Yahoo is now recycling handles
Whackiness, predictably, ensues: https://medium.com/editors-picks/46b47d95b957 You can do the math how this might affect you, your services, and your users, if you have those. Will people *ever* start listening when we tell them how Bad an Idea something is? The RISKS are endless... Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
The issue was studied thoroughly by a committee of MBAs who, after extensive thought (read: 19 bottles of scotch), determined that there was money to be made. whatcouldpossiblygowrong? - Pete On 9/3/2013 11:09 PM, Jay Ashworth wrote:
Whackiness, predictably, ensues:
https://medium.com/editors-picks/46b47d95b957
You can do the math how this might affect you, your services, and your users, if you have those.
Will people *ever* start listening when we tell them how Bad an Idea something is? The RISKS are endless...
Cheers, -- jra
On Sep 3, 2013, at 10:47 PM, Peter Kristolaitis <alter3d@alter3d.ca> wrote:
The issue was studied thoroughly by a committee of MBAs who, after extensive thought (read: 19 bottles of scotch), determined that there was money to be made.
whatcouldpossiblygowrong?
Apparently it was implemented by a group of low-bid programmers in a far off land. I have, err, had, a Yahoo! account I used for two things, getting e-mail from Yahoo! groups and accessing Flickr. I was on Flickr not a two or three months ago to fix a picture someone noticed was in the wrong album. When I saw this I thought I should log in again to reset my one year ticker. Off to www.yahoo.com and click sign in. Enter userid, enter password. Drops me to a CAPTCHA screen, that's odd, never seen that before, but ok. Enter CAPTCHA and it redirects me to "https://edit.yahoo.com/forgot", which when reached from said CAPTCHA screen renders as a 100% blank page. That's some fine web coding. I went to the flickr site, tried to log in. At least there it tells me my userid is in the process of being recycled. No option to recover. Try creating a new account with the same userid, sorry, it's in use. So as far as I can tell: - The must be inactive for one year is BS, and/or logging into Flickr didn't count in my case. - No notifications are sent, so if you're a person who is there for things like Yahoo groups and forwards your e-mail elsewhere you may be using the service in a way that generates no logs. - There is no way to get an account back that is in the recycling phase, which is frankly stupid. As a result Yahoo! has lost a Flickr and Groups member, and I'm not sure I see any reason to sign up again at this point. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Alec . . . I'll take "I don"t use Yahoo because of Yahoo 's" for a 100 please. -- Jason Hellenthal Inbox: jhellenthal@DataIX.net Voice: +1 (616) 953-0176 JJH48-ARIN
On Sep 4, 2013, at 9:36, Leo Bicknell <bicknell@ufp.org> wrote:
On Sep 3, 2013, at 10:47 PM, Peter Kristolaitis <alter3d@alter3d.ca> wrote:
The issue was studied thoroughly by a committee of MBAs who, after extensive thought (read: 19 bottles of scotch), determined that there was money to be made.
whatcouldpossiblygowrong?
Apparently it was implemented by a group of low-bid programmers in a far off land.
I have, err, had, a Yahoo! account I used for two things, getting e-mail from Yahoo! groups and accessing Flickr. I was on Flickr not a two or three months ago to fix a picture someone noticed was in the wrong album.
When I saw this I thought I should log in again to reset my one year ticker. Off to www.yahoo.com and click sign in.
Enter userid, enter password.
Drops me to a CAPTCHA screen, that's odd, never seen that before, but ok.
Enter CAPTCHA and it redirects me to "https://edit.yahoo.com/forgot", which when reached from said CAPTCHA screen renders as a 100% blank page.
That's some fine web coding.
I went to the flickr site, tried to log in. At least there it tells me my userid is in the process of being recycled. No option to recover.
Try creating a new account with the same userid, sorry, it's in use.
