Hundreds of millions impacted by new Yahoo, AOL, privacy policies that collect emails, texts, photos

Hundreds of millions impacted by new Yahoo, AOL, privacy policies that collect emails, texts, photos
Oath, the company that runs Yahoo and AOL, updated privacy policies for how the internet service giants can collect users' data. (supershabashnyi/Getty Images)

Oath, a media division of Verizon that runs AOL and Yahoo, has unified and updated its privacy terms, a move that impacts hundreds of millions of users, CNET reported.

Despite concerns raised by Facebook’s Cambridge Analytica scandal, Oath policies allow for extensive data-collecting tactics, CNET noted.

Specifically, the terms state that Oath can read your emails, instant messages, posts, photos and message attachments. That includes information about banking and other financial transactions. Additionally, Oath can share information it collects with Verizon, its parent company.

All of this is done under the guise of improving services and delivering better advertising content to users.

Am I tracked when I’m logged out?

People may be surprised to learn the company can capture data and trace users even when they are not signed into Oath-related accounts.

Privacy terms explain that Oath can “recognize you or your devices even if you are not signed in to our Services.Oath may use device IDs, cookies, and other signals, including information obtained from third parties, to associate accounts and/or devices with you.”

“This allows us to deliver, personalize and develop relevant features, content, advertising and Services,” Oath’s privacy terms state.

Every piece of data sent through their services is stored and analyzed, including outgoing and income emails, the terms state.

Yahoo’s previous privacy policy shows that it “analyzes and stores all communications content, including email content.” But AOL’s legacy privacy policy had not listed that disclosure, CNET reported. Google previously had policies allowing it to scan Gmail messages “for better ad targeting,” although the company claims it stopped the practice in June of 2017.

Oath uses automated systems that supposedly remove personally-identifying information “before any humans” see your data. But that’s not a guarantee, the report states. Often, just using an app or service means you agree to the terms.

What if I don’t like how my data is used?

Oath’s terms also include updates to its mutual arbitration clause and class-action waiver. That means that if users don’t like what Oath does with their data, it’s more difficult to sue the company.

CNET reported it sent attempted to ask questions about the new privacy policy and received an email from a company spokesperson that read: “The launch of a unified Oath privacy policy and terms of service is a key stepping stone toward creating what’s next for our consumers while empowering them with transparency and controls over how and when their data is used.”