Posts Tagged ‘Yahoo!’

In the mix…EU data retention laws, Wikipedia growing

Friday, June 11th, 2010

1) Australia thinking about requiring ISPs to record browsing histories (via Truste).

Electronic Frontier Australia (EFA) chair Colin Jacobs said the regime was “a step too far”.

“At some point data retention laws can be reasonable, but highly-personal information such as browsing history is a step too far,” Jacobs said. “You can’t treat everybody like a criminal. That would be like tapping people’s phones before they are suspected of doing any crime.”

Sounds shocking, but the EU already requires it.

2) European privacy officials are pointing out that Microsoft, Google and Yahoo’s methods of “anonymization” are not good enough to comply with EU requirements (via EFF).  As we’ve been saying for awhile, “anonymization” is not a very precise claim.  (Even though they also want ISPs to retain browsing histories for law enforcement–confused? I am.)

3) Wikipedia is adding two new executive roles.  In the process of researching our community study, it really struck me how small Wikipedia‘s staff was compared to the staff of more centralized, less community-run businesses like Yelp and Facebook.  Having two more staff members is not a huge increase, but it does make me wonder, is a larger staff inevitable when an organization tries to assert more editorial control over what the community produces?

Wow, new privacy features!

Friday, December 11th, 2009

Wow, so many companies rolling out new privacy features lately!

Facebook rolled out its new “simplified” privacy settingsGoogle introduced Google Dashboard, a central location from which to manage your profile data, which supplements Google Ads Preferences.  And Yahoo released a beta version of the Ad Interest Manager.

Many, many people have reviewed Facebook’s new changes, and pointed out some of the “bait-and-switch” Facebook has done for some new, and I think better, controls.  I don’t have much more to say about that.

But it’s interesting to me that Google and Yahoo have chosen similar strategies around privacy issues, though with some differences in execution.  Both companies haven’t actually changed their data collection practices, and cynics have argued that they’re both just trying to stave off government regulation.  Still, I think that it makes a difference when companies actually make clear and visible what they are doing with user data.

“Is this everything?”

Both Google and Yahoo indicate in different ways that the user who is looking at Dashboard or Ad Interest Manager is not getting the full data story.

Google’s Dashboard is supposed to be a central place where a user can manage his or her own data.  In and of itself, it’s not that exciting.  As ReadWriteWeb put it, it doesn’t tell you anything you didn’t know before.  It provides links in one place to the privacy settings for various applications, but it focuses on profile information the user provides, which represents only a tiny bit of the personal information Google is tracking.

Google does, however, provide a link to the question, “Is this everything?” that describes some of their browser-based data collection and a link to the Ads Preferences Manager page.  To me, it feels a little shifty, that the Dashboard promises to be a place for you to control “data that is personally associated with you,” but it doesn’t reveal until you scroll to the bottom that this might not be everything.  Others may feel differently, but this to me goes right at the heart of the problem of how “personal information” is defined.  When I go to the Ads Preferences Manager, I see clearly that Google has associated all kinds of interests with me–how is this not “personally associated” with me?  Google states it’s not linking this data to my personal account data which is why they haven’t put it all in one place, which is good, but it seems too convenient a reason to silo that off.

Yahoo’s strategy is a little different.  It may not be fair to compare Yahoo’s Ad Interest Manager to Google’s Dashboard at this point, given that it’s in such a rudimentary phase.  It’s in beta and doesn’t work yet with all browsers.  (As David Courtney points out in PCWorld, being in beta is a pretty sorry excuse for the fact that it doesn’t work with IE8 and Firefox.)  Depending on how much you use Yahoo, you may not see anything about yourself.