So as far as I can tell: - The must be inactive for one year is BS, and/or logging into Flickr didn't count in my case. - No notifications are sent, so if you're a person who is there for things like Yahoo groups and forwards your e-mail elsewhere you may be using the service in a way that generates no logs. - There is no way to get an account back that is in the recycling phase, which is frankly stupid.
As a result Yahoo! has lost a Flickr and Groups member, and I'm not sure I see any reason to sign up again at this point.
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
I've got to apologize publicly to Yahoo! here as part of my issue was my own stupidity. It appears in the past I've had multiple Yahoo! ID's and I was trying to use the wrong one, one that may have gone away a long time ago, rather than my still active ID. Some helpful people at Yahoo got me straightened out on that point. My apologies for disparaging Yahoo! when it was my own fault. There's still the much more minor point that when I tried to "self serve" I ended up at a blank page on the Yahoo! web site, hopefully they will figure that out as well. On Sep 4, 2013, at 8:36 AM, Leo Bicknell <bicknell@ufp.org> wrote:
Apparently it was implemented by a group of low-bid programmers in a far off land.
I have, err, had, a Yahoo! account I used for two things, getting e-mail from Yahoo! groups and accessing Flickr. I was on Flickr not a two or three months ago to fix a picture someone noticed was in the wrong album.
When I saw this I thought I should log in again to reset my one year ticker. Off to www.yahoo.com and click sign in.
Enter userid, enter password.
Drops me to a CAPTCHA screen, that's odd, never seen that before, but ok.
Enter CAPTCHA and it redirects me to "https://edit.yahoo.com/forgot", which when reached from said CAPTCHA screen renders as a 100% blank page.
That's some fine web coding.
I went to the flickr site, tried to log in. At least there it tells me my userid is in the process of being recycled. No option to recover.
Try creating a new account with the same userid, sorry, it's in use.
So as far as I can tell: - The must be inactive for one year is BS, and/or logging into Flickr didn't count in my case. - No notifications are sent, so if you're a person who is there for things like Yahoo groups and forwards your e-mail elsewhere you may be using the service in a way that generates no logs. - There is no way to get an account back that is in the recycling phase, which is frankly stupid.
As a result Yahoo! has lost a Flickr and Groups member, and I'm not sure I see any reason to sign up again at this point.
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
On Wed, 04 Sep 2013 20:47:40 -0500, Leo Bicknell said:
There's still the much more minor point that when I tried to "self serve" I ended up at a blank page on the Yahoo! web site, hopefully they will figure that out as well.
I'm continually amazed at the number of web designers that don't test their pages with NoScript enabled. Just sayin'.
On 9/5/2013 12:17 AM, Valdis.Kletnieks@vt.edu wrote:
There's still the much more minor point that when I tried to "self serve" I ended up at a blank page on the Yahoo! web site, hopefully they will figure that out as well. I'm continually amazed at the number of web designers that don't test
On Wed, 04 Sep 2013 20:47:40 -0500, Leo Bicknell said: their pages with NoScript enabled. Just sayin'.
NoScript? That's some kind of antimalvirus thingy for Internet Explorer, right? I think I read something about that in the Website Design For Dimwits in 24 Hours book... ;)
On 09/04/2013 09:17 PM, Valdis.Kletnieks@vt.edu wrote:
There's still the much more minor point that when I tried to "self serve" I ended up at a blank page on the Yahoo! web site, hopefully they will figure that out as well. I'm continually amazed at the number of web designers that don't test
On Wed, 04 Sep 2013 20:47:40 -0500, Leo Bicknell said: their pages with NoScript enabled. Just sayin'.
Noscript users are even less important than ie6 users. Welcome to the long tail of irrelevance. Mike
In a message written on Thu, Sep 05, 2013 at 12:17:28AM -0400, Valdis.Kletnieks@vt.edu wrote:
On Wed, 04 Sep 2013 20:47:40 -0500, Leo Bicknell said:
There's still the much more minor point that when I tried to "self serve" I ended up at a blank page on the Yahoo! web site, hopefully they will figure that out as well.
