Press "Enter" to skip to content

Delete Yahoo (and all its surveilling ilk)

In today’s links post, I blogged about Yahoo’s compliance with a federal “security directive.” If true, their act would not only be despicable, but would be technologically unprecedented. They reportedly not only rolled over without a fight, but actually built new software at the behest of the fedgov to spy in realtime on their users’ incoming and outgoing mail.

There are obviously still a lot of questions here including some extremely basic ones. Did Yahoo really do this? Was the request made by the NSA or the FBI? What were the specific terms the company was “directed” to scan for? What other companies received similar requests and how did they respond?

Not to mention the larger questions like what the hell is a security directive? How does it differ from a warrant or a subpoena? Why was it used instead of a subpoena when this was apparently part of a criminal investigation? What gives some random federal agency the authority to issue one? And what law or principle requires any private company to submit to a non-warrant/non-subpoena piece of paper from the fedgov? (When I did a search on “what is a security directive,” the first two pages of results contained a lot of articles like this one, discussing specific directives by the TSA or explaining specific types of directives the president can issue. But I found not a mention of the basic legal or (un)constitutional principles.)

And — not that it matters, these days — but if the directive was issued under the Foreign Intelligence Surveillance Act, why was every single Yahoo user everywhere investigated as a criminal?

The Intercept has more. They’re very good at this kind of work and I expect we’ll be hearing more from them soon.

We do know, at least, that Yahoo’s director of security quit rather than go along with the directive. Good for him. Then he went to F*c*b**k. OMG. At least his departure confirms that this business really happened even if details are still vague.

Given this plus the recent news that Yahoo allowed between 500 million and a billion user accounts to be breached two years ago — and apparently didn’t even notice — it’s time to delete Yahoo. And more.

—–

Here is how to delete your Yahoo account.

I never used Yahoo email, but I did have an account that allowed me to participate in three Yahoo-based email groups. It was no big deal for me to delete my Yahoo account. Which I did today. But that’s not enough.

It is time for all people who give a damn about their security — and the security of those who correspond with them — to stop patronizing this ghastly company. And, for that matter, to stop patronizing all other companies known to bend over for every federally ordered betrayal of their users. Or known to perform datamining on both users and their friends.

Years ago, when the first companies invited people to sign up for “free” email in exchange for allowing their correspondence (and their correspondents’ correspondence!) to be scanned for marketing purposes, my first response was to vow I’d simply never exchange messages with anyone who used those services.

Then so many people rushed to sign up to be data-mined that I couldn’t keep my promise to myself.

This morning I decided to take a second look at Yahoo with the idea of blacklisting all *.yahoo.com email addresses. I found that, over the last 10 years, I’ve sent 898 emails to yahoo.com addresses and that even now, several people who are very important to me use Yahoo email. So, still, I can’t “delete Yahoo” (or gmail or hotmail or similar abominations) from my personal correspondence even though I’ve deleted my Yahoo account.

We’re all in this together. So all I can do is gently suggest that if you rely on Yahoo or any similarly weak-kneed company, you switch. Switch now. Switch even though it’s a hassle. Switch for your own sake and the sake of everybody you correspond with. Switch for the sake of freedom, privacy and real security.

Either get a paid mail service that uses good security practices, or if you must use free mail, sign up with something like ProtonMail, which has both free and paid services. Protonmail is far from perfect but at least isn’t in the business of data-mining its customers or (you’ll pardon my French) spreading its cheeks and breaking out the Vaseline every time some member of the U.S. uber-government is in the mood for rape.

Please do not trade your and your friends security for the “convenience” of companies whose loyalty is neither to you nor to freedom.

21 Comments

  1. He Who Fakes It Well
    He Who Fakes It Well October 5, 2016 8:16 am

    An important point: Any commercial email server is potentially vulnerable to this. Not just “free” accounts like Yahoo, Google, Outlook/Hotmail. Nameless Statist Acronym Agency can walk into Hawk Host and demand the same thing.

    You have a couple of options:

    1. Find a company you deem trustworthy. Sadly, principled actors like Lavabit’s Levinson are few and far between.

    2. Set up and operate your own email server. In theory, it’s pretty easy. I’ve done it, even on a dynamic IP. In practice, getting the security right is a serious PITA (as CLinton’s email scheme demonstrated; her amateur IT boy couldn’t even fake it well). You’ll need to be sure your MX entry is absolutely right. And you’ll still have tyrouble with the various spam blacklists, which are remarkably intolerant of “indy” servers.

