Yahoo’s latest transparency report reads like tonedeaf fluff
Following all the trouble it has had lately, Yahoo has released its annual transparency report. Globally, the firm had 20,511 data requests, with almost half of them coming from the United States government (9,408). This doesn’t tell the entire story, though. The company also issued a “users first” outline that reads like little more than PR fluff. “Our users place their trust in us, and we take seriously their privacy and our role in promoting freedom of expression,” the report reads. “Our commitment to and concern for your privacy, security and freedom of expression are demonstrated in our users first approach to government activities.” Sure, Yahoo.
Of that massive number of domestic requests, there were only 449 times where Yahoo didn’t disclose user information. “We carefully scrutinize each request to make sure that it complies with the law, and we push back on those requests that don’t satisfy our rigorous standards.” Uh-huh. The country in a distant second, with 2,485 requests, was Germany.
Problem is, everything from this rings incredibly hollow and ignores the recent privacy and security issues Yahoo has been plagued with. As TechCrunch writes, it also seems to sidestep the news that the outfit was apparently letting the feds into user emails without a problem. To quote Queens of the Stone Age, “Words are weightless here on Earth because they’re free.” It’s actions that mean something, and lately, Yahoo’s have been more telling than any transparency report ever could be.
Via: TechCrunch
Source: Yahoo (1), (2)
Artificial intelligence won’t save the internet from porn
“I shall not today attempt further to define the kinds of material I understand to be embraced within that shorthand description [“hard-core pornography”], and perhaps I could never succeed in intelligibly doing so. But I know it when I see it, and the motion picture involved in this case is not that.” — United States Supreme Court Justice Potter Stewart
In 1964, the Supreme Court overturned an obscenity conviction against Nico Jacobellis, a Cleveland theater manager accused of distributing obscene material. The film in question was Louis Malle’s “The Lovers,” starring Jeanne Moreau as a French housewife who, bored with her media-mogul husband and her polo-playing sidepiece, packs up and leaves after a hot night with a younger man. And by “hot,” I mean a lot of artful blocking, heavy breathing and one fleeting nipple — basically, nothing you can’t see on cable TV.
In six simple words, Justice Stewart encapsulated the near-impossible act of creating a single definition of pornography: “I know it when I see it”.
Attitudes toward sex have changed significantly since 1964. Soon after Jacobellis faced the Supreme Court, the United States experienced a sexual revolution followed by the porn boom of the 1970s and, more recently, the advent of the internet. Today, anyone with an internet connection can be knee-deep in creampies and pearl necklaces in a matter of seconds. We’ve come a long way, but one thing remains the same: We’re still nowhere close to a universal definition of pornography or obscenity.
Jean Moreau and Jean-Marc Bory in the not-so-sexy scene from “The Lovers” at the heart of Jacobellis v. Ohio (Image Credit: Getty Images)
But unfettered access to all things smutty, dirty and questionably filthy has created a surge in censorship tools that, in theory, use algorithms and advanced artificial intelligence programs to identify porn and weed it out. Last year, Twitter acquired Madbits, a small AI startup that, according to a Wired report, created a program that accurately identifies NSFW content 99 percent of time and alerts users to its presence. Late last month, Yahoo open-sourced its own deep learning AI porn filter and there are no doubt similar projects underway at other internet companies.
Big players have been sinking big money into cleaning up the internet for decades. The trouble is, censorship is a slippery slope, and obscenity is inherently subjective. If we can’t agree on what constitutes pornography, we can’t effectively teach our computers to “know it when they see it.” No matter the sophistication of the technology or the apparent margin of error, porn filters still depend on humans to teach them what is and isn’t NSFW.
Sometimes a naked child is more than a naked child.
In the early days of the world wide web, US libraries and schools implemented filters based on rudimentary keyword searches in order to remain in compliance with the Child Internet Protection Act. The act attempts, as the name suggests, to protect children from the darker side of the internet, specifically “pictures that are: (a) obscene; (b) child pornography; or (c) harmful to minors (for computers that are accessed by minors).”
But that’s not exactly how it played out.