Still, I thought it was interesting that Yahoo highlighted some of the hairy parts of its privacy policy in separate boxes high up on the page.  Starting from the top, Yahoo states clearly in separate boxes with bold headings that there are ways in which your data is collected and analyzed that are not addressed in this Ad Interest Manager.  The box for the Network Advertising Initiative is a little weak; it doesn’t really explain what it means that Yahoo is connected to the NAI.  But the box on “other inputs,” shows prominently that even as you manage your settings on this page, there may be other sources of data Yahoo is using to find out more about you.

zoombox

Yahoo also reveals that the information they’re tracking from you is collected from a wide range of sources, including both Yahoo account information like Mail and non-account websites like its Front Page.  Unlike Google, Yahoo doesn’t ask you to click around to find out that some of “everything” is elsewhere.

zoombox2

Turning “interests” on and off

Google and Yahoo are very similar here.  Google’s Ad Preferences Manager indicates which interests have been associated with you with a clear link to how they can be removed, with a button for opting out from tracking altogether.

Googleopt

Yahoo’s Ad Interest Manager has a different design, but the button for opting out altogether is similarly visible.

Yahooopt

We’re using cookies!

Compared to the other issues, this is the most obvious difference between Google and Yahoo.

Google has this on its Ads Preferences Manager:

Googlecookie

So you can see that some string of numbers and letters has somehow been attached to your computer, but you’re not told what this means in terms of what Google knows about you.

In contrast, Yahoo shows this at the bottom of the Ad Interest Manager:

YahooAd3

Yahoo knows I’m a woman!  Between 26 and 35!  The location is actually wrong, as I am in Brooklyn, NY, but I did live in San Francisco 5 years ago when I first signed up for a Yahoo account.  Still, Yahoo is very explicitly showing, and not just telling, that it knows geographical information, age, gender, and the make and operating system of your computer.  I’m impressed—they must know this is going to scare some people.

Does any of this even matter?

I prefer the Yahoo design in many ways — the boxes and verticality of the manager to me are easier to read and understand than the horizontal spareness of the Google design.  But in the end, the design differences between Google and Yahoo’s new privacy tools may not even matter.  I don’t know how many people will actually see either Manager.  You still have to be curious enough about privacy to click on “Privacy Policy,” which takes you to Yahoo! Privacy, at which point, in the top right-hand corner, you see a link to “Opt-out” of interest-based advertising.  The same is true with Google. And neither company has actually changed much about their data collection practices.  They’re just being more open about them.

But I am impressed and heartened that both companies have started to reveal more about what they’re tracking and in ways that are more visually understandable than a long, boring, legalistic privacy policy.  I hope Yahoo is feeling competitive with Google on privacy issues and vice-versa.  I’d love to see a race to the top.

Yahoo or Google as a Datatrust? But will Facebook play?

Monday, May 4th, 2009

Time will tell, but it appears that Yahoo! has made it *really* easy (for application developers) to extract publicly available data from all over the interwebs and query it through Yahoo!’s servers.

YQL Execute allows you to build tables of data from other sources online, using Javascript as a programming language and run it on Yahoo’s servers, so the infrastructure needs are very small.

Similarly, Google “just launched a new search feature that makes it easy (for you and I) to find and compare public data.”

Graph from Google Public Data

Image taken from the Google Blog.

Which is pretty exciting as both are huge leaps towards what we’ve envisioned as a “datatrust” in various blog posts and our white paper. Well except for maybe the “trust” part. (Especially given our experiences with Yahoo here and here.)

A few more points to contemplate:

  1. Now that the Promised Land of collating all the world’s data approaches on the horizon, will that change people’s willingness to make data publicly accessible? What I share on my personal website might not be okay rearing its head in new contexts I never intended. As we’ve said elsewhere, when talking about privacy, context is everything.
  2. What about ownership? Both Yahoo! and Google may only temporarily cache the data insofar as is needed to serve it up. But, in effect, they will become the gatekeepers to all of our public data, data you and I contribute to. So the question remains, What about ownership?
  3. There’s still a lot of data that’s *not* publicly accessible. Possibly some of the most interesting and accurate data out there. How will we get at that? Case in point, Facebook just shut down a new app that allows you to extract your personal “Facebook Newsfeed” and make it public via an RSS feed, citing, what else? Privacy concerns. (Not to mention the fact that access to Facebook data is generally hamstrung by privacy.)