I'm continually amazed at the number of web designers that don't test their pages with NoScript enabled. Just sayin'.
While perhaps likely I would use NoScript, the failure in question happened with a bone stock, up to date Safari client with JavaScript enabled. No ad-block or other software to interfear. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
There's still the much more minor point that when I tried to "self serve" I ended up at a blank page on the Yahoo! web site, hopefully they will figure that out as well.
I'm continually amazed at the number of web designers that don't test their pages with NoScript enabled. Just sayin'.
The whole point of putting JavaScript (and other similar smegma) on a Web Page where it is not needed is to prevent people with smegma filters from being to access the page, and to suggest in no uncertain terms that these people take their business (and their money) elsewhere. Same applies to Flash. Take your business elsewhere. There is no point in complaining about it. Sometimes, it is a deliberate feature which is deliberately used to attack the visitors of a web site. Prime example is the DHS.
Recent TOR thing with freedomhosting (?) come to mind... On Sun, Sep 8, 2013 at 6:08 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Sat, 07 Sep 2013 17:34:36 -0600, "Keith Medcalf" said:
Sometimes, it is a deliberate feature which is deliberately used to attack the visitors of a web site. Prime example is the DHS.
I must have missed this one. Citation please?
Whoops, my bad. Misparsed that acronym. On Mon, Sep 9, 2013 at 6:31 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Sun, 08 Sep 2013 19:04:14 -0700, Alex Buie said:
Recent TOR thing with freedomhosting (?) come to mind...
That one appears to have been the FBI, which is DOJ not DHS. If you have evidence to the contrary, feel free to bring it out in the open.
I've got to apologize publicly to Yahoo! here as part of my issue was my = own stupidity. It appears in the past I've had multiple Yahoo! ID's and = I was trying to use the wrong one, one that may have gone away a long = time ago, rather than my still active ID. Some helpful people at Yahoo = got me straightened out on that point. My apologies for disparaging = Yahoo! when it was my own fault.
Error or not, the recycling problem's real. I find myself having received some sales figures for a Jiffy Lube chain somewhere, and I have to assume that there will be a lot of instances where set-and-forget users have supplied their Yahoo address to business partners, financial institutions, etc. and who will continue to send confidential mail to the recycled address. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Sep 4, 2013, at 6:47 PM, Leo Bicknell <bicknell@ufp.org> wrote:
I've got to apologize publicly to Yahoo! here as part of my issue was my own stupidity. It appears in the past I've had multiple Yahoo! ID's and I was trying to use the wrong one, one that may have gone away a long time ago, rather than my still active ID. Some helpful people at Yahoo got me straightened out on that point. My apologies for disparaging Yahoo! when it was my own fault.
There's still the much more minor point that when I tried to "self serve" I ended up at a blank page on the Yahoo! web site, hopefully they will figure that out as well.
I surely hope so too. When I tried to get my old yahoo email account back (I have only ONE), and ended with the same empty page. Hope some yahoo people on this list listening. It is important to me I can get that email address back; some friends only know me by that address. Lixia
On Sep 4, 2013, at 8:36 AM, Leo Bicknell <bicknell@ufp.org> wrote:
Apparently it was implemented by a group of low-bid programmers in a far off land.
I have, err, had, a Yahoo! account I used for two things, getting e-mail from Yahoo! groups and accessing Flickr. I was on Flickr not a two or three months ago to fix a picture someone noticed was in the wrong album.
When I saw this I thought I should log in again to reset my one year ticker. Off to www.yahoo.com and click sign in.
Enter userid, enter password.
Drops me to a CAPTCHA screen, that's odd, never seen that before, but ok.
Enter CAPTCHA and it redirects me to "https://edit.yahoo.com/forgot", which when reached from said CAPTCHA screen renders as a 100% blank page.
That's some fine web coding.
I went to the flickr site, tried to log in. At least there it tells me my userid is in the process of being recycled. No option to recover.
Try creating a new account with the same userid, sorry, it's in use.
