Slashdot Mirror
AOL Selling AIM Gateway/Listener To Employers
PizzaFace writes "After pushing free instant messaging to more than 100,000,000 users, AOL is now selling AIM-monitoring software to businesses that want to monitor and control the messaging of their employees. AIM Enterprise Gateway will reportedly sell for about $35/employee/year."
AOL is just catering for that market. I don't see anything insidious, evil, or otherwise overly noteworthy about this...
Ray
this could help move more and more users to use alternate messaging utilities in fear of getting fired from sending IMs to their friends...msn anyone?
Now there's a pretty good subscription based service! Get people hopped up on IM'ing, then monitor their every move for lude and lavicious comments. Every Human Resources person must be loving the potential of this. No more 'downsizing' excuses, or we've eliminated the position.' Now is just, 'remember that comments you made two years ago...''
1 - for $35 an employee, it would a wiser decision for such a company to simply ban the use of aim, and either use else, or develop their own, in house. 2 - i see this as a bottom of the barrel effort by aol to generate some revenue. hopefully, this signals the beginning of a near end for aol.
In germany AOL is already on the downward spiral, The only strong base they have are the dial up accounts,and they are growing slow,then the jumped on the broadband wagon way too late and now this, AOL lost its battle for market share in germany already this wont do anything to improve it.
That people already have been encrypting their messages through reverse engineered AIM protocol clients which aren't the standard one that AIM allows people to download.
And on the flip side, people already have been snooping on AIM conversations through the regular sniffing tools that come with any standard linux distribution.
But! If you make it official that you will remain in control of your protocol instead of opening it up, and roll your own equivalent tools up, and sell them at a decent price, then they will bite. I agree.
However, at 35 bucks a head a year at a large company, I'd be tempted to just have the employees use a stock client distribution with/without encryption abilities and hire a technie to take care of the snooping if I care to do that. Or just ditch AOL and use one of those others ones like jabber with all the same abilites.
But hey, sometimes you just get that knack to spend your corporate money you know?
"A new, more secure version of AOL Instant Messenger, or AIM, will enable businesses to read instant messages sent by employees"
How, under any definition of security does this make it more secure?
side note: does slashdot seem very slow to anyone else today?
a little snoop based on ip address, then grep out the relevant stuff.
I only do this when directed by management, for bandwidth reasons, but it's nice to know that I'm doing my part to save marriages and relationships.
But if you want to line the pockets of AOL/Time-Warner, go right ahead.
A. Rightmann
I can appreciate the need to do this -- but Jabber seems a better solution.
Company runs its own Jabber server. Everyone there has a user@yourcompany.com address. Internal messages between folks in the company never go outside. Admins who want to do monitoring or whatever can do that. Users who want interoperability with AIM or whatever can do that -- *if* the admins decide to install the AIM connector on the server. And it sure doesn't cost $35/seat.
Ritter anticipates that encrypted instant messaging will appeal greatly to federal agencies that want secure, interagency instant messaging. "Our military and intelligence customers are more interested in the secure version," Ritter said.
This is certainly at least a little bit of an exaggeration. You can't put classified information on any system that has any kind of communications software or hardware on it. You have to physically disconnect all connections before starting in classified mode. The only exception is machines on a network that has only classified systems and uses some form of secure line for transport between the nodes in the network. There are only a handful of such networks, and you won't have one on your desk. There will most likely be only a few such machines per facility.
There already is a system for the transmission of classified data between different personnel in the government. It's called, to use technical terms, the "secure telephone." For documents, you can use a technology called the "courier" - an organic system that has advanced intelligence functions and is capable of defense through the use of an integrated firearm.
Much of the unclassified stuff is transmitted in the same way as classified information. There are also secure networks that are used for the transmission of unclassified but sensitive information.
If it's anything that requires encryption, it will be transmitted over a secure network, or will be handled through other procedures. This IM system really has no application to the military or intelligence communities.
As a network sysadmin, I generally don't want anything on the computers I work on that I didn't put there. Simple solution: user rights. My users cannot install any software without oversight. Limited privileges = no instant messaging software = no viruses transferred through IM software, pr0n, mp3's, etc. =no need to govern over IM use in the first place. Problem solved.
Never look down your nose at others. Someday, someone is bound to see your boogers.
"find a company that supports employee privacy on company equipment over covering its own ass. Good luck, because I've never heard of one."
My previous career was as a legal secretary.
