News
Features
Guest Essay
Technicalia
Security
Community
Commentary
Home
ymmv

The View from the Desktop

Boo! to Yahoo!

by Dennis E. Powell


I was all ready to write a nice piece about the wonderful richness that developers on small, independent projects bring to Linux when I had to devote much of the time instead to dealing with Yahoo!.

Those who follow the news are familiar with Yahoo!, even if they have never used its services. That's because it was less than a month ago that the Department of Justice held a big news conference about "Operation Candyman," a crackdown on the distribution of child ography over the Internet. The investigation centered on a mailing list hosted by, of all people, Yahoo!.

Far be it from me to claim that Yahoo! endorses the exploitation of children. In fact, I'd bet that Yahoo! was as outraged as anyone -- probably more, in that their servers were involved -- over the arrests of about 90 Yahoo! subscribers in connection with the kiddie ring. One wonders why they didn't know that the illegal group was operating. And, oh, I don't know, maybe shut it down?

The answer probably has to do with the fact that Yahoo! has zillions of mailing lists. It bought up scads of mailing list hosting companies as part of the not entirely healthy consolidation of the Internet that took place during the dotcom bust. (A group I'm on, which is for recovering OS/2 users, has been passed around like a bottle of Boone's Farm, having been "owned" by three different outfits before finally landing at Yahoo!) It certainly has to do with the fact that Yahoo! is busily engaged in wringing every penny it can from its users.

In the wake of the kiddie scandal, Yahoo! announced a change in its privacy policy such that users' personal information is more readily available to law enforcement. This is not surprising, I suppose, and is probably good P.R. for the company. As to whether it is otherwise an ominous development remains to be seen; there has always been (and it is to be hoped always will be) tension between civil liberties and the interests of law enforcement, with the line of acceptability moving -- in both directions -- over time as circumstances and societal standards change.

Almost as an afterthought -- perhaps because it was assumed we'd be looking the other way -- Yahoo! also changed its spam policy. It used to be that subscribers to the things that Yahoo! offers (including a personalized portal page that is actually pretty feature-rich) were asked, upon creating their accounts there, whether they were interested in receiving spam. It was euphemistically worded, but that was basically it. The "yes" checkbox was unchecked. It was an "opt-in" system.

This has quietly been changed to "opt-out." The box is checked, and if you do not notice it and uncheck it you're now on the Yahoo! spam list.

This is bad enough. What is worse is that existing users report that when they went back to look at their Yahoo! account settings, the spam box, which they had not checked, was now selected.

In a kind of odd limbo were users who were on mailing lists bought by Yahoo!. These users had no Yahoo! accounts. They never signed up for anything with Yahoo!. They merely awakened one day to discover that their mailing lists were now part of that company.

I have seen nothing, nor have I been able to find anything official, as to whether these poor souls -- of whom I was one -- were opted in to the Yahoo! spam machine. But I have noticed an increase in spam addressed to an email account I maintained solely for the purpose of the mailing list now on Yahoo!. And Yahoo!'s recent behavior is not comforting.

The way to deal with it, it seemed to me, was specifically to opt out. Which meant creation of a Yahoo! account, just so I could uncheck the box. It was a very unpleasant experience.

To begin, I sought to unsubscribe from the list, clearing the old email address. Of course, I couldn't -- in order to do so, I would have needed to enter my Yahoo! account information, and I didn't have any of that because I didn't have a Yahoo! account. Though it could have been done by email for free, I phoned (long distance) the mailing list's moderator and asked her to nuke me from the list. I wanted to get this done now, and an email exchange would have taken time.

That task completed, I sought to resubscribe, using a different email address and telling Yahoo! to keep its damn spam out of my mailbox. (The moderator could have simply changed the email addresses, but this would have left me in the same limbo where I was before.)

Setting up the Yahoo! account was a little slice of hell. The questionnaire is more detailed than it would be unless the goal were to gather marketing information. It was not possible to leave any field blank. I was asked to describe the industry in which I am employed. I selected "other." This eliminated choices in the two following list boxes, which had to do with job title and duties. The spam box was, sure enough, checked; I unchecked it. Submitting the form, I got an error message saying that I had to select an industry. I finally chose one at random. This allowed me access to the other list boxes. Now it went through.

Now came time to subscribe to the mailing list, the whole purpose of the enterprise. I was unsurprised to learn that Yahoo! places a marketing cookie in one's browser. (Handy tip: If you use Opera, you can set it to nuke all new cookies at the close of each session. I recommend this setting, because you can selectively turn it off when dealing with sites you trust, close the session, and turn it on again for general use. This is a little more granular than what I used to do with Netscape, which was to create a symlink from /dev/null to ~/.netscape/cookies, while not as complicated as the cookie management in, say, Konqueror.)

Of course, I was not allowed to subscribe to the mailing list until my email address had been verified, which required clicking a link that would send me email. Yahoo! reported that the mail had been sent; why it took three hours to arrive in my mailbox is a mystery. I was then able to enter a code included in the email message and subscribe to the list. (Were I the cynical sort, I would wonder if the road would have been a little smoother had I decided to sign up for Yahoo!'s spamorama. But as longtime readers know, I'm anything but cynical.)

Finally, I was back on the list. I had gained, really, nothing -- the whole procedure was to protect myself from a unilateral and largely unpublicized change in Yahoo!'s privacy policy, but in the course of it I was required to give up information that I'm not entirely happy divulging, particularly to a company that seems to think it can change the rules whenever it wants, or at least whenever it can be made part of a smokescreen announcement to cover its butt following disclosure that it had been hosting a 7,000-member child ography list.

Comment on this article

Posted 10 April 2002