AIM's New Terms Of Service

acaben writes "AOL has posted new terms of service for AIM, that include the right for AOL to use anything and everything you send through AIM in any way they see fit, without informing you. A sample passage: '...by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy.'"

New Terms in A Nutshell

[ackthpt]

New Terms in A Nutshell All your base are belong to us

or

You no get signal!

(apologies to O'Reilly)

Re:New Terms in A Nutshell

More like All your Rights are belong to us

Re:New Terms in A Nutshell

[nofx_3]

I'm going to have to send the up the bomb then...

-kaplanfx

Re:New Terms in A Nutshell

[ackthpt]

I'm going to have to send the up the bomb then...

Yeah, lotsa luck sending all zig for great justice!

Re:New Terms in A Nutshell

[Beardydog]

No, you fool! You'll just give AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote the bomb as they see fit!

Re:New Terms in A Nutshell

You had better stop worrying and learn to love the bomb, then!

Re:New Terms in A Nutshell

[BlueHands]

Tsk Tsk,this is AOL....it must of coarse be... "You've Got No Rights!"

Re:New Terms in A Nutshell

[jrockway]

Which is why I've always used strong encryption to IM my friends. If AOL wants to break my 4096-bit RSA key to sell my "lol"s, then they're welcome to.

Technology is the solution to the erosion of our rights. If it's mathematically impossible to find out what you said, then... they won't know what you said. (Same for P2P. If you use Freenet you can legally share anything. Why? Because nobody knows (or can ever know) what you're sharing and what you're downloading. Laws don't solve problems!)

Re:New Terms in A Nutshell

[toadlife]

"If you use Freenet you can legally share anything."

So on Freenet, hosts can magically connect with eachother wihout knowing eachothers IP addresses?

Suuuuuure.

Keep on drinkin' that coolaid.

Also...I fail to see how using Freenet to share the lastest movie would somehow make it 'legal'.

Re:New Terms in A Nutshell

[Iron+Clad+Burrito]

More like "All your old news are belong to Slashdot"

The following terms and conditions apply to all users who either registered for AIM services or downloaded AIM updates or software on or after February 5, 2004. AIM users who do not register for AIM services or download AIM updates or software on or after February 5, 2004 and are members of the Netscape Network will remain bound by Netscape's terms and conditions. All other AIM users are bound by the aol.com terms and conditions.

Re:New Terms in A Nutshell

[berzerke]

Which is why I've always used strong encryption to IM my friends. If AOL wants to break my 4096-bit RSA key to sell my "lol"s, then they're welcome to...

Hmmm...wonder how long before any encrypted messages are blocked? After all, it is THEIR servers the messages are going through, so they can filter.

Re:New Terms in A Nutshell

[identity0]

No, the new terms are:

"Remember, it's not rape if you click 'yes'".

: )

Re:New Terms in A Nutshell

"If you use Freenet you can legally share anything."

What? More like: "If you use Freenet, you can share anything without getting caught, even if said sharing involves illegal and morally unjustifiable copyright infringement, child pornography, credit card lists, . . . ."

Hope this helps appease your conscience.

Re:New Terms in A Nutshell

[crucini]

Also...I fail to see how using Freenet to share the lastest movie would somehow make it 'legal'.

That's simple. It's impossible to actually get content from Freenet. Once you grant the impossible the improbable looks feasible by comparison.

Re:New Terms in A Nutshell

[andreyw]

Heh, once having a sip from DJB's coolaid, I doubt he will go back to la-la land.

Besides, Freenet may suck, but at least /some/ thought was put into it. It only knows the routing to its direct neighbors.

Re:New Terms in A Nutshell

[JavaBear]

Have anyone checcked their TOS for their other products ?
I wonder if they'd dare slipping this one into their regular mail/online services...

Re:New Terms in A Nutshell

[iamlucky13]

You missed one important point:

You may not use AIM while driving, operating hazardous equipment, or engaging in other forms of hazardous activities.

See, they're looking out for our safety while they steal our thoughts. They're not so bad after all.

Re:New Terms in A Nutshell

[colman77]

So what? I hadn't heard about this yet. That makes it new to me and probably a lot of other slashdotters as well, if you all read the ToS as carefully as I do ;). Who cares what the date says?

Re:New Terms in A Nutshell

[lptport1]

We can still use AIM while operating a firearm? Or is that gone too?

Re:New Terms in A Nutshell

[STrinity]

If you use Freenet you can legally share anything. Why? Because nobody knows (or can ever know) what you're sharing and what you're downloading.

So if you break a law and don't get caught, it's legal? Riiiiiiight.

Re:New Terms in A Nutshell

[evilviper]

Hmmm...wonder how long before any encrypted messages are blocked?

I'll say *never*.

base64/uu encoding of messages produces all standard characters. Unless AOL is going to try doing fuzzy-logic dictionary look-ups, and/or statistical analysis on ALL messages, there's no way they would even know the difference between encrypted and unencrypted messages.

The above methods would be impractical, and even if not, they would have to be very, very careful not to accidentally drop an unencrypted (though unintelligable) conversation.

Personally, I think AOL is going to eliminate encryption the same way the NSA did for e-mail... Just wait silently behind the curtain, and when there hasn't been any sign of evesdroping for some time, apathy will kick-in, and encryption will just fade-out on it's own.

Re:New Terms in A Nutshell

[plague3106]

Probably never..since they do allow directim i believe. How can they even steal your ims if its not going thru thier servers?

Re:New Terms in A Nutshell

[lintux]

IIRC it doesn't have to go through their servers (although it probably happens a lot now that so many people have NAT setups at home), and well, if it does, let them block it and try to get people to use Jabber instead. :-)

Re:New Terms in A Nutshell

[plague3106]

Copyright is a totally manmade concept. We don't even have to have it. If we didn't, would that be immoral?

Re:New Terms in A Nutshell

[UNFAIRMAN]

Which is why I've always used strong encryption to IM my friends.

Does the DMCA work in our favor in this case? Can I do a simple base64, call it encryption, and have it be illegal for AOL to decode? Does waiving one's rights to privacy trump the DMCA?

Re:New Terms in A Nutshell

[macdaddy357]

Time to stop using AIM.

Re:New Terms in A Nutshell

[simcop2387]

just because there is no one there to hear the tree does not mean that it does not make a sound

Re:New Terms in A Nutshell

[STrinity]

If you don't get caught, you don't get punished. Thus, the end result is that the same thing happens to a law-breaker that happens to a non-law-breaker (i.e. nothing). Therefore, effectively, a law was not violated.

So what you're saying is that Jack the Ripper, effectively, never broke the law?

Re:New Terms in A Nutshell

[DarkMantle]

"No privacy for you!" - The privacy nazi

Re:New Terms in A Nutshell

[tonsofpcs]

Well I've been signed up since before then, and I have not and will not register for AIM services or download AIM software or updates after Feb. 5, 2004. I may download software that operates on the AIM network, but not AIM software.


Also note -- it clearly states:

AOL will provide at least 30-days' notice before any material changes take effect.

Re:New Terms in A Nutshell

[XorNand]

Wouldn't it be as simple as doing a dictionary check on messages? If not a single recognizable word appears in x number of characters, it would be reasonable to assume the conversation is encrypted.

Re:New Terms in A Nutshell

[Cobralisk]

omg wtf r u lol!!!

Re:New Terms in A Nutshell

[SilicaiMan]

Wouldn't it be as simple as doing a dictionary check on messages?

No, since not everyone IMs in English. Even speakers of non-Latin based languages often use the English alphabet in IMing (ex. Arabic and Hebrew). There is no way to distinguish these from an encrypted message.

Re:New Terms in A Nutshell

[mmkkbb]

Check the date again. What year are we living in?

Re:New Terms in A Nutshell

[IdleTime]

Which dictionary? English? Spanish? Zulu? Georgian? Chinese? Vietnamese? Tagalog? Or all of the above? What about a mix of languages?....

Not practical at all...

Re:New Terms in A Nutshell

[tonsofpcs]

I saw the date. I haven't downloaded/used AIM software in over 3 years, and I haven't signed up for an account in over 5.

Re:New Terms in A Nutshell

[webworm99]

They still will be able to record conversation as long as it goese through the aol servers.

Re:New Terms in A Nutshell

[advance512]

Yeah, AOL will elimintate encryption the same way NSA did for e-mail. Because AOL needs your IM correspondance!

Obviously, tons of highly-sensitive material is transmitted using IM, information such as credit-card numbers (which AOL can use, of course), business strategies (I am sure that Bill Gates uses AIM to tell his surrogates what industry to take over next... this could be AOL's chance to finally overshadow Microsoft) and government secrets (naturally, AOL will sell this information to China).

Only idiots pass truely sensitive information through an IM system. It takes an even bigger idiot to pass this type of information unencrypted. Thankfully, idiots rarely if ever get access to truely sensitive information.

What is this truely about, then? AOL wants to publicize its new Teen-Date service or some other using its member pictures, or something of this sort.

Remember: don't be paranoid. Unless they're truely after you... :)

Re:New Terms in A Nutshell

Effectively, YES.

Re:New Terms in A Nutshell

[yulek]

you could encode your encrypted message using the english language too. a word lookup table for each byte of data sent.

Re:New Terms in A Nutshell

[mldqj]

Deciding whether a paragraph is ciphertext is a computationally hard problem.

Re:New Terms in A Nutshell

[SnprBoB86]

Unfortunatly this requires both users on either end of the instant message to have strong encryption enabled.

Also, if I am not mistaken, it only works once a direct connection has been established.

Re:New Terms in A Nutshell

[SnprBoB86]

Unfortunately this requires both users on either end of the instant message to have strong encryption enabled.

Also, if I am not mistaken, it only works once a direct connection has been established.

Re:New Terms in A Nutshell

[arminw]

...in other forms of hazardous activities...

Using AIM is in itself a hazardous activity, at least it is a hazard to all the deep dark secrets everybody shares using it. Since I don't have any deep dark secrets I don't really care about their new TOS. If I did have some secrets, there certainly are other more secure ways to communicate them. Of course when more than one person knows a secret, it is no longer a secret anyway so what does it matter? How many persons are allowed to know something and that something can still be called a "secret"?

Re:New Terms in A Nutshell

[Lightning+Hopkins]

Please define a concept that is not manmade.

Mathematics. Logic. Memes. Animals are capable of communication and even thinking up new ideas--for instance, the old monkey-trick of "fishing" for ants with twigs and the orcas' use of bubbles to trap schools of fish. Animals in test studies have been able to figure out solutions to various problems. Animals are capable of formulating and grasping concepts, though at a much more rudimentary level than that of humans.

The grandparent seems to be implying that copyright is an artificial notion imposed by Man. And it is. So are basically all other rules that makes the modern world function. Like those other rules, some of them may be ill-concieved (Somewhere in Kansas, there's a law that you have to fire a gun into the air at intersections to alert buggy drivers to your presence) or in need of repair.

Re:New Terms in A Nutshell

[Lightning+Hopkins]

Sir, you have committed a fallacy of logic.

That is all.

Re:New Terms in A Nutshell

[kosmicki]

Wouldn't Bill Gates use MSN messenger? :P

Re:New Terms in A Nutshell

[myowntrueself]

"You had better stop worrying and learn to love the bomb, then!"

But first we will need many large-breasted women.

Re:New Terms in A Nutshell

[Peaked]

As much as I am opposed to them blocking encrypted messages, I wonder if it would be a worthwhile tradeoff for forcing people to IM me in intelligable english? :)
Obviously they would need multiple language dictionaries or even sperate services for different languages for dictionary based blocking of encryption to be even semi-practical. Even then most of their users would probably be driven off because of having messages dropped for too many acronyms or misspellings.

Re:New Terms in A Nutshell

[geminidomino]

(Ignoring the point of "Legal Vs. Right" for the moment)

Are you seriously saying "It's only wrong if you get caught?"

Re:New Terms in A Nutshell

[JesseStu]

The person still violates the law, they just do not get punished for the violation. It is not that a law was not violated, but rather, that justice did not come to that person. They simply avoided the legal results of their actions.

Re:New Terms in A Nutshell

[LS]

If you don't believe in "the law". "the law" is not universal and enforced by God. When people speak of "the law" they are talking about a social contract that the majority of the people agree to or are coerced into, but any individual or group can follow their own laws. Doesn't mean that they won't be forced into a prison against their will, but they may have never broken their own laws. You are currently breaking the laws of some satanic cults by NOT doing some things.

LS

Re:New Terms in A Nutshell

[Peaceful_Patriot]

Who knows what they may decide to use it for? That's the scary part. This is similar to the original EULA for MS Passport, which was dropped after someone actually read the EULA and publicized it.

Unless you are one of those rare few that read softwares EULA and TOS than how can you be sure you haven't already assigned similar rights to any number of companies by installing their software?

Re:New Terms in A Nutshell

[Minna+Kirai]

No, since not everyone IMs in English

All significant AOL users do. It stands for America Online. More importantly, all significant languages used on a large ISP can be cataloged and matched with digital dictionary files.

Relying on people who type in an obscure, unrecognizable language to camoflage your own encrypted transmissions is security through obscurity, with all the regular shortcomings thereof.

There is no way to distinguish these from an encrypted message.

You seriously underestimate the abilities of human beings. Randomly read a message, and see if it makes sense. If not, copy some of it into Google and see if there are webpages which use those words. If not, then go through the user's next 10 messages and repeat the process. If none of those are sensible either, then permanently disable IM from that account.

Easy.

Re:New Terms in A Nutshell

[Minna+Kirai]

Mathematics. Logic. Memes. Animals are capable of communication and even thinking up new ideas--for instance

All those are manmade. Even if non-human animals discovered them first, they are still manmade- because concepts can be made more than once.

The only people who can logically believe there exists non-manmade concepts are theists believing in divine revelation.

Re:New Terms in A Nutshell

[dolphinling]

In that case, all my messages are rot-26 encoded. Take that, AOL!

Re:New Terms in A Nutshell

[captwheeler]

Unless AOL is going to try doing fuzzy-logic dictionary look-ups, and/or statistical analysis on ALL messages, there's no way they would even know the difference between encrypted and unencrypted messages.

Wouldn't it be the opposite: look for conversations with evenly distributed character usage.

base64/uu encoding of messages produces all standard characters.

High level usage of non-common characters could be a (relatively) cheap filter. (The + and / would be used too often.)

Re:New Terms in A Nutshell

[It'sYerMam]

Only idiots pass truely sensitive information through an IM system.

And AOL is the intarweb for who? idiots. You expect that they're going to heed all the warnings about not giving out personal info and such? I certainly wouldn't bet on it.
The real problem is the principle, not the practical application of this term. No-one wants their messages read through by AOL or anyone to whom they're not intended. The fact that AOL has decided that it has this "right" is bad enough.

Re:New Terms in A Nutshell

[moonbender]

All significant AOL users do. It stands for America Online.

AOL Europe's ~5 million customers might feel different. On a sidenote, it's marketed as AOL here, no "America" attached.

Not that I disagree with your main point.

Re:New Terms in A Nutshell

[moonbender]

Yes... so what? "The law" is a linguistic shorthand; it's generally well understood to refer to a specific set of laws typically defined by the respective government. When I sit at the dinner table and say "Please hand me the potatoes", I'm also referring to a specific set of potatoes, not all the conceivable potatoes.

Re:New Terms in A Nutshell

[dindi]

now why is a company not notifying it's users in an email or in any form of the service policy change?

I mean i have 2million people to sign up to my free service, but i require a credit card to "verify" them ...

then i change the TOS and charge them 100 recurring monthly ....

now is it ethical, moral, legal?

Or i just pot a line in there:

"and you agree that all your good belong to us, and we can sell your sisters an wives to aliens"

I MEAN COME ON!

change a policy, but notify the users!

Also a thought: why don't just people use an irc service, on a sign-up/user id base ...
we could also get rid of html, smiley translation, and all that new-wave crap and just MESSAGE each other the old-skool way ....

If i could convince my friends/co-workers/business partners to use IRC i would pay a small fee to have a uniq ID, and be able to use IRC-HTML cgi, use it from bitchx, mirc, whatever my OS supports, and not be worried about a transfer or a non-supported request crashing my linux/bsd whatever 3rd party client ...

maybe i am just old, and like that character based thing with ansi :)
ascii art motd rulez ... but explain it to average jo who uses msn to transmit confidential company data/logins

Re:New Terms in A Nutshell

[Dahamma]

All significant AOL users do. It stands for America Online. More importantly, all significant languages used on a large ISP can be cataloged and matched with digital dictionary files.

I have ~20 people on my AIM Buddy list (via GAIM - I use YM for most messaging anyway, but that's a tangent...) Not a SINGLE one is an AOL subscriber. Anyone can use AIM. There are a LOT of non native-English speakers around the world using it.

Re:New Terms in A Nutshell

[jc42]

Which is why I've always used strong encryption to IM my friends.

That's fine if you're trying to protect the content of your IMs.

But the main thing they're interested in at the moment is your address info.

I worked recently on a project that involved software in assorted computers using either email, IM or VM (whichever worked) to people's cell phones, smart phones, PDAs, whatever. It was a medical app, actually. Automatic reminders to doctors and patients, messages from portable health monitors to hospital computers, etc. Useful stuff.

An interesting thing happened with IM. With most sorts of cell phones, for our computers to send an IM required sending email to an email-IM gateway. This seems like a reasonable approach, but we quickly discovered a serious problem: The phones we were using for testing quickly started getting IM spam and telemarketer calls.

When I complained about this, I learned about an interesting gotcha in the phone contracts. Most of them include (heavily promoted) promises that they will never sell their subscribers' info. That sounds nice, until they explain that in our case, the sender wasn't a customer, and they can legally use a non-customer's messages however they like.

So if I or my computer send you an IM, your phone company can legally harvest both of our addresses in their gateway. The message came from a non-customer; your contract is irrelevant. If you reply to me, my ISP (or phone company) can legally harvest your message, because you're not a customer. Both companies can do as they like with the address info without violating any contract, because there was no contract with the sender.

I have in my posession a couple of spam messages inviting me to attend conferences on the commercial uses of harvested IM messages. Yes, they really did have the chutzpa to send me an invitation to learn how to do unto others what they've just done unto me (and some very angry medical folks). I didn't go ...

