Slashdot Mirror
AOL Hacks Subscribers' Computers
ctwxman writes "If you're running a recent vintage version of Windows, and connecting to the Internet with an IP address reachable from the outside world, you've probably seen them. They're rectangular boxes that pop-up out of the blue with advertising. These aren't pop-up (or pop-under) browser ads but actually a weird misuse of Windows Messenger Service, a mostly useless tool which Microsoft has left on by default! Though similarly named, this isn't at all related to Microsoft's IM product. You can't block these pop-ups by shutting down ports, because Windows Messenger Service shares some ports with other useful services. The best way to stop the pop-ups requires the user to readjust some internal Windows settings. As you might imagine, many users are reticent to do that. Now, AOL has come up with another solution. They're going into subscribers' machines, without asking and making the adjustments themselves! Though the short term result will probably be good, there are all sorts of implications when your ISP just reaches out and decides how your PC should be configured without your knowledge." The Computer Fraud and Abuse Act makes this clearly illegal; if this were a 17-year-old instead of AOL, the FBI would be investigating.
Don't get me wrong, I'm not approving of what AOL is doing, but at worst this is "white hat" hacking. This is the sort of stuff that /.ers joke about (and perhaps engage in), chuckling about writing worms that use holes in Windows to get in and then patch the very same holes.
When you have the single largest group of ignorant users in the world, how do you educate them to protect themselves from the MS problems?
I bet AOL did this due to constant complaints from susbscribers about AOL "allowing" or "sending" them popups.
I also bet there's a clause in the AOL agreement (which AOL subscribers have agreed to) that either explicitly allows AOL to configure your computer, or allows them to change their policy at any time, thus allowing that by proxy.
.sigs are for post^Hers.
I guarantee that somewhere in some license agreement the users gave AOL permission to do this.
/etc/inetd.conf would you call it "adjusting Linux's internal settings"?
And as for "adjusting Windows internal settings", let's stop the FUD shall we? It's turning off a service. Nothing insidious. If someone recommended that you comment out the telnet line in
Everyone knows that turning off Messenger is a good thing. AOL is looking out for their customers. Give em a break.
AOL is just protecting their business.
The bad part isn't that they're doing it - that's excellent. The bad part is that they don't even ask permission.
If a dialog box popped up that said, "AOL would like to disable the messenger service on your computer. This will help stop pop-up ads. Would you like to allow AOL to do this? [Allow][Do Not Allow]" then it would be fine. They shouldn't just ASSUME that the user has no use for it.
-- Dr. Eldarion --
I think jaredmauch hits the nail on the head when he says "You're not talking about your 'Average' ISP." AOL is very paternalistic, giving its customers a nice, safe, easy environment that you or I might find infuriating but that some people really like. Those people who want 'somebody who knows computers' to manage their 'online experience' are the same people who want 'someone who knows computers' to manage their PC.
I think AOL may be accidentally backing themselves into a good business model. You buy the PC and sign up for AOL, and they take care of all of the rest of the technical stuff for you. I won't be signing up anytime soon, but I bet a lot of people would love the service.
Fred