A 2006 report on internet filtering from NYU’s Brennan Center for Justice referred to early keyword filters and their AI successors as “powerful, often irrational, censorship tools.”
“Filters force the complex and infinitely variable phenomenon known as human expression into deceptively simple categories,” the report continued. “They reduce the value and meaning of expression to isolated words and phrases. An inevitable consequence is that they frustrate and restrict research into health, science, politics, the arts, and many other areas.”
The report found that popular filters inexplicably blocked sites belonging to Boing Boing, GLAAD, photographer Robert Mapplethorpe and Super Bowl XXX, among others, and often reflected the political and social prejudices of their creators. While Yahoo and Google’s AI-powered filters have replaced keyword searches with sophisticated image recognition, they still rely on humans to teach them what is and isn’t safe for work. And as Facebook recently discovered, images are no less divisive than words.
(Image Credit: ASSOCIATED PRESS)
The social network faced widespread backlash in early September when it took down the photo above for violating its community standards. The Pulitzer Prize-winning image from 1972 shows a naked 9-year-old girl running away from a napalm attack during the Vietnam War. Facebook originally took the photo down for violating its community standards, saying, “While we recognize that this photo is iconic, it’s difficult to create a distinction between allowing a photograph of a nude child in one instance and not others.”
But as the New York Times reported, Facebook reinstated the original post after thousands of users posted the photo to their timelines in protest.
“An image of a naked child would normally be presumed to violate our community standards, and in some countries might even qualify as child pornography. In this case, we recognize the history and global importance of this image in documenting a particular moment in time.”
It’s not clear how the image was flagged, but whether it was a human or AI, or some mix of the two, the bottom line is: Sometimes a naked child is more than a naked child.
Sometimes a man with a bullwhip hanging out of his ass is more than a man with a bullwhip hanging out of his ass.
This isn’t the first time Facebook has been criticized for censoring images that many deem to be “clean.” The social network has repeatedly come under fire for deleting posts containing exposed female breasts in the context of nursing photos and information about mammograms. More recently it learned a lesson about the fine line between pornography and art, when it deleted and later reinstated a video of a black woman who painted her naked body white on Facebook Live to draw attention to police brutality and the Black Lives Matter movement.
The real world too, is rife with examples of the debate about what is art and what is porn. In 1990, the Contemporary Arts Center in Cincinnati and its director were accused and acquitted of obscenity charges for an exhibition of Robert Mapplethorpe’s photography.
It was the first time such charges were brought against a museum in the US, and the photos in questions — depictions of gay S&M — were at the center of a national debate headed by the Republican Party. The prosecution argued that the exhibition, funded by the National Endowment for the Arts, constituted pornography while the defense defined it as art. That case proved that sometimes a man with a bullwhip hanging out of his ass is more than a man with a bullwhip hanging out of his ass. It also proved that our access to art, no matter how controversial, isn’t always guaranteed.
Our personal prejudices continue to undermine our access to information and freedom of expression, despite advances in internet filtering. We may never agree on what NSFW really means, but without a universal definition, our machines will simply act as conduits for our own opinions. Not one of us can claim to know it when we see it, and no amount of code can change that.
Yahoo revived email forwarding so you can finally leave
After Yahoo disabled automatic mail forwarding earlier this week, the internet company has flipped the feature back on for all users. The company told Engadget that the move was part of “previously planned maintenance to improve its functionality between a user’s various accounts” when it was turned off on Monday. In a blog post announcing the feature had returned, Yahoo apologized for the interruption users experienced over the last few days.
The company also recommends users connect any Yahoo accounts directly to their email client or provider of choice rather than relying on automatic forwarding to keep everything in one place. It also offered a reminder that it has multiple mailbox support for those who might be interested.
The last few weeks have been rough on the former internet giant. In September, Yahoo confirmed a 2014 security breach that affected 500 million users two months after Verizon announced a deal to buy the company. According to reports this week, that deal may very well be in jeopardy. Reports also surfaced this month that Yahoo gave the US government access to all of its users’ incoming email last year, allowing authorities to scan “hundreds of millions” accounts in compliance with a classified request. Even though the company says disabling forwarding as part of previously scheduled upgrades, the timing certainly seems interesting.