It just sounds like AOL has taken this one small step further: Their contract says they can harvest info from messages between customers. This is really the only thing new; they can already do this if the sender isn't a customer.

So when people start chanting "contract law" in this topic, you might remind them that contract law doesn't apply when there's no contract. If they look puzzled as to why you said that, describe the above scenario to them.

Re:New Terms in A Nutshell

[advance512]

I assume you read my post completely, so I won't comment on the "intarweb fer idiots" situation.

I understand the problem some people might have, having principles and refusing to agree to such a license. The best solution is not to use AIM. That's what I do. However, I am not worried at all that AOL will ever get any useful information by use of the freedom this license offers them.

Re:New Terms in A Nutshell

[Minna+Kirai]

AC: I'd say mathmatics, physics, biology, etc. are all things that would exist without humanity. Seriously, if we weren't here, wouldn't f still equal m a, or wouldn't 2 of one thing added to 2 of another thing still equal 4 total?

It's a matter of sematics, but by definition, a "concept" exists in the mind of an intelligent being. It usually has been inferred by looking at external reality, but "concepts" only come into being when someone thinks of the idea.

Re:New Terms in A Nutshell

[evilviper]

A dictionary look-up wouldn't work, not just because of foreign languages, but because of the unintelligable english many people use, which I already mentioned.

If someone just uses the number 3 instead of the letter E, they probably won't have a single dictionary word in their entire conversation. Even if they are more subtle, and just can't spell, everything will come out phonetically, and not match any dictionary words... An encrypted and uue/base64 encoded message will produce dictonary words after a while too... Possibly more often than a very poor speller.

Sure, with a multi-language dictionary look-up of every word, and every common variation, you'd be able to identify those conversations that are likely (let's say 90% chance of being) encrypted. But the problem is, that's not good enough odds to do anything about it. You aren't going to kick everyone who might be using encryption, and angering 10% who weren't doing anything wrong.

If you propose to get a human to verify this before each kick, good luck. How many tens of thousands of pople are you going to employ around the clock, who know every single written language?

Re:New Terms in A Nutshell

[Minna+Kirai]

Not a SINGLE one is an AOL subscriber.

Which makes it even more probable (and legally defensible) that AOL might someday decide to kick them from the service for transmitting unintelligble messages.

Re:New Terms in A Nutshell

[LS]

I would normally agree with your rebuttal, except that the argument had already reached the point debating semantics before I even got involved...

Re:New Terms in A Nutshell

[It'sYerMam]

Indeed, that is the best solution. I only feel sorry for those who don't know any better. I feel sorry for myself in that virtually everyone I know uses MSN, but I don't use the official client. (Incidentally, it was the amsn-devel mailing list that brought this topic to my attention, proposing we all got started on an encryption plugin)

Re:New Terms in A Nutshell

[Paddy_Hynes]

The adage that all plagiarism is theft comes to mind - anything that you create is intellectually yours - that is a copyright in addition to the physical copyright attached to the item of interest wether it be code or anything else - if you wrote it you own it - and the right of choice to give it away, or not, is entirely yours. AOL seem to feel that they can exercise the right to steal what they feel - that is morally wrong - Your creativity and you deserve better -

Re:New Terms in A Nutshell

[MutantHamster]

Wrong. A sound is the sensation of converting a vibration into a message in our brains using our ears. If a tree falls in a forest and there's no one there to hear it, it makes a vibration. Not a sound.

Re:New Terms in A Nutshell

[geminidomino]

Too much living, not enough dying, if you ask me.

Re:New Terms in A Nutshell

[SilicaiMan]

All significant AOL users do. It stands for America Online.

Correct, but AOL has offices in multiple countries in different continents, and has millions of non-American, non-English speaking subscribers.

Relying on people who type in an obscure, unrecognizable language to camoflage your own encrypted transmissions is security through obscurity, with all the regular shortcomings thereof.

People who IM in different languages don't do that for the sake of security. I never said that was the case, nor did I mean to imply it. I simply said that many users use Latin-based alphabet to chat in different languages. Not everyone is good or comfortable with using English, so many fall back to their native tongue when chatting with friends who understand that language. No security intended (usually).

You seriously underestimate the abilities of human beings.

I'm well aware of the abilities of humans, as *gasp* I am one of them. But again, you misunderstood me. My reply was to a person who suggested automatic detection of encrypted messages via dictionary lookups. In that context, there is no way to distinguish encrypted messages from ones written in different languages using the Latin alphabet. Having said that, of couse I am aware that that is not an impossible problem to solve. You outline a possible solution, which can not be automated, so will be impractical for AOL to use (assuming they intend to). I'm sure you or others can come up with a more automated solution. A simple dictionary lookup though is not enough.

Re:New Terms in A Nutshell

[simcop2387]

actually no,

Sound is a series of mechanical compressions and rarefactions or longitudinal waves that succesively propagate through materials (medium) that are at least a little compressible (solid, liquid or gas but not vacuum).

taken from wikipedia, also the encyclopedia britannica and every physics book i know define sound as that.

Re:New Terms in A Nutshell

[MutantHamster]

That's not a definition. That's an explanation of how sound works. Here's a bombshell buddy, all waves that are not electromagnetic are a series of compressions and rarefractions. That's not what makes sound sound. And all electromagnetic waves have crests and peaks, which is basically the same thing. If that were how we, or you, defined sound, then there would be no difference between "wave" and "sound." If we didn't have ears there wouldn't be sound, but there'd still be waves.

Re:New Terms in A Nutshell

[WebsterTrivium]

But how long before AIM changes the protocol enough that everyone will HAVE to upgrade to continue using their servers though? Or even just the login protocol. (It happened on Y! maybe a year ago. Had to upgrade my third-party clients to continue being able to connect to Y!)

Fine, then

[cerberus4696]

I suppose if they want the rights to some irreversibly encrypted garbage, they can go right ahead.

Re:Fine, then

[Dogun]

Ah, someone out there is finally using the gaim encryption plugin. Good job!

(Normal AIM traffic is plaintext)

Re:Fine, then

[Golgafrinchan]

Also, if you and your chat partner are both using Trillian, you have the option of turning on 128-bit encryption.

Re:Fine, then

[DoraLives]

I suppose if they want the rights to some irreversibly encrypted garbage, they can go right head.

Absolutely. Go right ahead and plan on your average AOL user getting on board the clue train and encrypting their messages. Oh yeah. Really.

Re:Fine, then

[Captbaritone]

is this built in? I can't find it.

Re:Fine, then

[Golgafrinchan]

In Trillian 3.1 Basic: Open up your Connection Preferences for the AIM connection. Click on the Miscellaneous tab. At the bottom, check the following: "Activate SecureIM capabilities", and "When possible, make a best effort to automatically maintain a SecureIM session with my contacts." HTH.

Re:Fine, then

[ackthpt]

I suppose if they want the rights to some irreversibly encrypted garbage, they can go right ahead.

UUEncode Windows and send it to yourself over AIM.

Let Microsoft and AOL club each other to death :-)

Re:Fine, then

[Laivincolmo]

The problem is that while I might be willing to use encryption, some of my friends are not so comfortable with computers and technology. Some of them don't take the time to remove that aim.com window that pops up with the startup of the default AIM client. I somehow doubt that I could convince them to do something as complicating-sounding as encryption. Just my opinion though.

Help a College Student

Re:Fine, then

[mwilliamson]

I think GAIM is a much better client than some piece of proprietary bloatware encumbered with crapware and a nasty eula.

Do you really trust AOL to have choosen and CORRECTLY implemented a good crypto system? Do you trust they haven't backdoored it? Do you think any home-rolled cryptosystem (or even implementation of a solid design) can be trusted without peer review?

Re:Fine, then

[LnxAddct]

Simple solution: http://silcnet.org/
Regards,
Steve

Re:Fine, then

[Apro+im]

It's X509 certificates/PKI. I mean, admittedly, it could just send the data encrypted to an AOL key as well as the recipient, so there's that, but it's not exactly "home rolled"

Re:Fine, then

[the+pickle]

I know you're just joking, and IANAL, but I suspect this agreement is invalid for content to which you don't own the copyright in the first place.

p

Re:Fine, then

[Zorilla]

That's no surprise. Is that bug still there where AIM completely ignores the preference to not show that at login unless you click on junk in the AIM.com window at least once?

At least their preferences are laid out in a sensible Netscape-style window with the categories on the left. The problem is that there's just too many damn useless features to configure, as well as the fact that the actual preferences menu item is buried deep within a pull-down menu titled "My AIM". What the fuck does that tell me as a category and what options are under it? With the narrow amount of space in the menu area, it would be much better off with an "Actions" menu for everyday functions and a "Tools" menu for all the extra wacky features that nobody uses.

Re:Fine, then

[Zorilla]

I might use Gaim under Windows if somebody does something with the damn Windows port of GTK. For something that should merely be an API wrapper, it sure does a crappy job. 4-bit system tray icons in Windows XP? Double-u Tee Eff?

Re:Fine, then

[over_exposed]

Because they say (highly paraphrased) that they can do whatever they want with whatever is transmitted/received via AIM. They can publish the encrtpted message, crack at it, piss on it or eat it and it is within their TOS. Unless they have a clause that specifically forbids encrypted traffic or they specifically mention a work around, they can't do squat in terms of forcing you to reveal the encryprion key or the unencryped content.

Re:Fine, then

[ZephyrXero]

The systray icon was finally updated with version 1.1.2 recently....full color and everything :)

Re:Fine, then

[Compenguin]

> 4-bit system tray icons in Windows XP? Double-u Tee Eff?

Actually they fixed that a few versions back

Re:Fine, then

[opello]

it uses NSS 1024-bit RSA implementation, that's not exactly 'home-rolled'

Re:Fine, then

[MagicDude]

AOL users already incrypt all their transmissions. Take the simple sentence "Hey dude. What are you doing later? I was thinking we should go to the mall." which becomes incrypted as:

HEY DUDE11!!!1 OMG WUT R U DONG L8R????!?? LOL I WAS THINKNG W3 SHUD GO 2 DA MAL!!1!1!11 WTF LOL

Damned if I can decrypt that

Re:Fine, then

[nacturation]

it uses NSS 1024-bit RSA implementation, that's not exactly 'home-rolled'

Assuming the implementation has no bugs or intentionally designed flaws...

Re:Fine, then

[arose]

i'm sorry, but the riaa replaced my shift keys with sharp needles1

Re:Fine, then

[eis271828]

They don't need to decrypt it. They have the right to adapt it. They don't specify to what extent they may adapt it. I think I'll join their workforce and adapt my political enemies' "H@*(FD428yS*@Hs98s(@" to "I hate babies."

Re:Fine, then

[kyouteki]

That wasn't a bug, dude. :/

Re:Fine, then

[chadpnet]

of course aol would never be able to decrypt their own encryption scheme
</sarcasm>

Re:Fine, then

[Monkelectric]

Yea, gaim is ugly... but so is AIM. Trillian is "pretty" but its a ramhog and can't keep its buddy lists seperate for seperate accounts, which is retarded.

Re:Fine, then

[timotten]

irreversibly encrypted garbage

Oh, I know the algorithm for that:

aim.send( md5( rand(10000) ) );

Re:Fine, then

[skyman8081]

3.1 added this ability.

And to have both a link and text in the same message as well.

Re:Fine, then

[ShieldW0lf]

It does support keeping buddy lists separate in the latest full version.

Re:Fine, then

[Zorilla]

Just tried Gaim again with the newer GTK. The sytem tray icon applet looks better, but the rest of the GUI is so goddamned ugly. I wish Windows GTK was just a wrapper to the WIMP method of drawing windows, but it appears to be a way to reinvent the wheel. The black X-style cursor when inside the buddy list and the way the pull-down menus look are a dead giveaway of that.

Re:Fine, then

[Zorilla]

I use Debian alongside Windows XP. Gaim looks great under GNOME with the Bluecurve theme applied (ports over nicely via alien).

Somebody ought to really update the sounds, too, though. On any OS, they sound like crap. What sample rate are those recorded at, anyway? 6 kHz?

Re:Fine, then

Then try a better theme. The default GTK theme is ugly, and there's no doubt about that. That's why most Linux distros use a different theme (like Fedora's BlueCurve theme), and even Gnome itself is going to start including a different default theme soon.

A good one for Windows is WIMP. It looks (almost) like every other Windows app on the system. If you're using the Windows XP style, it looks just as chunky, garish, and downright ugly as any other Windows app. If you're using the Classic style, it looks as square, grey and boring as any other Windows app. If you have a better theme, it'll use that too. I don't know how it'd interact with third party skinning programs like Windowblinds, but it should work OK.

Re:Fine, then

[Apoklypse]

My AIM - isn't that identical to " My Computer " i.e. Bill's Computer ?

Re:Fine, then

[kyhwana]

Uhm, it does, at least with the WIMP theme on XP.
There's no black X-style cursor at all, and all the menus/widgets are themed to the XP theme.

Re:Fine, then

[Apoklypse]

Trillian works pretty decent for me ...

Re:Fine, then

[zotz]

"You may only post Content that you created or which the owner of the Content has given you."

Yes, but the problem is, when someone posts my work without my permission, or in a fair use situation, AOL has no way of knowing.

Now the person's use may be considered fair use sine they are not taking commercial advantage of it while AOL's and cronies' may not be since they are taking commercial advantage.

The person posting under fair use may be violating their TOS, but how is AOL to know?

all the best,

drew

In any event, from here on, no one has any right to post my work anywhere where these sorts of terms are asserted.

Re:Fine, then

[ewg]

Call it "scrambling" instead of "encryption".

Re:Fine, then

[m50d]

Trillian secureim is not so secure though. Better to use gaim-e or kopete and activate gpg encryption for your messages.

Re:Fine, then

[jacksonj04]

Not to play devil's advocate here, but is there any use in irreversibly encrypting your chats? I presume the person at the other end would enjoy being able to decrypt and read your message. Unless of course you happen to enjoy sending people non-reversible hashes.

Re:Fine, then

[vfrex]

Perhaps AOL will finally realize that they are the cause of the downfall of the english language. Perhaps, in an attempt to revive the floundering idiom, they will append their terms of service: i) The use of "1337 speak" is prohibited in any and all conversation windows. Failure to comply is punishable by ban. ii) The use of smiley faces (":)") are prohibited from any and all conversation windows. Failure to comply is punishable by ban. iii) The use of the warn button will result in a virus infecting your computer through the backdoors you installed with our software; thanks :)

Re:Fine, then

[jonwil]

Try Miranda.
Its what I use and it is fairly lightweight and does all the things I need in an IM client (including MSN, ICQ and AIM). Plenty of plugins available. And its fully Open Source (just like GAIM). Plus, its a native windows app with a proper windows UI. (I too loathe GTK on windows and only tolerate it because no-one has nade a usable Open Source paint program for windows other than GIMP)

Re:Fine, then

[STrinity]

You can use your own wav files, you know. Preferences -> Interface -> Sounds -> Choose.

Re:Fine, then

[SpoonDog_SVT]

Except Miranda only supports the older TOC connection to AIM, not the newer OSCAR protocol. This means no buddy icons, only client-side buddylists, etc. I liked Miranda, but the current lack of OSCAR support pushed me to Gaim.

Re:Fine, then

[Bob+McCown]

In crypt? Necrophilia is yucky!

Re:Fine, then

[bcmm]

I know this is OT.
Has anyone else had a problem which causes Gaim to fail to connect to MSN, and then crash on the second attempt? (I get this using Gentoo's ebuild of gaim).

Re:Fine, then

5-12 MB of RAM is obscene. No string-chunking message protocol needs 5-12 MB of RAM. A fucking browswer shouldn't take that much bloatspace to run.

Re:Fine, then

[jp10558]

Mmmm, why is Trillian's IM encryption not secure? Anyway it doesn't help me as not everyone will use trillian. I need some non spyware, non breaking direct connect/file transfer encryption that will work for at least Trillian and AIM clients on the AIM network.

Re:Fine, then

[Monkelectric]

Why would you want to keep your buddy lists separate for each account?

There's *LOTS* of good reasons for that. IE: Not wanting to mingle your work buddy list with your home buddy list.

Re:Fine, then

[Rick+and+Roll]

Better hope they haven't heard of this site, then.

Re:Fine, then

[chadpnet]

lbh vafrafvgvir pybq! :)

Re:Fine, then

[m50d]

There's a simple man in the middle attack that breaks it completely. I don't know all the details. Anyway, I think it's best to use something that integrated openpgp since openpgp is a publishedstandard, has been reviewed by a lot of people, and can be used via "current window" facilities for people who don't have a client that supports it.

Re:Fine, then

[jp10558]

Well, as long as it works with both Trillian and AOL's client, I would use that. What about SIMP?

Re:Fine, then

[joNDoty]

"irreversibly encrypted" ?

Wow, you're hardcore. You don't even want the person you're chatting with to understand you!

Re:Fine, then

[Faceprint]

Actually, we're relasing new sounds when we release Gaim 2.0.0, sometime between now and armageddon.

Re:Fine, then

[AvitarX]

I use Gaim and never see their terms of service.

So how can it apply to me anyway.

I would imagine they would be really taking a risk trying to use the stuff without permission.

Re:Fine, then

[koreaman]

I think for this situation, my .sig will suffice.

Re:Fine, then

[Zontar+The+Mindless]

> Everyone knows security through obscurity doesn't
> work.

Tell that to the CodeTalkers.

Re:Fine, then

[Spetiam]

Too bad Trillian's encryption scheme is snake-oil. It would be trivial for AOL to conduct man-in-the-middle attacks.

Re:Fine, then

[m50d]

Doesn't look so good, since it relies on a user-specified password and doesn't seem to hash it, making dictionary attacks too easy. In theory it should be secure enough, but in practice relying on the user to pick a random password isn't enough. With user-specified passwords like this known plaintext attacks, particularly on the first message sent, are very effective. Since "Hi" is likely to be the start of most instant messaging conversations, I don't think this will be secure enough for casual users.

Re:Fine, then

[WebsterTrivium]

I had the same problem with my friends, I just finished writing instructions for installing and using GAIM and GAIM-Encryption Plug-in, they can be found in my blog. Feel free to pass it on, or use the images and instructions for yourself. Just give a little credit. ^_^ http://www.xanga.com/home.aspx?user=WebsterTrivium It's under "PWD Homework Assignment" for when this post becomes a little bit outdated. And if anybody wants to put it up and give it a permanent home, let me know and I'd be happy to send them the HTML

In response...

