/ Technology

Is it right for Yahoo! to snoop on your emails?

Yahoo! logo through magnifying glass

Yahoo! Mail plans to snoop on your emails. Accepting its updated T&Cs give it the right to read your messages and target relevant advertising. Would you be happy if your emails were analysed in this way?

It’s eight in the evening, you’re juggling a glass of wine and a sneaky fag in one hand, while emailing away with the other. You’re venting to your best friend about the latest slings and arrows of outrageous fortune to have befallen your life; secure in the knowledge that nobody’s eavesdropping on your conversation.

Well, before you raise your glass in a congratulatory toast at this self recognition, you need to revisit that last comment, especially if Yahoo! Mail (Yahoo!) is your email service provider.

Why? Because Yahoo! Mail, Which? Computing has learned, is currently in the process of updating its terms and conditions to allow it to read and analyse its customers’ emails and messaging content.

Yahoo! Mail’s updated T&Cs

The world’s largest email provider has said that if you agree to its Additional Terms of Service (ATOS), you’re giving it your express permission to scan and analyse the content of any electronic correspondence sent by your account.

Why is it scanning your emails? In short, to target relevant content and advertising – this is something the email provider lets you opt-out of, but not the scanning itself.

To a certain extent we have no issue with this, if consent is being given freely. The only thing we would say is make sure you read the T&Cs, because if you don’t you’re in for a nasty shock. We do, however, have an issue with Section C. of the ATOS, which states:

‘By using the Services, you consent to allow our automated systems to scan and analyse all incoming and outgoing communications content sent and received from your account (such as Mail and Messenger content including instant messages and SMS messages).

‘If you consent to this ATOS and communicate with non-Yahoo! users using the Services, you are responsible for notifying those users about this feature.’

In other words, it’s saying that it will go on to do the same with any emails sent to your inbox, even if these senders have not given their express consent for this to take place (as they may not use Yahoo! Mail).

Can senders really give consent?

Yahoo! also says it’s apparently down to you to notify senders that their emails are now being analysed, which implies that once this has taken place senders have given their consent. Obviously, we have concerns with this, our main one being whether it’s even possible to get consent vicariously?

We’ve put a few of these questions to the Home Office and will update you as soon as we hear from it. In the meantime, if you object to Yahoo!’s new terms, we suggest you switch to a different email provider.


If this is announced in the same way as on here, I predict many users to jump ship asap.

I don’t know anyone who purposely ticks the box to say “send me promotions etc”, now they can just bombard you according to what you write in your email?

Surely this is snooping and a gross invasion of privacy

gail says:
8 July 2011

DISGRACEFULL Should not be allowed. Whose going to talk to yahoo users now. They may loose out big time in the long term.

iJohn says:
24 June 2011

So, they are just catching up to what Gmail have been doing since day one.

Also, since all mail goes through their servers, you think they couldn’t scan it already?

What do you expect if you use a free email account? It has to be paid for in some way.

If you want privacy, expect to pay for the service. Hopefully, Internet service providers don’t do this because their email service is part of the package paid for by the user.

Well, you just don’t know do you? Seeing as all of our browsing data is sold to market research, who’s to say that they don’t do that with email already?

Sophie Gilbert says:
25 June 2011

That’s me closing my Yahoo accounts forthwith!

Unsure says:
25 June 2011

At first I was worried about the sent emails bit, but then I think Gmail does this as well. Their privacy policy reads:

“Is Google reading my mail? No, but automatic scanning and filtering technology is at the heart of Gmail. Gmail scans and processes all messages using fully automated systems in order to do useful and innovative stuff like filter spam, detect viruses and malware, show relevant ads, and develop and deliver new features across your Google experience. Priority Inbox, spell checking, forwarding, auto-responding, automatic saving and sorting, and converting URLs to clickable links are just a few of the many features that use this kind of automatic processing.”

So I don’t think Yahoo does anymore than that. Senders don’t really need to give consent because it’s just automatic scanning – noone’s actually reading your emails. It’s just keyword stuff. And since you can opt out of the targetted advertising… what’s the problem? Yahoo has your emails anyway, they can pass them all over to the police if requested. In this case it’s just automatic scanning for keywords for ads… gmail does it too.

And certainly something that needs investigating.

Companies say “we don’t sell your data to anyone”, well yes, they don’t sell our exact details, that’s done by the hackers of PS3’s and all other hackees this month, they sell our activity.

As in, what we do, what we like and what sites we visit. Pretty much every click on the internet is tracked by someone.

We, as consumers need to know exactly what details they are selling to 3rd party market research companies, time for Which? to investigate

Carbonize says:
10 July 2011

“But what about the rights of those people who email me, and who don’t want their emails ‘read’ in this way?”

Email is the same as snail mail. It has been sent to you and has therefore become your property to do with as you see fit. In this case you have given permission for Yahoo to scan it.

Your email is already being scanned to detect spam and yet I don’t hear anybody getting in an uproar about that.