Source: Yahoo
Lawmakers demand answers from White House over Yahoo emails
Four dozen members of the US House of Representatives, acting as a bipartisan bloc, have requested that the Obama Administration brief them on allegations that Yahoo improperly scanned user emails at the behest of the Foreign Intelligence Surveillance Court.
Those scans were reportedly looking for a single piece of digital ID linked to a foreign government labeled as a “state sponsor of terrorism,” Reuters reports. That means they were hunting for emails from Iran, Syria or Sudan.
“As legislators, it is our responsibility to have accurate information about the intelligence activities conducted by the federal government,” according to the congressional letter. “Accordingly, we request information and a briefing as soon as possible for all members of Congress to resolve the issues raised by these reports.”
This letter comes amid increasing scrutiny for Yahoo and the US Intelligence community regarding the practice. Legal experts have expressed concerns about whether these scans constitute a violation of the 4th Amendment (the one protecting against unreasonable search and seizure). The debacle has also caused Verizon to slash a billion dollars off of its offer for the company, if it doesn’t sink the deal altogether.
Yahoo email breach could put Verizon deal in jeopardy
After Verizon announced a $4.83 billion deal to acquire former internet giant Yahoo, troubles the former company faced quickly came to light. Now the wireless carrier says that Yahoo’s 2014 email breach that affected 500 million users could give it “reasonable basis” to withdraw its bid. Earlier this month, reports surfaced that Verizon was seeking a $1 billion discount on the selling price due to the security ordeal.
“I think we have a reasonable basis to believe right now that the impact is material and we’re looking to Yahoo to demonstrate to us the full impact,” Verizon’s general counsel Craig Silliman explained to reporters today in Washington, DC. “If they believe that it’s not then they’ll need to show us that.” Verizon confirmed these comments to Engadget, but didn’t elaborate any further when we reached out for more information.
Reuters reports that Silliman didn’t offer any indication as to whether talks were in progress about a reduced price. However, the deal does have a clause where the carrier can withdraw in the case of an event that has “adverse effect” on Yahoo’s business, assets or “financial condition.”
According to Reuters, Silliman went on to say that Verizon is “absolutely evaluating and will make determinations about whether and how to move forward with the deal based on our evaluation of the materiality.”
“We are confident in Yahoo’s value and we continue to work towards integration with Verizon,” a spokesperson told Engadget in response to today’s comments from Verizon.
Yahoo has been dealing with more than just the fallout from the email security breach. A Reuters report in earlier this month revealed that the company gave the US government access to all of its users’ emails, allowing the National Security Agency and FBI to scan “hundreds of millions” accounts.
Source: Reuters
Yahoo Mail Users Trying to Leave Service Faced With ‘Temporarily Disabled’ Email Forwarding
In the midst of stories surrounding the hacking of at least 500 million Yahoo user accounts and the secretive scanning of private emails at the behest of the government, Yahoo Mail users are now finding it difficult to leave the service after the company “temporarily disabled” email forwarding earlier in the month. According to several users speaking to The Associated Press, the ability to more easily leave Yahoo Mail with the email forwarding feature — which ensures old email is sent to a new account — has been removed completely.
Jason Danner, owner of an information technology business in Auckland, New Zealand, said it is all “extremely suspicious timing” for Yahoo to get rid of the feature amid news that undoubtedly has many of its users interested in setting up accounts on other services. Without providing a comment, Yahoo referred to a line on the company’s help site to explain its action of “temporarily” removing the feature “while we work to improve it.” Anyone who has already set up email forwarding prior to the change won’t be affected.
This feature is under development. While we work to improve it, we’ve temporarily disabled the ability to turn on Mail Forwarding for new forwarding addresses. If you’ve already enabled Mail Forwarding in the past, your email will continue to forward to the address you previously configured.
Several people speaking with The Associated Press said that recent news surrounding Yahoo was causing them to consider leaving Yahoo Mail. One user said a “certain amount” of government surveillance is expected to be going on at most times through smart devices, “but providing the U.S. government unrestricted access — that really, really violates our privacy.” The same user opted to leave an out-of-office message on their account in lieu of the traditional email-forwarding ability.