[Azh+Nazg]

In response, I have to say this: GPG goes over AIM very well. ;-)

Re:In response...

[mwilliamson]

gaim-encryption.sourceforge.net provides an easy-to-use wrapper for NSS. It's available for both *nix and win32 and works quite well. I like the fact they didn't try to re-implement the crypto, but rather use someone else's proper (and well reviewed) implementation.

Folks, it is time to start putting your letters in an envelope. You can no longer trust the letter carrier to protect your privacy. Envelopes are cheap...so start using them.

Re:In response...

[Supernoma]

That's most of the world, and that is why we have the problem of companies pretty much doing whatever they want without people standing up to them.

Re:In response...

[Donkey5555]

I'd love to start using one of the encryption plugins for gaim. The problem most people have, I think, is that they can't even get their chatting partners to switch away from that monstrous program AOL provides, let alone get them to install a plugin. Its frustrating that in order to be secure, you need to make other, possibly less tech savy, friends and business partners do so also.

Re:In response...

[m50d]

Use kopete, then you're more interoperable because it's openpgp, it will work together with gaim-e as soon as they get a version out that works with newer gaims. And it works with spyshield for MSN too.

Third Party Clients

[Kralizec]

Does this apply to people like me who use Gaim? If I never have to click on anything to accept the terms of service, do I still have to abide by the terms of service simply because I'm using their services?

Re:Third Party Clients

[akeyes]

You still had to accept the terms (or at least the old ones) when you signed up for the account. And, all data still travels over their servers.

Re:Third Party Clients

[Tropaios]

It's their network, their servers etc. If you go about connecting to their property using a client other than theirs I'm pretty sure you have less rights then those people they see as legitimate users.

Re:Third Party Clients

Actually, the new TOS specifically states that it only applies if you:
1) Registered for AIM after February 5, 2005
2) Downloaded AIM updates or software after February 5, 2005

Unless I'm drastically misreading that, that means none of the terms apply to people who've been registered for more than a month or so and use a third party client.

-ShadowRanger

Re:Third Party Clients

[MrLint]

it'll be interesting to see how AOL claims to prove that any non AIM client users can assertively agree to this license. Last time i heard you cant agree to a contract by inaction. And to the best of my knowledge, i dont think any of the 'these terms may change at any time' have been tested in court by 'agreement by inaction'

so it remains to be seen.

Re:Third Party Clients

[Mr.Progressive]

You are drastically misreading that. As the date on the TOS is "February 5, 2004"

Re:Third Party Clients

[TylerL82]

You need to sign up for a screen name somehow...

Re:Third Party Clients

[bsharitt]

I wonder how this affects things like .Mac and other third party AIM compatible services? Also, wasn't AOL talking about opening up AIM for more things like Apple's .Mac implementation?

Re:Third Party Clients

[mothlos]

TOS agreements almost universally stipulate that they can be altered by the man at any time and it is your own responsibility to be aware of changes. You agreed once, you agree if the TOS says that anybody who uses the product must present his or her kidneys at request for black market sale.

Re:Third Party Clients

[shinyplasticbag]

Okay, so he got the year wrong, but what about the third party clients?

Also, I wonder how this will bode for ICQ; will it also become an angsty teenage panopticon?

Re:Third Party Clients

[emrysk]

"Also, I wonder how this will bode for ICQ; will it also become an angsty teenage panopticon?"

Become?

Re:Third Party Clients

[mothlos]

Aye, the language in these things tends to be as broad as possible so as to cover any legal loophole which may exist.

Somebody should start a collection now for the inevitable lawsuit.

Re:Third Party Clients

[kyouteki]

How to click through a ToS...

Re:Third Party Clients

[Coeurderoy]

If you are using a third party client, either its licensed and then it has the same conditions. Or its illegal, and when the various large corporations will have finished to impose software patents on europe, any such client will be forbidden because of "conterfeiting" IP. And they will send you a John Doe letter requesting all your money.

Re:Third Party Clients

[shinyplasticbag]

Note I was implying that it would become a panopticon, not that it would become angsty or teenage-y. Should've made that one clearer, eh?

Re:Third Party Clients

[iamlucky13]

The wording is confusing, but read it at least twice. It really says the only people excluded from the new ToS are those who signed up through Netscape and have not downloaded updates or software since before Feb 5th, 2004. Check out these delicious quotes from the ToS that further confirm the devilry:

Quote 1:

Each time you use an AIM Product, you reaffirm your acceptance of the then-current Terms of Service. If you do not wish to be bound by these Terms of Service, you may discontinue using the AIM Products.

Quote 2:

AOL may change the Terms of Service at any time and in its sole discretion. The modified Terms of Service will be effective immediately upon posting and you agree to the new posted Terms of Service by continuing your use of the AIM Products. AOL will provide at least 30-days' notice before any material changes take effect. If you do not agree with the modified Terms of Service, your only remedy is to discontinue using the AIM Products and cancel your registration.

Re:Third Party Clients

[Pantero+Blanco]

"If you are using a third party client, either its licensed and then it has the same conditions."

Gaim "is not endorsed by or affiliated with" AOL, according to their site, and they're legal. Though I guess AOL may try to change that in the near future...

Re:Third Party Clients

[gmcgath]

AOL issued these TOS fairly recently, didn't they? Does that mean that they're retroactively applying the terms to anyone who downloaded AIM software in the past year? I don't think ex post facto TOS will hold up in court.

Re:Third Party Clients

[bar-agent]

Apple's iChat apparently makes use of the AOL network, but it is not AIM. I don't know if iChatters fall under this new license agreement.

Re:Third Party Clients

[Coeurderoy]

from the AIM Terms of Services "Restrictions on Access to or Use of AIM Products You may access AIM Products only through the interfaces and protocols provided or authorized by AOL. You agree that you will not access AIM Products through unauthorized means, such as unlicensed software clients, and that you will only use AIM Products in conjunction with AOL authorized products and components."
This says "You agree not to access AIM Producs through unlicensed software clients"
So Gaim might not be illegal, but using it is.
Or seen another way: using MSN, AIM or any Instant messaging service that asks you to give away your privacy, and try to force you to use their own interface only is evil, you should not do it. because not only is it evil, but as you join you encourage other through the network effect to do something evil.

Re:Third Party Clients

[djmcmath]

I'm betting that's a logical OR clause. I'm also betting that, virtually everyone who uses AIM will download updates. So uh ... yeah, that applies to any user of AIM. Good try, though.

Re:Third Party Clients

[mzwaterski]

Its not about whether you can agree by inaction. Here, the action is the use of their servers. Agreement to a contract can certainly be shown through performance of specific actions.

Re:Third Party Clients

[Gleapsite]

You agree to them when you register your screen name.

Re:Third Party Clients

[Trejkaz]

I'm also guessing that if you never see the message, you can't have agreed to it, so you're safe. I have a connection to AIM, and I know I haven't seen such a thing... yet.

I use Trillian...

[tekiegreg]

and any information I care about goes through their SecureIM service.

So to AOL: I say this much, exploit fjkd;arjaiwor398u233209u''rju98e32 any way you want guys!

Re:I use Trillian...

[Golgafrinchan]

However, I believe it's true that SecureIM only works if both you -and- your chat partner are using Trillian.

Re:I use Trillian...

[sjbcfh]

So to AOL: I say this much, exploit fjkd;arjaiwor398u233209u''rju98e32 any way you want guys!

"Be sure to drink your Ovaltine."?

Re:I use Trillian...

[clymere]

This is the problem with all of these encryption plugins. GAIM encrypts to only GAIM. NAIM encrypts only to NAIM. Trillian encrypts to only Trillian.

Since I use Naim, I've asked its developers about this, and the short answer i got was "feel free to port the GAIM plugin to NAIM yourself."

So I downloaded the gaim-encryption source last night. Time to start hacking away! :)

Re:I use Trillian...

[ticktockticktock]

Except Trillian's SecureIM is susceptible to man in the middle attacks. It does key exchange right when you enable it without any kind of verification of the keys being exchanged. What stops AOL's servers from simply replacing the keys you exchange with their own and having both ends encrypt to their fake SecureIM keys? Your conversation would still be "encrypted" yet AOL could still sniff what is being encrypted.

Re:I use Trillian...

[tekiegreg]

While all well and good, if discovered my attorneys are gonna have a field day with AOL...Terms of Service or no, there was a reasonable expectation of privacy if I encrypted communications. Thus an invasion of privacy tort has been committed...

Well, as they say, that's the nail...

[theraccoon]

Sigh. Where's Gim when you need it?

Re:Well, as they say, that's the nail...

[Unknown+Lamer]

jabber.org

I'm just guessing,

[Duhavid]

I'm just guessing, but I think they dont want customers. I'm not sending much thru AIM with those terms of Service.

Also, what about users of GAIM, et al, that havent agreed to those terms? Can they enforce this there?

Re:I'm just guessing,

[comwiz56]

In order to use GAIM (on the AIM service) you have to sign up for an AIM account, which involves agreeing to the terms.

Re:I'm just guessing,

[Duhavid]

And if you signed up before the terms changed?

(-: Perhaps I should have been clearer about that.. :-)

Re:I'm just guessing,

[Shachaf]

From the first paragraph of the TOS:

The following terms and conditions apply to all users who either registered for AIM services or downloaded AIM updates or software (emphasis mine)

So using their service is enough to agree to the TOS.

Re:I'm just guessing,

[Ayaress]

They could make it worse on GAIM users if it came down to it. All they have to do is make the AIM client is the only program authorized to access the AIM network (if they're turning TOS tricks like this, it probably already is, for that matter). If you want to make a stink about things, they pull out words like electronic tresspassing since you'd then be accessing the network without authorizatioin. In this case, the way you'd "get away" with using GAIM or Trillian is that the server can't tell the difference between that and the AIM client. The only way to try to claim that you're not bound by the TOS is to admit to unauthorized access. Would it stand up in court? I don't know, but it's AOL. They're big enough to play RIAA-ball and kill you with legal bills.

Re:I'm just guessing,

[Tropaios]

They may change them at any time. Otherwise it'd only affect new users and changing them would be pretty pointless.

Re:I'm just guessing,

[Duhavid]

I can see I should have been clearer.

I signed up for an account a number of years ago. There were different terms of service at that point. Can they arbitrarily change this? ( probably they can ). How will they promulgate this change to/for/with GAIM or other compatible-but-not-AIM IM apps.

Re:I'm just guessing,

[Duhavid]

So, not knowing all these things ( lets suppose ), I fire up GAIM.

I see no messages telling me about this. ( or do I? )

I innocently ( or so I think ) send messages.

Re:I'm just guessing,

[EnronHaliburton2004]

If you read the ToS, they probably say something like "We have the right o change these terms at any time"

Re:I'm just guessing,

[Ayaress]

When you singed up for an account, you agreed to the TOS. The TOS also has that clause that it can be changed at any time without notice, and that you're bound by those changes. The TOS doesn't neccessarily have anything to do with the client you use - You're bound if you install the client OR create an account. You don't even have to download the client, or even any third party client, or even access the network, you signed up for an account, and you're bound by the TOS.

Wether that TOS, the ability to change it unilaterally, or these specific changes are legal or not is a question for the judges to handle, if they ever see it, but like I said in my other post, AOL's big enough to play the RIAA's game and bury you in court costs to make sure it never gets to a judge.

Re:I'm just guessing,

[Duhavid]

1. Establish a service,
1a. Put a clause like that in my TOS.
2. change the TOS to say that they owe me a nickle for each millisecond they live.

3. ???
4. Profit!

Re:I'm just guessing,

[Ayaress]

To use GAIM, you still have to sign up for an AIM account. To sign up for an AIM account, you have to click the TOS. I've had a AIM accounts since they had an 8 letter length limit (I think it was 8. It was a long time ago. I had a 486 with windows 3.1 and under a meg of RAM and could say so without being lauged at), and I had to click the TOS to create all of them. They always had the clause that allowed AOL to change them on a whim. If you never clicked the TOS, then you didn't create your account, and they probably can pull something out of their hat even worse out to throw at you. Not defending AOL, just pointing out that there's another few thousand words to the TOS than just this. No matter how you're using their network, you signed up for an account, and you're stuck with the TOS.

Re:I'm just guessing,

[Ayaress]

Pretty much. But you'll have to get them to give you their credit card or bank numbers first, and that's NOT good for squeezing money out of people

Remember, the best path leading up to the n-1. ???/n. Profit! conclusion is one that involves a major corporation stepping on private citizens. That's what's going on with AOL.

What you're proposing, however, will result in a major corporation getting in an actual fight with several other equally major corporations who are just as fond of litigation as you'd have to be to try that (ever wondered why all banker jokes are just lawyer jokes with the word banker substituted for lawyer?). You can't push Citibank to the edge of bankruptcy and hope they just settle to cut their losses. You can do that to cust_id:11592427, however.

Re:I'm just guessing,

[SubTexel]

They actually did this for a while. (Block 3rd party clients..) I've had an AIM account since 98 or so, and I remember the MS client at one point had problems connecting to it (as did AIM light etc, and Yahoo..) I remember MS talking about opening up the software to allow an industry standard (MS, Yahoo and some others..)..

Re:I'm just guessing,

[pboulang]

I disagree. I use iChat on a Mac. I have a .mac account. I never signed up for an AIM account nor agreed to their terms of service.

Re:I'm just guessing,

[slavemowgli]

A 486 with under one MB of RAM? That's rather unusual, to say the least - I thought the "under one MB" era was when 286's where common. :)

Re:I'm just guessing,

[pcmanjon]

" So, not knowing all these things ( lets suppose ), I fire up GAIM.

I see no messages telling me about this. ( or do I? )

I innocently ( or so I think ) send messages."

Just like the grandma who was sued because her little 8* year old grandchild was sharing tons of music on the net?

Didn't seem to help lower her out-of-court settlement fee at all.

* Not sure if the kid was eight or not, but he was young I think.

Re:I'm just guessing,

[Simon+Lyngshede]

Sadly I don't think most users care. Sure people on Slashdot is going to think twice before using AIM, but how many ordinary people will know about this? Even if people did know, I doubt that most of them will see to problem.

People are a sheep.

Re:I'm just guessing,

[HD+Webdev]

To use GAIM, you still have to sign up for an AIM account. To sign up for an AIM account, you have to click the TOS.

Actually, I signed into AIM's network using my ICQ # and passphrase.

This was back when rumors were running that the networks would be combined. Surprisingly enough, I was able to log in without having to go through any new TOS agreements.

YMMV: I don't know if it is still possible to log into AIM with an ICQ # and passphrase.

Re:I'm just guessing,

[Enucite]

Remember, the best path leading up to the n-1. ???/n. Profit! conclusion is one that involves a major corporation stepping on private citizens. That's what's going on with AOL.

No, the best path involves underpants.
The rest are just cheap imitations.

Re:I'm just guessing,

[xSauronx]

and im just guessing, but i think most AIM users aren't reading the damn TOS and have no idea that this is happening.

Re:I'm just guessing,

[theapodan]

Yeah, not to mention that Win 3.1 wouldn't install with less than 2.

All this means...

[TheSpoom]

...Is that any smart business will not send proprietary information through AIM.

Of course, I say any smart business because I know some dumb ones will. Doesn't Microsoft have a similar policy with Hotmail?

I also really doubt if this were ever tested in court that it would stand. This is evil, but about what I'd expect from AOL.

Re:All this means...

[Beryllium+Sphere(tm)]

>I also really doubt if this were ever tested in court that it would stand.

Why not?

Network owners have significant legal leeway for sniffing their own networks. If they've notified you about monitoring ahead of time, they're on fairly solid ground.

Now, this business of assigning reproduction rights might not hold up. Sending something over AIM might not strike a judge as being a valid assignment of legal rights.

Re:All this means...

[evilviper]

I also really doubt if this were ever tested in court that it would stand.

Quite true, but until they get sued, you can bet that they will be making use of those new freedoms in their TOS to invaide your privacy every way they can. The old "shoot first, ask questions later" strategy.

Re:All this means...

[Len+Budney]

Of course, I say any smart business because I know some dumb ones will.

You mean, dumb companies like Cisco? Cisco employees right up through senior VP level use IM constantly.

Re:All this means...

[Almost-Retired]

Which is why my email sig warns the yahoo attornies that any additions to the email message above made by me are copyright 2005 by me. They got grabby that way several years ago, but there was so much hell raised that it got dropped in about 60 days. Thats been the last 2 lines of my sig for many years, serving to remind me that we can never sleep.

Now I suppose I have to add aol to the list of attornies that should take note.

And, aol lusers (I've never been one) should be doing their own raising of hell, and when you get one corner jacked up, stick a brick under it to keep in permanently off balance. It will be good for what ails them in the long run.

Better yet, we need a national holiday named the Bill Shakespear "first, we kill all the lawyers" Day, where you get to off your favorite sleazebag attorney for free. I'd bet that would put real honesty back into the legal profession fairly quickly. For the rest, well, there is always the annual Darwin Award competition which might so honor some of the more widely known offenders... The enron thing comes to mind.

Didja ever notice that for all the smoke and mirrors our dearly beloved guvmunt puts up, getting those folks who lost everything some of their money back seems to be enum'd about 10,000 lines down from the top of the list of todo's? Ditto for the global crossing thing. The "Ken Lay's" of these things that ruined so many people, should die in a homeless shelter without a cent in their pocket, but keep them completely flat broke, eating in a soup kitchen every other day for 20+ years first, while wearing clothes tossed out the back door at goodwill.

--
Cheers, Gene

Re:All this means...

Also they are taking *ON* a legal responsablity I think.

Follow me here.

Some dweabo posts on the forums or through IM or however it is worded. How to get the latest warez dl. *SINCE* AOL owns that post now they are legaly condoning it. They are also LEGALY tied to what is going on. They have abandoned their 'isp' rights and taken on the responsability to police for activities that are illegal in *ANY* form. Or they could face the wrath in a legal form by being sued...

If I were a lawer I would be licking my lips at this point. That could be BIG bucks...

Encrypt it

[SamMichaels]

Incase you forgot, AIM has built in encryption...just create the keys.

Re:Encrypt it

[jrockway]

Did you write the code for their encryption?

