Tech analyst Frank Catalano calls Yahoo! policy into question

Our assurance of online privacy seems to become more important to us as the Internet evolves, but at the same time, it seems that our privacy is eroding due to e-mail addresses being sold to spammers.

Recent Yahoo privacy changes has caused one South Sound technology journalist to discontinue his popular Yahoo!Groups e-mail newsletters.

Tech analyst, author and longtime broadcaster on Seattle’s Fox affiliate KCPQ-TV Frank Catalano has discovered a gray area in’s privacy policy that should give Internet users cause for concern.

Q: Your two e-mail newsletters Byte Me and Just Enough Strategy have been very popular for many years. What prompted you to discontinue them last month?

Catalano: Well, a little bit of background first. I’ve been doing e-mail newsletters continuously for eight years now.

I had switched over to a service called eGroups to handle maintaining the mailing of the newsletters. It’s a list service that allows people to subscribe and unsubscribe on their own without my direct intervention. eGroups was acquired by Yahoo! about two and a half years ago. They turned it into Yahoo! Groups.

Now on the surface that would seem like a good thing because it provides financial stability for the eGroups function. It provides a lot more resources for people who were members of this group.

One of my subscribers asked me in August, “What’s your privacy policy for e-mail addresses?” I said my privacy policy was very straightforward. I will not sell, rent or share your e-mail address. Period.

So he asked me what Yahoo’s privacy policy was for Yahoo! Groups. I did a bit of research and I discovered there was a bit of a gray area in Yahoo’s own privacy policy because their policy primarily deals with people who become members of Yahoo! and get a Yahoo! ID.

Under that privacy policy, Yahoo! can share personal information including e-mail addresses with what Yahoo! calls “Trusted Partners.” Now a trusted partner is usually a company that has cut a deal with Yahoo! for marketing purposes.

How the e-mail list works is you basically subscribe with your e-mail address. You’re not really a member of the server that’s hosting it. You’re a member of the list.

A lot of my newsletter subscribers subscribed only by e-mail directly to me. They never became members of Yahoo!. They never went to Yahoo’s Web site and signed up for it.

Q: Where do they fit in this privacy policy? Is this a loophole in Yahoo’s privacy policy?

Catalano: I think it’s a gray area and it’s a little disturbing. I sent an e-mail in the middle of August about this to Yahoo! Customer Care. Heard nothing. Send another e-mail a month later. Was referred to their feedback page. Heard nothing. Sent a fourth e-mail in the middle of October. Finally got a response back, after asking the same question for two months, that states, “Your message regarding the Yahoo! privacy policy raises legal issues that are not addressed by Customer Care. This kind of issue may better be resolved by consulting our Privacy Center for additional information or by consulting with your legal adviser for an interpretation of our privacy policy.”
So bottom line is they basically said, “Hire an attorney to try and figure out what we’re trying to tell you.”

I suggested back to Yahoo! that any privacy policy that requires an attorney is probably a bad privacy policy.

Q: Yahoo! is a member of the Trustee organization, so you’d think they’d be under some tight regulations.

Catalano: Trustee is voluntary so there’s no real regulation. All Trustee says is “We recommend you have a privacy policy. Here are the things you should address in your privacy policy.”

Trustee is based on disclosure, not restriction. So if any company wants to say, “Yes, we get your e-mail address and sell it to every spammer in the universe,” Trustee would be OK with that because that’s disclosure.

Part of the problem with anybody that subscribes to Yahoo! Groups by e-mail only and never becomes a member of Yahoo! is that Yahoo! Groups is a gray area.

They recently changed their privacy policy and now say anyone who uses Yahoo’s products or services is party to this privacy policy.

So a strict interpretation, without hiring an attorney, indicates that if you’re an e-mail subscriber to a Yahoo! Group – guess what? You are using a Yahoo! service. Therefore you were bound by their privacy policy. Therefore, if they wish, they can share your e-mail, address and personal information with their “Trusted Partners,” as they call them.

Q: The big question is will Yahoo! really violate all those peoples’ trust?

Catalano: It would be a bad business move on their part. The thing is, I have promised my subscribers that I will never sell, share or rent their private information and I now can’t trust Yahoo! not to do that, so I shut down my lists until I find another place to host them.

If you want to take this to a ridiculous level, let me give you an example. If you send an e-mail to somebody at, it goes on to their servers. Are you using their products and services? Yes. So theoretically if Yahoo! really wanted to push their privacy policy, they could push it to the point that when any e-mail is sent to a address, they have the right to share them with “Trusted Partners.”

Frank Catalano can be reached via his Web site at The full audio interview with Frank Catalano can be heard Saturday at 11am on KLAY 1180 AM or anytime at

Dana Greenlee is a Web designer and co-host of the WebTalkGuys Radio Show, a Tacoma-based talk show featuring technology news and interviews. WebTalkGuys was just named the top “Hidden Gem” in PCWorld Magazine’s August 2002 issue. It is broadcast locally on KLAY 1180 AM Saturdays at 11 a.m. The show is also on CNET Radio in San Francisco, on the Web at,, via the XM Satellite Network, on IM Networks’ Sonic Box, on your Palm Pilot through and on your phone from the Mobil Broadcast Network. Past shows and interviews are also Webcast via the Internet at