The feature has been “a basic concept for 15 years for just about every email provider out there,” said Brian McIntosh, who owns a small technology business and first alerted the Associated Press to the issue. “All of a sudden it’s under development,” McIntosh said in a telephone interview. “And only at Yahoo.”
Following the original Reuters story about Yahoo’s email scanning, the company called the article “misleading” and said that the scanning program “does not exist on our systems.” A second report from The New York Times cited a source that claimed Yahoo enacted the program because of an ordnance from the United States government, which was seeking information on an unspecified state-sponsored terrorist group who used Yahoo Mail for communication.
Other companies, like Google and Microsoft, have come forward saying they got no such request from the government. An Apple spokesperson said, “We have never received a request of this type. If we were to receive one, we would oppose it in court.” Throughout all of this, Yahoo is finalizing its sale to Verizon, with the latter company now reportedly asking for a $1 billion discount.
Tags: Yahoo, Yahoo Mail
Discuss this article in our forums
Yahoo Mail disabled forwarding, good luck switching now
The Yahoo email hack and government surveillance claims aren’t going to go away no matter how much CEO Marissa Mayer wants them to. For users trying to flee the service, the beleaguered internet company is making it rather difficult. That’s because since the beginning of the month, the company has disabled email forwarding according to The Associated Press. From the sounds of it, though, it’s just for folks who’ve recently tried the feature, not people who’ve had it set up prior.
From Yahoo’s help site:
“Automatic forwarding sends a copy of incoming messages from one account to another.
This feature is currently under development. While we work to improve it, we’ve temporarily disabled the ability to turn on Mail Forwarding for new forwarding addresses. If you’ve already enabled Mail Forwarding in the past, your email will continue to forward to the address you previously configured.”
Below it is an option to indicate whether or not the help note was indeed helpful. Something tells me there will be an awful lot of “no” votes on this.
AP’s sources say that the timing is pretty suspicious and that email forwarding has been a “basic concept for 15 years for just about every email provider out there.” What’s more, TechCrunch reports that British Telecoms customers (BT uses Yahoo for email) haven’t been able to setup email forwarding or even delete their accounts. The error message there? “Sorry, the delete feature is currently unavailable. This feature will become available by the end of September,” according to The Register. So, September 2017?
We’ve reached out to Yahoo for more information and will update this post should the company respond.
Via: TechCrunch
Source: Associated Press
Reuters: Yahoo email scanning done with a Linux kernel module
In the ever evolving saga of Yahoo’s email servers and who could peek into them, the latest nugget comes from a Reuters report that the scanning program operated at a deeper level than mail filters for porn or spam. Citing three former employees, it now says the scanning was done via a module attached to the Linux kernel itself. While the more technically-minded wondered why this method would’ve been employed at all, others like Senator Ron Wyden called for the government to release the FISA order apparently ordering the surveillance.
Under USA Freedom Act government must make any FISC opinions with novel interpretations public. My stmt: https://t.co/0Bq0EecOOP
— Ron Wyden (@RonWyden) October 7, 2016
In a statement, Wyden commented that “The USA Freedom Act requires the executive branch to declassify Foreign Intelligence Surveillance Court opinions that involve novel interpretations of laws or the Constitution and I certainly expect the Executive Branch to follow this law.” The Electronic Frontier Foundation is similarly interested in the order, again pointing to the USA Freedom Act passed in June 2015 as the reason we should know why this scanning happened.
The EFF specifically pointed out House member John Conyers’ statement that the bill “required public disclosure of all significant opinions of the FISA court.” It says hat hasn’t happened because the Department of Justice has refused to comply and has not started the process of declassifying opinions that happened prior to the act passing into law.
So far we haven’t seen any comments from the government agencies (DoJ, FBI/NSA), but this story — as well as details of Yahoo’s other breaches and the $1 billion price cut Verizon is reportedly asking for — will not go away anytime soon.