Here's what it looks like, probably:

send_to_server(cleartext ^ non_random_byte);
popup_dialog("Your message was sent securely! No, really!");


Encryption is only as good as the implementation. Why would I trust AOL to do it right?

Re:Encrypt it

[Spetiam]

It's not sent in clear text. Just do some network sniffing and you'll see.

However, that's not to say messages aren't being encrypted with an AOL public key in addition to the intended recipient's public key. I doubt AOL is bothering to do anything like that, though.

Maybe it's just me

[Hal+The+Computer]

I wonder whether this would even be legal.

Re:Maybe it's just me

[hazah]

main() has a type!

Re:Maybe it's just me

[rs79]

>I wonder whether this would even be legal.

I'm wondering the same thing. I'm not sure how much of your rights you can sign away. Not all I know that much. I suspect but certainly do not know, that they can get away with this though.

I have an easy out though. I steadfastly refuse to use an IM service. If they can't figure out talk, tough. "Can I we talk in IM". "No, we can exchange email. It's the same thing but 2 seconds slower".

I also plead ignorance if somebody sends me a doc or xls file: "Huh? What's this? Really? Sorry, I don't have any MS software". Fortunatly poeple dumb enough to send me this crap have never heard of Open-whatever.

You have to nip this evil crap in the bud. I once made the mistake of admitting I might be able to figure out COBOL. Those were the worst two years of my life. This woorks as well for hardware too. Although I've written BIOS chips and worked for seevral (pre-pc) computer companies if anybody in (the small) town here asks me if I know anything about computers I say "no" or "well I was thinking of getting a Mac, why?".

I'm not making that heinous mistake twice.

so what? use a different client

[Indy1]

trillian, gaim, etc

if you really want to fuck with the yellow child molesting bastards at AOL, encrypt all your im traffic.

Best of all, give the shitheads a giant middle finger and stop using the AIM network period.

Re:so what? use a different client

[FuzzzyLogik]

Unfortunately the only way to give them the finger is as you suggest, encrypt the traffic or don't use aim...

a 3rd party client will only allow you to encrypt the traffic... i'm sure this is what you meant but a lot of comments seem to think that just by using a third party client they are immune to this.. you are not.. you agreed to the TOS when you created the account, as such, no matter what client you use you agreed to them when creating the account.

like i said, i think you understood this but for others who are wondering that is what is really meant.

Re:so what? use a different client

[fm6]

if you really want to fuck with the yellow child molesting bastards at AOL, encrypt all your im traffic.

Encryption is the only reasonable privacy measure for any electronic communication, even if the carrier isn't an alleged pedophile. You cannot assume that your email or your IMs go unintercepted, not the way the Internet is structured.

We keep hearing about things like this TOS and ECHELON and other attempts to "invade" all the open information out there, which gets people all pissed. Which is silly, because the problem isn't that people are gathering information, it's that the information is out there to gather. If you live in a glass house, don't be surprised if all your neighbors buy binoculars.

Re:so what? use a different client

[jericho4.0]

You smell like astroturf.

Re:so what? use a different client

[darthdavid]

imeem is closed source, windows only, includes adds and has all of 4 people on it's network. No thanks.

Re:so what? use a different client

[pluggo]

a 3rd party client will only allow you to encrypt the traffic... i'm sure this is what you meant but a lot of comments seem to think that just by using a third party client they are immune to this.. you are not.. you agreed to the TOS when you created the account, as such, no matter what client you use you agreed to them when creating the account.

Exactly. And if you somehow didn't agree to the ToS, then there are no terms. Essentially, they can do anything they want with your data in that case, because you're simply sending cleartext to a black hole in the internet. No contract has been established with you protecting the privacy of your communications. They could air your IM session on the evening news and it would be perfectly kosher.

This is why encryption is a good thing, and why we also need a good decentralized IM network. I'm tired of people being naive until something like this happens, then claiming outrage. Bloody do something about it.

New "reality tv"?

[Mad+Merlin]

Perhaps we're about to see AOL/Time Warner roll out a new tv show... When 12 year old girls chat to each other over AIM - Uncut and Raw!

Re:New "reality tv"?

[sTalking_Goat]

The FBI might have a problem with the conversations of their Special Agen...um... 12 year old girls, being broadcasted on late night cable.

Re:New "reality tv"?

[jasonmicron]

AOL / Time Warner? Nah, more likely that it would be FOX.

In other news, "Who's Your Daddy 2" will be airing once FOX realizes that they are getting some dignity! =D

Not really surprising

[H_Fisher]

People are, by and large, not going to read this slop and/or care.

Those who do read it, and who do raise a fuss, are going to be met with very little interest ("You don't like it? Use another service.") But I hope, and I foresee, that such a broad and far-reaching "license agreement" gets shot apart in court one of these days. There are just too many possibilities for abuse - imagine if your phone company decided to record and use whatever you said on the line in whatever way they wished, without your permission. It'd never fly.

Re:Not really surprising

[pyite]

Heh, while I don't like AOL's decision, I fully support their right to make it. Millions of people freeload off of the AIM system. You do not have a reasonable expectation of privacy when using it.

Re:Not really surprising

[Raul654]

You do not have a reasonable expectation of privacy when using it.

Bullshit. You can't dictate where people have a right to privacy, because the law says that if enough people think that a particular medium is private, it (legally) is, and you need a wiretap order to access it. And I'd bet the vast majority of people who use these services believe their conversations should be private.

Re:Not really surprising

[tftp]

Does it mean that USPS has a right to open all your mail, and then copy and use the contents as it wishes?

AOL is not any different from a mail carrier service because they do the same thing - deliver messages from one person to another.

You do not have a reasonable expectation of privacy when using it.

Why not? Many people abuse telephone network by tying up lines for hours at a time, so what? It does not allow the phone company to record and sell conversations.

Re:Not really surprising

[ceejayoz]

because the law says that if enough people think that a particular medium is private, it (legally) is

If that were true, people (and the police) wouldn't be able to rummage through trash cans.

Re:Not really surprising

[thisissilly]

There is privacy, and then there is the right to profit from your messages.

Based on this license, they can log all your traffic, and then license it to marketers. Or take a copy of the photo you IM'd to your sister, and use it as the centerpeice in their new AOL advertising campaign. Or if you are a songwriter, and IM'd someone a mp3 of your new hit single, AOL/Time Warner can start selling it on CD and not give you a dime.

Re:Not really surprising

[SJS]

Why not? Many people abuse telephone network by tying up lines for hours at a time, so what?

Why not? Because it's the bloody network.

Unless you encrypt your traffic, you're doing the equivalent of using a party line (phone metaphor) or sending postcards (snail mail metaphor). Anyone who has access may listen in/read without let or hindrance. That's why there is no expectation of privacy.

You want privacy on the network? Encrypt. With an algorithm that YOU choose.

It does not allow the phone company to record and sell conversations.

You're mixing arguments here. Recording and selling conversations is not part of the expectation of privacy. I may not be able to reasonably expect privacy, but I can expect that works that I create will belong to me, and may not be used without compensation.

You, a random user, aren't allowed to record and sell conversations without permission, much less the phone company. If you want to push the metaphor in that direction, you'll have to agree to a law making it illegal for you to record a conversation without my explicit prior approval, coupled with periodic notification that my conversation is being "recorded".

This will probably necessitate DRM... how do I know that you didn't take a screen-shot of the conversation after I logged off? ... It just gets messy. Better to invent new metaphors, than to push the old ones too far.

Re:Not really surprising

[twiggy]

AOL is nothing at all like the mail service. While USPS is now privatized, it started out government owned/operated and came with some implicit checks and balances that still (to some extent) exist today. You're giving the USPS money to use their infrastructure, and it is a federal crime for them to tamper with your mail. It's the law.

With AIM -- you're giving them NO money, using THEIR servers/bandwidth. Who cares if they're "just delivering messages"? You're using their CPU time and bandwidth for free (or for ads if you actually use AIM instead of a 3rd party client).

They have every legal right on earth to monitor your conversations all they please as long as they didn't guarantee you otherwise. do I think it's right, good, or intelligent publicity? Hell no. But is it illegal? Also hell no. And it certainly isn't anything at all like the USPS.. I dunno how your goofy analogy got modded up as "interesting".

Re:Not really surprising

[Nels]

Unfortunately, the courts haven't given us much for our "reasonable expectation of privacy".

For a better explanation than I could provide, look into this book:
http://www.law.gwu.edu/facweb/dsolove/Solov e-Digit al-Person.htm
You might find it in your local library. It has better information on the legal side of privacy than you will ever find on slashdot, though that may not be saying much. He's also a good speaker. Wouldn't be a bad choice for an "Ask Slashdot".

Re:Not really surprising

[kb7oeb]

When was the post office sold off? I must have missed that

New terms of service?

[zalas]

I dunno, but that sounds like typical terms of service for something like Instant Messenger, and doesn't sound very surprising or new at all. Granted, I haven't thoroughly read their ToS before... They're supposedly used so that they can distribute your messages (IMs) without any possibility of "infringement," but who knows?

Re:New terms of service?

[thisissilly]

They're supposedly used so that they can distribute your messages (IMs) without any possibility of "infringement," but who knows?

They don't need an irrevocable, perpetual right to do that. A 10-minute right would be plenty.

Re:New terms of service?

[CRC'99]

I dunno, but that sounds like typical terms of service for something like Instant Messenger, and doesn't sound very surprising or new at all. Granted, I haven't thoroughly read their ToS before... They're supposedly used so that they can distribute your messages (IMs) without any possibility of "infringement," but who knows?

MSN Messenger/Windows Messenger already have the same clause... Microsoft can use anything you send over MSN anytime for anything they want... Just because AOL is now doing it, doesn't exactly make it new...

Re:New terms of service?

[edwdig]

They don't need an irrevocable, perpetual right to do that. A 10-minute right would be plenty.

Not necessarily. ICQ (also owned by AOL) allows you to send messages to people who aren't signed on. The message will get delivered to the user when they sign on. I've seen the server deliver messages that are several weeks old. I have no idea how long they hold on to a message before discarding it though.

Re:New terms of service?

[Jussi+K.+Kojootti]

I am not a lawyer, but to me the language used in MSN Terms Of service is very different from AIM's new obnoxious "we own your first born"-license:

We consider your use of the Service, including the content of your communications, to be private. We do not routinely monitor your communications or disclose information about your communications to anyone. However, we may monitor your communications and disclose information about you, including the content of your communications, if we consider it necessary to: (1) comply with the law or to respond to legal process; (2) ensure your compliance with this contract; or (3) protect the rights, property, or interests of Microsoft, its employees, its customers, or the public.

Then again, maybe the third clause means: "If Microsoft profits from selling your conversations, then selling them is considered 'protecting the interests of Microsoft'."

Re:New terms of service?

[cortana]

They don't need to give themselves a right to do that at all.

Have you agreed to the terms and conditions of every mail server your mail is relayed to?

Follow up

[acaben]

In addition to my original post linked in the write up here, I've written a follow up pointing out the insanity that AIM's business service AIM@Work uses the same Terms of Service, while expecting businesses to uses it for their internal messaging system.

No, it really means that...

[PFritz21]

AOL has exhausted all their resources for selling your private information to spammers, and they need a new source.

Sheer volume

[gotr00t]

Even though it looks pretty bad, just remember that the service is so popular that the chances any conversation would acutally be used in any meaningful way by a third party would be about as small as they are now.

Re:Sheer volume

[Deep+Fried+Geekboy]

You're kidding, right?

You can bet everything you own that AOL archive every message that's routed through their system. Their new TOS means that when Government Agency X comes a-knockin' demanding all the messages User Y posted in the last three years, they can simply turn over the records without having to go through all that annoying stuff of warrants, sub-poenas and so on.

In fact, it doesn't even have to be Govt Agency X. It can be anyone. If they want to let them search the archive, they can.

Re:Sheer volume

[The+Archon+V2.0]

Even though it looks pretty bad, just remember that the service is so popular that the chances any conversation would acutally be used in any meaningful way by a third party would be about as small as they are now.

True enough, but security through obscurity has a way of biting you in the ass just when you least expect it....

Re:Sheer volume

[syukton]

you've never used grep, have you?

Grepping when you don't have a hard disk because everything is solid state is much, much faster than you might think. Grepping through billions of lines of text for "bomb" is pretty goddamned simple: grep -i "bomb" *.log

Sheer volume means nothing to anybody who uses computing clusters in their corporate strategy; they have what it takes to parse that volume, and then some.

Re:Sheer volume

[phloydphreak]

ok, lets think about this for a second. The gaim logs of all my conversations for the past 3 months comes to... about 4kb. Assuming I am the average user (not an aim chatter), also assuming 6.1 million users that puts the database load every 3 months at 244GB; any user with a high end computer could store and datamine such data. These figures indicate a severe danger of a compromise of personal privacy.

now for my analysis of what it can be used for (read: ignore unless you want bias).
There are 3 major areas which could be compromised by this addition.
(1)code sharing between scripters; use ftp to share your scripts, if you dont have an ftp server, you are probably going to get caught anyway, so have fun.
(2)code sharing between application developers; unless this development is going to be used for illegal activities, the legality of anyone stealing said code would be called into question. Lawyers live for lawsuits against bigtime companies like AOL and would do such work pro-bono, however INAL
(3)code sharing between students: I doubt the university will ask for aim logs when prosecuting a student. They have no need for burden of proof anyway, they have complete power over the student as is.
(4)(yes i said 3, what) pedophiles: good riddance to dirty old men talking to other dirty old men.

my two cents are spent.

Re:Sheer volume

[pchan-]

Okay, nobody seems to get the point of this change, so let me spell it out for you:

ADVERTISING

They don't care about reading what 12 year olds gossip about, and they don't care about finding criminals, terrorists, or anyone else. They care about *making money* by selling targeted ads to you, and they will figure out what you like by parsing context out of your chat logs. Y'know, like Google does with Gmail and Google Groups. The TOS let them do whatever they want with the data so they can store it, mine it, and sell the results anytime they feel like with no consequences.

Re:Sheer volume

[that+_evil+_gleek]

>In fact, it doesn't even have to be Govt Agency X. It can be anyone. If they want to let them search the archive, they can.

And anyone who hacks into their system as well.

Re:Sheer volume

[drew]

You can bet everything you own that AOL archive every message that's routed through their system

which is of course something like 2% of all AIM traffic, as almost all communication happens client to client. but hey, this is slashdot, why let facts get in the way of a good conspiracy theory, right?

not to mention, as a couple other people here have already pointed out, the new TOS covers 'posts', not messages, but it seems almost everyone here missed that part completely....

Re:Sheer volume

[plague3106]

You can bet everything you own that AOL archive every message that's routed through their system.

I'm sorry, are that stupid? Do you know how much disk space that would take? In addition to indexing it to make it searchable by them?

Re:Sheer volume

[syukton]

grep -i "bomb" | grep -v -i "da bomb"

that f'

[unikorn]

ing sucks

What about GAIM and Trillian?

[Laivincolmo]

The terms of service stated information about registering with AIM, but what is their stance on using the AIM service with 3rd party clients? On another note, it says that this will affect you if you registered after February 5th 2004.. How could they change the rules now and not make the date effective as of now? Are there any open source sort of IMing protocols?

Help a College Student

Re:What about GAIM and Trillian?

[EvanED]

The terms of service stated information about registering with AIM, but what is their stance on using the AIM service with 3rd party clients?

To use 3rd party clients, you still need a login, so abide by the same terms.

On another note, it says that this will affect you if you registered after February 5th 2004.. How could they change the rules now and not make the date effective as of now?

Probably originally there was a clause that was "we reserve the right to change these agreements at any time, and post changes to www.yaddayadda.com"

Are there any open source sort of IMing protocols?

Yes

Re:What about GAIM and Trillian?

[pyite]

Wow.

http://www.google.com/search?hl=en&q=open+source+i nstant+messaging&btnG=Google+Search

Re:What about GAIM and Trillian?

[EvanED]

IANAL, but the terms are binding on you not because you use AIM (though they probably put the stuff in there too), but because you registered for an AIM screen name.

See the suggestion in response to another of my posts where someone said you could try to get your friends to change to another client that supports multiple protocol, then you can change networks and still talk to them, but they can still talk to all their AIM buddies. Might be possible.

What if I don't have the right to grant the right?

[Dunarie]

How can I grant them the right to use something I send over AIM if I don't own the material? Say I send a poem out of a book of poems that the author has copyrighted, but I am not the author, nor do I have permission from the author to redistibute. Esentially what I've done is illegal by sending it to someone else over AIM, but AOL says that I've given them the right to say use that poem in a (weird) commercial. How can they insist I give them that permission if I don't myself have the right to give it.

Note to self: If I ever make any poems, don't send them to editor over AIM.....

Your AIM encryption options

[Fourmica]

1. Trillian. SecureIM, but Windows only.
2. SILC. Open encryption standard, many *nix ports.
3. JohnyTech. Windows encryption for a bunch of different IM protocols.
That ought to get you started.

Re:Your AIM encryption options

[PornMaster]

The official AIM client supports encryption via client-side certificates, too. Options -> Preferences -> Security.

I have a self-signed cert generated in OpenSSL.

Instructions here.

Re:Your AIM encryption options

[Agarax]

Dont forget GAIM, its Open.

Re:Your AIM encryption options

[rm999]

As I understand it, encryption is useless unless both users have enabled it. On my AIM list right now, 1/75 users has it on. 90% of the people on my list don't even know what encryption means in this context. I doubt these people will care about the new TOS and will likely not go to the trouble to turn encryption on. Just my guess...

Re:Your AIM encryption options

[ocelotbob]

Another one: http://gaim-encryption.sf.net/

Re:Your AIM encryption options

[_Sprocket_]

The official AIM client supports encryption via client-side certificates, too. Options -> Preferences -> Security.

Yes, well... of course you DO trust AOL, right? Their embeded encryption option is surely the right way to go. Not like they would do anything underhanded that would invade your.... privacy... that you apparently don't have any expection to. Wait a minute...

Re:Your AIM encryption options

[cynyr]

last time i checked the newer versions of win-gaim(gaim for windows) support SILC just thought i would let you know

Re:Your AIM encryption options

[Ilgaz]

They trust to Trillian.cc based in? Better not continue as trillian fans will hit me :)

Re:Your AIM encryption options

[Anubis350]

in this case I probably would. The security features are really there for aim's marketability to corporate markets, so its probably reliable.