So as far as I can tell: - The must be inactive for one year is BS, and/or logging into Flickr didn't count in my case. - No notifications are sent, so if you're a person who is there for things like Yahoo groups and forwards your e-mail elsewhere you may be using the service in a way that generates no logs. - There is no way to get an account back that is in the recycling phase, which is frankly stupid.
As a result Yahoo! has lost a Flickr and Groups member, and I'm not sure I see any reason to sign up again at this point.
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
On Sep 4, 2013, at 9:47 PM, Leo Bicknell <bicknell@ufp.org> wrote:
I've got to apologize publicly to Yahoo! here as part of my issue was my own stupidity. It appears in the past I've had multiple Yahoo! ID's and I was
I, on the other hand, need someone from Yahoo! to contact me, because I decided to test their "email wishlist" feature. Repeated attempts got me nothing but a message saying that my credit card information was incorrect. But when I checked my bill this morning, I have three fifty cent charges against my account (one for each time I revalidated my email address while attempting to use their form). There's no contact page on http://wishlist.yahoo.com, despite the fact that it's an ecommerce page that takes credit cards, and there's no apparent way to contact a human from the main yahoo page. I can always ask my credit card company to refuse the charges, but if Yahoo! is charging credit cards and not providing services, I think someone there needs to know there's a problem. Never mind taking credit card numbers and providing no customer support.
On Thu, Sep 5, 2013 at 9:28 AM, Kee Hinckley <nazgul@marrowbones.com> wrote:
On Sep 4, 2013, at 9:47 PM, Leo Bicknell <bicknell@ufp.org> wrote:
I've got to apologize publicly to Yahoo! here as part of my issue was my own stupidity. It appears in the past I've had multiple Yahoo! ID's and I was
I, on the other hand, need someone from Yahoo! to contact me, because I decided to test their "email wishlist" feature. Repeated attempts got me nothing but a message saying that my credit card information was incorrect. But when I checked my bill this morning, I have three fifty cent charges against my account (one for each time I revalidated my email address while attempting to use their form). There's no contact page on http://wishlist.yahoo.com, despite the fact that it's an ecommerce page that takes credit cards, and there's no apparent way to contact a human from the main yahoo page. I can always ask my credit card company to refuse the charges, but if Yahoo! is charging credit cards and not providing services, I think someone there needs to know there's a problem. Never mind taking credit card numbers and providing no customer support.
And it's not an isolated incident -- the exact same thing happened to me last night as well. Royce
They're just validating a credit card number; that was an authorization which won't be settled, almost certainly. Royce Williams <royce@techsolvency.com> wrote:
On Thu, Sep 5, 2013 at 9:28 AM, Kee Hinckley <nazgul@marrowbones.com> wrote:
On Sep 4, 2013, at 9:47 PM, Leo Bicknell <bicknell@ufp.org> wrote:
I've got to apologize publicly to Yahoo! here as part of my issue
was my own stupidity. It appears in the past I've had multiple Yahoo! ID's and I was
I, on the other hand, need someone from Yahoo! to contact me, because
I decided to test their "email wishlist" feature. Repeated attempts got me nothing but a message saying that my credit card information was incorrect. But when I checked my bill this morning, I have three fifty cent charges against my account (one for each time I revalidated my email address while attempting to use their form). There's no contact page on http://wishlist.yahoo.com, despite the fact that it's an ecommerce page that takes credit cards, and there's no apparent way to contact a human from the main yahoo page. I can always ask my credit card company to refuse the charges, but if Yahoo! is charging credit cards and not providing services, I think someone there needs to know there's a problem. Never mind taking credit card numbers and providing no customer support.
And it's not an isolated incident -- the exact same thing happened to me last night as well.