Yahoo: restoring your “sense” of privacy, not privacy itself

Friday, August 15th, 2008

Hot on the heels of the launch of Cuil and its no data collection policy, Yahoo announced recently that it would allow users to opt-out of targeted advertising on its own websites.

The new policy was announced in response to a letter sent by four members of the House of Representatives to 33 Internet and telecommunications companies. The first question of the letter was, “Has your company at any time tailored, or facilitated the tailoring of, Internet advertising based on consumers’ Internet search, surfing, or other use?” Ha!

In all fairness, I’m glad our elected officials are asking even simple questions. I just hope that they won’t be satisfied with overly simple responses. As many of the commenters to the Bits blog post pointed out, the issue is not so much whether the user is forced to view targeted ads, but what kind of data collection is done in order to send these users targeted ads. Chris Hoofnagle notes,

The problem with opt-out rights in the online advertising context is that it results in a worst case scenario for consumers: the opt out typically only applies to receiving targeted advertising, so the company still tracks the consumer’s behavior, but the consumer doesn’t enjoy the benefit of targeted ads.

This form of opt-out reflects a 20th century conception of privacy–privacy means not being contacted. In the 21st Century, we need to understand more subtle problems, such as the privacy risks from online advertisers mere collection and use of data.

Exactly. This is not about being put on the Internet equivalent of the “Do Not Call” registry. Does Yahoo think I would be okay with having data collected about me, as long as I never see the evidence they’re doing it?

P.S. Then again, there are certainly users like Commenter #8, whose vanity is hurt that Yahoo is sending her ads about reducing wrinkles. But deep down, even she seems to realize only her “sense” of privacy is being restored, not her privacy itself.

Yahoo! Private Domain Debacle Part II: Can’t Keep a Secret

Tuesday, February 26th, 2008

Many months ago I wrote a long rant about my experiences trying to transfer a domain that Yahoo!I had registered with Yahoo!’s Private Domain Registration service to another registrar. The short story is that I was unable to transfer the domain without making my WHOIS contact details public. The long story is long.

There’s another “feature” of Yahoo!’s Private Domain Registration service though that I just learned about: it doesn’t clean up after itself.

So I created a site with the Yahoo! Small Business hosting service, part of which is a somewhat opaque domain registration service for which there is no separate charge. (This is actually quite a good user experience, as I imagine most user’s don’t want to have to understand about registrars, they just want to pay to have a working web site.) I did check the box to use the private domain registration feature to keep my contact information private.

The web site was for an event, and when the event was over, I no longer had any use for the site or the domain, so I logged back in to Yahoo! Small Business and canceled the service. This was a relatively simply process that took me through a number of the-sky-is-falling-bold-red-letter steps, warning me repeatedly that my site would be deleted, and was I really sure I wanted to do this? Yes, I was sure. Cancelled, done, gone. It seemed gone anyway – the site was unavailable.

About one year later, I get an email from the friendly registrar that Yahoo! uses, a cast member in my last rant, Melbourne IT.

From: whoisreminders@whoisupdate.com
To: <xxxxxxx@xxxxx.com>
Sent: Tuesday, December 11, 2007 3:13 PM
Subject: WHOIS Data Reminder

Dear Valued Customer,

In accordance with ICANN (Internet Corporation of Assigned Names and
Numbers) Whois Data Reminder Policy (WDRP) resolution 03.41, this message is a reminder to help you keep the public WHOIS contact data associated with your domain name registration up-to-date. Our records include the following information as of 14-Nov-07:

Domain Name: My domain name
Registration Date: 6-Jun-06
Expiration Date: 6-Jun-08

Registrant Contact Details
Name: My name here
Email: My email address here
Address: My address here
Address: (null)
City: My city here
State/Province: My state here
Post code: My zip
Country: My country

Administration Contact Details
Name: My name here
Email: My email address here
Address: My address here
Address: (null)
City: My city here
State/Province: My state here
Post code: My zip
Country: My country
Phone: and finally My phone number
Fax: (null)