Re:Your AIM encryption options

[John.Thompson]

But what if the AIM client autoamatically encrypts with an AOL key as well? There's no way you could know this or prevent it.

Re:Your AIM encryption options

[LinuxHam]

You forgot:

0. GAIM with GAIM Encryption - Multiprotocol, multiplatform IM client and its encryption module that encrypts any IM protocol you use

It also maintains the same look and feel across Windows and Linux and is a key component when helping individuals and organizations get off Windows desktops. It may the closest thing I've seen to cross-platform OSS perfection.

My current customer (~6000 employees) already uses Thunderbird and Firefox, and they are begging to get onto Linux desktops. I introduced them to this pair recently, and the first few pockets of users are starting to show up. They've considered setting up their own Jabber server, and I'm still helping them get a better understanding of how it works (not my main job there).

Get a good client in first, then change the protocol. Wash, rinse, repeat enough times until the underlying OS is irrelevant.

Re:Your AIM encryption options

[_Sprocket_]

The security features are really there for aim's marketability to corporate markets, so its probably reliable.

How much of the consumer AIM code is used for the Enterprise product? Is it the same client? It's not the same server - the Enterprise solution involves a stand-alone server deployed on site. And come to think of it... knowing how "Enterprise" encryption products are marketed... there would very likely be a feature that enables the server admins to pull an entire transcript of any communication. Such a feature would easily be applied to the consumer product too.

Granted - I'm playing devil's advocate here. I don't have direct knowledge of any such features. But I would caution against blind trust in a company that has a policy of acting against one's own interest.

Re:Your AIM encryption options

[_Sprocket_]

They trust to Trillian.cc based in?

Fair enough point. But keep in mind that Trillian isn't the one who states that their users have no expectation of privacy and any content being transmitted through their client is perpetually licensed to Trillian and its agents, et al.

Re:Your AIM encryption options

[anethema]

Actually, by far the best product i've used to encrypt msn/aim etc is Simp.

Simp for windows uses a 2kbit RSA pub/priv key system to authenticate, and uses that to exchange a 128 or 256 bit AES key. It is very customizable, and changes the colour of the text of the people you're talking to to show they are encrypted and authenticated (2kbit rsa was used to exchange the aes key) or that they are just encrypted (diffie hellman method used to exchange key), or not encrypted at all.

For *nix, they have a transparent proxy server running. I'm in slack now and it works great. also changes the colour/name of the person (if you want of course, its all customizable for both versions)

Every single person I talk to regularly uses simp for encryption. (which is about 5 people, but there is still the bunch of people i talk to occaisionally who dont use it)

Anyways, its all totally free. They have a for pay version that has some more features..i think chosing different encryption types and sending files encrypted (but i use skype for that currently anyways..which has rsa key authentication and aes-256 for everything else)

Either way, linky here.

Re:Your AIM encryption options

[pablonhd]

this is what i use at work.

http://www.thehua.com/myworld/secure_aim.htm

Re:Your AIM encryption options

[trawg]

I recently installed PGP Desktop 9 beta and noticed it has features for AIM encryption in it as well.

Re:Your AIM encryption options

[geminidomino]

Unfortunately, GAIM w/ GAIM Encryption only works on, well, GAIM. Since GAIM on Windows is still a bletcherous abortion that deserves to be horribly killed, it's going to be difficult getting the non-geeks to use it, and AFAIK, that would be the only cross-platform encryption system available.

Oooh, I'm shocked!

[HD+Webdev]

FUD.

Actually, the traffic mostly moves from peer-to-peer. It's not like private messages and files all go through AOL's servers and then get to the other party. That would be a huge amount of traffic to deal with.

To confirm this, all it takes is less than a minute of looking at network traffic logs to see messages and files being transferred directly from one person to another.

Re:Oooh, I'm shocked!

[pyite]

Erm, no. By default everything does go through their servers. Only when you "directly connect" does it do peer to peer.

Re:Oooh, I'm shocked!

[Deep+Fried+Geekboy]

Not true for .mac (iChat) traffic. It all gets routed through the AIM servers unless you want to transfer some kind of attachment, like a jpg, in which case it will open up a peer-to-peer connection and change the modality.

I don't know yet how this affects iChat traffic but I assume badly, as I can't imagine AOL would separate out the traffic.

Re:Oooh, I'm shocked!

[Lord+Omlette]

I'm pretty sure this is wrong. Everything goes through AOL's servers.

And it couldn't possibly be any larger than the amount of data Echelon has to deal w/ regularly, my guess is they're doing this as a way of appeasing the govt. "Sure, we'll change our privacy policy, but please allow us to use your beefy data centers..."

Re:Oooh, I'm shocked!

[DJDutcher]

The messages do go through AOL's server by default. I just checked this with Ethereal. It makes sense too, if it was peer to peer you probably would have to open a port for it to work.

Re:Oooh, I'm shocked!

[JonXP]

Actually, all messages ARE routed through AOL's servers. Peer-to-peer traffic only occurs when you are a) doing a file transfer, or b) using AIM's DirectConnect feature. Therefore, AIM can see anything you transmit over their network, and that includes all messages as well as file names/sizes/etc for transfers (but not the actual files themselves).

This is actually standard through virtually all Instant Messaging systems, partially due to the complexities of routing that NATs and firewalls introduce to the internet, and partially because client/server is just plain more reliable and easier than P2P.

(This is from a guy that's done a lot of IM protocol observation/hacking/developing)

Re:Oooh, I'm shocked!

[the+pickle]

Using the official AIM client, this is mostly true.

Using something like Adium, it's mostly untrue, and when using something like AIM Express (or whatever they're calling it these days) it's *entirely* untrue. Most third-party clients do NOT connect directly unless explicitly directed to.

p

Re:Oooh, I'm shocked!

[ceejayoz]

I'm pretty sure this is wrong. Everything goes through AOL's servers.

I know for certain the file transfers don't - I get two megabyte per second speeds transferring between computers on the LAN here, far faster than my DSL permits over the 'Net.

Re:Oooh, I'm shocked!

[binand]

What if the two parties are behind NAT-gateways?

Re:Oooh, I'm shocked!

[HD+Webdev]

Erm, no. By default everything does go through their servers. Only when you "directly connect" does it do peer to peer.

Yes, I did say:

It's not like private messages and files all go through AOL's servers...

I could reply to all of the others, but it's obvious that they didn't understand the ALL word that I used. (You seem to be the exception so far, that's why I'm replying to you).

So, I'd be wasting my breath repeating 'please read my post again' messages to the others.

(It's sort of amusing that people are getting a bunch of mod+ points for disagreeing with me even though they didn't correctly read my post. Their disagreements are based on things I did not say yet they are getting rewarded by moderators today completely regardless of that fact.

Re:Oooh, I'm shocked!

[HD+Webdev]

Lord Omlette (124579) said>> I'm pretty sure this is wrong. Everything goes through AOL's servers.

ceejayoz said> I know for certain the file transfers don't - I get two megabyte per second speeds transferring between computers on the LAN here, far faster than my DSL permits over the 'Net.

Yes, that's why I mentioned looking at network traffic.

Although you have direct experience with what I was explaining, you don't get credit for that. Yet, an "I'm pretty sure this..." post without any personal experience to relate gets credit for being informative on slashdot instead of someone like you who has actually seen the direct p2p activity going on.

Either today's chosen mods are not having a good day or anything rebutting an "AOL IS SCANNING YOUR BRAIN" type story isn't as likely to get modded up.

Re:Oooh, I'm shocked!

[Lord+Omlette]

I'm sure that the mods can download the source code to gaim anytime they want and see for themselves that neither oscar not toc send IMs directly to other people...

Re:Oooh, I'm shocked!

[mrchaotica]

Couldn't you make an AIM client that automatically and immediately switched to direct connect after you sent the first message to whoever you're talking to (assuming they had the client also)?

Re:Oooh, I'm shocked!

[JonXP]

Theoretically, I'm sure, but due to NAT traversal and firewalls, if both sides are closed off from eachother then the direct connection is impossible.

An increase in broadband access (and the NAT to share the access between computers) has contributed to this happening more often, but recently UPnP adoption has made this double firewall scenario less common, however your client needs to know how to work with UPnP.

AIM and Trillian *do* use UPnP for NAT/Firewall traversal. I can't speak for GAIM.

Re:Oooh, I'm shocked!

[assassinator42]

IM's certainly get sent through AOL servers unless you establish a direct connection. File transfers can go through their server also, check out the firewall settings under file transfer and you see an option for AOL proxy server. With the default settings, if both parties are NATed, their proxy server is used.

Re:Oooh, I'm shocked!

[MCron]

In the double-firewall scenario, file transfer and direct connections can be done, provided both users have recent clients. Both users already have a connection open to AOL. That connection can be used for a redirection of the file sending, allowing files to get through.

George Vulov, the guy who made TerraIM was telling me about implementing it. Apparently a pain, but well worth it

Re:Oooh, I'm shocked!

[JonXP]

If it's what it sounds like, it's actually a crazy UDP trick that requires your router to respond a certain way in a certain situation (which most residential ones do, but business and college campus ones don't). It *is* a pain, but it makes most residential double firewall situations go away, and is uber-geeky-cool.

Messaging and Encryption:

[Amnenth]

Too bad for AOL that I always encrypt my messages whenever I'm talking about anything meaningful. They might get a few 'Hey's and 'Hi's, but that's all. Of course, there's the moral issues behind this, too. I'm seriously considering jumping to another IM service that isn't trying to pull shit like this.

In Plain English

[lax-goalie]

"We retain the right to spy on you, profit from any good ideas you have, and tell your wife about your girlfriend."

I'm just guessing, but I'll bet no one thought to run that last part past their management team...

Re:In Plain English

[Archangel+Michael]

Are you kidding? That is exactly the problem, as my wife IS my management team.

Okay, it seemed funny at the time.

No encryption necessary

[EvanED]

99% of what goes over AIM is garbage anyway.

(I know, I produce a lot of it)

iChat?

[buckhead_buddy]

Where does one find these updated terms of service?

I use iChat via a .Mac account to talk to some AOL and some .Mac accounts that may or may not be through an AOL issued account.

How will these updated terms of service be presented to me so I can be sure to discontinue my use rather than agree to this absurd policy?

Re:iChat?

[onepower]

Not true...

Apple's iChat A/V and Trillian Pro on the PC are unstoppable together. AIM limits the size of the video on the PC, Trillian Pro doesn't... besides the video quality is really nice.

Can't wait to see skype with video though

Re:iChat?

[TheRIAAMustDie]

Trillian Pro, eh?

Well, that's something I'll probably tell my customers then. Thanks for the tip, I don't have access to a PC with a webcam for testing.
As an aside, are there many cams with autofocus and built-in microphones like the iSight for PCs?

.mac impact???

[Deep+Fried+Geekboy]

that's another TOS I won't be signing.

How does this affect former .mac subscribers (like me) who use AIM for their old .mac names? Not very well, I think.

What about current .mac subscribers? Does the iChat stuff still get routed throught AIM??

FSIMP

[ThisNukes4u]

In light of this anti-personal freedom act on the part of AOL, I would like to give a shameless plug to my project, the Free Secure Instant Messaging Protocol. Please, do not be sparse in criticisms, and if you have any, please help to fix them. The only way it can succeed is through the communities feedback and suggestions.

gaim off-the-record (encryption with deniability)

[skillio]

off-the-record messaging is a standalone library which has also been included in a gaim plugin - its encryption with NO digital signing at all, however it still provides authentication (unlike trillians secureIM, which doesnt let you know WHO the hell you're talking to, despite the encryption.) it works for both nix and windows versions of gaim - i'm no encryption expert, but i sure um...feel a lot safer when using it.

perhaps someone more qualified than i can peruse their whitepaper and give some more informed feedback as to the security/robustness of the protocol/implementation :)

People still use AIM?!

[mike_sucks]

Why aren't you using Jabber instead?

It's Free Software, it's non-evil and there are clients for every platform out there.

You can even use it for cool stuff like IM'ing system alerts to you, as a cheap replacement for SMS on mobile phones (AUD$0.02 vs AUD$0.25) and to publish and subscribe to news feeds.

Re:People still use AIM?!

[EvanED]

Because everybody and their dog uses AIM, and it's sorta hard to get the 20 or 30 people you talk to on AIM to switch with you, especially when they won't switch until the 20 or 30 people they talk to switch, which won't happen until the 20 or 30 peop... well, you get the idea.

Re:People still use AIM?!

[rob_squared]

Jabber is great and everything. But have you ever *tried* to get a friend to try another IM account? I know people who only have yahoo, or only have aol, or msn, or icq. Well, maybe not ICQ too much. But the point is, most people who have something stick to it. That's why there are suckers who use deadaim instead of gaim. And most users would still agree to a ToS that says that someone will poke you in the eye every thurday.

Re:People still use AIM?!

[vandrad]

same logic applies for getting people off of Yahoo IM

Re:People still use AIM?!

[Trillan]

And why not? It isn't like they need their eyes for reading the TOS, is it?

Re:People still use AIM?!

[mike_sucks]

Heh. Everyone who uses some IM system $FOO always says "but eveyone uses $FOO" when someone suggests they switch to anouther one. But I guess that's because they use it because all their friends do and so it does seem like everyone uses $FOO.

Anyway, to get people to move over to Jabber, proceed as follows:

1. Switch you Jabber yourself
2. Get your friends to switch to a multi-protocol client so they can still IM you
3. Switch them to Jabber
4. ...
5. Profit!

To avoid feeling too lonely right after (1), you could possibly swap steps (1) and (2).

Re:People still use AIM?!

[ZephyrXero]

Well, they had to download, install, and then try out AIM, MSN Mess. & Yahoo at one point too...

AIM isn't secure anymore?

[dirtsurfer]

Well now what will I use to transmit all of my sensitive information? :(

Re:AIM isn't secure anymore?

[rob_squared]

" Well now what will I use to transmit all of my sensitive information? :("

Very well-crafted paper airplanes.

Data mining for patents?

[Eric_Cartman_South_P]

They could scrub all the text for phrases like "I have a great idea" and then human parse them for interesting bits. Lots of false hits, but some gold in the rough to take, steal, and go to market first with the ideas? Who knows. Comb for ideas, sell to other companies and VC firms. Skim the filthy froth of the weary intarweb and sell it!

Only affects those signing up after 5 Feb 2004

[Golgafrinchan]

From the AIM TOS page:

The following terms and conditions apply to all users who either registered for AIM services or downloaded AIM updates or software on or after February 5, 2004. AIM users who do not register for AIM services or download AIM updates or software on or after February 5, 2004 and are members of the Netscape Network will remain bound by Netscape's terms and conditions. All other AIM users are bound by the aol.com terms and conditions.

I suspect the vast majority of Slashdot users signed up for AIM years ago, if they did at all. This shouldn't affect them.

Re:Only affects those signing up after 5 Feb 2004

[Peyna]

Until they change it just enough so that you can't use it without updating it and are then bound by the new terms.

Re:Only affects those signing up after 5 Feb 2004

[Amnenth]

Does anyone have a link to the Netscape Network TOS?

I'm really thankful my name predates AIM's magic cutoff. Maybe I'll be able to escape this bullcrap.

it's just......

[nobuzz]

reason number 18513 not to use aim for anything

this sucks

[philipkd]

This is not a "if you don't like them don't use them" kind of argument.

What's wrong about this is how sneaky it is. Terms of Service agreements are not read by the vast majority of users. So, they're basically screwing their AIM users without informing them. I don't consider little lines in Terms of Service informing them.

So, let's hope the media and slahsdot and others can make people aware of this.

You wonder how privacy rights are lost. It's the naievety of the common man.

Maybe its not that bad

[thecue]

It seems to me that "posting" means something like the profile that many users have. You give AOL the right use/make available that content however you want. Maybe they define posting somewhere, I didn't read the TOS or anything. Most all of AIM's traffic (messages) between clients are direct connections anyway, it's not like all AIM traffic travels over AOLs network at some point or anything.

Off The Record

[dcclark]

Gaim/Adium/otherwise libgaim-based folks, don't forget Off The Record encryption, which can encrypt your messages regardless of the protocol. No worries if you have things to say over AIM that you REALLY don't want others to see. But if that's the case... why are you saying them over AIM anyhow?

iChat?

[TheRIAAMustDie]

How will this affect Apple's iChat?

There's no way Apple will go for this, and their app uses the AIM service as well as the .Mac service. Will they just move to using the .Mac service solely?

If they stop using AIM, there will be no way to have a proper videoconference with PC users. There is currently no other solution than using iChat on the Mac and AIM on the PC together. Yahoo Messenger only supports a webcam feature, no audio, but if you were to run Skype side-by-side, I assume that would work.

It's all about the clean solution, though, and if AIM's new terms cause Apple to have to rethink its instant messenger service, we may be without a decent conferencing solution for a while.

Harsh move, AOL.

Sounds like a job for Captain Obvious!

[Trillan]

C'mon guys. Entertainment value aside, even assuming the interpretation is correct (and it looks right, I'll admit) there's no way this was intended. In a few days the TOS will change again, and we'll be telling jokes about AOL for years to come. Well, more jokes, anyway.

Don't get me wrong -- eternal vigilance and all that. If it hadn't been caught, it probably would have stayed there forever. It just goes to show that no one reads these things, including the people who write them.

Hmm.. Contradiction?

[VexSky]

The new statement, if taken in a "harmful" manner, seems to contradict their privacy policy, unless they intend to not "read" it, but simply mangle it, compile it, stamp it, then mail it to anyone they please....

The snippet from the privacy policy (here) with emphasis from me:

AOL does not read your private online communications when you use any of the communication tools offered as AIM Products. If, however, you use these tools to disclose information about yourself publicly (for example, in chat rooms or online message boards made available by AIM), other online users may obtain access to any information you provide.

Re:Hmm.. Contradiction?

[acaben]

I noticed that the privacy policy says it's new as well on the AIM page.

What I'm wondering is why they need a privacy policy if in their Terms of Service they say "You waive any right to privacy."

That's a big suprise

[egommer]

Hotmail had the same terms of service and no-one really cared about it. They grew even bigger. NO ONE EVER READS THE TERMS OF SERVICE.