Source: Reuters
Silicon Valley bro sues Yahoo for reverse discrimination
This week hasn’t been particularly kind to beleaguered internet company Yahoo. CEO Marissa Mayer, former chief marketing officer Kathy Savitt and editor-in-chief of Yahoo News Megan Liberman have been accused of engaging in gender discrimination. According to The Mercury News, a lawsuit has been filed by former editorial director Scott Ard on the grounds that “Mayer encouraged and fostered the use of (an employee performance-rating system) to accommodate management’s subjective biases and personal opinions, to the detriment of Yahoo’s male employees.”
Ard’s suit also claims that within a year and a half, CMO Savitt had increased the number of “top female managers” from 20 percent to 80 percent.
“Savitt has publicly expressed support for increasing the number of women in media and has intentionally hired and promoted women because of their gender, while terminating, demoting or laying off male employees because of their gender,” the suit states.
“Of the approximately 16 senior-level editorial employees hired or promoted by Savitt in approximately an 18-month period, 14 of them, or 87 percent, were female.”
Ard, former Yahoo editorial director and current editor-in-chief of the Silicon Valley Business Journal, says that the performance review system was put in place to side-step California’s Worker Adjustment and Retraining Notification (WARN) act. WARN requires early warning of mass layoffs. He says that in 2014, his job was given to a recent female hire. Ard claims during his subsequent January 2015 review call he was told that because he wasn’t performing up to standards, he was being fired.
That’s after being rewarded with positive performance reviews and stock options for “fully satisfactory” work prior.
For its part, Yahoo says that the performance review process wasn’t guided by misandry, but fairness.
“Our performance-review process was developed to allow employees at all levels of the company to receive meaningful, regular and actionable feedback from others,” according to spokesperson Carolyn Clark in a statement to the Mercury News. “We believe this process allows our team to develop and do their best work. Our performance-review process also allows for high performers to engage in increasingly larger opportunities at our company, as well as for low performers to be transitioned out.”
Yahoo diversity reports indicate that women in leadership positions grew a whopping one percent from 2014 to 2015 (PDF). Those numbers don’t exactly support Ard’s claims, and this seems more like a pushback against diversity initiatives at tech companies than it is rooted in facts. Now, investigations surrounding how the company covered up a massive data breach and claims of it aiding the US government’s surveillance efforts are another matter entirely.
Via: Gizmodo
Source: Mercury News
It’s not easy being Yahoo
Remember when Yahoo was great? Yeah, I’m having a hard time, too. Especially in light of the past few weeks, during which the company’s house of cards collapsed — and afterward those cards were set on fire and then pooped on by a passing flock of seagulls who’d had some bad curry.
After Yahoo copped to a monumental breach they’d kept secret, revelations about mass email spying catapulted the company into a whirlwind of abysmal press. These events were crowned by a report claiming Verizon asked for a $1 billion discount on its acquisition.
Most everything being reported about Yahoo is coming via anonymous sources. But one glaring fact rings true through the swirling rumors: If other companies are bad at protecting their users, Yahoo may very well be the worst.
It started on September 22nd when, just after Yahoo’s fire sale to Verizon, the flailing company admitted it was massively hacked in 2014. Its statement said that “a state-sponsored actor” had stolen at least 500 million user accounts’ “names, email addresses, telephone numbers, dates of birth, hashed passwords… and, in some cases, encrypted or unencrypted security questions and answers.”
The Yahoo hack is currently considered the biggest breach in history. Everyone wants to know why it waited so long to tell anyone, but the company has remained mum.
One could say that CEO Marissa Mayer simply fiddled while Yahoo burned. Several lawsuits were filed within days of the statement, six senators told Mayer they wanted a timeline of the hack, and another senator kindly asked the SEC to investigate. This would turn the company and this incident into a test case for the SEC’s data breach disclosure rules.
Before anyone could say “Titanic,” press went wild as unnamed sources came out of the woodwork to have their say. One told the New York Times that Yahoo’s then-security chief Alex Stamos and his team had really tried super hard to make improvements, but mean old Marissa stood in their way. And because Stamos left Yahoo suddenly and without explanation, infosec pundits opined the real reason Stamos parachuted to Facebook was because he fought for the users (and certainly not the money).
