New reports claim that Yahoo email addresses reassigned to a new owner are receiving personal emails intended for the previous owner.
One user told news website Information Week that he had received emails with some highly sensitive information in them.
In June the company announced Yahoo addresses and IDs would be reassigned if they had been inactive for a year.
Privacy experts called on Yahoo to address the issue “immediately”. Yahoo says it has taken a series of measures to overcome privacy and security fears.
“Before recycling inactive accounts we attempted to reach the account owners [in] multiple ways to notify them that they needed to log in to their account or it would be subject to recycling,” said a Yahoo representative.
“We took many precautions to ensure this was done safely – including deleting any private data from the previous account owner, sending bounce-backs to the senders for at least 30-60 days letting them know the account no longer existed and unsubscribing the accounts from commercial mail.”
Yahoo email addresses reassigned to a new owner are receiving personal emails intended for the previous owner
It is also in the process of rolling out a feature called “Not My Email” where users can report an email that is not intended for them.
The process will come as little comfort to the previous owner of an email account now owned by Tom Jenkins, an IT security professional.
Tom Jenkins told Information Week: “I can gain access to their Pandora account [online radio] but I won’t. I can gain access to their Facebook account, but I won’t. I know their name, address and phone number. I know where their child goes to school. I know the last four digits of their social security number. I know they had an eye doctor’s appointment last week and I was just invited to their friend’s wedding.”
Other users have revealed that they have also received messages that contain personally identifiable information.
“I recommend logging into your Yahoo account every six months or so in order to ensure that you retain control over it,” said security expert Lee Munson.
Privacy experts said that the issues were inevitable.
“These problems were flagged by security and privacy experts a few months ago when Yahoo announced their intention to recycle old emails, and cautioned that Yahoo’s plan created significant security and privacy risks. Yahoo downplayed these risks, and ignored critics, but now we see these concerns were legitimate,” said Mike Rispoli, spokesman for Privacy International.
“This email recycling scheme, an effort to re-engage old users and attract new ones, is resulting in some of our most intimate data being accessed by someone we don’t know and without our knowledge.
“We’re talking about account passwords, contacts for friends and families, medical records – this issue needs to be addressed immediately by Yahoo if they care about the privacy of their users and want them to trust the company with sensitive information.”
Mozilla has unveiled a new add-on for the popular web browser that gives web users an instant view of which companies are “watching” them as they browse.
The move comes the same week that Google pushed ahead with its controversial new privacy policy, built to provide even more data for its $28 billion advertising business – despite concerns that the massive harvesting of private data might be illegal in many countries.
The Collusion add-on will allow users to “pull back the curtain” on web advertising firms and other third parties that track people’s online movements, says Mozilla CEO Gary Kovacs.
Google’s business is built on advertising – the company earned $28 billion from its AdWords service in 2010.
Google’s new privacy policy allows it to “streamline” data from Android phones, YouTube, Gmail and web browsing to target its adverts even more precisely towards individual web users.
Mozilla’s Firefox is the world’s second most popular web browser, a position under threat from Google’s own Chrome browser.
The Collusion add-on is an official Mozilla product, and was unveiled at the Technology, Entertainment and Design conference this week by Mozilla CEO Gary Kovacs.
It creates a “web” showing web users exactly which advertising firms are watching as they browse.
“Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the Web,” Mozilla said.
“It will show, in real time, how that data creates a spider-web of interaction between companies and other trackers.”
“Collusion will allow us to pull back the curtain and provide users with more information about the growing role of third parties, how data drives most Web experiences, and ultimately how little control we have over that experience and our loss of data,” said Gary Kovacs.
Mozilla aims to build up a database of the worst offenders – and make the data available to privacy campaigners.
“When we launch the full version of Collusion, it will allow you to opt-in to sharing your anonymous data in a global database of web tracker data,” says the company.
“We’ll combine all that information and make it available to help researchers, journalists, and others analyze and explain how data is tracked on the web.”
Mozilla has unveiled Collusion, a new add-on for the popular web browser that gives web users an instant view of which companies are “watching” them as they browse
Google ignored an international outcry to launch its new privacy policy on March 1 – despite concerns the policy may actually be illegal in many territories.
Vivian Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship said: “Any company which wants to utilize the European market of 500 million citizens – which we’ve made borderless, a golden opportunity – then the European rules apply.”