This ought to be interesting...

[Flower]

They label it "Content" but anything that you've created going over their service would fall under copyright. I don't see their terms of service as being a legal transfer.

Not knowing how an AIM account works at all, I wonder what would happen if you put something in your profile like "I do not give AOL permission to use anything under my copyright without written consent and appropriate compensation." Obviously it invalidates the Terms of Service and they would more than likely kick you off if it was noticed but what would happen if they did use your copyrighted work under those circumstances?

Never!

[theWrkncacnter]

They will never get my plans for the death ray!! AHAHA!

Solution

[Lord+Kano]

ROT 13 and DMCA them if they UN rot it.

LK

Now, if I dont RTFA,

[Duhavid]

Why would I RTFToS?

Re:Now, if I dont RTFA,

[Ayaress]

Because if you go into court, and it appears to the judge that you don't care enough to know read a contract before you get yourself implicated with it, the judge probably won't care enough to hear your defense. The old addage that "ignorance is no defense," is a bit innaccurate. It should really read, "Ignorance is worse than no defense."

Three little letters...

[MsGeek]

I. R. C.

Simple, a time-tested protocol, easy, tons of free/open source and free-beer-ware clients, and it doesn't take a genius to set up either side. If you don't like the big chat networks (I don't) set up your own. Really, it doesn't require a hell of a lot of resources to run an ircd.

If you are paranoid about security, run the ircd in a chroot jail.

Re:Three little letters...

[Motherfucking+Shit]

If you are paranoid about security, run the ircd in a chroot jail.

And even better, wrap ircd inside of stunnel, then set up your firewall to reject packets to port 6667 on the external interface. People will only be able to connect if they're coming through an SSL-encrypted session, meaning that the conversations can't be sniffed on the wire. The downside is that all of the folks you want to talk to will have to be running stunnel themselves, but if you can get 'em to figure out IRC, they can probably handle stunnel.

Re:Three little letters...

[dosius]

My IRC server has SSL support enabled - unrealircd supports it - don't need stunnel. XD

Does work with or without SSL enabled, but you can block channels to people who aren't connected by SSL.

Moll.

Does this mean that they are now responsible?

[nettdata]

Does this mean that they could now be considered responsible for the content that is passed over their network?

For instance, if someone were to send a bunch of sick kiddie-porn crap using AIM, does that mean that they can be held accountable for it?

Probably not, but they should be.

Re:Does this mean that they are now responsible?

[bl00d6789]

Actually, I believe that while it may not be statutory, precedent has at least established that if they have the ability to monitor content, then they are responsible for monitoring content. This is why IRC networks, Usenet services, and ISPs in general are wise not to implement any mechanism for monitoring the content of the traffic over their networks. If it can be shown later that they had the ability to intercept a message and didn't, and damage resulted, they're potentially liable. However, I would assume that AOL's argument would be that, even though they're technically able to monitor conversations, and do, it's impossible for them to monitor -all- conversations. They have a lot of money, so I'd probably place my bet on them if it went to court, but you never know. Definitely a grey area.

Interpretive Dance

[Esion+Modnar]

So they could perform your AIM chat session in Times Square, or maybe even... Your AIM Chat Session! On Ice!

Hey, how about getting that guy, whathisname, the one did that thing in Central Park, to interpret your chat session in plastic sheeting or whatever, like a big condom over the Empire State.

Free association really sometimes scares me...

It's time for Jabber

[kg4eyf]

This is precisely one of the reasons everyone should start paying attention to the XMPP standard. We shouldn't be trusting a corporate entity and closed standards with what has become a very viable form of internet communication. Just like the standards we use for http, ftp, ssh, and everything else, we all need to start supporting the standards for Instant Messaging too. It's time to get everyone we know off of AIM. And start showing them jabber. And those of us with programming skills need to contribute to the servers and clients to make the better and well known.

Re:It's time for Jabber

[rpwoodbu]

YESSSS!!!

Jabber offers so much, including:

• Potential for full control of message path using an open and extensible protocol.
• Ability to carry messages over a secure connection (i.e. SSL); this is well supported.
• Flexibility to use different clients and servers, all which interoperate without the worry of a protocol change specifically designed to break 3rd party clients. There is no concept of a 3rd party client.
• Support for cross-communication to those other chat services with those awful EULAs, just as a stop-gap until the world becomes fully enlightened. This does NOT require a multi-protocol client... it is called a "transport", and it lives on a server. One login, full communication... that's easy!

There are a number of freely usable Jabber servers, so you can begin enjoying it right away, without setting up a server yourself. Just because you're using one server doesn't mean you can't talk to users on another. Your Jabber ID is in the form username@server, just like an e-mail address, so this ability is intrinsic to the design of Jabber. This is the beauty of a decentralized model.

An excellent Windows client is Exodus. A popular cross-platform client is Psi (based on Qt). Even the ubiquitous GAIM has support for Jabber. And very soon, iChat in Mac OS X will support Jabber! I've even considered making my own cross-platform Jabber client; isn't it great that we have that option? For more information on Jabber in general, visit jabber.org

The most widely used Jabber server software is jabberd 1.4. It is usable in Linux and Windows. For a concise comparison of open-source servers, click here. For a comprehensive list of Jabber servers (both open and commerial), click here.

NOW HEAR THIS -- Start using Jabber!

Re:It's time for Jabber

[kg4eyf]

Well, there used to be jabberd quickstart. But it's now a few versions behind. Really though, jabberd is very well documented and not that difficult to set up. I know several people who have done it. Also ejabberd is becoming quite popular, but I haven't installed it yet, so I don't know how easy or difficult it might be. The hardest part is the transports, but core jabber functionality works by basically changing all the instances of localhost to your server name in the config file. And besides, users of AIM mostly aren't interested in running their own server, but they can definitely go ahead and download a client and start using one of the public servers. Many of them even offer the transports to legacy IM services.

Re:It's time for Jabber

[Unknown+Lamer]

JabberD is a bitch to setup but I just installed ejabberd and had it up and running as a test server in less than five minutes. It's much easier to setup and I'll be migrating the hcoop.net server from jabberd to ejabberd over spring break. It even has a nice web interface.

It's nice having a single config file and not having to deal with configuring stuff. It can use ldap for auth if you want too (among other things). In the default config enabling most gateways is a matter of uncommenting the relevant lines and reloading the config.

Re:It's time for Jabber

[benow]

... because the jabber allows for small community installations, as well as larger. Larger will be migrated from if there is reason and the smaller, well, you'll know an admin, or know your referrer who knows an admin. In either case you use your own discretion... hopefully starting out with a good interpretation of vector of intent.

Re:It's time for Jabber

[benow]

There's also several jabber to irc gateways, which allow bitchx, irssi, xchat, mirc, etc to be (casual) clients to jabber group services

Its because of the Patriot Act

[GISGEOLOGYGEEK]

AOL was forced into doing what they did, so that they don't get sued when the government walks in and confiscates everything in yet another mis-use of the Patriot Act.

Its OK to hand over your inaliable rights when its to protect you from the enemies your government made for themselves.

New?

[Mr.Progressive]

Seeing as how these terms were introduced on February 5, 2004, I wouldn't exactly call them "new." In fact, I had already come across these ridiculous terms a few months ago in one of my first forays into the world of 'reading the licensing agreement.' I was a little taken aback at first, but then I realized that most of what I, and most people, say over IM is complete garbage anyway and probably hardly worth the expense of any kind of data mining. Plus, if I ever really wanted to send sensitive information, I'd find a better way. So essentially, I think, this is a non-issue. But I could be wrong.

Re:New?

[hyfe]

Plus, if I ever really wanted to send sensitive information, I'd find a better way. So essentially, I think, this is a non-issue. But I could be wrong.

Yeah, but this really is a potential gotch'ya.

What this means, is that if a disloyal employee at AOL uses his access to spy on somebody for whatever reason (industrial, personal, etc) he'll most certainly be breaking company rules, but you will have no case against him since AOL had the right to do this. Arbitrarely signing away rights for no reason is never a Good Thing.

Beware a company stating 'we will never do that! (but we reserve the right in-case we ever want to)'

Re:New?

[WhatAmIDoingHere]

What rights? "The Right to not have your IM conversation snooped on"?

Re:New?

[hyfe]

Basically, yes.

ISP's shouldn't read email, IM providers shouldn't read IM's. Telephone companies shouldn't listen in on phonecalls. Bus companies shouldn't record conversation on their busses. You shouldn't record your neighbours movements. You shouldn't stalk ugly women walking in circles around trees.

Re:New?

[WhatAmIDoingHere]

... They shouldn't. That's not the same as saying ugly women walking in circles around trees have the right to not be stalked.

You're assuming that any kind of Right to Privacy exists online. And you are very wrong.

Re:New?

[hyfe]

That's not the same as saying ugly women walking in circles around trees have the right to not be stalked.

I believe most people recognise the right 'not to be stalked', along the same notes most people would sue the telephone company if they started recording/giving out to strangers your telephone conversations. Why is e-mail any different?

You're assuming that any kind of Right to Privacy exists online. And you are very wrong.

Online isn't some magic place where suddenly normal laws are abolished. These are actual companies running services for actual customers. Snooping is bad however way you look at it.

On that note, our differences are probably c'ultural, some countries actually have privacy laws which are generally followed :)

My ass.

[mstyne]

http://www.cypherpunks.ca/otr/

Have fun, guys!

Put another way...

[mark-t]

How would people feel if their phone company came out with a new terms of service which said that anything which was spoken over a phone on one of their lines becomes the property of the phone company itself and may be reproduced, rebroadcast, that its users forfeit all rights to privacy, etc...?

Re:Put another way...

[DavidD_CA]

That analogy would only work if the phone company were providing free service, while other companies also offered alternative services (free or not).

AIM is not the only choice for IM.

AIM is not something you are paying for or forced to use.

AIM is not an incumbent, monopolistic service.

As someone once said, "Using analogies on Slashdot is like comparing apples and oranges."

Re:Put another way...

[srjames]

You also pay for phone service. You don't pay to use AIM. I think that's a bit of a difference.

Re:Put another way...

[iamlucky13]

Which are all legitimate reasons why AOL can legally do this, but does not change the fact that AOL has given themselves more power than is decent for them to take. They've made it very easy for them to do something unethical (steal conversations passed in good faith by users unaware of the changes) without having to worry about it being illegal.

It doesn't matter much when comparing apples and oranges if one of them happens to be spoiled. Rotten is rotten.

Re:Put another way...

[RhettLivingston]

The phone company doesn't have to do this because they don't have liability issues. The law assures that nobody that they pass the information on to can divulge the information. Imagine AOL's liability if they didn't have this statement and they eventually interfaced AIM to other IM systems and one of those other IM systems broke the agreement. Our stupid court system would pile as much blame on AOL as on the truly responsible party.

Anyway, if we want IM systems to eventually merge, we either need laws to protect the vendors from liability of sharing data or we have to accept statements like this and actually HOPE that they hold up in court. Otherwise, the vendors will not be able to afford the risk.

Re:Put another way...

[xSauronx]

are we assumind the phone company tells you about it...or just changes their TOS without any kind of new agreement from you while you talk away?

Direct mode?

[saur2004]

Dont I remember right that there is a direct mode for AIM?

Am I wrong that that makes all chat go from one client to the other directly? No AIM servers involved?

Jabber

[benow]

Was looking again at jabber earlier today... it's come along way, with a solid, well defined, if perhaps slow moving, process. Many features have been fleshed out, including ssl, tls auth, db backing, multi-network bridging (msn, aol, icq, etc), server-to-server networking, group chat, legacy presentation (ie jabber to irc gateways), etc. Much more solid than other IM networks, and much more open.

Shades of Geoshitties

[the+pickle]

Anyone remember back when Geocities (they might have been part of Yahoo at that point) did something similar to this? Basically, anything you posted from there on out on a Geocities site was freely distributable for any purpose by Geocities.

Did anything *bad* ever happen as a result of it, other than a lot of people got scared away from GC as a host (which is probably a good thing, since it sucks for a multitude of other reasons)? I don't recall seeing any high-profile messes as a result.

I suspect this will be the same way -- the people who know what it means will take care to avoid letting it affect them, and the people who don't know what it means very likely won't have anything worth redistributing anyway.

p

Re:Shades of Geoshitties

[EdMcMan]

The users raised such a ruckus that Yahoo reversed the decision.

illegal in my country

[imr]

and probably elsewhere.

Re:illegal in my country

[Xepherys2]

Untrue...

Companies that provide services over the internet must obey the laws of each country which their services may be used in. If a country has laws disallowing this, AOL may find itself (if pushed) in a situation of having to make many localized copies of AIM.

Re:illegal in my country

[MikeBabcock]

They don't need to make localized copies of the product, they just need to not use/monitor the content of those users.

Fawk dis sheet

[dauthur]

Oh this is great. So some AOL wank can use the pictures of my nude ex-gf that I'm sending to a pal for whatever he wants? I think I'll stick to the string and can, thank you.

Two words

[Tau+Zero]

Data mining.

(Don't mod me up, save that for Deep Fried Geekboy.)

Suggestion

[Mr.Progressive]

Here's a suggestion. Just post the interesting part of the TOS (and a link to it) as your away message. Everyone will read it.

Seconded!

[Draconix]

Link to Jabber.org just in case folks need it.

This news bugs me, as an AIM user. I've been using Jabber since I found it about a year ago, and I've loved it, I just haven't loved the fact that so few of my friends use it. Considering this, though, I forsee a potential mass-migration to Jabber. It would be the sensible thing to do, though from my experience, it probably won't be what people do. :/

Do people actually use AIM?

[HillBilly]

I have AIM, I use it through Trillian and I think I have two people on that contact list, and those people are on my MSN or Yahoo list anyway.

Infact most people I talk to use Yahoo or MSN and to a lesser extent ICQ. AIM is dead to me.

Re:this shouldn't be new

[mistermicro]

yeah, but all hotmail would get from snooping in users emails are "penis enlargement" advertisement e-mails, i'd hate to see a public performance of those..

Insightful?

[EvanED]

I get insightful for that?

I didn't mean that to get insightful, I was going for funny... at least one person got it right ;-)

AOBlackMAIL

Customer: Yes, hello i would like to cancel my account.

Representative: Sure that will be fine. what's you account screenname?

Customer: DumbGuy05

Representative: There seems to be a problem with that account.

Customer: Oh really ,like what?

Representative: We have been monitoring your instant messages and discovered you are evading taxes, having sex with a minor, smoking pot, and constantly visit something called tubgirl. Please continue being a paying customer or we will have to report you.

Customer: Oh thank you AOL is the best!

... privacy

[}InFuZeD{]

If everyone is so worried about privacy...

Just use AIM's Direct Connect feature. I'm pretty sure when you're directly connected with someone, the things you send don't go through AIM's servers...

Any iChat compatible alternatives to AIM?

[mh101]

I use iChat on my Mac, and I got my friend to use AIM because it's compatible with iChat.

Are there any other compatible alternatives that my friend could use instead? Short of him buying a Mac, of course, although he would if he had the money... :)

Re:Any iChat compatible alternatives to AIM?

[Justin205]

Well, if you wait a few months, I believe Tiger's iChat will support Jabber.

http://www.apple.com/ca/macosx/tiger/ichat.html

Scroll down to the parts about "Your Serve" and "IM Me". While in the first paragraph I indicated, it doesn't mention Jabber by name, it is mentioned by name in the second.

Re:Pff...

[ZephyrXero]

Like this? http://www.google.com/search?hl=en&q=cure+for+canc er+and+aids&btnG=Google+Search

Didn't work for me.

[Grendel+Drago]

I tried to use gaim-encryption with gaim on Windows at work. (We use AIM at work. Seriously.) It didn't seem to interoperate with anyone's vanilla AIM client with encryption. That is, no one was getting my IMs. I didn't have time to fuck with it, so I turned it off and just used unencrypted transport.

You say it works for you, then?

--grendel drago

Re:Didn't work for me.

[GimmeFuel]

(We use AIM at work. Seriously.)

Show the new license agreement to your boss. He'll probably drop AIM because having AOL Time Warner own every potential business/product idea any employee every talks about on IM is a Bad Thing.

On the other hand, he could also implement some crazy crack-smoker policy like 'no sensitive data over IM,' which will inevitably lead to conversations like this:

Alice: blah blah blah
Bob: blah blah blah
Alice: hold on, I've got a good idea. I'm calling you.

Of course, once no important information is sent over IM, there will cease to be a point for allowing employees to use IM, so it will be banned. Naturally, that won't stop the employees from using it, except now that the consequences for sharing sensitive data are the same as sharing non-sensitive data, they'll IM about whatever they want.

Re:Didn't work for me.

[AndyMan1]

I can see it now:

BobTheAccountant89: Hey Sue, I just figured out a way to cut costs by 50% while boosting quality and productivity by 120%!!
SexySueTheCEO: and then he took off my bra and we were so hot
SexySueTheCEO: wrong IM window LOL
BobTheAccountant89: ROFL
SexySueTheCEO: shh.. ;)
BobTheAccountant89: bashed.
SexySueTheCEO: omg no!
BobTheAccountant89: j/k
SexySueTheCEO: lol
BobTheAccountant89: lol
SexySueTheCEO: so how do we do it?
BobTheAccountant89: well when a man loves a woman very very much...
SexySueTheCEO: OMG i mean you're idea
BobTheAccountant89: well first we blah blah blah and then we blah blah blah and then we blah blah.
SexySueTheCEO: wow that's great
***AOLSystemMSG: Your IM session has just been lost. The idea from "BobTheAccountant89" is now soley the intellectual property of AOL Time Warner Inc. per your agreement in the ToS. Thank you for using AOL. Be sure to tell your friends.

Re:Didn't work for me.

[Deal-a-Neil]

That's how we've been for years where we work. We used to use ICQ, and before we implemented TSM (an encryption plug-in [paid] for ICQ), we did JUST that. And if, for some reason, one of us was on an unencrypted client, it would be exactly like that.. "Calling you @ office) (as if that's any more secure these days.. hehehe)

But, indeed, with GAIM, we're VERY pleased because even if AOL shuts down "non-AIM AIM clients" (like GAIM), we all have redundant accounts logged into GAIM including ICQ, Yahoo IM, and MSN. And GAIM-encryption will send encrypted messages regardless of which network you're logged in to, just as long as the person on the other end has GAIM-encryption installed. It's really fantastic.

