Slashdot Mirror
AOL Selling AIM Gateway/Listener To Employers
PizzaFace writes "After pushing free instant messaging to more than 100,000,000 users, AOL is now selling AIM-monitoring software to businesses that want to monitor and control the messaging of their employees. AIM Enterprise Gateway will reportedly sell for about $35/employee/year."
Because you can encrypt your messages.
AOL is just catering for that market. I don't see anything insidious, evil, or otherwise overly noteworthy about this...
Ray
"Ritter anticipates that encrypted instant messaging will appeal greatly to federal agencies that want secure, interagency instant messaging. "Our military and intelligence customers are more interested in the secure version," Ritter said."
;)
Jeez, better off with RogerWilco than AIM to communicate on the battlefield
*friendly aol voice speaking*
"You Got Fired!"
Remember that you are unique, just like everybody else.
I thought it was just an unfortunate coincidence when my boss and HR popped into my cube when my pants were down around my ankle due to that hot chat with an 18/f Solaris admin.
That people already have been encrypting their messages through reverse engineered AIM protocol clients which aren't the standard one that AIM allows people to download.
And on the flip side, people already have been snooping on AIM conversations through the regular sniffing tools that come with any standard linux distribution.
But! If you make it official that you will remain in control of your protocol instead of opening it up, and roll your own equivalent tools up, and sell them at a decent price, then they will bite. I agree.
However, at 35 bucks a head a year at a large company, I'd be tempted to just have the employees use a stock client distribution with/without encryption abilities and hire a technie to take care of the snooping if I care to do that. Or just ditch AOL and use one of those others ones like jabber with all the same abilites.
But hey, sometimes you just get that knack to spend your corporate money you know?
I can appreciate the need to do this -- but Jabber seems a better solution.
Company runs its own Jabber server. Everyone there has a user@yourcompany.com address. Internal messages between folks in the company never go outside. Admins who want to do monitoring or whatever can do that. Users who want interoperability with AIM or whatever can do that -- *if* the admins decide to install the AIM connector on the server. And it sure doesn't cost $35/seat.
My managers are listening to my phone calls
My managers are reading my e-mail
My managers are reading my IMs
My managers are monitoring what candy I get from the vending machine
You know for someone who is supposed to be in charge of managing a department/whatever, has work (or should have) of their own to do, he's taking a really big interest in what I'm doing back here.
Employees should have no expectation of privacy for any information placed into the business equipment of the Company/government... This policy shall serve as notice to any and all that Company/government equipment may be monitored without further notice.
There is plenty of other text that details this, but that's the meat of it. Companies have a right to monitor any traffic to protect their interests. If you don't want your AOL messages watched, find a company that supports employee privacy on company equipment over covering its own ass. Good luck, because I've never heard of one.
I think it's kind of shady on AOL's part to suddenly roll over on its user base. However, there are a lot companies that don't allow IM because it's more difficult to keep an eye on than email. AOL may benefit from more acceptance as a result of this move.
The companies can still get around this, don't assume that they are that inept and encryption will protect you. One thing they can do is install and hide key logging software, software that takes screen shots of what you are writing, etc.
But with AIM you could write very important messages across the battefiled such as
:-(
:-)
:-O
;)
Solider5554: Sarge! We're under fire! We need help!
Sarge0034: Hang in there. You're doing a great job solider
Solider5554: Arrrghhh!!!! I've been hit!
Sarge0034: God, these whining soliders never know when to quit, that god they're dispensible.
Sarge0034: Oppsss. Wrong person sorry.
Solider5554: What!? I need a chopper. I'm losing a lot of blood over here. >:-@
Sarge0034 (warn 10%): Hey, just because you've warned me anonymously, doesn't mean I don't know it's you.
Sarge0034: brb *door slam* as sarge leaves
*door open* as sarge enters
Sarge0034: Sorry had to reboot, did I miss anything?
Solider324: uuuuhhhhhh I don't think I'm going to make it
Most AIM users manually encrypt their message using a collection of complex command line tools. Therefore, the content IS secure.
I thought everyone knew that!
come on fhqwhgads
"Give a man a fish, he'll eat for a day. Teach a man to fish and you get to sell him fishing gear for a lifetime." :-/
Soko
"Depression is merely anger without enthusiasm." - Anonymous
AOL will NOT be monitoring AIM communications -- what this product essentially does is set up a private network WITHIN a company, based on the AIM protocols. It is that internal communication that is being monitored -- and not by AOL but by the company that buys the software from AOL. I imagine that the users will be able to use their clients to communicate with other AIM users outside their network, but if they don't want to be monitored, they can just download the standard free AIM client and use that instead.