Technical Contact Details
Name: YahooDomains TechContact
Email: domain.tech@YAHOO-INC.COM
Address: 701 First Ave.
Address: (null)
City: Sunnyvale
State/Province: CA
Post code: 94089
Country: UNITED STATES
Phone: 1.61988131
Fax: (null)

Registrar Name: Melbourne IT
Name server Details
yns1.yahoo.com
yns2.yahoo.com

If any of the information above is inaccurate, you must correct it by contacting your domain name supplier, hosting company or web services provider by either calling them or visiting their web site. If your review indicates that all of the information above is accurate, you do not need to take any action. Please remember that under the terms of your registration agreement, the provision of false WHOIS information can be grounds for cancellation of your domain name registration.

***************************************************************
**** Please do not reply directly to this WHOIS reminder email as your
****
**** request will not be attended to.
****
***************************************************************

Thank you for your attention.
Best regards,
Your hosting services provider
—————————————————————————
This email was sent by your current Registrar, at request by ICANN to
xxxxxx@xxxxxx.com

—————————————————————————

Yes, believe it or not, all of the billing information I had given to Yahoo! for billing my website had been dumped into the WHOIS database.

I don’t have the energy to follow-up with Yahoo! customer service given my past experience, and its possible that the experience has improved in the last year, but with my anecdotal evidence, here’s what I think happened to me:

  1. User pays to host a website with a “private” domain name with Yahoo!
  2. Yahoo! registers the domain with MelbourneIT for two years using the anonymized contact information (For those who didn’t read the first rant, contact@myprivateregistration.com, Emeryville P.O. Box and 510-595-2002)
  3. User cancels hosting service and website with Yahoo!
  4. Yahoo! updates domain registration contact information with the billing information provided to them for the hosting service, exposing it to the world.

This is broken. In my mind there are two more appropriate alternatives to the above given that all of the registration process was hidden from my user experience.

  1. Ideally, I would think Yahoo! should cancel the domain registration with MelbourneIT, never exposing the contact information. There are certainly enough warnings in the site deletion process such that as the end user I didn’t have any expectation that any part of the web site would remain.
  2. If there’s some sort of legal catch-22 that prevents true demolition of the domain, those users who paid extra to have the “private” domain registration service should be provided the option to update registration contact information to details of their own choosing.

Given the amount of traffic that my last post on this issue got, this whole mess is a big concern that lots of people are running into. I keep expecting someone from Yahoo! Domain Registration to find these blog posts and respond, but so far, nary an email or a comment. YahooDomains? Anyone listening out there?

Yahoo! Private Domain Registration: If it’s broken, don’t fix it?

Thursday, January 25th, 2007

Recently I setup a temporary personal web site that I was concerned might see a traffic spike, and rather than going through my usual registrar and web host, I tried a cheap off-the-shelf package from Yahoo! instead.

Yahoo! offers an add-on service called “Private Domain Registration” where they hide your contact information from the WHOIS database for an additional $0.75/month. Familiar with WHOIS spam, the service sounded great to me and at that price it was practically a free lunch.

Everything worked smoothly (6 Months, 0 Spam) until I shut the site down and decided to transfer the domain from Yahoo! Domains to my normal registrar. The following is a true story about how I learned that Yahoo! Private Domain Registration is broken and is effectively holding my contact info for ransom.

******

The process of transferring a domain between registrars is designed to avoid fraudulent transfers by people trying to steal domains. There are several authorization steps, one is: The new registrar (Tucows) sends an email to the the current owner of the domain registration (me). When I got to that step in the process my new registrar informed me that their repeated attempts to do so had failed.

Sigh.

So, I contact Yahoo! Domains support over email, assuming that they are having a problem with their mail servers, or that the authorization emails are being blocked by a spam filter. Instead, Yahoo! informs me that the service is working exactly as expected:

I understand that you want to transfer the domain registration to “Tucows”, but you are unable to receive the mail sent by them to your Admin email address “contact@myprivateregistration.com”.

