Slashdot Mirror
AOL Selling AIM Gateway/Listener To Employers
PizzaFace writes "After pushing free instant messaging to more than 100,000,000 users, AOL is now selling AIM-monitoring software to businesses that want to monitor and control the messaging of their employees. AIM Enterprise Gateway will reportedly sell for about $35/employee/year."
Because you can encrypt your messages.
AOL is just catering for that market. I don't see anything insidious, evil, or otherwise overly noteworthy about this...
Ray
"Ritter anticipates that encrypted instant messaging will appeal greatly to federal agencies that want secure, interagency instant messaging. "Our military and intelligence customers are more interested in the secure version," Ritter said."
;)
Jeez, better off with RogerWilco than AIM to communicate on the battlefield
this could help move more and more users to use alternate messaging utilities in fear of getting fired from sending IMs to their friends...msn anyone?
Now there's a pretty good subscription based service! Get people hopped up on IM'ing, then monitor their every move for lude and lavicious comments. Every Human Resources person must be loving the potential of this. No more 'downsizing' excuses, or we've eliminated the position.' Now is just, 'remember that comments you made two years ago...''
*friendly aol voice speaking*
"You Got Fired!"
Remember that you are unique, just like everybody else.
Has anyone with a packet logger and a campus LAN been doing this for years? Mine just finds any trafic with the (html)(body right next to each other (and the close html body tags nex to each other too). I have yet to get a false positive.
I thought it was just an unfortunate coincidence when my boss and HR popped into my cube when my pants were down around my ankle due to that hot chat with an 18/f Solaris admin.
1 - for $35 an employee, it would a wiser decision for such a company to simply ban the use of aim, and either use else, or develop their own, in house. 2 - i see this as a bottom of the barrel effort by aol to generate some revenue. hopefully, this signals the beginning of a near end for aol.
That people already have been encrypting their messages through reverse engineered AIM protocol clients which aren't the standard one that AIM allows people to download.
And on the flip side, people already have been snooping on AIM conversations through the regular sniffing tools that come with any standard linux distribution.
But! If you make it official that you will remain in control of your protocol instead of opening it up, and roll your own equivalent tools up, and sell them at a decent price, then they will bite. I agree.
However, at 35 bucks a head a year at a large company, I'd be tempted to just have the employees use a stock client distribution with/without encryption abilities and hire a technie to take care of the snooping if I care to do that. Or just ditch AOL and use one of those others ones like jabber with all the same abilites.
But hey, sometimes you just get that knack to spend your corporate money you know?
Now is your chance to move to jabber. Jabber is an open source server/client/protocol. Some of the clients even support ssl (encrypted) messages. You have to be careful, however, as the auth is still plaintext, even using ssl. But still, jabber may be a good answer: It supports 'gateways' to AIM, yahoo, etc.
Think you have some slackers around the office spending all their time chatting online, spilling the beans about your financials, or just bad-mouthing the CEO? Take AIM and blow them away with our instant message monitoring software!
First Falcon-1 to orbit, then Falcon-9. Then I can die a happy man.
"A new, more secure version of AOL Instant Messenger, or AIM, will enable businesses to read instant messages sent by employees"
How, under any definition of security does this make it more secure?
side note: does slashdot seem very slow to anyone else today?
a little snoop based on ip address, then grep out the relevant stuff.
I only do this when directed by management, for bandwidth reasons, but it's nice to know that I'm doing my part to save marriages and relationships.
But if you want to line the pockets of AOL/Time-Warner, go right ahead.
A. Rightmann
I can appreciate the need to do this -- but Jabber seems a better solution.
Company runs its own Jabber server. Everyone there has a user@yourcompany.com address. Internal messages between folks in the company never go outside. Admins who want to do monitoring or whatever can do that. Users who want interoperability with AIM or whatever can do that -- *if* the admins decide to install the AIM connector on the server. And it sure doesn't cost $35/seat.
