Website: Walter Gregg

Yahoo: Please Disconnect My Account

September 23, 2016. Oh Botheration. I got a message to walt.w-gregg.juneau.ak.us (replace first dot with at) advising me that I'm a victim of the big Yahoo breach and should immediately sign in and change my password.

Yes, I once had a Yahoo account. I didn't use it to check mail. I used it for website statistics. And then I abandoned it when they advised that they were closing inactive accounts including mine.

So what do you mean I'm a victim? You contracted to close this account, you morons.

Oh well. Might as well boot, boot, and boot again. It's uncannily like dilbert.com/strip/2010-03-29. Hint: 'It's all I've been doing since October'.

So I go to Yahoo.com and press sign in. Username: walt.gregg. That's definitively right. I have it my password safe. Then their system dutifully asks me for my password. Yes, it's in the safe too. I enter it. They accept it and then prompt that they're sending me a security code. But it's not being sent to the aforementioned walt.w-gregg.juneau.ak.us. It's being sent to my gmail email. It's bewildering that the address for account notifications is not the same as the address for recovery.

My gmail email is largely inactive, but I do check it now and then, and since I now have a reason to, sure enough, there's the message from Yahoo with the recovery code.

It's confounding that Yahoo did not close my account as contracted. Well, maybe it's not really a contract when you don't pay $10 and other valuable considerations. Or should it be $20 to preserve trial by jury under common law pursuant to Constitutional Amendment VII?

Be that as it may, I copy and paste the code into Yahoo's form, press submit, and loudly speak the magic word 'xyzzy'. But it's just like Adventure or Zork from 30 or 40 years ago: Nothing happens. To be precise, a spinner appears and just spins and spins.

Oh pooh. It's probably NoScript preventing Yahoo from doing whatever it does next. And enabling scripts globally will resend. Who knows what that will do? Well, there is no other choice.

Uh oh. My lamp is now off. To turn it back on, Yahoo says I need to enter my Yahoo username, recovery email, or phone number. Huh? I have already entered my Yahoo username and they have already sent the recovery code to my recovery email. This is bewildering in spades.

Maybe I gave them my home phone. I could always try that. No, they respond to that with 'sorry, something went wrong, try later.' Well of course it did. Further research indicates that unlike Google, which will happily send a voice message, Yahoo is only capable of sending text messages. Listen up folks: I only have a landline. My rotary dial phone is securely attached to the wall so the bloody thing can't follow me out the door. Text message indeed.

It isn't as if I need this account. It isn't as if I want this account. I just wanted to get access so I could then proceed to order it shut down in the faint hope that this time they would really do it. But no, that is not be be.

I wonder if I delete cookies if I would be ressurected and could try again?

It would much easier to simply email Yahoo and tell them to purge the account like they promised to do so long ago. But no, they don't have a contact form, email address, phone number, or paper mailing address. At least, not easily found on the website. Maybe I need to find out what state they're incorporated in, get the address of their registered agent, write a letter of direction for discontinuing the account, get it notarized at my bank, and serve the bastards. Service of process by paper mail, courtesy of the U.S. post office, with proof of delivery. At least I'd have a record that I did the responsible thing.

On the other hand, they already contracted to discontinue my account. That they failed to do so is not my fault.

They talk about irresponsible end users sharing passwords and such. What rot. What about the responsibility of the company? U.S. companies are just hopeless when it comes to data security. Burglars can enter houses by hollering through the front door to tell iPhones to unlock the door. Hackers can hijack cars from thousands of miles away. The U.S. Office of Personnel Management has sent my personnel file and probably fingerprints to China and one must presume Russia as well. Premera Blue Cross has sent my medical files to China. Yahoo has transmitted my secret questions -- whatever they were -- to unidentified foreign governments. The level of incompetence is absolutely staggering. Only it isn't.

The U.S. Privacy Act is a complete sham. It's designed to make sure that you and your agent can't read your data, but everyone else can. It is the entire U.S. design philosophy to ensure that corporate and government computers can always read all your data. That's how they sell advertising and avoid the need for actual Constitutional warrants.

That's why I moved my email to Startmail.com in the Netherlands for just under $60 US a year. Their design philosophy is to ensure that their computers can't read any of your data. If their code succeeds at this, they can't leak your data, because they can't access it. It's not the PGP encryption they offer that is key. In fact, though I planned to set that up, I never did. The real advantage is the fundamental concept of privacy, in the sense that I own my data. The company doesn't even have access to it. If government wants my data, they actually have to serve me with a demand. Given routine waterboarding, it's a fair bet that they'll get it PDQ, too. But at least they have to ask. Of course it would be nice if StartMail had a code audit by outside security experts -- there are sure to be huge flaws. But they could hardly do any worse than the best U.S. companies, whose entire mission in life is to leak data massively accidentally on purpose.

If you're the hackers in charge, and you have my Yahoo data, would you please e-mail it to me at walt.gregg.juneau.ak.us, replacing that first dot with an 'at', of course? It's just fair play to let people know what you know.

If you're Yahoo, would you please e-mail my data to the same address, and then delete my account? I made every reasonable effort to access the account to secure it, and you still knew about it, and you even sent me the reset password, and I dutifully entered it, but it didn't work. That's really not playing fair.

Sign me aggravated. Bothered. Desperate. And Vexed.


, Yahoo: Please Disconnect My Account (Sep. 2016) (available at ). © W. Gregg 2016; CreativeCommons.org /licenses /by-nc-nd/4.0.

 No Privacy