Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: This sums up Yahoo!s security policy to a -T-
From: "Brenno J.S.A.A.F. de Winter" <brenno () dewinter com>
Date: Fri, 24 Dec 2004 09:16:07 +0100


I think the main issue here is that the son is dead and that changes a
lot from a privacy perspective. His family inherits his physical letters
and communications, so why not the digital. I truly amazed that Yahoo
goes so difficult on them, especially since its an American company
(where privacy generally has a lesser value than Europe).

Furthermore it would be adding insult to injury if they'd let the 90-day
rule stand. After all they are not granting the family access. 

On the issue of high profile case: that shouldn't matter. It is only
human that people would love to read his last words. Let Yahoo please be
compassionate, especially around Christmas time and stop this "we're
privacy friendly"-attitude when someone doesn't need privacy anymore.
Let them focus on privacy for those that are alive.


A few pointers here to remember:
- They reckon he was saving drafts of e-mails to send when he had net
access. Not all of these drafts were sent before he was obviously
- He was only using the e-mail account to communicate between friends
or family. It isn't like he has secret e-mails he wouldn't want his
family to read, example: some love affair etc with some random chick.
- Other e-mail providers like AOL have already given families access
to accounts of the e-mail used to send messages from battle.
- Sure, corporation need tight privacy policies, although if a
corporation like Yahoo! are going to be this tight, then surely there
should be an "appeal" system setup in special high profile cases, like
this one. This would be the best way to go, than putting families of
war dead, through extra pain when dealing with a loss of life.
- I personally think Yahoo! could easily allow them access in private,
turning a blind eye in this special circumstance. Which as I mentioned
above, an appeal process would give room for, obviously.
- This account should at least be taken out of the deactivation
process and deletion, until all legal angles have been ventured.
- If all else fails, its not rocket science for some hacker/script
kiddie to do the family a favour and crack the password and/or account
information and e-mail a family member the details.

Thanks, n3td3v
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]