“Citizens should have the possibility of buying into more extensive use of their data – but that should be their freedom to choose, not done by a sneaking way of taking the freedom away from the citizens,” said Vivian Reding in an interview with The Guardian.
EU authorities said that the new privacy policy appears to violate European law, in an email to Google CEO Larry Page.
CNIL, the French privacy agency in charge of the investigation, said Google’s explanation of how it will use the data was too vague and difficult to understand “even for trained privacy professionals”.
A coalition of 50 consumer groups in Europe and the U.S. also sent a letter to Larry Page in a last ditch attempt to make the search giant rethink saying the controversial new policy is “unfair and unwise”.
Their condemnation came after concerns from the European Union, Japan and Korea among others that the policy may actually be illegal.
But it came into force on March 1 at midnight local time yesterday across the world regardless, with Google claiming that “to pause, would cause confusion”.
Data from 60 of Google’s services will be shared between them – meaning Google account users, owners of Android phones and YouTube viewers will be subjected to even more intrusive “personalized” adverts from now on.
Worried users are trading guides about how to protect sensitive private data such as search histories and the content of emails from Google’s new all-encompassing advertising profiles.
Google said in a blog post: “Our privacy policies have always allowed us to combine information from different products with your account – effectively using your data to provide you with a better service. However, we’ve been restricted in our ability to combine your YouTube and Search histories with other information in your account.
“Our new Privacy Policy gets rid of those inconsistencies so we can make more of your information available to you when using Google.”
A British privacy campaigner, Alex Hanff is suing Google for a refund on his Android phone, claiming that the changes to how Android data could be used amount to a change in the terms of his contract.
Some Android users claim that they are hardest hit by the policy changes, as they have no way to “opt out” of mobile phone contracts.
“The changes are a significant infringement of my right to privacy and I do not consent to Google being able to use my data in such a way,” says Alex Hanff.
A Google spokesperson said: “Our updated Privacy Policy will make our privacy practices easier to understand. Since announcing the changes in January, we’ve undertaken the most extensive notification in our history to let our users know that the updated Privacy Policy takes effect on 1 March.”
The Japanese government said on Thursday it will investigate whether the new policy breaches Japanese privacy laws, according to a report in the Tokyo Times.
Google announced its new privacy policy with much fanfare last month – a “one-size-fits-all” policy which will allow the search giant to share private data between its services so that, for instance, information harvested from Google searches can be used to target adverts within its Gmail service.
The EU’s data protection authorities asked French regulator CNIL to investigate the new policy in January.
“Our preliminary analysis shows that Google’s new policy does not meet the requirements of the European Directive on Data Protection,” CNIL said in a letter to Google Chief Executive Larry Page, which was posted on CNIL’s website this week.
The new policy makes it easier for Google to combine the data of one person using different services such as the search engine, YouTube or Gmail if he is logged into his Google account.
That allows Google to create a broader profile of that user and target advertising based on that person’s interests and search history more accurately. Advertising is the main way Google makes its money.
CNIL said data protection authorities in the EU “are deeply concerned about the combination of personal data across services”, adding they had “strong doubts about the lawfulness and fairness of such processing”.
Vivian Reding, the EU’s Justice Commissioner who oversees the bloc’s data protection rules, said she welcomed CNIL’s letter and called on Google to delay its new policy.
Google argues that combining the data into one profile makes search results more relevant and allows a user to cross-navigate between different services more easily. It says the main purpose of the new policy is to combine the more than 70 different rules for Google’s wide-ranging services into one that is simpler and more readable.
The policy change has horrified privacy advocates and bloggers – tech site ZDNet said that Google would “know more about you than your wife does” and said the policy was “Big Brother-ish”.
The EU working party earlier asked for Google to stop the new policy while the working group investigated whether personal data is protected.
“We call for a pause to ensure that there can be no misunderstanding about Google’s commitments to information rights of EU citizens.”
“Given the wide range of services you offer, and the popularity of these services, changes in your privacy policy may affect many citizens in most EU member states,” the group wrote to Google Chief Executive Larry Page.
“We wish to check the possible consequences for the protection of the personal data of citizens,” it said.
Google described the privacy policy as being “simplified” in an email it sent to all Gmail users.
“If you’re signed into Google, we can do things like suggest search queries – or tailor your search results – based on the interests you’ve expressed in Google Plus, Gmail and YouTube,” Google said a new overview page for its privacy policies.
“We’ll better understand (what) you’re searching for and get you those results faster.”
