ELWsoftware.com

A few short weeks ago I read the Yahoo compliance guide for law enforcement document as it was leaked on the internet.  As expected, not too many people in the general public have noticed or care about what is going on.  What does a company do when the public no longer trusts them?  I think Yahoo is on its last legs as a company.  There just isn’t much left for them to do.  It is only a matter of time before the idea of a homepage containing a ton of links stops working.  Advertising with banners just doesn’t really work.  It has been too abused by spammers to give any credibility.

So, what is left at Yahoo anyway?  The homepage where I used to check the top news stories still looks similar, but not as good.  Now the small news square at the center of the page covers itself with ads if you hover your mouse in the wrong place.

I would gladly have gone on using Yahoo for years if things worked well, but how can you trust a company that sells your personal and financial information to law enforcement?  Remember that the Yahoo compliance guide is written by Yahoo itself, not some crazy conspiracy nut.  Some person or group working at Yahoo wrote that document.  Yahoo PAID them to write it.  Yahoo probably paid lawyers to read it, and re-write it.  Yahoo pays people to answer the phones, and pays for the office space used to handle the law enforcement queries!

If the FBI, CIA, or NSA made a search engine, would you use it?

If your local police department ran an email and photo-sharing site would you use it?

According to an inside source, Yahoo! has begun to shut down their spider bot named slurp.  This is apparently part of a plan to eventually team up with Microsoft in using their Bing search engine.  It is not news that Yahoo is going to be outsourcing their search functionality to Microsoft and Bing, but it has started to be implemented.  Our tracking software at ELW is very comprehensive, and our recent data indicates that Yahoo has let its spider software rot, and this traffic has begun to disappear.  Stay tuned for more information as it becomes available!

Yesterday I had the opportunity to read the yahoo compliance guide for law enforcement, a document produced by Yahoo! and given to law enforcement to help them understand what information Yahoo can provide.  This was a disturbing read to say the least.  I won’t actually paste the pdf file here, since ELW is a small company and we don’t want to get into any trouble we can’t afford.  I also want to reward the brave person who posts this kind of information with credit and traffic:
Yahoo compliance guide for law enforcement

I’ll also summarize what I think of this revealing document from Yahoo!

1. The document contains contact information for the people at Yahoo! who will provide user information for you, and help you with questions.
2. There are some general tips for how to proceed: Include the Yahoo! ID, check if the info you want is available publicly, be specific about what you want, etc.
3. The document describes what info is available, which should be disturbing on its own:

• IP addresses associated with logins.
• Subscriber info: Name, age, birthday, etc.
• ANY emails in your Yahoo! account.
• IP addresses used to send the emails.
• Friends list in chat/messengeer.
• Time, date, IP logs for chat/messenger.
• Archives of communications if at least one party in the chat decides to archive them. (I’m not sure what the default setting is, or whether Yahoo! considers itself a party to the communications)
• Member list, emails, date joined for Yahoo! groups.
• Info about group moderators.
• Contents of the group: files, photos, messages.
• Who posted what, and when they posted it.
• Geocities, domain, hosting and stores information, including files and dates of upload.
• Yahoo store transaction data. (I don’t know if this means they can get customer information if they are investigating the store owner, but I’ll bet it does)
• Flickr contents (photos) and comments on others’ photos.
• IP addresses and timestamps of Flickr uploads.
• Flickr groups.
• Yahoo! profiles contents, time, date, IP logs.

This document from Yahoo! was not meant to be distributed to individuals or organizations that are not law enforcement entities.  It recommends trying to use Yahoo! to see if the information you want is publicly available, but I get the impression that they give it to you anyway.  The documents says they provide a “great deal of information” that could have been obtained publicly through Yahoo!  No numbers are given regarding how often this happens, or how often any of this is done.  If a user has subscribed for premium services, Yahoo! has a credit card number on file.  Finally, Yahoo! is unable to search for information a user has deleted unless the request is made within 24 hours of the deletion.  Yahoo! will seek reimbursement for engineer time incurred.

The creepiest part of the document for me was the last part which includes sample requests for subpoenas, court orders, and warrants.  You get warrants from a judge right?  Do judges need help writing a warrant?  The next “sample” document is the strangest: A sample “consent” form authorizing Yahoo! to provide the information, obviously for the “suspect” to sign.

This makes no sense to me because it is implied throughout the document that Yahoo! hands this information over whether you consent or not.

The form also waives Yahoo! from claims for damages resulting from this disclosure.  You know, just in case you are stupid enough to let police search your Yahoo! information willingly, you can’t sue Yahoo! later.  Why would you do that again?

The document explains that the information Yahoo! provides must be reimbursed at a rate of $20 for the first user, $10 for each additional user.  Great! Try to talk law enforcement officials into obtaining as much information as possible, just in case.  You know, TO SAVE MONEY!  I’m surprised they don’t make it $19.99 so it looks like an even better deal!

Seriously, lets ask some simple but important questions:

• How often is this service used by law enforcement, and how much money are you making from it?
• How concerned could Yahoo! possibly be about privacy if they are trying to offer volume discounts to law enforcement entities?
• What protection is there for people and their information, if they are members of a Yahoo! group that also contains a criminal being investigated?

This is not a small operation.  I would guess that this stuff probably brings Yahoo! tens of millions of dollars if numbers from similar programs are analyzed.  I suggest anyone reading this article boycott Yahoo! completely until they come clean and put some real safeguards in place.

As a friendly followup to my top ten reasons Google sucks post, here are a few things I’ve been annoyed with at Yahoo!

1. Hovering summary things!  These are the things that appear when your mouse pointer is above something.  This is a stupid phenomenon in any context, especially on one of the most popular sites in the whole world.  Recently, putting your mouse over the left side of the Yahoo home page where the finance, autos, games, and weather are will bring up a huge box covering almost the entire homepage!  What are you thinking Yahoo?  Of course this box includes a huge animated graphic advertisement.
2. Ads on the homepage!  I’m not suggesting they go the Google direction and have almost nothing on the home page, just fewer ads.  I block every ad I can with whatever tools that work.  I understand that they think they need ads to make a profit.  I value sites that have fewer distractions and obstacles between what I want to see.
3. The Directory!  This used to be something that made Yahoo different and good.  It was a place to go when you wanted to find a category filled with choices that were almost guaranteed to be at least similar to what you wanted to find.  Has anybody noticed that there isn’t even a link to the directory on the homepage anymore?  This should make you think twice before spending the $300 a year for the chance to be included in the directory.  I said chance because there is no guarantee that you will be included.  I guarantee they will keep your money though.
4. What are you doing?  Take a look at the top-right of the Yahoo home page under the search bar.  If you aren’t logged in is says “what are you doing?”  Is this really a reason that Yahoo sucks?  No, but it is a good question for the people at Yahoo.  What are you doing?