My managers are listening to my phone calls
My managers are reading my e-mail
My managers are reading my IMs
My managers are monitoring what candy I get from the vending machine
You know for someone who is supposed to be in charge of managing a department/whatever, has work (or should have) of their own to do, he's taking a really big interest in what I'm doing back here.
MS has had IM as part of Exchange 2000 for 2 years now. Other vendors have sold similar products. I always wondered why AOL never used their IM clout to make money in the enterprise market and try to lock MS out of it in at least 1 product.
Employees should have no expectation of privacy for any information placed into the business equipment of the Company/government... This policy shall serve as notice to any and all that Company/government equipment may be monitored without further notice.
There is plenty of other text that details this, but that's the meat of it. Companies have a right to monitor any traffic to protect their interests. If you don't want your AOL messages watched, find a company that supports employee privacy on company equipment over covering its own ass. Good luck, because I've never heard of one.
I think it's kind of shady on AOL's part to suddenly roll over on its user base. However, there are a lot companies that don't allow IM because it's more difficult to keep an eye on than email. AOL may benefit from more acceptance as a result of this move.
The companies can still get around this, don't assume that they are that inept and encryption will protect you. One thing they can do is install and hide key logging software, software that takes screen shots of what you are writing, etc.
Ritter anticipates that encrypted instant messaging will appeal greatly to federal agencies that want secure, interagency instant messaging. "Our military and intelligence customers are more interested in the secure version," Ritter said.
This is certainly at least a little bit of an exaggeration. You can't put classified information on any system that has any kind of communications software or hardware on it. You have to physically disconnect all connections before starting in classified mode. The only exception is machines on a network that has only classified systems and uses some form of secure line for transport between the nodes in the network. There are only a handful of such networks, and you won't have one on your desk. There will most likely be only a few such machines per facility.
There already is a system for the transmission of classified data between different personnel in the government. It's called, to use technical terms, the "secure telephone." For documents, you can use a technology called the "courier" - an organic system that has advanced intelligence functions and is capable of defense through the use of an integrated firearm.
Much of the unclassified stuff is transmitted in the same way as classified information. There are also secure networks that are used for the transmission of unclassified but sensitive information.
If it's anything that requires encryption, it will be transmitted over a secure network, or will be handled through other procedures. This IM system really has no application to the military or intelligence communities.
So - Fred the McDermitt file, where can I find it?
... oh my god...
Yeah. the game was great! The beer girl
But with AIM you could write very important messages across the battefiled such as
:-(
:-)
:-O
;)
Solider5554: Sarge! We're under fire! We need help!
Sarge0034: Hang in there. You're doing a great job solider
Solider5554: Arrrghhh!!!! I've been hit!
Sarge0034: God, these whining soliders never know when to quit, that god they're dispensible.
Sarge0034: Oppsss. Wrong person sorry.
Solider5554: What!? I need a chopper. I'm losing a lot of blood over here. >:-@
Sarge0034 (warn 10%): Hey, just because you've warned me anonymously, doesn't mean I don't know it's you.
Sarge0034: brb *door slam* as sarge leaves
*door open* as sarge enters
Sarge0034: Sorry had to reboot, did I miss anything?
Solider324: uuuuhhhhhh I don't think I'm going to make it
P.S. Rob, Nate, Jeff, your change of hosting service this week from Exodus East to Exodus West has made Slashdot incredibly s...l.........o...........w....... from Europe. It's taking 2 minutes to load a page compared to 10 seconds on the old host. Did OSDN pull the plug on your funding for the larger pipe at Exodus East? It's understandable but a shame nonetheless because it's going to stop people visiting.
Scroogle
Most AIM users manually encrypt their message using a collection of complex command line tools. Therefore, the content IS secure.
I thought everyone knew that!
come on fhqwhgads
Let's see: I've got issues with the trustworthiness of a large corporation and their fairly ubiquitous software. Why don't I install and use the not nearly as ubiquitous software of a large convicted monopolist company that has time and time again shown explicitly that they can't be trusted with anything, ever. Logic like that will lead straight to upper management.