Barry Blakesley says:
27 April 2013

Yahoo must know that it is impossible to warn every one who knows your email account that any email they send will be subject to snooping.
What worries me far more is is the extent to which snoopers (Yahoo and/or Google) have the potential to profile all of the senders as well well as the recipient. From the combined knowledge of both senders and recipient, it becomes possible possible to build up a far more extensive and accurate profile (activities, interests etc.) of the recipient. It does not have to stop there – the snoopers can then build ever-better profiles of all senders (regardless of whether or not they are the snoopers’ clients [and the snoopers will argue argue that they have the senders’ implied consent]).
It is only a matter of time before official government snoopers and criminals of various kinds decide to raid the snoopers’ databases whether by law, hacking or bribery & corruption.

Sanjay says:
25 June 2011

Much ado about nothing. Google does the same thing routinely.

Sophie Gilbert says:
26 June 2011

How does Google doing the same thing make the practice more acceptable?

Bernard Williams says:
28 June 2011

This E Mail will be my last on this service, this is my response to Yahoo.

Carbonize says:
10 July 2011

And what you going to do? Move to Gmail?

A17 says:
28 June 2011

Which? should be raising this with the Information Commissioner under the Privacy and Electronic communications regulations rather than the Home Office.

Carbonize says:
10 July 2011

Just like the recent Twitter posts regarding that footballer Yahoo is an American company and not subject to British laws.

Brian Andrews says:
28 June 2011

Unfortunately there seems to be insufficient information as yet to answer all the possible questions, but equally comments such as ‘Google already do it’, don’t really move the debate forward either. It would appear that there are several issues intertwined here, including…
1) auto scanning
2) accepting T&C changes
3) sender privacy

With respect to AUTO SCANNING, then my own view is that this is probably OK, provided it is not available for routine human scanning as well, and is only ever used for the benefit of the User (eg. spell checking, virus detection, etc). There are many valid reasons why content could (should?) be scanned, provided – and that is a major condition – that the information is not made available to others, except under a legal requirement.

CHANGING T&Cs is something that will always occur from time to time in any major organisation, and again in itself is not unreasonable. However if the new terms contain chnages to privacy issues, restrictions, etc, that could adveresly impact the User, then these need to be fully explained well in ADVANCE of the new conditions being enacted. Additionally, any OPTIONS (ie. to opt out) need to be extremely clearly laid out. After that it’s just a matter of personal choice, although I doubt that many people will see a huge need to self-target themselves for yet more advertising mail!

The issue of INCOMING messages is however something else entirely. Whilst auto-scanning is fine (subject to the same limits mentioned earlier), the concept that the data within that email could be used without the Sender’s direct consent, is surely a very (dark) grey legal area? Implied consent from the account holder is the flimsiest of excuses for a probable transgression of several telecommunications acts, including I suspect, RIPA. It is not fully clear who would be targetted in this scenario, but if that were to be the Originator, then I forsee some extremely interesting court action ahead. And I for one won’t be emailing anyone with a Yahoo account!

Google ‘do it’ BUT you can opt out of all this ad targeting rubbish and theres an add-in for Firefox that disable the analytics cookies, provided by Google.

Whers Yahoo’s?

Please let us know when you find it, first thing I’ll do.

(I’ve opted out of sumut, but its unclear what !!!}

John Marr says:
11 July 2013

This is the “catch” point that might make the terms illegal. A person might have e-mails incoming and archived e-mails, but Yahoo is deying acces to both UNLESS one agrees to allow Yahoo to hack them. Thus, one is being coerced into agreeing to onerous terms, not just being invited.

John Marr says:
11 July 2013

Could someone please explain how one can efficiently (instantly?) remove archived folders of e-mails from Yahoo’s posession and store them offline? I have invoices going back a decade, legal correspondence, and research communications. I probably couldn’t do it fast enough avoid having them all hacked by Yahoo while I’m tranferring them, or could I?

Thanks very much!

I think there is an export facility – but I can’t check – I’m now shut out of the webmail interface because I refused to sign up the new Terms and stayed with Classic Mail (I’m a BTYahoo! mail user). Search for “import/export” in the help and see if you can find anything.

Alternatively you may just have to forward them all to a new address and then delete – and don’t forget to delete from Trash when you have fnished cleaning out the account – it all goes in there after being deleted from the other folders.

UK Interception of Communications Commissioner still has an outstanding complaint from me about the basic Yahoo Terms of Use but I don’t think he is very keen on ruling on it – he tried to ignore it when he replied to me last.

john.mccolgan says:
28 June 2011

I deal with this invasion of my privacy in the only REALLY EFFECTIVE WAY. If you receive e-adverts aimed at you based on your surfing habits then simply don’t buy from these companies. If the post office opened your private mail and then sold the info to advertising agencies there would be an outcry in Parliament.

Make a point in dropping an email to the CEO of these companies that you will not deal with them because of their invasive intelligence gathering methods.

Simples. Take note John Lewis, Ebay and Zoopla to name but three

I wonder if this will apply to BT? Thanks for the warning, I won’t accept the T&Cs. But chnaging email is a pain.

You are paying BT for their service, so hopefully you will not have any problem. Companies that provide free services aim to make a profit so it’s not surprising that they use automated systems to target advertising.

