You can only opt out of their facial recognition ‘service’. If you don’t believe that Facebook could be so cold-blooded after all of their public hand wringing, here is an excerpt from their new privacy agreement.

facebook policy

Thanks for your compassion, Mark.

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technologies, TrustWall and Mobile bare-metal virtualization. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s