Royce
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Makes you wonder why the charges are in triplicate? An authorization takes place once to validate the card certainly, but once the validation is done yahoo should mark the card as good and allow you to party as previous scheduled. This isn't shocking.. Considering almost anything to do with Yahoo! turns into an epic cluster product and service wise. I'm still curious as to how they are actually going to generate money.. Probably a little less curious than they are I'd imagine.. ;) Sent from my Mobile Device. -------- Original message -------- From: Jay Ashworth <jra@baylink.com> Date: 09/05/2013 5:27 PM (GMT-08:00) To: Royce Williams <royce@techsolvency.com>,"nanog@nanog.org list" <nanog@nanog.org> Subject: Re: Yahoo is now recycling handles They're just validating a credit card number; that was an authorization which won't be settled, almost certainly. Royce Williams <royce@techsolvency.com> wrote:
On Thu, Sep 5, 2013 at 9:28 AM, Kee Hinckley <nazgul@marrowbones.com> wrote:
On Sep 4, 2013, at 9:47 PM, Leo Bicknell <bicknell@ufp.org> wrote:
I've got to apologize publicly to Yahoo! here as part of my issue
was my own stupidity. It appears in the past I've had multiple Yahoo! ID's and I was
I, on the other hand, need someone from Yahoo! to contact me, because
I decided to test their "email wishlist" feature. Repeated attempts got me nothing but a message saying that my credit card information was incorrect. But when I checked my bill this morning, I have three fifty cent charges against my account (one for each time I revalidated my email address while attempting to use their form). There's no contact page on http://wishlist.yahoo.com, despite the fact that it's an ecommerce page that takes credit cards, and there's no apparent way to contact a human from the main yahoo page. I can always ask my credit card company to refuse the charges, but if Yahoo! is charging credit cards and not providing services, I think someone there needs to know there's a problem. Never mind taking credit card numbers and providing no customer support.
And it's not an isolated incident -- the exact same thing happened to me last night as well.
Royce
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
"Repeated attempts". Wonder how many. Cheers, - jr 'betting on three' a Warren Bailey <wbailey@satelliteintelligencegroup.com> wrote:
Makes you wonder why the charges are in triplicate? An authorization takes place once to validate the card certainly, but once the validation is done yahoo should mark the card as good and allow you to party as previous scheduled. This isn't shocking.. Considering almost anything to do with Yahoo! turns into an epic cluster product and service wise. I'm still curious as to how they are actually going to generate money.. Probably a little less curious than they are I'd imagine.. ;)
Sent from my Mobile Device.
-------- Original message -------- From: Jay Ashworth <jra@baylink.com> Date: 09/05/2013 5:27 PM (GMT-08:00) To: Royce Williams <royce@techsolvency.com>,"nanog@nanog.org list" <nanog@nanog.org> Subject: Re: Yahoo is now recycling handles
They're just validating a credit card number; that was an authorization which won't be settled, almost certainly.
Royce Williams <royce@techsolvency.com> wrote:
On Thu, Sep 5, 2013 at 9:28 AM, Kee Hinckley <nazgul@marrowbones.com> wrote:
On Sep 4, 2013, at 9:47 PM, Leo Bicknell <bicknell@ufp.org> wrote:
I've got to apologize publicly to Yahoo! here as part of my issue
was my own stupidity. It appears in the past I've had multiple Yahoo! ID's and I was
I, on the other hand, need someone from Yahoo! to contact me,
because I decided to test their "email wishlist" feature. Repeated attempts got me nothing but a message saying that my credit card information was incorrect. But when I checked my bill this morning, I have three fifty cent charges against my account (one for each time I revalidated my email address while attempting to use their form). There's no contact page on http://wishlist.yahoo.com, despite the fact that it's an ecommerce page that takes credit cards, and there's no apparent way to contact a human from the main yahoo page. I can always ask my credit card company to refuse the charges, but if Yahoo! is charging credit cards and not providing services, I think someone there needs to know there's a problem. Never mind taking credit card numbers and providing no customer support.
And it's not an isolated incident -- the exact same thing happened to me last night as well.
Royce
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Cough.
And it's not an isolated incident -- the exact same thing happened to me last night as well.