Re:Didn't work for me.

[mwilliamson]

Yeah, it worked fine on my XP SP2 laptop. We use AIM (and msn/yahoo/jabber/irc/groupwise chat) at work too ;-)

I really think work-related chat should be either all encrypted or used only on company-run servers, but I digress...

Re:Didn't work for me.

[John.Thompson]

You need to use gaim/gaim-encryption at both ends; you can't expect the standard AIM client to magically know how to decrypt it.

But if you are send info you really care to protect, you should use jabber instead on a server you trust. Jabber will transparently use TLS to encrypt traffic, and running on your trusted server it becomes much more difficult to intercept in the first place.

Guess they want to be bought by IBM...

[Justice8096]

When I worked for IBM, we used AIM all of the time to coordinate information between teams. Of course, IBM can always use something else - but it just might be cheaper to give up and buy the IP or AIM, and the network division. :-)

wondered if anyone remembered

[alizard]

People bugged out by the hundreds of thousands, and the offending policy was changed within days.

Could be worse, could be Gaim on a MAC

[kurt555gs]

Some one here on slashdot aptly said, GTK on OS X is like putting Janet Reno in Playboy.

Re:Could be worse, could be Gaim on a MAC

[Eravnrekaree]

Beauty is highly subjective and in the eye of the beholder. Every person has different tastes, your tastes and what you think might be pretty is probably quite different from what others might think is pretty. I like the look and feel of Gaim and dislike intensely the "shiny aqua" look of many user interfaces. Clearly, the user should be able to define the exact themes of their user interface, not the programmer. Does GTK a have a theme system with a GUI configuration tool that allows every aspect of the user interface to be configured by the user and allow the user to create new themes?

Re:Could be worse, could be Gaim on a MAC

[Rysc]

Want GAIM on a Mac? Get Adium. GAIM libs + navite UI. Everybody I know who uses a Mac uses Adium, not GAIM or Fire or iChat.

Re:Could be worse, could be Gaim on a MAC

[Eravnrekaree]

I dont use Macs. I dislike the default look and feel of the mac UI intensely, although I do not know whether it could be completely customised and changed to my liking. I dont mind people having the Mac or Aqua look, but why not let people choose and create their own themes using feature rich GUI tools, so people can have what they want.

Netscape Network TOS

[SFalcon]

"AIM users who do not register for AIM services or download AIM updates or software on or after February 5, 2004 and are members of the Netscape Network will remain bound by Netscape's terms and conditions."

Netscape Network TOS

how can i use AIM and not be watched?

[mrterrysilver]

is there any way to use aim and not have big brother watching? i have too many buddies that use aim and i know i could never convert them all to a different im service like jabber.

can i somehow encrypt aim messages even if the other users aren't using encryption? what about third party services?

thanks for any advice

Re:how can i use AIM and not be watched?

[Voline]

Coincidentally (?) the beta for PGP 9.0 was released today. The Mac version includes the ability to encrypt IM through iChat and AIM.

Good!

[StarManta.Mini]

Most people seem to be against this, but I, for one, welcome our lack-of-copyright-on-words enforcing overlords.

What I like about this is that there is no longer any doubt of whether or not you should encrypt anything sensitive - the answer is not "Maybe" but a resounding "Yes!"

If we're really lucky, it will also cause a unification of encryption standards across third-party (possibly even first-party) AIM clients.

Wow!

[pavera]

So, no more using AIM for intra/inter office communication...

thought you had a trade secret, oops sorry AOL owns your ass!

thought you had the next big thing, whoops you told your buddy on AIM, now AOL just released it... I've never heard of a worse policy to scare people away from a platform.

Why yes I have the EIS

[rs79]

>emt 377

sob r3,1$

Re:Why yes I have the EIS

[Duhavid]

Yeah? Where is 1$?

Does pay-pal have it?

So the obvious response is:

[Trogre]

So long, AOL, we barely knew you.

Why is this a problem?

Let the tin foil hats come out

[Emperor+Cezar]

The immediate response is, "Oh no! They're going take all my AIMs. They're destroying the world!"

The truth is that there are some managers who were told by their lawyers that this should be put in "just in case of suit x,y,z". Terms of service are protective measures in the MAJORITY of software.

Most likely this is for a situation in which AOL comes up with a good idea and someone sues saying, "Hey, I came up with that idea a year ago and talked about it over AIM. You stole it!" Many people have ideas, it is only original if you do something with it. Just covering their asses.

The automatic response is that there is some evil plot to take your AIMs or something like that, but it is just business and covering their asses just like any other big business with tons of money that some lawyer thinks he can get his hands on because of a hole in the Terms of Service.

DRM troubles?

[Oyume]

Hmm. I wonder what would happen if I use AIM for sharing a couple copyrighted eBooks? Does this mean they now own the rights to those as well?

Terms of Service of My Car

If I give you a ride you agree to blow me. If you are a male and I decline the bj I can assign you to blow some guy I owe money to. If you are female, whether or not you blow me at the time, I can call you up at any hour of the day or night and demand a blow job. You are my bitch in perpetuity. You waive your right to be treated like a human being.

Thanks for the inspiration AOL!

Who cares????

[MikeWin10]

AIM is not worth the sweat on my ball sack...Why are we talking about AOL???????????? Anyone who knows anything about techology knows AOL is for the non REAL computer user. I for one will not talk to anyone on AIM, only MSN, and Yahoo..........I don't know anyone who uses AIM...

Why is no one mentioning that:

[nikkie]

The reason they are probably doing this is because of the new policy about third party clients? Although I agree that this is a highly shady new policy, it seems striking that it would come so shortly after the announcement of "support" for third party clients. Sounds like they are trying to keep themselves from getting screwed over by them by someone *else* doing all these evil things they've said they're not responsible for.

Dumb or not, companies use it!

[Spoukie]

Many financial and energy trading companies do use AIM as a primary means of communication between traders. This is an unfortunate but undeniable fact. I wonder what impact, if any, this may have on potential reuse/sale/dissemination of information AOL might gather this way.

Re:A bit harsh...

[symbolic]

I thought this new policy was part of AOL's new business strategy..."piss 'em off, bring 'em on."

I'm not marketing genius, but I'm not too sure this will work. But I guess in a world where differentiation is the key, it's certainly a bold attempt.

Re:Speaking of "their network"...

[symbolic]

It almost sounds like it might be time to "p2p-ize" a chat client. A combination of torrent/AIM-like functionality that relies on all of its users to provide the service to each other. That might make AOL very happy, but their paying customers are still stuck with an outrageously invasive policy. Oh, the irony.

What about iChat AV?

[Vandil+X]

I wonder how this affects the use of iChat AV on Mac OS X.

Since many of my contacts use AIM on Windows, I log onto iChat with my AIM screen name instead of my .Mac account.

Does AIM's new EULA for the service violate any special agreement they have with that service's use through Apple's IM client?

Yea, Microsoft tried the same thing and changed

[Ryunosuke]

if i'm not mistaken, Microsoft did this EXACT same thing with Messenger, and then was forced to back down from it. Now if someone(or something) can force billy down, I don't see how a 3rd world isp like aol can actually let this ride out. Any bets on seeing a new ToS in a few weeks? Although to be honest, I've not met anyone using aim in 3 or 4 years, does anyone actually use it? (trillian plz, k tnx)

Re:gaim off-the-record (encryption with deniabilit

[jericho4.0]

"In an information economy, if you have nothing to hide, you have nothing at all"

Actually, this license is very similiar to MS

[WindBourne]

There have been numerous stories here about MS's license on various products. In the end, most of them simply say that the system belongs to MS. That includes not only the software, but anything that is done on the system. i.e. all your base belong to us. AOL just simply moved to a more MS style license because not enough ppl punished MS for their garbage.

Posts - not IM

[cgenman]

You encrypt your posts? How will people read them?

I hate to sound like an AOL sympathizer, but the TOS specifically refers to "posts." Besides IM, AIM also provides message board services (or so I'm told by people who don't use Trillian, Gaim, or Psi).

Does "posts" refer to regular IM usage? AOL implies not, referring to "message board posts, chat participation, and homepages."

My reading of this is that AOL retains usage rights to everything you post on their static forums... forums which basically anyone can access. While I would feel better if this were not the case, that is a good bit better than AOL reading the I.M.'s you send to your co-workers.

It sounds like CYA to me. As if AOL were giving themselves the right to decide to add access to the chat forums online or through AOL's proprietary service. It's the kind of CYA that inspired them to prohibit people from using AIM "while driving, operating hazardous equipment, or engaging in other forms of hazardous activities."

On the other hand, go ahead and tell everyone on AIM about the TOS, without explaining that it's only posts. Then try to switch everyone over to Jabber. Please. The whole I.M. universe right now is about as convienient as sending E-mails from CompuServe to AOL in 1992.

Re:Posts - not IM

Are you sure the provisions in the TOS don't cover AIM? Unless you have had a lawyer go over the TOS and verify that you would be best to assume the provisions apply to AIM as well.

Re:Posts - not IM

[BorgCopyeditor]

Does "posts" refer to regular IM usage? AOL implies not, referring to "message board posts, chat participation, and homepages."

How about that "chat participation" part? Sounds like regular IM usage to me. But you're right. It's probably all about CYA.

Re:Posts - not IM

[MP3Chuck]

Yes, posts refers to regular IM usage... from the TOS:

" AIM Products
For purposes of these Terms of Service, the term "AIM Products" shall mean AIM software (whether preinstalled, on a medium or offered by download), AIM services, AIM websites (including, without limitation, AIM.COM and AIMTODAY.COM) and all other software, features, tools, web sites and services provided by or through AIM from America Online, Inc. and its business divisions (e.g., Netscape) (collectively "AOL") and AOL's third-party vendors."

Pretty creepy, if you ask me. It would also seem that 3rd party client users aren't exempt from this since they're still using "AIM services."

Re:Posts - not IM

[cgenman]

Right. But if you're a business who is in a position to need that kind of secrecy, you shouldn't be sending I.M.'s in plaintext over an unsecure network protocol to 3rd party remote servers from a company notorious for getting owned and man-on-the-inside jobs. In other words, I don't see how this changes the equation.

If you are even thinking of paying a lawyer to see if it is true, give the six hundred bucks to your network administrator to setup a local Jabber server, and keep all I.M.'s encrypted and on your network. If you're in a posistion to worry about such things, there are much bigger things to worry about already.

Re:Posts - not IM

[Spetiam]

On the other hand, go ahead and tell everyone on AIM about the TOS

I know what we should do, we should start one of those chain IMs! "<strikethrough>AOL will delete your account unless you forward this to 10 people!</strikethrough> AOL owns your IMs! Forward this to everyone on your buddy list!"

conflicts with common carrier status

[tekrat]

Isn't AOL considered a "Common Carrier" and therefore immune from prosecution because they claimed that they do not, will not and cannot monitor the content going through their "wires". This was back in the days when ISPs were getting shut down if they allowed child porn through their servers or something like that -- and the bill came through that said that ISPs were responsible for the content of their users, unless they were Common Carriers such as AT&T and AOL (and any other big company that could afford to buy a Senator).

Now here comes along AOL saying that they WILL monitor and so, I have to ask, if we send child porn through IM, doesn't this mean that if AOL lets it go through, AOL can be taken down for allowing trafficing of child porn because they have given up their common carrier status?

Avoiding eavesdropping?

[loonicks]

I don't see why they exclude people that haven't downloaded AIM updates after a certain date. Does that mean I can get an old client and be excluded?

Re:Avoiding eavesdropping?

[Spoukie]

I would have to check for sure, but wouldn't a client prior to a certain date simply not work? We have all had to update our IM clients from time to time after the service providers "updated" their protocals and such.

Among the things I should stop doing:

[likewowandstuff]

This probably means I should stop sharing my cure for cancer through AIM, since AOL could win the copyright claim in court through the simple size of its bankroll :)

Unfair business practice

[loonicks]

This is unfair and unethical business practice. It should be illegal. Send your comments to AOL at this page.

Re:Speaking of "their network"...

[Unknown+Lamer]

Jabber!

I've been using it for over a year now.

Hi we're AOL.

[dspisak]

We're eeeeeeevil.

But we are incompetent, so we want the rights to everything said by the mass hordes of 12 year old teenageers along with all the grown men pretending to be 12 year olds, oh and all the law enforcement officers pretending to be 12 year olds also.

You see, here at AOL we have this great plan for generating new compelling content for our subscribers. How does it work you might ask? Well, have you ever heard the story about how an infinite number of monkeys could produce the works of Shakespear given an infinte amount of time? Apply that to our stable of 12 year olds IMing and *BAM*, pure gold baby!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

others

[thenameisbam]

what about programs like trillian, would the tos still apply? and what if you havent agreed to the new ones, only the old ones, will it still apply. and doesnt that kinda mess with "right" to privacy or something. *shrug*

Wrong. This is not like gmail

[iamlucky13]

Your Intellectual Property Rights. Google does not claim any ownership in any of the content, including any text, data, information, images, photographs, music, sound, video, or other material, that you upload, transmit or store in your Gmail account. We will not use any of your content for any purpose except to provide you with the Service.

That comes from the gmail terms of use. What you say in gmail belongs to you. Sure they can parse it and toss in their adds on the side and have to release it under subpoena (next paragraph in the ToS), but they can't publish it or anything like that. It is not, as many people incorrectly interpret, simply a matter of Google promising they won't use your emails illicitly. They have legally bound themselves not too.

I'm sure AOL isn't really interested in what 12 year olds gossip about or finding criminals, but these new terms still place your words in the possession of AOL Time Warner. Focus on this part:

You waive any right to privacy. You waive any right to inspect or approve uses of the Content or to be compensated for any such uses.

AOL can make money off of what you say or do while using their client and they can cut you off. I know engineers who use AOL to assist with telecommuting. If they did something dumb like mention that "the new ShinyDooDad 2000 is going to replace all of its cams with widgets, fixing all the problems of the 1000," we might see AOL suddenly start a ShinyDooDad subsidiary.

Bottom line: If Google sold an email, they'd get a nifty fine, probably a handsome lawsuit, and a rather sharp slap on the wrist. If AOL sold an instant message, they'd just have to declare the profit on their 1040 or whatever corporations use for taxes

jabber.org

[root-a-begger]

Looks like AOL wants to promote jabber. There are plenty of good jabber clients available and the servers are in good shape as well...time to move on past AIM, ICQ, MSN, the whole lot.

Great!

[Eminence]

At least they are honest about it, unlike some other services like, say, short messages on cellphones which give you an illusion of privacy. Face it - we are in an era when to have any privacy you have to actively protect it and sometimes it might be even illegal (example - encryption in France).

music producers, watch out!

I know a lot producers who use AIM. Here in the UK, where 98% of the Durm'n'Bass leave, people send each other tunes they are working on on AIM. That inculdes all the next big releases that will be cut to vinyl and end up in the big clubs in London. I guess we will have to find an alternative... /me goes warning all my Buddies...

MSN messenger has similar TOS

[__aailob1448]

I remember reading them and it said just that. They can read your conversations and use them in any way they see fit...Mind boggling really.

Re:MSN messenger has similar TOS

[payamchee]

No, MSN messenger's TOS is not evil like AOL's new TOS.

The .NET Messenger Terms basically say that your use of the service and the content of your communications is considered private. However, if Microsoft needs to comply with the law, protect itself, protect its employees, protect its customers, or protect the public, then it may monitor and/or disclose information about communications you have using the service.

See section 5 on this page: http://messenger.msn.com/Help/Terms.aspx?mkt=en-us

Re:Speaking of "their network"...

[symbolic]

Thanks for the tip :)

Get over it

[Enfors]

Say after me: We do not have the right of complete privacy on the Internet, because when we are on the net we use other people's resources, without paying for it. Ok? By "other people's resources" I mean routers and the like. Sure, you may be paying your ISP for Internet access, but you're not paying for use of the equipment outside of your ISP's network. And since we're not paying for the use of this equipment, we have no right to make any sorts of demands, such as complete privacy.

Sure, it would be nice to have complete privacy, I agree, but we cannot demand it. These are the terms we have to accept to use Internet. If we don't accept them, then we don't have to use it.

Btw, I realise this post won't make me popular. If you disagree, reply instead of modding me down.

Re:Get over it

[I_redwolf]

You are making absolutely no sense. The right to privacy doesn't only extend to your silly property succinct. Should I have the right to your medical records because i'm an employee at the hospital? Should I have the right to your credit record because I work for the waste removal company on behalf of the credit bureau?

Privacy isn't somehow bound by property only. It's based on the fact that somethings are private. IE: Between one person and another.

Your post isn't what will make you unpopular it's the fact that like most people nowadays you are willing to give up your rights to privacy based on such silly notions. Believing in all actuality that you are somehow taking the dry reasonable ground. When infact you are enslaving yourself and smiling at the same time.

All people like me can do is scratch our heads in amazement.

Re:Get over it

[Enfors]

Hospitals are an entirely different matter. I'm talking about routers.

My router is connected to the Internet. If I'm going to let your data pass through MY router, you can rest assured it's going to be on MY terms, or not at all. And if my data is going to pass through YOUR router, it is going to be on YOUR terms.

Re:Get over it

[I_redwolf]

No, it's not an entirely different matter. You're data is being routed through the hospital. It belongs and is in filing cabinets and areas that do not belong to you. You don't give up your privacy to your data though.

Just because you let others data pass through on your router (which I'd suspect would have to be at a major backbone somewhere for the sake of your example) doesn't mean you have the right to inspect that data. If you don't like that, shutdown your router. ISP's don't have the right, and unless you have a bonafied warrant neither do you.

As I will make it a point to keep my private data; private. By either encrypting those packets being sent over your router or by taking the appropriate steps to ensure my privacy.

This is my right granted to me as a citizen of the US. Maybe you live in a different country, in which case your view point would be understandable. If you're a US citizen; you're embarassing.

Re:Get over it

[Stumbles]

Your router = the piece of road in front of your house you pay taxes on. My car drives by your router. You do not have the right to invade my privacy. Nor stop my car, rifle through it for any information and use it as you see fit.

Re:Get over it

[pclminion]

Thanks for enlightening me. I had never realized that rights must be purchased.

Hey, it's time for me to mail in my check to extend my right to freedom of speech...