Several of my friends work for IBM, and they have been using something like this software, called Sametime, for a couple years. Sametime may have been a beta of this product.
jf
... and every other kind of IT employee monitoring solution is that they are implemented by the IT DEPARTMENT.
Who by definition are the worst offenders.
And because they're all buddies, they "bypass" the monitoring for their own IP addresses.
Total waste of time.
How is allowing someone else to monitor my communications more secure?
Just keep in mind who the customer is. In the mass market, the customer is rarely the user.
Nope, no sig
"So easy to spy with, no wonder its Number 1!"
to demonstrate a company talking from both sides of its mouth.
In April 2001, AOL filed a motion to quash Nam Tai's subpoena, arguing it should not be required to reveal subscriber information because it would "infringe on the well-established First Amendment right to speak anonymously."
It's not a magical AIM filter, which is what all the comments are suggesting.
It's a way to run your OWN aim gateway server at your business.
So I am at franks widgets (fwidg). I install the gateway server. Everyone at fwidg logs into the company aim server instead of the official AIM server, as employee@fwidg.com.
So now we have intranet messaging, and apparently others can add us to the contact list as well (outsiders).
OBVIOUSLY since all communication is going through this server, they can log/etc it. But htis is not some sort of magical firewall dropin that listens to aim conversations... there's been opensource projects that can do that for years now.
It looks to me like it's aiming at the jabber and MSN/exchange messenger market. It's a locally hosted central server, so your business stuff isn't going out over the internet, and it authenticates against stuff you already have, according to their marketing. I'd guess that means ldap and active-directory.
1. Gives security conscious corporations a reason to allow AIM rather than ban it (not so long ago, I seem to remember, the AIM client had a security hole. Wasn't that '99?)
2. Allows companies to unify their methods of IMing, a product which is actually a really good business tool. If you're on a conference call, phone call, in a meeting...there are lots of times it's great to have a live medium to communicate with a coworker. Easier than remembering Joe down at helpdesk is B1gP3n1s.
3. The CYAN (Cover your ass network). Hey, I know that you don't have to worry about this when you're down at the bar putting the moves on the blonde, but do that at work and it's all of a sudden the company's liability. Of course, you could lose your job. But they could lose money and time too. Don't forget, not every company out there is a big evil CORPORATION.
Those are three fine reasons. Hey, we don't open up the firewall and have mail delivered to a server on every desktop, why do the same with IM? It's a logical way to start partitioning off Instant Messaging, rather than having massive servers off somewhere else handling messages. And in a lot of cases, companies are leery about plaintext running around the web with potential trade secrets. It's silly, when it could route locally.
I'm not saying that AOL's solution is the one and only, but the idea is a good one. For the same reason we use mail servers, file servers, PBX systems, it makes sense. With companies convinced that IM is necessary for productivity, it opens the doors for other solutions, non proprietary in nature. And it opens the demands for secure features to be built into clients. Hey, somebody's gotta pay the bills, right? And we know that it won't be AOL people dialling up...
-- Bird in the Bush: The Renewable Energy Blog http://www.birdinthebush.org
For the past few weeks I have been writing a program I currently call SecureIM. It is a encrypting proxy server that runs on your computer and allows you to have secure conversations over AIM. It's runs under Win32 and is tested with AIM 4.x and higher and Trillian.
:)
If you would like to check out the beta version, it's available at http://www.vonnieda.org/SecureIM
The program will be getting a name change before v1.0 since there are several SecureIMs out there.
Before you flame me about security or what not, please at least have a read of the Readme.txt file where I think I explain pretty well what SecureIM is and isn't capable of.
I hope someone finds some use of it. Enjoy
The whole point of this system is not to determine whether employees are using lots of IM. It's to insure that employees aren't using IM services for "inappropriate" purposes such as cybersex, or to give away sensitive information. (Or both, as the case my be.)
Incidentally, if I had my employees using IM for intra-company communications I would damn well want them encrypting their communications. Do you really want company data going through some untrusted external server? If I didn't want my employees using IM at all, I'd just block the ports.
A lot of companies have a very important need for this, other than just the desire to "snoop" on their employees. For example, many firms such as brokerage houses are required to monitor and keep records of their employees' interactions with clients. The article alludes to these groups slightly, without going into much detail. These companies would like to be able to use instant messanging to communicate with clients, but right now regulations stop them from using AIM, unless they somehow develop their own monitoring software. It's companies like these that AOL is really targeting with this product. Of course, a lot of these companies are also demanding that all the IM providers adopt and open/interoperable standard, which AOL isn't quite as willing to do.