When changing an email account, keep the old one active for a year or two until everyone is using your new email address, but always send messages from the new account.

Wm says:
29 June 2011

>You are paying BT for their service, so hopefully you will not have any problem.
Except that btinternet mail is provided by Yahoo.

George says:
29 June 2011

Colm and Wavechange raise whether because we pay BT for the Yahoo-based email service – it’s far from free – we will be exempt from Yahoo’s unacceptable behaviour. However I do wonder if this gizmo hasn’t already been implemented as I’ve had ads on BT’s webmail page that relate to my mailings recently. Have BT snuck in a terms change?
Interception of communications always used to be a big no-no: there were no get out clauses.

Sorry to hear that. My Internet Service Provider does not do that. I won’t recommend it because it is regional and has more than its fair share of deficiencies.

No, no, no, NO! No amount of deft, esoteric and adroit debate will change the fact that communication between people must be private. It is an obscenity that the so-called ‘free-world’ has prided itself on confounding the activities of totalitarian states, only to toss away it’s principles in concessions to the denizens of the business world.

Privacy can be defined as: the state of being free from intrusion or disturbance in one’s private life or affairs. I will not have my conversations intruded upon and my life disturbed by unwanted and unasked for advertising.

It appears that a new bill of rights is required to limit the activities of organisations that are determined to make their own rules in defiance of the valid wishes of the community.

I scanned this thread rather quickly and may have missed this point, apologies if it was made already. Yahoo also ‘manages’ the email systems for both BT and AT&T. So I bet digging away into their small print finds they are doing the same with their subsidiary email accounts. On past sneaky performance of BT it wouldn’t surprise me. When I got my first broadband connection with BT, installed all the software and without any warnings found my system was full of Yahoo nonsense, which if nothing else hogged resources. It took over 2 hours registry hacking to clear the stuff, partly because its designed to run as a rootkit.

I suspect Yahoo will get away with it, as a multinational can’t be touched by UK legislation!

Just to add, somebody pointed out gmail also do this, however if you manage your gmail through a third party package like Mozilla Thunderbird configured as an IMAP client your privacy isn’t compromised.

Yahoo are an American company, is this advertising targeting simply a PR smokescreen to cover checks for criminal and terrorist activities too. No doubt would be strongly denied for Yahoo board, but I bet Dept of Homeland Security has their fingers in this pie.

Come on Wikileaks where are you when the public really needs your help!

I’d like to see a definitive answer from anyone who knows, on whether bt and at&t are automatically imposing this yahoo condition on their paying customers , without informing them.

Brian Andrews says:
3 July 2011

Sorry Francis, I don’t have the requested definitive, but my understanding is that to use any personal data other than for the purpose collected without specific permission, is a defined breach of data protection regulations. Information within a private email is considered ‘data’ as far as the legal process is concerned.

BT came close to being hauled before the courts a couple of years ago over their ‘trial’ of a data mining programme called ‘Phorm’ (previously known as ‘121 Media’), which had to be very quickly curtailed. As such I doubt that they, or anyone else within the UK, will attempt again to introduce such a system without individual consents – even if only an ‘opt out’ clause as per Yahoo. To do otherwise would be likely to end with a significant penalty.

Of course, those organisations with no specific UK presence would potentially be able to circumvent such legal safeguards.

Robert says:
15 August 2011

Francis wrote: “I’d like to see a definitive answer from anyone who knows, on whether bt and at&t are automatically imposing this yahoo condition on their paying customers , without informing them. ”

BT initially published identical Terms to Yahoo, but then modified them as customers complained. It is currently unclear what they are actually doing, although they do admit to gathering and analysing information from the content of customer emails, in order to provide relevant features and content for the “services”. Their Terms can be seen here http://info.yahoo.com/legal/uk/bt/terms/mail/atos.html with the relevant paragraph at 2.6. That paragraph has undergone at least four changes since July 26th 2011. It should be compared with the relevant Yahoo UK! (an English registered company by the way) terms here http://info.yahoo.com/legal/uk/yahoo/mail/atos.html and here http://info.yahoo.com/privacy/uk/yahoo/mail/beta/details.html although some BT email customers are still being referred to Yahoo! conditions. Two relevant threads on the BT customer forums can be found here http://community.bt.com/t5/Other-BB-Queries/Yahoo-snooping-on-personal-emails-BT-too/td-p/196175 and here http://community.bt.com/t5/Other-BB-Queries/Yahoo-Mail/m-p/262067#M7766 I have written on this matter here on the NoDPI blog https://nodpi.org/2011/08/13/bt-still-hooked-on-the-snooping-habit/

keith hodges says:
5 July 2011

and watch out for microsoft…they have just announced (quietly) that they plan to use skype intrusion so that they can record / watch .intercept your conversations in technicolour…

I set up a firefox browser for fun to run with max protection and user choice..only problem is that I can’t get on to any sites without a lot of hassle!!

Basically all this stuff should be protected by international law.. the consumer should have to positively ask for these additional ‘services’.