    If you go with a private server– especially for a business — you might be tempted to make use of a third party to spam filter your traffic (and archive everything for you; businesses can’t risk losing all those customer contacts). Bad idea. At one point, Clinton was routing her email traffic through MX Logic (ironically, once a MacAfee company). That company scans all traffic for spam and archives. No one — NSA? — really needed to hack HRC’s machine; they could have dropped a few bills on an underpaid MX employees for the whole kit and kaboodle.

  2. Laird
    Laird October 5, 2016 8:22 am

    I never use a Yahoo email account, but I checked and it turns out that I had two! Don’t rememberwhen or why the were created, but I’ve deleted both. Thanks for the info.

  3. Laird
    Laird October 5, 2016 8:28 am

    By the way, the automated receipt sent by Yahoo said that my account will not be terminated for 90 days (“to discourage users from engaging in fraudulent activity”) and my personal information will be retained for 3 years (supposedly in accordance with the Terms of Service). Right. Well, at least nothing new will get on there!

  4. Claire
    Claire October 5, 2016 8:42 am

    “An important point: Any commercial email server is potentially vulnerable to this.”

    Absolutely true. But it does appear that when the fedgov wants to do big, random sweeps in which every customer is a criminal suspect, they take the easy path of going to Google, F*c*b**k, Yahoo, and other biggies. Of course, we don’t know this for sure. But from what we do know, they seem to approach the smaller companies primarily when they’re looking for specific info on specific users. They may still want sweeping info and sweeping power, but their actual search is targeted. Unlike with the bigs.

    And of course we know that these very same bigs the fedgov is so cozy with are also the champs of private datamining (and selling of information about us). So small, paid services — or small, paid, offshore services — or better yet, small, paid services with known privacy protections — are a better choice.

    Alas, I expect that very few people who regularly use free-and-easy email services are likely to set up their own servers. Perhaps a few will — those who use gmail or yahoo or hotmail as throwaway backup sources and who know how to use mail more wisely. But I just don’t see a lot of people turning to home servers.

  5. Claire
    Claire October 5, 2016 8:44 am

    Laird — Forgot to mention the 90 day/three year business. So thanks for bringing that up!

  6. Bill St. Clair
    Bill St. Clair October 5, 2016 9:09 am

    I have also run email servers, initially set up myself using a howto I found. It was a royal pain to get right. I switched to https://mailinabox.email, running in its own Digital Ocean virtual machine, and I have been very happy. Everything automated. Good documentation. Same Linux server software, but scripts to make installing and updating it much much easier.

  7. He Who Fakes It Well
    He Who Fakes It Well October 5, 2016 9:18 am

    “And of course we know that these very same bigs the fedgov is so cozy with are also the champs of private datamining (and selling of information about us).”

    You know, it wasn’t too long ago that Yahoo announced they would be datamining user email for advertising purposes just like Gmail. I thought about that when I heard this report. Seems to me they got Uncle Sugar to pay for their datamining software development, used it for the covert spying for beta testing, then went full scale.

    Your tax dollars at work.

  8. Jim B.
    Jim B. October 5, 2016 10:25 am

    Hey Claire,

    Just recently I found this YouTube vid about a woman commenting on Feminism. Seems she compared Feminists as similar to Communists or even Nazis. Apparently she was so good in her monologues that she gotten death threats and gang stalked, it was so bad she pulled out of doing her YouTube thing.

    https://youtu.be/IT9jeK30yH8

    If you find you liked this, you may also want to check out both Karen Straughan and Liberty Doll channels.

  9. LibertyNews
    LibertyNews October 5, 2016 1:30 pm

    I recommend https://www.fastmail.com — Inexpensive, reliable, and as far as I can tell trustworthy. They also have a pile of domains you can use for setting up email aliases 🙂

  10. pyrrhus
    pyrrhus October 5, 2016 2:18 pm

    You could leave your Yahoo account open, and piling up spam, and simply route everything of any importance through a secure email account, of which there are quite a few….

  11. Sam in Oregon
    Sam in Oregon October 5, 2016 5:23 pm

    Thanks for the heads up, Claire. I deleted my (barely used) Yahoo account today – at least to the extent it would let me per Laird’s comments. It’s times like these that I miss the old days when communication was slower but more secure (pen/paper).