Royce
Cough. ;) Sent from my Mobile Device. -------- Original message -------- From: Jay Ashworth <jra@baylink.com> Date: 09/05/2013 8:55 PM (GMT-08:00) To: Warren Bailey <wbailey@satelliteintelligencegroup.com>,Warren Bailey <wbailey@satelliteintelligencegroup.com>,Royce Williams <royce@techsolvency.com>,"nanog@nanog.org list" <nanog@nanog.org> Subject: Re: Yahoo is now recycling handles "Repeated attempts". Wonder how many. Cheers, - jr 'betting on three' a Warren Bailey <wbailey@satelliteintelligencegroup.com> wrote: Makes you wonder why the charges are in triplicate? An authorization takes place once to validate the card certainly, but once the validation is done yahoo should mark the card as good and allow you to party as previous scheduled. This isn't shocking.. Considering almost anything to do with Yahoo! turns into an epic cluster product and service wise. I'm still curious as to how they are actually going to generate money.. Probably a little less curious than they are I'd imagine.. ;) Sent from my Mobile Device. -------- Original message -------- From: Jay Ashworth <jra@baylink.com> Date: 09/05/2013 5:27 PM (GMT-08:00) To: Royce Williams <royce@techsolvency.com>,"nanog@nanog.org list" <nanog@nanog.org> Subject: Re: Yahoo is now recycling handles They're just validating a credit card number; that was an authorization which won't be settled, almost certainly. Royce Williams <royce@techsolvency.com> wrote:
On Thu, Sep 5, 2013 at 9:28 AM, Kee Hinckley <nazgul@marrowbones.com> wrote:
On Sep 4, 2013, at 9:47 PM, Leo Bicknell <bicknell@ufp.org> wrote:
I've got to apologize publicly to Yahoo! here as part of my issue
was my own stupidity. It appears in the past I've had multiple Yahoo! ID's and I was
I, on the other hand, need someone from Yahoo! to contact me, because
I decided to test their "email wishlist" feature. Repeated attempts got me nothing but a message saying that my credit card information was incorrect. But when I checked my bill this morning, I have three fifty cent charges against my account (one for each time I revalidated my email address while attempting to use their form). There's no contact page on http://wishlist.yahoo.com, despite the fact that it's an ecommerce page that takes credit cards, and there's no apparent way to contact a human from the main yahoo page. I can always ask my credit card company to refuse the charges, but if Yahoo! is charging credit cards and not providing services, I think someone there needs to know there's a problem. Never mind taking credit card numbers and providing no customer support.
And it's not an isolated incident -- the exact same thing happened to me last night as well.
Royce
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
On Sep 5, 2013, at 8:26 PM, Jay Ashworth <jra@baylink.com> wrote:
They're just validating a credit card number; that was an authorization which won't be settled, almost certainly.
I'd have more faith in that if a) there weren't three of them and b) they didn't then tell me that my credit card information was invalid. My guess is that their system failed somewhere between posting the charge and clearing it. However, they *are* still in the Pending category on my card, we'll see if they get posted.
Sure. But the failure is /why/ you have three... -jra Kee Hinckley <nazgul@somewhere.com> wrote:
On Sep 5, 2013, at 8:26 PM, Jay Ashworth <jra@baylink.com> wrote:
They're just validating a credit card number; that was an authorization which won't be settled, almost certainly.
I'd have more faith in that if a) there weren't three of them and b) they didn't then tell me that my credit card information was invalid. My guess is that their system failed somewhere between posting the charge and clearing it. However, they *are* still in the Pending category on my card, we'll see if they get posted.
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
On Sep 5, 2013, at 8:26 PM, Jay Ashworth <jra@baylink.com> wrote:
They're just validating a credit card number; that was an authorization which won't be settled, almost certainly.
I'd have more faith in that if a) there weren't three of them and b) they didn't then tell me that my credit card information was invalid. My guess is that their system failed somewhere between posting the charge and clearing it. However, they *are* still in the Pending category on my card, we'll see if they get posted.
