Your privacy: Verizon's takeover of Yahoo is all about user data

Privacy advocates say bigger may not be better for consumers as Verizon prepares to buy Yahoo for about $4.5 billion.

Feb. 24, 2017 3 AM PT

Verizon Communications and Yahoo have come to terms on the telecom giant’s takeover of the seen-better-days Internet company. Now, millions of Yahoo users have something else to consider: Verizon’s aggressive use of customer information.

Put simply, if you think Yahoo played fast and loose with people’s privacy, wait until you see what’s in store from the new owner.

Verizon and Yahoo announced this week that they’d agreed to shave $350 million off Yahoo’s $4.8 billion asking price to reflect huge security breaches that affected the accounts of more than 1 billion Yahoo users. Verizon said that, despite Yahoo’s seeming inability to safeguard customer data, “this acquisition makes strategic sense.”

Here’s why: The more information Verizon can amass about people’s online behavior and activities, the more it can compete with the likes of Google and Facebook in leveraging that info with marketers.

For Yahoo users, that’s a polite way of saying the company looks forward to selling you out.

“It’s pretty much the fox taking over the henhouse,” said Marc Rotenberg, president of the Electronic Privacy Information Center. “Verizon has always been sneaky about its privacy practices, and Yahoo is the poster child for security breaches.”

The upshot of the merger, he said, is “an opportunity for greater profiling and tracking of Internet users.”

There are some people who will yawn and shrug their shoulders. We inhabit a “sharing economy,” they’ll say, so what’s the harm in businesses looking over your online shoulder?

The harm is that the more we accept corporate oversight of our digital doings, the more we condone a world in which our personal information no longer belongs to us. It becomes theirs, to do with as they please.

Moreover, as we’ve seen again and again, businesses are manifestly unworthy of our trust when it comes to safeguarding that information. Yahoo’s breaches may represent extreme negligence, but they’re little different from the more than 7,000 other known database hacks since 2005.

The number of U.S. victims of fraud and ID theft topped 13 million last year, representing $15 billion in losses, according to Javelin Strategy & Research. Over the last six years, ID thieves have made off with $112 billion, or $35,600 every single minute.

“Fraud is evolving at a frantic pace,” said Al Pascual, Javelin’s head of fraud and security. He said that every time businesses crack down on one type of cyberscam, “criminals quickly shift their attack vector and area of operation.”

As if that wasn’t troubling enough for consumers, there’s also the ongoing challenge of knowing what businesses are legally doing with our data. They all say they respect and diligently protect customers’ privacy. The reality, however, is that people’s data has become a commodity that can (and will) be used to increase revenue.

Verizon hasn’t been shy about using what it knows about customers’ online activities as a profit center.

In 2014, I reported that Verizon was “enhancing” its mobile ads by monitoring people’s online activities even when they weren’t connected to Verizon’s wireless network. The company was sneakily downloading code into customers’ computers that allowed it to continue tracking websites visited regardless of who provided the Internet access.

In 2015, I reported that Verizon was using so-called super cookies to more closely track customers online. Unlike normal cookies — code that monitors the sites you visit — Verizon’s super cookies couldn’t be easily detected or deleted, meaning that Verizon was keeping customers on electronic leashes, regardless of whether they approved.

The company was fined $1.35 million by the Federal Communications Commission last year and agreed to give customers the ability to opt out of such tracking.

Verizon says in its privacy policy that information shared with advertisers “does not identify Verizon customers individually.” But Rotenberg, for one, called this a dubious claim.

“Almost no words in that sentence are true,” he told me.

Many consumer advocates believe that so much customer information is now available, it’s virtually impossible to keep someone anonymous. Moreover, the notion of online anonymity is belied by the fact that advertisers are obsessed with targeting specific people with specific ads, which means they have to know who they’re going after.

Chris McCann, a Verizon spokesman, declined to directly address that issue. He said the company notifies customers “about how we use their information and give our customers choices about how their data may be used for advertising purposes and we respect the choices our customers make.”

Or not. Verizon and other Internet service providers are lobbying to roll back privacy rules adopted by the FCC in October. Among other requirements, service providers now must seek customers’ permission — an opt-in — before sharing data with others. Verizon prefers an opt-out system because it knows that few people will go to the trouble.

“We believe this approach meets our customers’ privacy expectations,” the company said in a statement last month.

Chris Hoofnagle, a UC Berkeley law professor who specializes in privacy issues, said the Verizon-Yahoo deal is “part of a larger trend of merging to create mega data brokers to compete with Google.”

The edge Verizon is trying to bring to the equation is helping marketers find people no matter where they lurk, he said.

As the owner of both Yahoo and AOL, which it acquired last year, Verizon will have access to the online interests of millions of Americans. As one of the country’s biggest wireless and Internet service providers, it knows who you are, where you are and, often, what you’re doing.

My advice? Take the time to opt out of as much data sharing as possible.

Go to the privacy policies of every telecom company you deal with — the cable company, the phone company, Internet companies — and do a search for “privacy preferences” or “opt out.” This should bring you to a page where you can uncheck all the data-sharing boxes that the company so helpfully checked on your behalf.

This will be time consuming, and that’s deliberate. You’ll likely need your account number handy. And it may not make a whole lot of difference in the grand scheme of things.

But if we don’t fight for every scrap of privacy, we’re tacitly telling businesses that we don’t care.

It’s your information. Treat it as such.

David Lazarus’ column runs Tuesdays and Fridays. He also can be seen daily on KTLA-TV Channel 5 and followed on Twitter @Davidlaz. Send your tips or feedback to david.lazarus@latimes.com.

ALSO

Writers Guild of America prepares for potentially tense contract negotiations with major studios

Disney cuts about 80 jobs in digital media unit that includes Maker Studios

Big new convention center hotel proposed for downtown L.A.