Any other netadmins out there figure out how to block the kid in the back with a Voicestream cell doing dialup for his IM? He's actually got enough free minutes to stay dialed into his ISP during all 9 hours of the business day, 20 days a month. The boss made me take the tin foil down. What else can I try?
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
"Give a man a fish, he'll eat for a day. Teach a man to fish and you get to sell him fishing gear for a lifetime." :-/
Soko
"Depression is merely anger without enthusiasm." - Anonymous
AOL will NOT be monitoring AIM communications -- what this product essentially does is set up a private network WITHIN a company, based on the AIM protocols. It is that internal communication that is being monitored -- and not by AOL but by the company that buys the software from AOL. I imagine that the users will be able to use their clients to communicate with other AIM users outside their network, but if they don't want to be monitored, they can just download the standard free AIM client and use that instead.
Several of my friends work for IBM, and they have been using something like this software, called Sametime, for a couple years. Sametime may have been a beta of this product.
jf
As a network sysadmin, I generally don't want anything on the computers I work on that I didn't put there. Simple solution: user rights. My users cannot install any software without oversight. Limited privileges = no instant messaging software = no viruses transferred through IM software, pr0n, mp3's, etc. =no need to govern over IM use in the first place. Problem solved.
Never look down your nose at others. Someday, someone is bound to see your boogers.
Add a section to your employee policy document that prohibits using whatever he's using and then fire his ass when he ignores it.
No one ever had to evacuate a city because the solar panels broke!
... and every other kind of IT employee monitoring solution is that they are implemented by the IT DEPARTMENT.
Who by definition are the worst offenders.
And because they're all buddies, they "bypass" the monitoring for their own IP addresses.
Total waste of time.
I don't see what the big deal about this is, it's not like you couldn't find this stuff out in the past without this.... and for free no less.
I work at a college, and the network admin here wanted to try out this mini-distro called PLAC for Portable Linux Auditing CD. Basically it's supposed to be small enough to be burned onto one of those business card sized CD's, and they're bootable. So basically you can pop it into a CD drive and boot a machine to this auditing software. Well, since he wanted to try it out, we setup a small box just inside the firewall here to see what it could find. Well... to be honest, it found a lot. It could grab URL's that people were looking at, emails that they were sending out, and yes, even AIM messages.
The amazing thing is that it would sniff the network packets, but yet report everything in a simple, easily-readable format. It's amazing how much private stuff on the internet isn't private.
This makes me appreciate licq with an SSL connection even more.
-Through the server, over the router, off the firewall... Nothing but 'Net!
Damn right... thought it was just Telewest being crap (S-W England), but from being able to load /. instantly (maybe a couple of seconds), it's now taking around 20-30 seconds *consistently*. Certainly makes posting comments a tedious chore. Grrrr.....
- Oliver
The right to bear arms is only slightly less stupid than the right to arm bears...
How is allowing someone else to monitor my communications more secure?
Just keep in mind who the customer is. In the mass market, the customer is rarely the user.
Nope, no sig
"So easy to spy with, no wonder its Number 1!"
to demonstrate a company talking from both sides of its mouth.
In April 2001, AOL filed a motion to quash Nam Tai's subpoena, arguing it should not be required to reveal subscriber information because it would "infringe on the well-established First Amendment right to speak anonymously."
Funny how this topic came up because just yesterday I sent a long-winded email to our LAN Support Admin practically begging for a more feasible (and responsible) way to use IM in the workspace.
.dat file on the computer before I log off.
... that use any type of instant messaging and the justification for changing this system has not been met."
/. the last 2 days? My dsl connection seems fine everywhere else. Did a traceroute but didn't see any noticeable jump.
The company I work for uses ICQcorp, which, AFAIK, is dead software and has sat in beta since it was released in 1999.
Now I won't get into most problems our company has had with instant messenging (the second biggest being users abusing their broadcasting rights), but I will dwelve on one...
