Garbage to gold: How Yahoo unethically sells your spam email

how yahoo is mining for gold in your junk mail scanning

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Yahoo’s golden era has passed and Yahoo Mail, once considered a serious competitor to Gmail, is now far less popular. It’s unlikely that you use it for your primary email account. So why should you care about its privacy policy?

According to a report from the Wall Street Journal, Yahoo’s parent company, Verizon, knows you don’t use that old AOL or Yahoo inbox. It knows they’re just full of spam. Yet strangely enough, it’s selling data pulled from it without telling you — and staying alive by doing so.

All your mail are belong to us

The beans were spilled by a leaked Yahoo sales pitch. It detailed the tactics Yahoo uses to collect and sell personal data gained from its email accounts. It’s all laid out in explicit description, outlining not only how Yahoo mines email accounts for data, but why.

facebook facial recognition privacy theresa payton portrait
Theresa Payton, former White House Chief Information Officer to the Bush Administration.

“This isn’t a new practice,” Theresa Payton told Digital Trends. Payton is the current CEO of Fortalice Solutions and the former Chief Information Officer at the White House. “What they do is scan emails, and then group similar users together for targeting. For example, if you have receipts from purchases you’ve made on Netflix or Hulu or Amazon Prime, they will group you and other email users that have similar receipts into a group, and then sell your data to media companies, TV outlets, and the movie industry.”

On paper, Yahoo isn’t doing anything unlike what Google has done in the past. For thirteen years, Google scanned the email of Gmail accounts and sold that data to advertisers on its Google Ads platform. Considering the amount of people that use Gmail, the amount of relevant data that could be mined was mind-boggling.

That practice has since been halted due to public outcry, but companies with less to lose — like Yahoo — have picked up on the idea and run with it.

Payton believes the Yahoo situation might be more sinister. Part of the problem is the raw capability of technology, which grows year by year, both in terms of processing power and maturity. According to Payton, behavioral-based, big data analytics are at a higher level of sophistication than they were just a few years ago. They can handle more data, so they collect more data.

“That human curation is maybe where the secret sauce is.”

Yet the biggest difference in Yahoo’s implementation is the human element. “There’s also the automated scanning process and then there’s a human curation process,” she said. “That human curation is maybe where the secret sauce is. Things are going to be done to this data that are going to be unique and different from how Google used to treat email accounts in the past.”

There’s no way to know exactly what human eyes scan at Yahoo, but the company’s privacy policies make clear that humans do read some emails. The policy posted by Yahoo’s parent company, Oath, states “when users click on the Spam and Not Spam buttons, information is sent to our anti-spam team or other spam compliance service providers for manual review, and aspects of these messages may be shared […].” The policy also references “manual review” for several other reasons.

yahoo mail blocks users install ad blockers browsers part test
Panithan Fakseemuang/123rf

Doug Sharp, Oath’s Vice President of Data, Measurements, and Insights, defended the practice when questioned by The Wall Street Journal. “I think it’s reasonable and ethical to expect the value exchange,” said Mr. Sharp, “if you’ve got this mail service and there is advertising going on.

So, Yahoo is reading emails that arrive in the 200 million inboxes it hosts. But who uses their Yahoo or AOL email account as their primary account these days, anyways? You probably don’t use Yahoo Mail as your main account, so it’s not your concern. Right?

Maybe not. Even the junk you’ve left behind in a secondary account is good enough to sell.

Mining spam for gold

“They actually talked about how a lot of people use their platform to forward their spam mail to,” said Payton. “So, they purely use it as an email address to hand out and let a bunch of marketing material go to. And that could be super helpful to marketers.”

Yahoo knows you don’t care about your Yahoo Mail account and has turned that into a selling point for marketers. Using the same scanning, grouping, and human curation described above, Yahoo has found a way to turn junk mail into sellable data. That might not sound bad, but Payton described a situation that could quickly go from harmless to dangerous.

“This could be their survival mode project to give them the cash influx they need.”

“What if you’re subscribing to Wine & Whisky newsletters — and that information is sold to health insurance companies?” she proposed. “I’m not saying that’s what they’re doing, but the question is, once the data is sold to third-party marketers, how do you know how that data is or is not going to be used or safeguarded?”

It gets even more worrisome when you consider the company Yahoo has become. It was acquired by Verizon in 2017, where it was merged with AOL to form an umbrella corporation known as Oath. That means all the data collected from Yahoo and AOL email accounts are not only shared with third-party marketers, but also distributed throughout the massive company. We’re talking about a lot of data, and a lot of ways to put it to use.