One very nice thing about that job was that you could very safely assume that you had privacy while working, using the equipment, phones, faxes, etc. Reason? EVERYTHING you touch has Attorney-Client privilege and is either employee- or company- confidential. Anyone who is not supposed to be privy to your data, communication, files, etc., would be putting the company at risk by snooping, and no-one, not an IT manager, not the president, has authority that supersedes an attorney's requirement for privacy.
So, if you work anywhere in the legal field, you won't have to put up with this kind of thing (routine transcripts of your commo without clear accountability at every step.)
-fb Everything not expressly forbidden is now mandatory.
I don't see what the big deal about this is, it's not like you couldn't find this stuff out in the past without this.... and for free no less.
I work at a college, and the network admin here wanted to try out this mini-distro called PLAC for Portable Linux Auditing CD. Basically it's supposed to be small enough to be burned onto one of those business card sized CD's, and they're bootable. So basically you can pop it into a CD drive and boot a machine to this auditing software. Well, since he wanted to try it out, we setup a small box just inside the firewall here to see what it could find. Well... to be honest, it found a lot. It could grab URL's that people were looking at, emails that they were sending out, and yes, even AIM messages.
The amazing thing is that it would sniff the network packets, but yet report everything in a simple, easily-readable format. It's amazing how much private stuff on the internet isn't private.
This makes me appreciate licq with an SSL connection even more.
-Through the server, over the router, off the firewall... Nothing but 'Net!
to demonstrate a company talking from both sides of its mouth.
In April 2001, AOL filed a motion to quash Nam Tai's subpoena, arguing it should not be required to reveal subscriber information because it would "infringe on the well-established First Amendment right to speak anonymously."
Funny how this topic came up because just yesterday I sent a long-winded email to our LAN Support Admin practically begging for a more feasible (and responsible) way to use IM in the workspace.
.dat file on the computer before I log off.
... that use any type of instant messaging and the justification for changing this system has not been met."
/. the last 2 days? My dsl connection seems fine everywhere else. Did a traceroute but didn't see any noticeable jump.
The company I work for uses ICQcorp, which, AFAIK, is dead software and has sat in beta since it was released in 1999.
Now I won't get into most problems our company has had with instant messenging (the second biggest being users abusing their broadcasting rights), but I will dwelve on one...
ICQcorp is terribly insecure... well, at least the way it was implemented in our office environment. In my department, most people don't have a workstation they can call their own. When you get in, you pick an NT box, log in, and that's that. The problem is that anyone who used that particular box (and logged into ICQ) can have their history of messages viewed easily. The *.dat files can be opened through notepad, and sit locally on the C: drive in the ICQcorp folder. Albeit, the formatting is bad, but you can definitely read it. Since I've discovered this, I've really toned down my instant messenging to the point where it is pretty much all work related, and if I actually remember to do it, I'll delete my own
I just recieved a response back from LAN support and it wasn't very encouraging:
" There are no other departments
I think it's time I maybe had a chat with Corporate Security. Do you guys agree?
P.S.
On a totally unrelated note... anyone else experience unbelievable slowness with
are there any parts of the AIM protocol that still haven't been reversed engineered or published in some form or another?
at 35 dollars a seat per year per head, that's a lot of money to be charging for the same sort of monitoring you could achieve with ethereal and a basic understanding of the AIM protocol (isn't there already an AIM decoder in ethereal?).
either way, it's a pretty nice business model of there's. i guess i'm just worried to see if there's any 'extra' information stored in the AIM protocol that might be of added benefit to management.
otherwise i say no big deal..
This story immediately put me in mind of anti-virus software companies, although in this case it appears to be a matter of the company that sells the solution having caused the problem in the first place.
I'm sure that AOL did not have that in mind* when they first developed AIM but I can't believe that they are not relishing the opportunity to generate even more cash from the monster they created.
*Or am I not being paranoid enough?
I'd rather fall off Ilustrada than ride any other horse
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
Create a wide spread business problem, then sell the solution to the problem...
Who ever thought that one up gets 2 points..
10 years ago it would have been called a fraud.. but in todays world....
---- Booth was a patriot ----
Odd thing is that the actual AOL announcement was actually about trolling out precisely this kind of service. The Washington post take on AOL's move is kinda wierd, employers can already monitor AIM use, what was announced was the encryption piece. The Wash post mentions this, but only mid way through:
Instead, AOL plans to offer private companies and federal agencies a premium version of the service early next year that will enable employees to send encrypted instant messages that can only be read by designated, registered recipients. America Online is developing the encrypted system in partnership with VeriSign Inc., an online security firm.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/