ICQcorp is terribly insecure... well, at least the way it was implemented in our office environment. In my department, most people don't have a workstation they can call their own. When you get in, you pick an NT box, log in, and that's that. The problem is that anyone who used that particular box (and logged into ICQ) can have their history of messages viewed easily. The *.dat files can be opened through notepad, and sit locally on the C: drive in the ICQcorp folder. Albeit, the formatting is bad, but you can definitely read it. Since I've discovered this, I've really toned down my instant messenging to the point where it is pretty much all work related, and if I actually remember to do it, I'll delete my own
I just recieved a response back from LAN support and it wasn't very encouraging:
" There are no other departments
I think it's time I maybe had a chat with Corporate Security. Do you guys agree?
P.S.
On a totally unrelated note... anyone else experience unbelievable slowness with
It's not a magical AIM filter, which is what all the comments are suggesting.
It's a way to run your OWN aim gateway server at your business.
So I am at franks widgets (fwidg). I install the gateway server. Everyone at fwidg logs into the company aim server instead of the official AIM server, as employee@fwidg.com.
So now we have intranet messaging, and apparently others can add us to the contact list as well (outsiders).
OBVIOUSLY since all communication is going through this server, they can log/etc it. But htis is not some sort of magical firewall dropin that listens to aim conversations... there's been opensource projects that can do that for years now.
It looks to me like it's aiming at the jabber and MSN/exchange messenger market. It's a locally hosted central server, so your business stuff isn't going out over the internet, and it authenticates against stuff you already have, according to their marketing. I'd guess that means ldap and active-directory.
are there any parts of the AIM protocol that still haven't been reversed engineered or published in some form or another?
at 35 dollars a seat per year per head, that's a lot of money to be charging for the same sort of monitoring you could achieve with ethereal and a basic understanding of the AIM protocol (isn't there already an AIM decoder in ethereal?).
either way, it's a pretty nice business model of there's. i guess i'm just worried to see if there's any 'extra' information stored in the AIM protocol that might be of added benefit to management.
otherwise i say no big deal..
That's great. Now I can sit at my desk and see what AOLholes have to say:
:)):) ;)
hpyrabbit1981: Ya! LOL!
dlscowboys0101: hi rabbit how r u?
tina23992: me 2!
hpyrabbit1981: @->-- cowbyos
memphisflowershop2: me too! a/s/l?
I don't want that. I let the AOLers have their little messenger and chat rooms and they can crap all over it as much as they want. I much prefer slashdot, where frist porst's and goatse.cx reign supreme!
I really hate signatures, but go to my website.
This story immediately put me in mind of anti-virus software companies, although in this case it appears to be a matter of the company that sells the solution having caused the problem in the first place.
I'm sure that AOL did not have that in mind* when they first developed AIM but I can't believe that they are not relishing the opportunity to generate even more cash from the monster they created.
*Or am I not being paranoid enough?
I'd rather fall off Ilustrada than ride any other horse
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
1. Gives security conscious corporations a reason to allow AIM rather than ban it (not so long ago, I seem to remember, the AIM client had a security hole. Wasn't that '99?)
2. Allows companies to unify their methods of IMing, a product which is actually a really good business tool. If you're on a conference call, phone call, in a meeting...there are lots of times it's great to have a live medium to communicate with a coworker. Easier than remembering Joe down at helpdesk is B1gP3n1s.
3. The CYAN (Cover your ass network). Hey, I know that you don't have to worry about this when you're down at the bar putting the moves on the blonde, but do that at work and it's all of a sudden the company's liability. Of course, you could lose your job. But they could lose money and time too. Don't forget, not every company out there is a big evil CORPORATION.
Those are three fine reasons. Hey, we don't open up the firewall and have mail delivered to a server on every desktop, why do the same with IM? It's a logical way to start partitioning off Instant Messaging, rather than having massive servers off somewhere else handling messages. And in a lot of cases, companies are leery about plaintext running around the web with potential trade secrets. It's silly, when it could route locally.
