Relevant and coincidental personal anecdote:
10 years ago I caught my x-wife in an affair as she was using this same method the communicate with her lover. Her choice of email address for the shared account raised alarms on my firewall, so it was a simple matter to track to her machine. While she had gone to the similar trouble to delete all records on Yahoo (coincidentally), she had been browsing with IE which, due to some off-line setting, was cacheing locally all of the pages she had written. It was simply a matter of laying hands on her laptop and downloading all of that cache to expose the ruse.
I cannot find the article, but I believe this method of sharing access to one e-mail account to many parties was one of the comms methods employed by the 9/11 terrorists, pioneered by Columbian drug lords.
I wonder if this would now technically be an offence under the Computer Misuse Act (CMA) as presumably she didn't give you authorisation to access her laptop?
"Her choice of email address for the shared account raised alarms on my firewall"
That's a pretty serious firewall you have there. Assuming that s/he was not using encrypted smtp and imap or pop, then you still have a L7 filter that reads and logs email addresses and alarms on them. Now it is unlikely (to me) that you would have a whitelist of acceptable email addresses with which to alarm. I can think of a few other things you might have done to trigger alarms and all of them are pretty distasteful.
So I will conclude you simply violated her civil rights and spied on her.
I feel sorrow for you, genuinely, that you have had a relationship problem but I suspect that it would have been easier to find out what was going on in the various old fashioned ways, rather than farting around with IT and being a bit creepy.
I have trouble understanding why people go through such lengths to maintain a hidden affair. If you've decided to have a long-term relationship with the new person, why not just file for divorce instead of going through ridiculous lengths to hide your new relationship? It seems like a lot of trouble, plus it makes it very clear that you're a terrible person when it's discovered.
Please forgive my nosy question, but was she financially dependent on you or was there some other reason for her to maintain the marriage?
Here's a thought: what if 'Yahoo gives FBI snapshots' is actually parallel construction, but Yahoo are not allowed (under PATRIOT or whatever) to admit the extent of their cooperation with three letter agencies (for instance, that they hand over everything they see without requests being made). Do they have to refuse to comply with the court?
The idea that Yahoo is covering for a government surveillance program is entertaining, but it hardly seems difficult to believe that they aren't actually deleting what they say they are deleting. Of course, keeping copies of everything forever in violation of their own policy is not exactly going to make law enforcement unhappy.
I suspect that yahoo and other companies haven't yet taken the issue of failing to delete data that should be deleted as seriously as that of losing data that shouldn't be deleted, but this has the potential to become a significant privacy issue.
Data retention is negotiated and spelled out in detail in NDAs for contract research organizations. It's easy to delete data from servers once a project is done, but the backup tapes also have copies. You can't throw the tapes out, because the company needs them, hence there are agreements what happens to the data and tapes, and nowadays these are standard practice.
This is a solved problem in the real world, but some companies would have us think it's the Wild West, when in fact it isn't.
The solution with backup tapes is obvious, you encrypt the files on the tapes with session keys and encrypt a copy of the session key with a client/project or project key stored on a separate random access medium. When the project needs to be deleted you destroy the key for that project, job done. The most difficult bit is enforcing the proper ownership and location of files so that you know which ones belong to which project. More complicated schemes can sllow files to be shared between projects but the basic principle remains the same.
If you ever see an auto-complete feature on a website, it's probable that that website is logging every keystroke. If you type "thermal detonators" into Google, but never actually click the button, it's still flagged up aboard the Imperial Command Ship.
Doubt it. Remember the NSA "scandal" that lasted a few months before people went back to not caring? Remember Kony 2012? North Korea's human rights violations? You'll never fix the problems in America until you fix the horrifically apathetic attitude of Americans.
Aren't backups basically a guarantee that you can never ever delete anything from anyone's server? Even if you hit delete on an email/post/photo/etc. if they made a backup before then, your data will now forever live on in some vault or maybe just Amazon Glacier. I can't imagine that Yahoo would go and retroactively remove your email from their backup tapes/optical discs/offline hard drives/clay tablets that they use.
The nearest thing to a "standard" for retention of operational backups is 30-60 days. For organisations retaining backups as part of some ill-conceived archive, 7 years is typical; for organisations retaining backups under legal hold, or whose backup process is out of control, indefinite retention is not unheard of.
So while it's possible that backups mean you can never be entirely certain your deleted data will stay deleted, it's most certainly not guaranteed.
In Europe, the recently enacted General Data Protection Regulations "GDPR" which will come into force in 2018 will in theory require organisations to ensure that personal information is removed in an appropriate timeframe - this would include disposing of backups, or where data is comingled, ensuring at a granular level that data is blacklisted for restore.
It remains to be seen how practical that will be, so moving to retentions appropriate for operational restore may be the more sensible solution.
I could imagine drafts have much less diligent deletion policies vs sent emails. Auto-save mechanisms typically keep a long history of diffs, or whole versions.
We've banned this account for violating the HN guidelines. Normally I would let you know that personal attacks are not allowed on HN, that this is a bannable offense, and ask you not to do it again. But in your case we already did that.
Edit: I reversed this because I'm not sure I interpreted the comment correctly.
[+] [-] codemogul|9 years ago|reply
I cannot find the article, but I believe this method of sharing access to one e-mail account to many parties was one of the comms methods employed by the 9/11 terrorists, pioneered by Columbian drug lords.
[+] [-] keketi|9 years ago|reply
[+] [-] jacquesm|9 years ago|reply
[+] [-] pbhjpbhj|9 years ago|reply
[+] [-] gerdesj|9 years ago|reply
That's a pretty serious firewall you have there. Assuming that s/he was not using encrypted smtp and imap or pop, then you still have a L7 filter that reads and logs email addresses and alarms on them. Now it is unlikely (to me) that you would have a whitelist of acceptable email addresses with which to alarm. I can think of a few other things you might have done to trigger alarms and all of them are pretty distasteful.
So I will conclude you simply violated her civil rights and spied on her.
I feel sorrow for you, genuinely, that you have had a relationship problem but I suspect that it would have been easier to find out what was going on in the various old fashioned ways, rather than farting around with IT and being a bit creepy.
[+] [-] brunoqc|9 years ago|reply
What does that even mean?
[+] [-] dpark|9 years ago|reply
Please forgive my nosy question, but was she financially dependent on you or was there some other reason for her to maintain the marriage?
[+] [-] beachstartup|9 years ago|reply
[+] [-] cloudjacker|9 years ago|reply
[+] [-] pliny|9 years ago|reply
[+] [-] anonymousab|9 years ago|reply
Or perhaps some immunity to any results.
[+] [-] resoluteteeth|9 years ago|reply
I suspect that yahoo and other companies haven't yet taken the issue of failing to delete data that should be deleted as seriously as that of losing data that shouldn't be deleted, but this has the potential to become a significant privacy issue.
[+] [-] HarryHirsch|9 years ago|reply
This is a solved problem in the real world, but some companies would have us think it's the Wild West, when in fact it isn't.
[+] [-] TechnicalVault|9 years ago|reply
[+] [-] greenyoda|9 years ago|reply
[+] [-] falcolas|9 years ago|reply
[+] [-] gaius|9 years ago|reply
[+] [-] colejohnson66|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] IgorPartola|9 years ago|reply
[+] [-] scoot|9 years ago|reply
So while it's possible that backups mean you can never be entirely certain your deleted data will stay deleted, it's most certainly not guaranteed.
In Europe, the recently enacted General Data Protection Regulations "GDPR" which will come into force in 2018 will in theory require organisations to ensure that personal information is removed in an appropriate timeframe - this would include disposing of backups, or where data is comingled, ensuring at a granular level that data is blacklisted for restore.
It remains to be seen how practical that will be, so moving to retentions appropriate for operational restore may be the more sensible solution.
[+] [-] lox|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] catfood|9 years ago|reply
[+] [-] geggam|9 years ago|reply
* my speculation
[+] [-] perseusprime11|9 years ago|reply
[+] [-] satysin|9 years ago|reply
[+] [-] falsestprophet|9 years ago|reply
[deleted]
[+] [-] dang|9 years ago|reply
Edit: I reversed this because I'm not sure I interpreted the comment correctly.
We detached this comment from https://news.ycombinator.com/item?id=12153922 and marked it off-topic.