  12. John
    John October 5, 2016 11:52 pm

    Jim B.
    People are each individual.
    All born naked.
    Some individuals favor compelling others to their will, others do not.
    Labels are just obfuscation.

  13. David Haywood Young
    David Haywood Young October 6, 2016 4:27 am

    Just saw you had your own site going–I love reading your posts, but the BWH site has long banned Tor users (from reading!) and the RSS feed over there, which allows access via Tor, only includes snippets.

    So today I decided to try to subscribe the the feed on this site–after successfully accessing the site itself via Tor–and the server replied that access was forbidden. FWIW that was via a different instance of Tor, and therefore a different IP address, but I tried a few more and got the same result.

    I get that it’s a shortcut to block IP addresses. It’s easy, after all, and probably feels productive and “safe.”

    That said, I am never going to understand why freedomista-type sites so often block Tor. Spam filters tend not to allow Tor-stuff through, already, and the technology to block IP addresses from some things while allowing other things (such as for chrissake viewing content) has been pretty simple to use for years. And, hey, why not get a .onion address set up? I should probably do that myself…

    Incidentally, I saw a copy of one of your books in a “spy” store in Las Vegas. Pretty much the only thing there that wasn’t overpriced, but I did enjoy browsing.

    -David

  14. Jim B.
    Jim B. October 6, 2016 4:31 am

    John,

    That may be so, but it’s not labels that I would be concerned about. It’s the action behind those labels I’m concerned about. She’s describing Feminism to be similar to the others.

    Why am I concerned about Feminism when I should be more concerned about the Freedom Movement? Isn’t the Freedom Movement about fighting those who would be inclined to control others? I’m concerned about Feminism, not only for its effects on males but also that it would be the Federal Government’s biggest defender.

    Don’t you think the Feminists would twig on to the concept that if we do end up, basically, hitting the reset button and end the present Federal Government and institutie a new one hopefully better for respecting freedom? Don’t you think they’d fear all their hard work, all the “gains” they made, all the powers they’ve achieved will be for naught and they’d probably feel they’d have to start over? With the present system, they are in the catbird seat and they know it.

    No, I believe that in order for the freedom movement to get any momentum, we’d need to convince women that the freedom movement can benefit them as well, The real question is how. I don’t think we can convince them to care about their fathers, their husbands, their sons. It seems the past 25 years haven’t done that. So we need to try other perspectives. With the way the “system” is now, why would they give it up?

    There’s no success with freedom without the women.

  15. Claire
    Claire October 6, 2016 4:45 am

    David Haywood Young — Thanks for coming to the new blog. I’m unaware of us deliberately blocking anybody. I’ll run this by tech guy He Who Fakes It Well after he returns home from hurricane evacuation.

  16. MamaLiberty
    MamaLiberty October 6, 2016 7:35 am

    Had a “Yahoo” account once. I belonged to a co-op and it was required if you wanted to learn about offerings, shipments and so forth. Left the co-op and never looked at the account again. I’m curious now… will look and then delete it.

    I have never liked web based email, though I have one account for backup… Just never use it. More than one such account has been canceled by THEM for non-use. My email comes to Thunderbird, on my computer, via my ISP. I use encryption with those who want it, and really don’t worry about it otherwise.

    After fifty years of activity in the fight for individual liberty, all the bad guys know everything relevant there is to know about me… if they want to know. I’ve said for years that I’d be willing to repeat any of it face to face if they ask me. So far, crickets…

  17. Frank
    Frank October 6, 2016 6:25 pm

    I still use Eudora e-mail client (Version 7) on my Windows machine (still use Vista, too!) – does anyone remember it? Started using it long ago in college (Eudora Light) and have used nothing else since then. I DID try the open-source version but quickly went back to the ‘old’ version.

    https://en.wikipedia.org/wiki/Eudora_(email_client)

  18. Antibubba
    Antibubba October 8, 2016 9:49 pm

    If I get a secure email account (ProtonMail, for example) how secure is it if nobody I know is willing to go through using my public key? Like
    -my parents
    -my wife
    -my friends
    who don’t understand why I need this at all.

    Will someone have to have my key to send me email?

  19. LBS
    LBS October 9, 2016 1:22 pm

    Don’t know what I’m going to do about this one. Everything electronic and computer-like in our household originates with DH, who does not believe that bad things happen to good, law-abiding citizens. Must have a talk, though, on principle.

Leave a Reply