I'm not saying that AOL's solution is the one and only, but the idea is a good one. For the same reason we use mail servers, file servers, PBX systems, it makes sense. With companies convinced that IM is necessary for productivity, it opens the doors for other solutions, non proprietary in nature. And it opens the demands for secure features to be built into clients. Hey, somebody's gotta pay the bills, right? And we know that it won't be AOL people dialling up...
-- Bird in the Bush: The Renewable Energy Blog http://www.birdinthebush.org
Will having this AIM-sniffing software help free software projects like GAIM and Everybuddy?
Create a wide spread business problem, then sell the solution to the problem...
Who ever thought that one up gets 2 points..
10 years ago it would have been called a fraud.. but in todays world....
---- Booth was a patriot ----
Heh. Why "violate the privacy" on one protocol (it's not a viloation on work time...)? When I could run tcpdump and maybe a custom app somewhere to ferret out anything?
:)
Wee.
tcpdump + large fast disks + promiscuous NIC == all your bits are belong to me now.
Mental Image: O'Really: Snooping Email for Fun and Profit
-- Note: If you don't agree with me, don't bother replying. I won't read it.
Slashdot's quite slow even from the East Coast of the US :-/
For the past few weeks I have been writing a program I currently call SecureIM. It is a encrypting proxy server that runs on your computer and allows you to have secure conversations over AIM. It's runs under Win32 and is tested with AIM 4.x and higher and Trillian.
:)
If you would like to check out the beta version, it's available at http://www.vonnieda.org/SecureIM
The program will be getting a name change before v1.0 since there are several SecureIMs out there.
Before you flame me about security or what not, please at least have a read of the Readme.txt file where I think I explain pretty well what SecureIM is and isn't capable of.
I hope someone finds some use of it. Enjoy
but I think you just made a strong argument for why you shouldn't be using IM in that setting, anyway:
EVERYTHING you touch has Attorney-Client privilege and is either employee- or company- confidential. Anyone who is not supposed to be privy to your data, communication, files, etc., would be putting the company at risk by snooping
The whole point of this system is not to determine whether employees are using lots of IM. It's to insure that employees aren't using IM services for "inappropriate" purposes such as cybersex, or to give away sensitive information. (Or both, as the case my be.)
Incidentally, if I had my employees using IM for intra-company communications I would damn well want them encrypting their communications. Do you really want company data going through some untrusted external server? If I didn't want my employees using IM at all, I'd just block the ports.
Now we can install this at home to find out what our other personality is saying about us. Both of them.
http://www.kubuntu.org/
A lot of companies have a very important need for this, other than just the desire to "snoop" on their employees. For example, many firms such as brokerage houses are required to monitor and keep records of their employees' interactions with clients. The article alludes to these groups slightly, without going into much detail. These companies would like to be able to use instant messanging to communicate with clients, but right now regulations stop them from using AIM, unless they somehow develop their own monitoring software. It's companies like these that AOL is really targeting with this product. Of course, a lot of these companies are also demanding that all the IM providers adopt and open/interoperable standard, which AOL isn't quite as willing to do.
Trillian only can establish a secure connection if it has the ability to contact the other computer directly.
If both ends are behind an IPmasq or similar firewall this won't work.
OTOH, pgp/gpg would work fine, so long as
1) both parties have it
2) you have eachother's pubkeys
gAIM and similar clients allow not only protocol plugins, but also general purpose - I don't see why gpg support couldn't be added in.
Desperation is a stinky cologne
It would actually be nice to have something that's somewhat private like a phone call, but more convenient. Oh well.
Donate background CPU time to fight cancer.
I agree they've made it tough to block if you're just targeting AOLs resource(as in time) sucking software. My experience is that most of the time for most offices (not counting tech companies), you don't want your users running ANY of the many time/bandwidth suckers out there. In that case, the following is extremely effective.