The appropriate party to inform would be the FBI ... The word fraud comes to mind, and millions of 50 centses puts company officers in prison for a long long long time.
-----Original Message----- From: Kee Hinckley [mailto:nazgul@marrowbones.com] Sent: Thursday, 5 September, 2013 11:28 To: nanog@nanog.org list Subject: Re: Yahoo is now recycling handles
On Sep 4, 2013, at 9:47 PM, Leo Bicknell <bicknell@ufp.org> wrote:
I've got to apologize publicly to Yahoo! here as part of my issue was
my own stupidity. It appears in the past I've had multiple Yahoo! ID's and I was
I, on the other hand, need someone from Yahoo! to contact me, because I decided to test their "email wishlist" feature. Repeated attempts got me nothing but a message saying that my credit card information was incorrect. But when I checked my bill this morning, I have three fifty cent charges against my account (one for each time I revalidated my email address while attempting to use their form). There's no contact page on http://wishlist.yahoo.com, despite the fact that it's an ecommerce page that takes credit cards, and there's no apparent way to contact a human from the main yahoo page. I can always ask my credit card company to refuse the charges, but if Yahoo! is charging credit cards and not providing services, I think someone there needs to know there's a problem. Never mind taking credit card numbers and providing no customer support.
On Sep 7, 2013, at 7:58 PM, Keith Medcalf <kmedcalf@dessus.com> wrote:
The appropriate party to inform would be the FBI ... The word fraud comes to mind, and millions of 50 centses puts company officers in prison for a long long long time.
The charges did indeed expire rather than get posted. None of which excuses Yahoo!'s complete lack of customer support (and broken charge system), but at least there's that.
----- Original Message -----
From: Kee Hinckley <nazgul@marrowbones.com> To: "nanog@nanog.org list" <nanog@nanog.org> Cc: Sent: Sunday, September 8, 2013 2:21 PM Subject: Re: Yahoo is now recycling handles
On Sep 7, 2013, at 7:58 PM, Keith Medcalf <kmedcalf@dessus.com> wrote:
The appropriate party to inform would be the FBI ... The word fraud comes
to mind, and millions of 50 centses puts company officers in prison for a long long long time.
The charges did indeed expire rather than get posted. None of which excuses Yahoo!'s complete lack of customer support (and broken charge system), but at least there's that.
So, Yahoo *actually* had a working cust-support at some point? I obviously missed that boat. I have had three perfectly valid handles reclaimed in the last three weeks ( my yahoo addr.book is tiny!) I just let the holders of said handles know the implications of what happened and asked they let everyone else know NOT to use said handle@yahoo ./Randy
To their (partial) credit they are also supporting a new email header : Require-Recipient-Valid-Since: via draft-ietf-appsawg-rrvs-header-field The idea of this header is that it will allow a sender to control that a user will only receive an email if that email address was valid before a specific date, thus at least stopping someone from using a recycled account to carry out a password reset on another service. Facebook at least is already sending this header on all emails. Overall this is nothing new - Hotmail has been doing the same thing for years. Scott On Tue, Sep 3, 2013 at 8:09 PM, Jay Ashworth <jra@baylink.com> wrote:
Whackiness, predictably, ensues:
https://medium.com/editors-picks/46b47d95b957
You can do the math how this might affect you, your services, and your users, if you have those.
Will people *ever* start listening when we tell them how Bad an Idea something is? The RISKS are endless...
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
On 9/3/2013 11:57 PM, Scott Howard wrote:
Overall this is nothing new - Hotmail has been doing the same thing for years.
Scott
When I used to use Hotmail - Your account was dropped after 30-60 days of non-use. Whereas Yahoo kept accounts active forever until recently. Granted it's been >15 years since I've used a Hotmail account regularly. Microsoft *may* change their policies more often than that.