Regarding your issue, I have checked the record and found that you have activate the Private domain registration on your domain “[domain removed]”, in order to conceal your personal information from unwanted solicitors by listing contact information for Yahoo!’s domain name registration partner, Melbourne IT, in place of your own registrant, administrative, technical, and billing contact information in the public WHOIS database. [sic] Your own contact information will remain associated with your domain in Yahoo!/MelbourneIT’s database but will not be made available in the public WHOIS.

So, in order to show your actual information in the public WHOIS record, you have to disable the private domain registration.

Yahoo! Domains Support doesn’t expect you to receive any email when you have “Private Domain Registration” turned on. In order to complete the registration, I need to turn off the privacy feature and expose my real email address.

Quality.

My initial reaction is: I have misunderstood the feature. I read up on the service offering, as well as the slightly more detailed help content, and it turns out that I’m right; something is wrong with the service.

From the Yahoo! Private Domain Registration marketing page (my bold):

How Does Private Domain Registration Work?

  • When you sign up, our partner Melbourne IT updates your registration listing with generic contact information that points to MelbourneIT’s offices.
  • Whenever someone looks up your domain and tries to contact you, Melbourne IT receives the call, email, or letter and screens the information on your behalf.
  • Melbourne IT forwards prescreened communications to you, so you can reply as you see fit.

What does this mean? In practice Yahoo!, with the help of MelbourneIT, replaces your contact email address with contact@myprivateregistration.com, your address with a PO Box in Emeryville, CA, and your phone number with their phone number, all for $0.75/month. How could they possibly afford to do that?

I reply to the support mail explaining the discrepancy between the feature list and the service I have been experiencing, and ask for a refund for the last 6 months of service.
Later that week…

1. Yahoo! still has not responded to my email. Several more attempts have been made by my registrar to contact me through the pre-screening service.

2. I decide to call the Yahoo! support phone number. To my surprise, someone promptly answers the phone, and within 10 minutes I have my answer: The mails are getting blocked by spam filters, but Yahoo has no control over their own spam filters, so nothing can be done about my problem. I am surprised that this is an acceptable answer, but I let it go and allow myself to be forwarded to billing to request a refund.

3. Billing listens to my complaint, and then spends several minutes trying to transfer me back to tech support to help resolve my issue. I re-explain that tech support has already given up on resolving it. There is some confusion on the line.

I am disconnected, apparently unintentionally.

4. I call back, and this time ask for billing support immediately. I am transferred to Yahoo! Personals support, where the operator informs me that I have called the wrong number, and gives me a new number to call.
5. Finally, I get another billing support agent on the phone, and this time make it clear up front that I want a refund for the service. The agent I speak with informs me that when I cancel the service, I will be refunded a pro-rated amount for the remainder of the month. As for the past six months of service they have already provided, no refund would be supplied, as the service has already been rendered.

As far as I am concerned, this is not acceptable. The way I see it, the 6 months of privacy “protection” they provided are about to be voided because their service doesn’t work the way it’s supposed to, which in turn makes it impossible for me to transfer my domain registration away from Yahoo! without exposing my personal contact info.

I point out to them that this amounts to blackmail – my privacy is being held hostage to keep me a Yahoo! customer. There is a pause on the other end of the line when I mention to her that I will be writing this up as a blog entry.Finally she says “The bottom line is, I can’t refund you for more than the current month.”

I asked her to escalate my complaint, and she puts me on hold for a few minutes. When she returns she informs me that I will receive an email with a “decision”.

I sit grumbling, hammering out this blog post as the best way to escalate the issue, when I think of another approach. I send a mail quickly to contact@myprivateregistration.com. It bounces back immediately. (Try it yourself.) This wasn’t about registrar mails getting bounced, nor did it seem to be about spam filters; I am quite certain now that all mails get bounced, regardless of content.

What’s more, in writing the test email, I realize something else that should have been obvious to me before: Everyone with the Private Domain Registration service gets the same generic contact@myprivate…email address. Ditto for the PO Box and the phone number. Meaning, in order for the pre-screening service to work, some system or person would have to scan each individual communication in order to decide which ones were directed at which domain owners.