Exploiting what few people it has left

We don’t know how successful Yahoo has been at selling people’s spam. In a post-Cambridge Analytica world, it feels a odd for a company to shamelessly mine personal data as if no one cared — and as if regulatory bodies weren’t paying attention.

Still, we shouldn’t be surprised. Yahoo, like most companies, needs to make money to justify its existence. Mining email data is another way to keep the lights on. The consequences could be severe, but anything can look viable to a company with a lot of red ink on its balance sheet.

how yahoo is mining for gold in your junk mail campus
Global PR

“Just think about the massive data breach they had and the legal fines that came from that,” said Payton. “This could be them thinking, ‘We’re sitting on a treasure trove of information that we can productize and monetize.’ This could be their survival mode project to give them the cash influx they need.”

Your Yahoo or AOL email accounts may have already been mined for data, but it’s worth heading over to deactivate it if you don’t currently use it. If you do happen to use Yahoo Mail as your primary account, we’d highly recommend disabling access to this kind of invasive scanning. It’s as easy as heading over to the Ad Interest Manager page and clicking on “Opt Out” under the Yahoo banner.

If nothing else, there’s one important lesson we can learn from all this. Data is still the most valuable commodity in the world, even if its out-of-date information tucked away in an abandoned corner of the internet.


This orange puck keeps you online in any country, with one hidden catch

Staying connected on your travels can be a challenge and sometimes results in hefty cell phone bills you could do without. We tried out the Skyroam Solis, a global Wi-Fi hotspot and power bank billed as the perfect solution.
Social Media

How to turn off Snapchat’s location-based Snap Map

Thanks to an opt-in feature added last year, Snapchat may be sharing your location with friends whenever you open it. Here, we'll walk you through how to turn off said feature off and regain some peace of mind.
Product Review

It roasts! It grinds! It brews! But this coffee wonder has a bitter side

The all-in-one smart Bonaverde Berlin Brewing System lets you roast, grind, and brew from green coffee beans. But is all this work to make an average-tasting cup of Joe worth ditching your regular coffee maker?
Social Media

New to Snapchat? Follow our guide and go from newbie to pro

Whether you're a Snapchat addict or a newbie, our detailed Snapchat guide will help you become a pro in no time. Find out how to get started, spice up your snaps, chat, send money, and carry out a host of other useful actions.

Newegg was cracked, customer data has leaked, and security is clearly scrambled

Online electronics retailer Newegg has found themselves at the heart of an online security breach as the company's payment system was breached, giving hackers of the notorious group, Magecart, potential access to confidential customer data…

Winamp media player might be back from the dead, with Windows 10 support

Winamp might be back from the dead, and it's bringing support for Microsoft Windows 10 with the first new software release since its acquisition by Radionomy in 2014. Fans of the media player will also enjoy new features and bug fixes.

Heavily overclocked RTX 2080 Ti steals every 3DMark record

Nvidia's RTX 2080 Ti is already the most powerful graphics card ever released, but with liquid nitrogen cooling overclocker Kingpin was able to push the card to new heights and break a bunch of records in the process.

Photoshop isn't required to resize images. Here are 6 ways to do it in seconds

Resizing an image isn't the toughest thing in the world, even if it may seem like a hassle. Here's how to resize an image using six tools that allow you to make quick work of any photo, regardless of your operating system.

Chromebook keyboard showcase may have leaked Pixelbook 2 images

As we approach Google's #madebygoogle event taking place in early October, new rumors and leaks for a possible Pixelbook 2 are appearing online. This latest one may show what the rumored Nocturne design will look like.
Virtual Reality

Walmart stocks its stores with VR training for its employees

Walmart will begin rolling out virtual reality training experiences to all of its stores this year with the power of Oculus Go. More than 6,300 stores will receive the new technology, helping the company train its employees.

Tap Strap wearable keyboard gains support for VR applications

TAP System's wearable keyboard gains support for virtual reality, now compatible with Windows Mixed Reality, Oculus Rift, and HTV headsets. Type and tap for up to eight hours in VR without needing to look at a physical keyboard.

Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites

A 20-year-old security flaw in the design of the Wi-Fi standard and how computers communicate using the transmission control protocol could allow hackers to perform a web cache poisoning attack to steal your data and login information.

Walmart takes $380 off the MacBook Air for a limited time

Walmart is offering a steep discount on the MacBook Air. Though the $380 discount is lovely, this offer comes with an extra charger to sweeten the deal. If you're looking to pick up an Apple MacBook for less, now is an excellent time.

PDF to JPG conversion is quick and easy using these simple methods

Converting file formats can be an absolute pain, but it doesn't have to be. We've put together a comprehensive guide on how to convert a PDF to JPG, no matter which operating system you're running.