If the accounts about her decision-making skills are true, the Times’ scathing hot take on Mayer’s governance of her security team is totally accurate. Except Stamos’ team did so much innovative and experimental security stuff in the realm of improvements, it makes this angle look like horseshit.
This is probably a good time to remind everyone that the New York Times has a sweet little financial relationship with Facebook, where the Wal-Mart of social networks recently gave the Times $3.3 million for content.
The anonymous source sideshow wasn’t over, and the next one at the microphone wasn’t playing nice. Business Insider was told by a former Yahoo executive in contact with investigators that the number of victims is at least double the 500 million the company claimed. The source believes the hack is much “bigger than what’s being reported.” They continued, estimating the number of accounts affected to be anywhere between one and three billion, saying “How they [Yahoo] came up with 500 is a mystery.”
Yahoo’s attempt to blame state hackers (usually it’s China or Russia) fell apart when a not-anonymous source talked to CSO Online. Security firm InfoArmor said it uncovered that hackers-for-hire did it. They found some of the stolen data during a three-year investigation into an Eastern European hacking gang. Andrew Komarov, InfoArmor’s chief intelligence officer told CSO, “According to our information, most of the group’s clientele are spammers.” Komarov claimed the gang had sold the stolen Yahoo database in three private deals, including one worth at least $300,000.
Just when things were looking really bad for Yahoo… it got worse. On Tuesday, Reuters dropped a bombshell from yet another unnamed source with an axe to grind against the purple menace. According to “three former employees and a fourth person apprised of the events,” Yahoo “last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials.”
The article offered an alternative to the narrative in the New York Times about why Yahoo’s head of security ran to Zuckerberg’s warm embrace.
It said:
“According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.”
At this point, it was clear that every reporter sucking the teat of a source had forgotten to ask what Stamos and his team were doing, exactly, during the biggest hack in history. And why no one said a damn thing while millions (possibly billions) of innocent people had their sensitive info sold and re-sold on various black markets for years.
Yahoo called the report “misleading.” But, as everyone noticed, there was no denial. Those who didn’t have a big bowl of popcorn by this point were out of luck, because right after the “misleading” report, the New York Times fired back with even more anonymous source-ry. The Times’ new article directly rejected Reuters’ report that Yahoo built surveillance tools so the government could spy on Mail users.
The Times said, “A system intended to scan emails for child pornography and spam helped Yahoo satisfy a secret court order requiring it to search for messages containing a computer ‘signature’ tied to the communications of a state-sponsored terrorist organization.” The alleged sources allegedly said that the alleged program had allegedly been terminated anyway. As for Stamos, yet another anonymously sourced Reuters article claims the program had been shut off by the time he left.
Furthermore, the New York Times sources said the scanning came out of a FISA court order and not “a classified U.S. government demand… at the behest of the National Security Agency or FBI” as Reuters had reported.
Talk about awkward.
Who knows what revelations the next few days will bring. But, with Reuters and the New York Times competing for headline dominance, it’s easy to forget about all those Yahoo hack victims — and I don’t just mean the ones we found out about two weeks ago.
The Yahoo hack story got pushed out of the spotlight before it had a chance to really sing. It turns out, getting hacked, exposing untold users to harm, and downplaying it is a performance the company has been repeating for years.
The 2014 hack we just learned about exposed at least 500 million accounts. Yahoo was also hacked in January that year, and the company would not disclose how many accounts were affected. Before that, in March 2013, Yahoo Mail users were crying for help about their accounts getting hacked into for months while the company remained silent. To the surprise of no one, later that year Yahoo user passwords were spotted in a collection of two million credentials found on a botnet server. And prior to that, in 2012, Yahoo was hacked and 450,000 passwords were posted online.
As I write this, I wonder if people on the security team at Yahoo who are caught in the crossfire, or who tried to fix things and got shut down by decision makers, are insulted by this portrait of negligence.
But I don’t wonder how Yahoo’s decision-makers feel. Because to be insulted, you first have to give a damn.
Images: REUTERS/Robert Galbraith (Yahoo / Marissa Mayer); REUTERS/Dado Ruvic (Yahoo Mail password)
AIVAnet 