How could that possibly work for $0.75/month? Hmmm…the free lunch is sounding less and less like lunch.

Anyway, the all-mails-bounce problem seems like a more concrete issue for the tech support folks to chew on, so I call back.

6. This time, I get a helpful support agent on the line, repeat my story, and even get him to send a mail to see it bounce with his own eyes. His initial response is also that the service is working as expected, and I direct him to the URL that describes the service so that he can understand my problem. After much ado, he decides that the problem is with their partner MelbourneIT, (a diagnosis I agree with) and that therefore I should contact them to resolve the issue.

HEADS UP, BIG BUCK PASSIN’ THROUGH!

Then he gives me a long distance phone number to Australia that he suggests I call. I laugh. He also thinks this is silly, and hopes, for my sake, that they speak English over there.

I try another tack: I explain to him that from Yahoo!’s perspective, this isn’t about my individual complaint, but that everyone who is paying for this service is being affected. I recommend that he escalate this to his manager, and he seems to understand what I am saying, but is also reaching the end of his patience. I can tell that whomever he’s working with on his side is not as sympathetic. He puts me on hold again, and I go to the MelbourneIT website to check out their online support.

As it turns out, MelbourneIT has a nifty support tool that allows me to identify my problem and domain. I write a quick note and submit the request.

Minutes later, while still on hold with Yahoo!, I get an automated reply to my complaint (my bold):

THIS IS A SYSTEM GENERATED MESSAGE

A Melbourne IT Reseller manages the domains specified in your message.

Please contact this reseller using the details below for any assistance you require. If the person you contact refers you back to us, ask them if they would please contact us on your behalf.

Reseller details:

Yahoo Inc.
Web address: domains.yahoo.com
Email address: domains-support@cc.yahoo-inc.com

Genius! An automatic buck passer. Lucky for me, I’m still on the phone with Yahoo!

When my Yahoo! support agent comes back to the phone, he says that a “special note” has been added to my case to indicate that this issue may affect other Yahoo! customers, and re-recommends that I contact MelbourneIT.

He is quite disappointed when I read him the automated reply from MelbourneIT.

I try explaining to him why I think MelbourneIT is right – after all, Yahoo! contracts MelbourneIT to provide the service – MelbourneIT doesn’t know who I am as an individual. I pay Yahoo!, Yahoo! pays MelbourneIT – if I have a problem, I ask Yahoo! to fix it. If Yahoo! has a problem with MelbourneIT, they ask MelbourneIT to fix it. Who do I want a refund from? Yahoo! Who’s holding my privacy hostage? Yahoo!

At this point, I decide that a blog post is a more effective use of my time and energy, but I let the support agent put me on hold one last time to get a final response from his management.

After several minutes he comes back with, no surprise, a restatement that the problem is on MelbourneIT’s side. But to sweeten the deal he throws in a final gem. He gives me the phone number-equivalent of contact@myprivate…, the phone number that is listed for every Yahoo! Private Domain and suggests I give that number a call, since it is a US phone number. In a manner of speaking, he suggests I try giving myself a call.
Yeah, right, I think, thank him and hang up.

Just for kicks, I dial the number:

Sorry, the mailbox is full and there is not enough space to leave a message. To leave a message for another subscriber, enter the area code or phone number for that subscriber.

LOL! Don’t believe me? Try it yourself. (510-595-2002)

So, in closing: If you sign up for Yahoo! Private Domain Registration, it works great – you won’t get any emails, or phone calls…and though I haven’t tested it, I wouldn’t expect too much mail to make it through that PO Box in Emeryville either.
So, am I missing something? Or is this service a farce at best? Is it anything more than an attempt by Yahoo! to appear to care about user privacy?

No? Well it would just be a good joke if this broken service didn’t also block Yahoo! customers from switching off of the Yahoo! Domains service and on to a competitor’s. Isn’t that a form of extortion?

Update February 26, 2008

I recently discovered that the above story does actually get worse: Yahoo! Private Domain Debacle Part II: Can’t Keep a Secret.


Get Adobe Flash player