• by Wendy Davis , November 3, 2025

Yahoo is urging a federal judge to dismiss a lawsuit claiming it violates consumer protection and privacy laws in New York and California with ConnectID -- an ad-targeting mechanism that tracks users based on encrypted email addresses.

In papers filed late last week, Yahoo argued to U.S. District Court Judge Denise Cote in the Southern District of New York that the claims should be thrown out for several reasons -- including that, according to the company, the plaintiffs consented to any alleged tracking.

The company's new arguments come in a battle dating to April, when Vermont resident Tyler Baker alleged in a class-action complaint that Yahoo developed persistent, unique identifiers to track people, "despite knowing these types of identifiers were at odds with users’ expectation of privacy."

A group of Californians and a New York resident later joined Baker as plaintiffs. They alleged in amended class-action complaint that they used their email addresses to create accounts at FanDuel, Realtor.com, CBS Sports and US Magazine, and that Yahoo then drew on those email addresses to develop persistent identifiers.

Their complaint includes claims that Yahoo violated California's privacy laws, including the state wiretap law, and a New York prohibition on deceptive or unfair business conduct.

Yahoo in September urged Cote to dismiss all claims for numerous reasons. Among others, Yahoo said the plaintiffs consented to its alleged practices by accepting the privacy policies at CBS Sports and other sites. (Yahoo also said at the time that FanDuel doesn't use ConnectID.)

The plaintiffs countered that Yahoo's own statements do not "come close to establishing actual, affirmative consent to the widespread, continuous tracking and profiling Yahoo engages in," and that statements by other publishers don't disclose enough information to inform users about ConnectID.

But Yahoo argues in its October 31 motion that the law doesn't require that level of specificity.

"Consent may be established where, as here, a policy discloses data-sharing with 'partners,' regardless of whether those partners are identified by name," Yahoo says in its new papers.

Yahoo also says the complaint's allegations, even if proven true, wouldn't show that the company violated California's wiretap law. That statute includes language prohibiting anyone from reading or learning, or attempting to read or learn, the contents of communications "in transit," without all parties' consent.

The company draws on a recent ruling by U.S. District Court Judge Vince Chhabria, who dismissed claims that the website Eating Recovery Center violated the wiretap law by allegedly sending data about visitors to Meta. Chhabria specifically ruled that the information was not "in transit" when Meta read (or attempted to read) it.

Yahoo is now urging Cote to follow that ruling, arguing that even if the allegations in the complaint were proven true, they wouldn't show that the company intercepted or read the contents of a communication while it was in transit.

The allegations "confirm that Yahoo receives information after it has been hashed," Yahoo writes, adding: "Plaintiffs do not allege that any data is in Yahoo’s possession before hashing, let alone obtained 'in transit.'"

Cote has not scheduled oral arguments in the matter.