Block all internet traffic for your desktop machines at the router/firewall/whatever, and force all web browsing through a squid proxy on a server that is not blocked. This breaks virtually all messaging and file sharing software, while also generally accelerating web browsing. Any users with special needs can be explicitly allowed through the router.
Be sure to have a cache only dns server on your side of the link, and voila: Instant messanger stops working (and Aol doesn't get jack), you improve the web browsing experience for your users, and any new messaging programs/file sharing programs won't work. Win win win!
Then you can spend that 35 bucks times X number of employees, which in my case comes to over 10 thousand bucks, on new hardware like switch upgrades, router upgrades, and the like, which will really make you look good.
Show me an effect without cause and then I'll believe in chaos.
I did notice that the per-employee price was lower than the average for software priced that way -- but 10 billion sales at a buck apiece is a whole lot more dough than one sale at 10 million bucks.
As to the slashdot-slows -- I'm in California, only about 350 miles from the new server. Til this morning the new server was VERY slow to respond -- never less than 15 seconds, often more like 1-2 minutes. Once it *finally* coughs up the desired page, it comes across about 2x as fast as with the old server.
However as of 8am this morning, initial server response has sped up considerably, tho it still has spasms of taking 15 to 30 seconds. But at least it's not affecting every single request, like it was yesterday!!
~REZ~ #43301. Who'd fake being me anyway?
It's been happening for a loooooong time. I got told about it when I was at work, they complained that they had online conversations that some of us were having and told us that if we didn't stop leaking information, we'd get canned.
Netjak.com independent reviews of domestic & import video ga
Hopefully it saves the time on a single task, done once per week, otherwise you're not saving 20 minutes per week. Time isn't aggregatable like that -- you can't turn four minutes per day into 20 minutes per week, or 20 minutes per week into "2 days per year".
Plus the idea that you saved 20 minutes per week is kind of a joke in and of itself -- what good is 20 minutes, unless you're job is one of those hyper-monitored jobs where they know how many keystrokes/min you type, but based upon your post I'd say not.
I as SO thankful several countries in Europe outlaws eavesdropping by an employer like this.
(And don't get me started about it's their equipment, etc etc etc. I don't care whose equipment it is. I am a human being. I want to communicate without being monitored - "freedom", as some would call it. Laws guarantee me that privacy, just as they outlaw listening to my phone conversations or opening and reading my dead-tree letters. People whose knee-jerk reaction is that "they own it, they set any rules they like" need to look around and realize that it actually need not be like that.)
or hardware logger could handle this, at quite a bit less than 35$/user/year...WOW. If they could sell this they could start giving away their lousy net service for free...
errr....umm...*whooosh* *whoosh* Is this thing on ?
The article states "A new, more secure version of AOL Instant Messenger, or AIM, will enable businesses to read instant messages sent by employees..."
Umm... if it's more secure, how can the employers eavesdrop? The answer, it's not more secure!
Dupe posts are
Invade privacy for free!
AimSniff
--
because it still uses the AIM protocol / port.... {only the application here is written in Java/ActiveX instead of C}
--
Time is on my side
This is a reasonable method of making money. It's not like they're going to start charging for the client, or take down their free servers.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
To the moderator who said "overrated". I hope you realize that by definition it's not actually possible for something that hasn't been rated yet to be "overrated". Seing "overrated" as the first and only moderation so far doesn't make any sense at all. Hopefully a metamoderator will notice this fact.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
(while this makes sense for the majority of our idio^h^h^h^h users, it's a little extreme for us in the engineering department - including the ones who used to have IT jobs)
However, I want to use AIM... So, rather than installing AIM, or Trillian or Fire or GAIM, or any other client (and this would also apply to companies wanting to install this new encrypted client - they probably wouldn't want their users installing other versions), I go to aim.com and use AIM Express - the Java applet version of their client.
Nothing downloaded, nothing installed, no problem.
-T
All the ones I've used--ICQ, AIM, MSN, Y!--can be changed to go out on port 80.
You need some sort of gateway that can differentiate betwen *application* traffic on port 80.
Or you need to lock down each desktop.