Re: [tor-talk] Logging in to Yahoo e-mail accounts now failing???

[Joe Btfsplk <joebtfsplk@xxxxxxx>]

On 5/20/2011 6:45 AM, Curious Kid wrote:
> > From: grarpamp<grarpamp@xxxxxxxxx>
> > To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> > Sent: Fri, May 20, 2011 10:17:02 AM
> > Subject: Re: [tor-talk] Logging in to Yahoo e-mail accounts now failing???
> > > If yahoo is actually rejecting log-in attempts based on perceived
> > >   geographical information, what do they think that they are achieving?
> > I  can speak for no one else... however I think that any provider of  online
> > services that does this is foolish.
> Do we think they are actually doing this? I've used my Yahoo account all over
> the world.
>
> The timing of this is suspect. They are now rolling out Yahoo! Mail Beta. To use
> it requires accepting their new terms of service and privacy policy.
>
>  From http://info.yahoo.com/privacy/us/yahoo/details.html
>
> When you register we ask for information such as your name, email  address,
> birth date, gender, ZIP code, occupation, industry, and  personal interests.
There's no such thing as a free lunch.  FYI - for the all - trusting 
users of "free" email providers, don't give your real information.  
There's no upside & lots of potential very bad down side.  As far as the 
relatively new practice of Goggle & ? others ? asking for a cell # in 
some cases to verify your identity, any data they ask for as backup 
security measures (like security questions), or a phone # is stored in a 
data base.  Other than them getting a phone # for marketing purposes, 
having additional security questions would probably provide sufficient 
security if they suspect "suspicious behavior" before one actually logs 
in.  If someone actually gains access to your acct, then a provider 
having a phone # is irrelevant (unless they show it in your acct).  If 
the phone # is shown in acct settings (don't know - never gave them 
one), hackers gaining access now have that.

If hackers get in your acct, security is out the window.  If they're 
trying, but being asked for backup ID info, many types of info would 
provide sufficient security.  Their argument is probably, "the user has 
to physically possess the (cell) phone to receive security related 
correspondence from the provider."  Maybe, but I imagine the real reason 
is to get around the telemarketing "no call" laws.  Once you have an 
established "business relationship" w/ a company (by signing up for 
their service & giving an address, valid phone #), technically they are 
exempt from no - call telemarketing laws.

Security questions provide no marketing advantages for them.  Note:  I 
never give "normal" answers to security questions.  Oldest sibling's 
name might be "krankcace," etc.  If you put "lady gaga" as favorite 
singer, you might deserve to have an acct hacked.:)  Google, Yahoo, 
etc., apparently believe it necessary to employ much greater security 
techniques than banks, Fidelity, Vanguard, etc.
>   For
> some financial products and services we might  also ask for your address, Social
> Security number, and information about  your assets.
If users give Yahoo, Google (or services marketing through them) an SSN, 
good luck.  There's probably no end to amount of junk mail you'll 
receive based on your credit scores.
> Yahoo! displays targeted advertisements based on personal information. ...
> Yahoo! provides personally relevant product features, content,  advertising,
> spam and malware detection by analyzing your email.  Some  of these features and
> advertising will be based on our understanding of  the content and meaning of
> your emails.  For instance, we analyze email  messages to identify key elements
> of meaning and then categorize this  information for immediate and * future * use.
Don't write anything in email that you wouldn't want the world to know, 
unless 1st compose it outside of their websites & then encrypting the 
file, before sending by email.

> By using the Services, you consent to allow Yahoo!âs automated systems  to scan
> and analyze all incoming and outgoing communications content  sent and received
> from your account... If you  consent to this ATOS and communicate with
> non-Yahoo! users using the  Services, you are responsible for notifying those
> users about this  feature.
Companies w/ these types of policies scan your friends' correspondence 
with you, as well as yours.  Don't write anything in "normal" email that 
you wouldn't want the world to know.  Why this practice is deemed legal 
in some countries, don't know.  By contrast, persons have been 
prosecuted for "hacking" into their spouse's email.

A lot of people correspond w/ doctors, lawyers by email.  Do you really 
want that type of info being "analyzed" (& info stored "for future 
use")?  There should be some "expectation of privacy" for email, but 
there isn't.  Unless you want to catch a cheating spouse - then you 
might be prosecuted.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk