--- Date: Sun, 14 Jul 2002 11:03:19 -0400 To: Declan McCullagh <declanat_private> From: Monty Solomon <montyat_private> Subject: Do y*u Y*h**? http://www.ntk.net/2002/07/12/ >> HARD NEWS << in powers of two Nice to see, in the midst of all these scandals, Yahoo turning a healthy profit. But as other companies fiddle the figures, Yahoo's been busy instead with fiddling its own users' private correspondence. In a fantastically clumsy attempt to prevent cross-site scripting attacks, the free e-mail wing of the sprawling giant has long been replacing complete English words in the text of HTML mail sent to its users. Mention "mocha" in an HTML mail to a friend with a @yahoo.com account, and your choice in coffee will be silently switched to "espresso". Talk about "free expression", and your recipient will think you said "free statement". Here's the full list of swaperoos: http://www.ntk.net/2002/07/12/yahoo.txt - try not to mail it to your friends This fiddling has been going on now for over a year year (the ever vigilant RISKS digest noted it back in March 2001). But because of Yahoo's underhand methods, very few people have spotted the turnabout - certainly far fewer than if Yahoo had done the sensible thing and, say, "**"'ed out the vowels in the word, or, God forbid, written a smarter parser. But the sneakier you are, the wider the damage spreads. The word "medieval" (since it contains the javascript command "eval") is converted in Yahoo mail to "medireview". Google now shows over 640 sites (and 1,150 separate instances) of the word "medireview" being used as a synonym for medieval. University papers, bibliographies and book reviews, Indian newspaper columnists, and endless enthusiast sites drop it unseen into texts. People have begun to ask where it originally came from, and does it have a subtler meaning beyond "medieval"? Is Yahoo ever going to fix its filters? Or is it time we pushed to get the first regexp-obfuscated word into the Oxford English Dictionary? http://catless.ncl.ac.uk/Risks/21.34.html - does anyone still at Yahoo even know how to turn it off? http://www.google.com/search?q=medireview - NTK now entirely filled with google links ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 00:43:57 PDT