More @Yahoo ickyness
by Doc Searls Friday, September 23, 2016

One of the dumbest things Yahoo has ever done (among all the other dumb things it has done over the decades), is forcing everybody on Flickr to move to a Yahoo email address and login after Yahoo bought the company eleven years ago.

This was not only a huge pain in the ass for its customers and users, but made Yahoo IDs the largest possible bigger toxic asset. Two ways.

First, it created a maximally tempting honey-pot for login/password thieves—who apparently made off with half a billion of those in 2014. (Which apparently they just found out.)

Second, it made Yahoo properties such as Flickr nearly un-sellable as stand-alone entities, because unscrewing every user and customer from the namespace is complicated and expensive. When I published my hope that somebody (say, Adobe) buy Flickr, Stewart Butterfield, Flickr's co-creator (and now boss of Slack), tweeted, "'Buying' it would probably be free. Assuming liabilities and transitioning Ops maybe $500-800M?" (In a tweet today, he explains, "Undoing the ID/auth stuff would be tough, but I actually meant transitioning petabtyes of storage along w/ compute, bandwidth, etc.") Kind of like pulling up and moving a skyscraper, I gather.

I'm guessing that Verizon, which presumably is acquiring Flickr among the rest of Yahoo's assets, will keep the Yahoo brand and existing Flickr (Yahoo email) logins. (In other words, it won't un-Yahoo it.) But I dunno.

I also don't know why logging into my four different Flickr accounts using Yahoo email addresses has always been hard, but it is. And now changing those logins is even harder. I just tried again, and failed.

But I guess if nothing bad happened to me back in 2014, the old logins and passwords still haven't been exploited. But that doesn't mean they are not safe. Or that they are easy to protect.