On Sep 3, 2013, at 9:12 PM, ML <ml@kenweb.org> wrote:
On 9/3/2013 11:57 PM, Scott Howard wrote:
Overall this is nothing new - Hotmail has been doing the same thing for years.
Scott
When I used to use Hotmail - Your account was dropped after 30-60 days of non-use.
Whereas Yahoo kept accounts active forever until recently.
as an ex yahoo security guy for many years, my recollection is this isn't the case. starting 8-10 years ago accounts which went dormant for extended times had actions taken on them. e.g. free accounts not logged into for a while (order of a year) had their old email archived, or maybe even erased, i am not recalling exactly which... accounts already in that inactive state could at any point have their names reclaimed, but the process of doing that was (as i recall) a manual and infrequent one. i remember it happening two or three times over about 8 years, so that would make it a big batch about every year or two. (several kinds of accounts, such as paid accounts, accounts managed for partners such as sbc and rogers, and those deactivated for abuse were kept around forever in the deactivated state so they couldn't be ever reregistered and reused for similar abuse.) (yahoo internally understands the difference between the old account and the newly registered eponymous account because account registration date (at the granularity of a week) is logically part of the yahoo id whenever ids are used, exported, compared with other ids, looked up or stored in databases, etc..) (it was a fairly common bug we would find in our security reviews for programmers to ignore the regweek, for example, when exporting lists of ids for some purpose). btw: i don't think it's so unreasonable to treat a free account that hasn't been logged into for 2-3 years as abandoned. i agree it can have unfortunate side effects (particularly domain name takeover of long-registered names). in its early days, one of the reasons people switched to gmail was that they could get a better name there than e.g. blah32975@yahoo.com. (this was slightly exacerbated because for a number of years if someone had mis@yahoo.com, the cohort address in other ccTlds such as blah32975@yahoo.co.uk was also not available to be registered.) approximately 5 years ago, yahoo split out some populous countries into their own name spaces, which made a lot more names available to be registered. there was a land rush, in fact, to register "good names", and some people were not-so-amusingly trying to sell them.
Granted it's been >15 years since I've used a Hotmail account regularly. Microsoft *may* change their policies more often than that.
On Sep 4, 2013, at 12:12 AM, ML <ml@kenweb.org> wrote:
On 9/3/2013 11:57 PM, Scott Howard wrote:
Overall this is nothing new - Hotmail has been doing the same thing for years.
Scott
When I used to use Hotmail - Your account was dropped after 30-60 days of non-use.
Whereas Yahoo kept accounts active forever until recently.
Granted it's been >15 years since I've used a Hotmail account regularly. Microsoft *may* change their policies more often than that.
Back when I ran nether.net as full scale public access, I would reap unused accounts after some period of time..l don't recall anymore as that was almost 15+ years ago now. But one month seemed like the right number. I had almost 100k accounts at most points... Was fairly crazy. A least the Internet archive captured some of the cool stuff the users did back then. - Jared
Scott Howard wrote:
The idea of this header is that it will allow a sender to control that a
Sender has no control and asks a receiver perform some control, which may be ignored by the receiver.
user will only receive an email if that email address was valid before a specific date, thus at least stopping someone from using a recycled account to carry out a password reset on another service.
It does not work as protection against transferred domain.
Facebook at least is already sending this header on all emails.
Someone might want people keep using mail services monitored by USG. Masataka Ohta
participants (23)
-
Alex Buie
-
Jared Mauch
-
Jason Hellenthal
-
Jay Ashworth
-
Joe Greco
-
John Levine
-
Kee Hinckley
-
Kee Hinckley
-
Keith Medcalf
-
Leo Bicknell
-
Lixia Zhang
-
Mark Seiden
-
Masataka Ohta
-
Michael Thomas
-
ML
-
Nikolay Shopik
-
Peter Kristolaitis
-
Randy
-
Randy Bush
-
Royce Williams
-
Scott Howard
-
Valdis.Kletnieks@vt.edu
-
Warren Bailey