lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <008b01c4ec25$90d834d0$0e3eac18@MLANDE>
From: mlande at bellsouth.net (Mary Landesman)
Subject: This sums up Yahoo!s security policyto a -T-

While I feel great compassion for the deceased Marine's father, I do not
believe that grief should override security, privacy, terms of service, and
good judgement. Any email Justin Ellsworth wished his father to have could
reasonably be expected to have been sent to his father prior to Justin's
death - by Justin, of course. Any email destined for other persons is not -
nor should it ever be - the property of anyone other than Justin and the
person to whom the email was sent.

If Justin wanted his father to inherit his email account, he would/should
have provided his dad with the logon info.

Excerpted from Yahoo's ToS agreement:
--------------------
21. NO THIRD PARTY BENEFICIARIES

You agree that, except as otherwise expressly provided in this TOS, there
shall be no third party beneficiaries to this Agreement.
--------------------

And under item 25 (General Information):

--------------------
No Right of Survivorship and Non-Transferability. You agree that your Yahoo!
account is non-transferable and any rights to your Yahoo! I.D. or contents
within your account terminate upon your death. Upon receipt of a copy of a
death certificate, your account may be terminated and all contents therein
permanently deleted.
--------------------

As a Yahoo member, I would expect these terms to be enforced.

It is tragic that a father lost his son. It is understandable that the
father wishes to gain access to every word his son ever typed. But, no
matter how cold it may seem, just because it is understandable doesn't make
it right.

Now, if there were reason to believe that a crime had been committed and
that evidence lies in the email, that's a different story. In such a case, I
believe the email should be turned over to the authorities. But absent legal
need, turning over email to a grieving parent/spouse/child is a dangerous
and undesirable precedent.

Yahoo should be applauded for protecting the privacy of its members.
Frankly, I am shocked that many members of this particular list seem to feel
otherwise. As it stands, Yahoo's security policy suits me to a -T-.

-- Mary


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