Slashdot Mirror

← Back to Stories (view on slashdot.org)

New AIM Offering "end to end" Encryption

Posted by CmdrTaco on from the step-in-the-right-direction dept.

MankyD writes "The current AIM beta is now offering message encryption. They don't offer a lot of details but it's nice to see they are offering some extra privacy. Will the new AIM be illegal in Michigan?"

17 of 329 comments (clear)

  1. So that's what they did... by Albanach · · Score: 3, Insightful

    with W.A.S.T.E.?

  2. Re:Gaim-E by Anonymous Coward · · Score: 1, Insightful

    Since most AIM users don't use Gaim, I guess "Gaim-E" will have to work on changing their encryption scheme to be compatible with the official client?

  3. Why? by Tyrdium · · Score: 3, Insightful

    I don't know about other people, but my conversations on AIM usually go like this: Me: Hey Other guy: Hey Me: Anything interesting happening? Other guy: Not much. You? Me: Not much. Hey, wanna play Starcraft? Other guy: Sure. See you on in a few minutes. Usual channel. Me: Okay. See you there. Frankly, I couldn't care less whether or not anyone else was reading that, and I bet a lot of people feel the same way. It's a nice feature, sure, but it's not the most needed...

    1. Re:Why? by Lemuel · · Score: 2, Insightful

      That's pretty much how my personal usage goes, too. At work, though, we are loath to send company business over the wire in plain text, so this feature could be useful for businesses.

    2. Re:Why? by sahrss · · Score: 5, Insightful

      Some users (like me) have fairly serious or business conversations over these chat networks. Using unsecure chat is like speaking in a room with hidden nooks and cracks in the walls leading to other rooms; anyone can sniff an unsecure chat.

      I much prefer conducting my semi-private conversations in a high tower with thick walls, where strangers cannot overhear them.

      Trillian is what I use right now to allow this, but it only works with Trillian users, not normal AIM users. It would be nice if AIM made their encryption scheme usable by other clients...although I agree with other posters that it may just be a plan to keep other clients off the network.

  4. Re:Gaim-E by Anonymous Coward · · Score: 1, Insightful

    Its actually quiet good. I do use the gaim encryption and it works perfectly. It implements it in an easy to understand way. Another reasion gaim, is more than just AIM!

  5. Re:Locking out clients? by s10god · · Score: 2, Insightful

    Now there is an underhanded method Trillian connot fight... Use special new encryption and claim DMCA protction. ... And AOL is enough of a bunch of bastards to do just that.

    --

    http://www.englishfirst.org
  6. Really makes me wonder by ONU+CS+Geek · · Score: 3, Insightful

    If AOL has any ties to Verisign, et al.? If it's using PKI (which it says it is), and the "About AIM Personal Certificates" page (Link Here) says it is (which really doesn't go into how they're implemented, or how you can get a certificate), who's to say that they're not going to charge you for getting a certificate? Yahoo integrated encryption in their Yahoo Messenger Enterprise, and other companies have done this in the past (I believe that even ICQ had a version of their server up so that companies could set their own ICQ servers up).

    I honestly think it's all about the Money for AOL, and it's going to be prohibitive for Joe Sixpack to get this to work.

    --

    I disable sigs...do you?
  7. I don't believe it. by TerryAtWork · · Score: 2, Insightful

    If it isn't completely open source then they are running a man in the middle scam and recording the entire encrypted session in the clear.

    All for our own protection, of course....

    --
    It's Christmas everyday with BitTorrent.
  8. This makes business sense. by acherrington · · Score: 5, Insightful

    Here is how I see it, there is a lot of push from AOL-TW executives to turn this product, with a large user base, into a real cashcow. The only way that it is doable is by pushing the product into the corporate areana. The AOL-TW execs would like to push all of the infrastructure and software completely into a corporation, same as a mail system (like exchange server, and outlook on the desk). Many businesses were reluctant because it didn't offer the very basics of security. While general users don't care about this, try selling this to a CIO who has had security pounded into their head over the last two years. What question is he/she going to ask, "Would you mind telling me about security for your product?" So when they give this out to you, the public... it's just a mass test, so they can start doing corporate sales. Just my thoughts....

    --


    Victory is gained, not in knowing your opponents next move, but in preempting them.
  9. Re:Hmm.. by ruronikenshin83 · · Score: 2, Insightful

    Hell yes. My privacy is so important as to accomodate drug dealers and terrorists.

    Why is that? Because when you exclude certain people from the basic privleges and rights afforded them by our Constitution, you open up a big 'ol can of worms.

    Exclusion becomes a stepping stone on the road to complete disregard for those privileges and rights.

    As Benjamin Franklin once said "Those who give away a little freedom for a little safety deserve neither freedom nor safety."

  10. Safemessage by Anonymous Coward · · Score: 1, Insightful

    There's a product already out there called SafeMessage (safemessage.com) which has done this for some time. Even Bruce Schneier thought it was too paranoid for everyday use.

  11. Re:Trillian... by ptbarnett · · Score: 4, Insightful
    Trillian has had this feature for as long as I can remember using it.

    But, doesn't Trillian make the connection directly between the two clients, rather than sending it through the server?

    It doesn't work well when either user has a firewall blocking incoming connections.

  12. Re:Locking out clients? by jaavaaguru · · Score: 2, Insightful

    If that happens, why not use something better such as Jabber then?

    --
    Follow me
  13. Re:Locking out clients? by Hanji · · Score: 3, Insightful

    Because as nice as Jabber may or may not be theoretically for whatever reasons (I don't know anything about it), AIM has one BIG advantage: EVERYONE USES IT. And if you try to get people to switch to a Jabber network from AIM, explaining that it's "open," you'll just get blank stares, and comments that "but all my friends use AIM!"

    Technical superiority does not ensure success, unfortunately.

    --
    A Minesweeper clone that doesn't suck
  14. Re:Trillian by apankrat · · Score: 2, Insightful

    However it is vulnerable to man-in-the-middle attacks, which renders it pretty much useless as a mean of any serious protection. The reason Trillian supports it only for ICQ/AIM is because the protocol allows announcing extra client 'capabilities'. Trillian messenger uses this feature to notify peers that they are capable of 'trillian encryption'. Note that this is done via AOL servers, which may at some point decide not to propagate this 'unauthorized' capability and Trillian's encryption will suddenly stop working.

    New AIM encryption is not much better either -
    * their backend is essentially their CA
    * the clients can be forced to relay messages through the server
    and these two combined mean that the backend is in the perfect position to launch m-n-m at will.

    The transparency of the encryption is two-edged sword - on one hand it certainly provides no-hassle protection, but on other it can trick a user into false sense of security, if the former does not really understand underlying protection principles.

    --
    3.243F6A8885A308D313
  15. Re:Thank god by Anonymous Coward · · Score: 1, Insightful

    "And under the PATRIOT act, the US government can do this any time they want... ugh"

    HAHA .. Don't you expect the government to do this even without any damned laws? I mean we all expect big brother to be spying on us anyways, how bout just expect it and use some encryption buddy.