Re:Get over it

[Enfors]

Uhmm, no. I don't personally own the road in front of my house. It is owned by all taxpayers. I do, however, personally own my router.

Amazingly calm response

[joeykiller]

Guys, I'm amazed at how calmly you're discussing this issue! Most of you're discussing workarounds -- e.g. how to use gpg or secure-im to avoid being eavesdropped on.

In my opinion the real issue is that the statement "You waive any right to privacy" may be the most evil statement in any EULA ever. Shouldn't these six words alone cause an outrage beyond belief here?

Re:Amazingly calm response

[dogod]

"You waive any right to privacy" is the polar opposite of google's "Do no evil"

Re:Amazingly calm response

[gentoo1337]

"AOHELL" speaks for itself. Nothing to see here, move along. :)

Re:Amazingly calm response

[LurkerXXX]

No. You want to send traffic thourgh their server. They tell you flat out if you do use that service (FOR FREE) that they can do whatever they like with that traffic.

If you dont like it, don't use it. What's the problem here? Set up a Jabber server if you want. You don't *need* their IM service. If you choose to use it, you go by their terms. If you don't like the terms, don't use it. It's not like there are no other choices for IM in the world.

Re:Amazingly calm response

[martysdomain]

2 words: use IRC

Re:Amazingly calm response

[Arcanix]

Well, at least they're up front about it, you gotta give them that.

Insider trading / spying on competitors / etc.

A bunch of our sales people use IM.

I hope we don't compete with any of the companies providing that service!!!

As usual the solution is simple.

[TractorBarry]

If the terms & conditions for something are onerous the solution is really, really simple. Just don't use it.

So if you're an AIM user you should stop using it a.s.a.p. and make sure the last thing you do is explain to your AIM buddies why they shouldn't use it either. Then cancel your AOL account and explain why.

If even about 10% of the user base did this then pretty soon afterwards the onerous terms and conditions would dissapear - along with the assclown who decided to add them to the service.

Oh but I forget. People really are sheep and will do exactly what they're told by "bigger boys". And let's face it the average AOL user isn't the brightest spark anyway (otherwise they'd be using a decent ISP !)

So I guess it's business as usual... Small guy gets shafted by "Mega Corp" (tm) but still carries on using "Mega Crack" (tm) 'cause "it's just so good".

Idiots one and all.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Use Skype!

[Davo888]

I wonder how long it will be before people realize that Skype is also a disruptive IM client. Its P2P architecture and rapidly growing distribution will threaten incumbents like AOL, especially when they adopt terms of service like this.

Libel?

[payndz]

So, if you sent a libellous comment via AIM, would that make AOL liable for it?

Privacy Policy: AOL does NOT read IMs

[jayloden]

"AOL does not read your private online communications when you use any of the communication tools offered as AIM Products. If, however, you use these tools to disclose information about yourself publicly (for example, in chat rooms or online message boards made available by AIM), other online users may obtain access to any information you provide.

Your AIM information, including the contents of your online communications, may be accessed and disclosed in response to legal process (for example, a court order, search warrant or subpoena), or in other circumstances in which AOL has a good faith belief that AIM or AOL are being used for unlawful purposes. AOL may also access or disclose your AIM information when necessary to protect the rights or property of AIM or AOL, or in special cases such as a threat to your safety or that of others."

The content referred to in the Privacy Policy is for posts in AIM forums and message boards and such, and the point of all that crap in the TOS is so that AOL has the legal right to copy and display anything you put in the forum worldwide, for as long as the forum/website exists, and you can't in any way sue them over something you post in the forum. It's NOT saying "we will read your IMs and reproduce and use them however we want". Please mod this up so at least some people read it and stop freaking out and spreading FUD unneccessarily.

-Jay

Re:Privacy Policy: AOL does NOT read IMs

[MariaK]

If you "waive any right to privacy" in the TOS, then by definition you don't have any "private online communications" to protect. That's mincing terms pretty fine, but with a TOS like that I'm inclined to look pretty hard at their "privacy policy."

Oh well

[Phantasmo]

/me disables AIM in Adium
Sadly most people I IM with a) have no interest in online privacy (the old "I've nothing to hide!") and b) use the evil MSN Messenger anyway.
I love Jabber, but until it catches up, I'm recommending Skype as the IM platform for the home user. Everything is encrypted and just works, and the official (but unfortunately only) client is available on three platforms.

No More AIM For Me

[PepeGSay]

Oh well.

Millions of teenagers don't care

[gelfling]

or notice or hear you telling them this.

Re:Skype IM ?

[noogzer]

Searched Knowledgebase for: encryption

What type of encryption is used? Skype uses AES (Advanced Encryption Standard), also known as Rijndael, which is used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively enc

Is Skype secure? Yes. When you call another Skype user your call is encrypted with strong encryption algorithms ensuring you privacy. In some cases your Skype communication may be routed via other users in the peer-to-peer network. Skype encryption protects you from poten

Are my File Transfers Secure? Yes. Files Transfers use the same encryption methods as Calls.

Are my Chats secure? Yes. Chats use the same encryption methods as Calls.

Obligatory "1984" AOL-as-BB reference...

[phillymjs]

6079SmithW: Do you remember the thrush that sang to us, that first day, at the edge of the wood?
AntiSexJulia: He wasn't singing to us. He was singing to please himself. Not even that. He was just singing.
6079SmithW: We are the dead.
AntiSexJulia: LOL! We are the dead.
AOL System Msg: You are the dead.

~Philly

i'm sorry but...

[m2bord]

you give up any right to privacy by using any communications device. that's the purpose of these things...to communicate in a public arena. while the individual may have some notion of privacy because there is a one to one or one to many conversation going on, the truth is that you are using proprietary software to do this. the maker of the software can, by law, impose any restriction they wish for its use. i'm not saying it's right...that's just how it is. if an individual wishes secure private communications, they are more than welcome to build their own tool or use encryption.

iChat?

[a_greer2005]

What about Apple iChat, does this apply to those users as well, particularly the users of (dot) mac accounts: they are paying for that name, they are not useing aim...

Re:Censored or Mindfucked? What's better?

[drooling-dog]

So essentially, I think, this is a non-issue.

Of course, the same could be said for every right you possess. If you never piss off anyone with power in the government (or any friend, relative, or associate of same), you'll have nothing to worry about. Same here: If you never own any IP, or if you do and neither you nor anyone you communicate with ever makes the slightest mistake handling it (like not reading & understanding the EULA of every medium you communicate through), then it probably won't be legally stolen from you. Sounds like good odds to me...

Email?

[sugapablo]

Is this ONLY for AIM? Or have they/would they/will they include email into this TOS?

I mean, if I email my grandparents pictures of my kid, could AOL claim exclusive ownership and use of the picture and use if for promotional campaigns?

Why are we still using AIM?

[Arcturax]

As of today I no longer am. Even if they change the TOS. Why haven't we switched to an open standard long long ago that AOL can't control or corrupt?

This is one of the last big frontiers for Open Source, a place where I've seen Open Source make little headway. We need a protocol that's open, free and can do the nifty things like file transfer, voice and video chat, and and uses built in encryption. Encrypting over AOL doesn't make cut it anymore. We need to cut them out of the equation altogether.

Re:Why are we still using AIM?

[Roguelazer]

And we shall call it... Jabber!

Re:Why are we still using AIM?

[sugapablo]

You know, I have a jabber account. But not one other person I converse with uses it. :(

Re:Why are we still using AIM?

[jcuervo]

Or irc, or silc.

Was I the only one who was sitting on efnet, wondering wtf everyone was doing on AIM?

Re:Why are we still using AIM?

[J3Holaday]

I hate aim! It sucks, but the problem is that all the dialup morons of the world just don't get it. All of my friends that have aol can't even go anywhere to download anything else because of aol's parental controls. They can't even go to google!

Way around it?

[Transcendent]

Use direct connect in AIM... it doesn't go through their servers (unless they change that in the newest release).

You can even be "signed off" in AIM, but if you still have that IM window up with the direct connection, you can talk away with the person you're connected with. Hell, combine that with an encyrpted VPN, and I think you're golden.

You're paranoid, but still golden.

Re:Speaking of "their network"...

[STrinity]

Jabber's not P2P; you have to rely upon servers that other people provide -- and in my experience, those aren't terribly reliable.

Tell someone about it

[Temujin_12]

I think any one reading this post that disagrees with that privacy policy should goto: https://www.truste.org/consumers/watchdog_complain t.php and express your feelings. It doesn't do any good just complaining on a Slashdot post without then complaining to those who actually have some weight in the privacy market.

Re:Tell someone about it

[Temujin_12]

Or try https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_C ODE=PU01

Is this New?

[nurb432]

I thought it was always this way, for any 'service'..

By default Ive always assumed no privacy, unless i encrypt.

AOL contact email on page is FALSE

[bach37]

I just sent an email to the address at the bottom of this page.
And it came back with this:

----- The following addresses had permanent fatal errors -----
aimprvcypolicy@aol.com

----- Transcript of session follows -----
... while talking to air-yd01.mail.aol.com.:
RCPT To:aimprvcypolicy@aol.com
550 MAILBOX NOT FOUND
550 aimprvcypolicy@aol.com... User unknown

As a rule of thumb...

[thed00d]

I don't trust anything that I send out to, or receive from, the Internet. This includes any chat programs, email, web content, etc... It's a basic security principal. If it isn't encrypted and signed by a trusted source, than it's not trusted material. If it is encrypted, then it's only a matter of time before the encryption key becomes known. You increase this risk every time you send an encrypted message/packet. So, AOL coming out and telling you that have no expectation of anonymity is something that everyone in the security field has been saying for years.

Then again, I don't trust anyone, and it's not paranoia if "they" really are out to get you....

This just in:

[theraccoon]

OMG LOL TM & © AOL Time Warner. All right reserved.

An opportunity to play devil's advocate

[smchris]

you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy.'"

Where does it say they assert _sole_ownership_ of your content? Aren't they, in effect, pressing you to GPL of your content?

How progressive of AOL.

get a grip...

[drew]

so, out of some 200 comments rated 2 or higher as i write this (not counting one comment i made in the bottom of some thread somewhere) it seems that almost everyone here has missed the point....

a) only 2 people have mentioned that these terms of service are over a year old.

b) only 2 people have pointed out that these terms of service apply to posts on message boards and forums, which they reserve the right to replicate, duplicate, etc, and not to instant messages.

c) no one has pointed out that the vast majority of the messages sent through aim are sent client to client, and never travel through aol's central server, so even if they did reserve the right to use your im's any way they saw fit, and they had the desire to, there's no way that they ever could.

man, talk about making a mountain out of a molehill. one person yells "0 my g0d. teh AOL r stealing our pr1v4cy!1!!" and the whole army of slashdotters goes running for their tinfoil hats. get a grip people.

Re:get a grip...

[Script_God]

If most messages are sent client to client, then how does it work if both parties are behind (different) firewalls? That obviously has to use the server, and last I checked, you have to *manually enable* client to client messaging. Also, I think that's a fairly recent feature to the client.

Re:get a grip...

[nikkie]

b) only 2 people have pointed out that these terms of service apply to posts on message boards and forums, which they reserve the right to replicate, duplicate, etc, and not to instant messages.
--> False. The implied intent may be for them to protect themselves from being sued by people for posting content on forums, but the wording is clearly that this applies to instant messages. The wording is "AIM product", not "forums".

c) no one has pointed out that the vast majority of the messages sent through aim are sent client to client, and never travel through aol's central server, so even if they did reserve the right to use your im's any way they saw fit, and they had the desire to, there's no way that they ever could.
--> False.
This has been mentioned, and been marked false. Unless you are using DirectIM, which most people don't, your messages *are* travelling through the central server.

Somebody mod this guy down for being wrong, as well as redundant.

Even if these things *weren't* true, this "tinhatting" is necessary. It's time for people to start using encryption. Have people forgotten that AIM convs are plain text?

Re:get a grip...

[drew]

The wording is "AIM product", not "forums".

You missed a spot. the full wording is "by posting Content on an AIM Product"

Unless you are using DirectIM, which most people don't

It's been a long, long, long time since i've used an official aim client, but last i did, this was the default, whenever possible. obviously it's not always possible, as with firewalls, as another poster pointed out (which is why i said the majority of message, rather than all). maybe things have changed since then....

Even if these things *weren't* true, this "tinhatting" is necessary. It's time for people to start using encryption. Have people forgotten that AIM convs are plain text?

of course, it would be great if more people would start using encryption for online communications. i'd love it. of course, almost all email and the majority of web traffic is unencrypted as well, and i don't seem to see anyone getting all worked up about that. i don't think the tinfoil hat routine is going to help you convince a lot of people to start using encryption. most people who take the time to listen will just write you off as a nut, especially after they read the part of the terms of service that everyone is up in arms about.

What about ICQ?

[GweeDo]

Does this change affect ICQ as well, or only AIM?

Re:Encrypt it -problems

[saskboy]

http://www.johnytech.com/home.asp
The problem with this kind of software is that it can't be tested, without a mole working in the company who's product is being modified. When you type a message in AIM, for all you know it records the characters in a buffer separate from the one that gets encrypted and sent to your friend. The unecrypted one would naturally go straight to AOL for datamining.

http://www.silcnet.org/software/download/client/
At least with an open sorce solution, there's less chance of other people spying on you, but then there's no chance your friends are using it unless you've told them about it.
I wouldn't download Silcnet though, because their website sucks, they don't even have an FAQ I could spot to see what the program is or how it does it better than others.

dictionary look-ups?

[Dog135]

Dictionary look-ups on AIMers? You're kidding, right? Normal AIM messages look like a base64 encoded file anyways.

Re:dictionary look-ups?

[geminidomino]

wtf r u tlkn abt? stfu, stupd n00b.

(ts a jk. laf)

Ummm...

[boola-boola]

You waive any right to privacy.

If you thought you even had any privacy to begin with, you're a loony. You know nothing's changed... AOL is merely covering its ass.

Use the Gaim-encryption plugin for "secure" conversations. If you want to converse "securely" with non-Gaim users, stick with email+GnuPG

Re:Ummm...

[PigleT]

Your quotes around `"secure"' are, of course, well justified: gaim's encryption, being in-band, means an intercepter can still ascertain to whom you were talking, and when. Two alternative systems where not even this data is sniffable, include Skype (of all things) and Silc.

Comment removed

[account_deleted]

Comment removed based on user account deletion

aim is sedating?

[xate]

" You may not use AIM while driving, operating hazardous equipment, or engaging in other forms of hazardous activities."

Re:I sure as heck would LIKE 4-bit icons...

[Zorilla]

Boy, if you don't like the way XP icons look, you're gonna really hate the way Linux icons look now.

The Fisher-Price syndrome of the windows can be overcome. It's mostly the fault of the Luna theme that XP locks you into. Do a Google search for a modified uxtheme.dll and instructions on how to replace the original with it. With that in place, you can get custom themes. The one I'm currently using is Metallic Shades.

This doesn't help you at all for changing the icons unfortunately, but the theme doesn't suggest any sort of wacko icons, and the default ones look quite nice in it.

Clarification.

[Grendel+Drago]

Did I mention that the AIM users were using AIM encryption with each other? I even get the little lock mini-icon appearing on their buddy list entries.

So... you're saying that gaim's encryption plugin doesn't interoperate with standard AIM's encryption? What good is it then?

I mean, if you can bring yourself to answer a fucking idiot's question...

--grendel drago

Sheesh.

[Grendel+Drago]

Well, that's frickin' useless if you don't switch to gaim all over the company at once. It's like OpenOffice refusing to save documents in a format readable by MS Word.

I suppose there are probably good, technical reasons for it not working. Still, it'd be nice.

--grendel drago

Re:Sheesh.

[nzhavok]

Yeah, it's annoying. The point is that the encryption plugin can be used for any gaim account but can only talk to something else that uses the same type of encryption. So that means gaim-gaim encryption is available over any network, but unfortunately nothing but gaim (that I know of) uses that encryption for IM. However the method is open and non-propriatary so hopefully other clients will use it in the future (yeah right!).

Lotus Sametime.

[Grendel+Drago]

We're supposed to be switching over to use Lotus SameTime, which has the advantage of displaying full names on the buddy list, so we don't have to figure out that "reaganchk23" is "Alice Smith". Aliases make this a non-issue after the first time you talk to someone, but SameTime makes it simple enough to look up other people as well.

But, of course, this just means that everyone has to run both AIM and SameTime.

--grendel drago

Re:Lotus Sametime.

[bafu]

But, of course, this just means that everyone has to run both AIM and SameTime.

Not [necessarily] so... check oheck out the meanwhile plugin for gaim. I've been using it for a couple of months now and have had no issues, but I'm just using it for your basic chat... there may be fancier ST protocol stuff it hasn't implemented that you need.

Re:gaim off-the-record (encryption with deniabilit

[jericho4.0]

The point is, not all of us are encrypting because we think we're being spied on by the NSA. Some of us have legal reasons for keeping secrets.

Idiot.

I don't understand

[iminplaya]

Despite what they say, do any of you actually expect any privacy with these services? Don't play around with what they "should" do. Let's look at reality here. These people have never, nor will they ever protect your privacy in any way, shape, or form. Let's quit fooling ourselves. This is the way it's always been. If you believe anybody's privacy statements, then I have some beautiful land in Florida for sale. I also has some action in a famous bridge in New York if you want a piece of that. Find a way of enforcing them, and maybe they can become believable. For now, when you're using a chat program or almost anything on the net, you're broadcasting it all over. The privacy thing is an illusion.

You think you're joking.

[Grendel+Drago]

It's a little hard to respect my supervisors when they write like thirteen year olds in the chat room. 'u' and 'lol' and 'k'.

Me: Priority one! Ticket 123456---the server is on fire, notifying coordinators.
Coordinator: u sure? k

For some reason, I assumed people didn't talk like this at work. I don't know where I got that idea from.

We also use an IRC channel as something like a continuously scrolling messageboard, to post important issues we should all be aware of. And yeah, people say 'lol' in it too.

I stopped trying to fix the spelling and grammar of others a while back, but I still think they sound like idiots.

--grendel drago

Encryption Cluelessness

[illuin]

So I thought to myself, how do I encrypt my AIM conversations? I was horrified that the first google hit on 'aim encrypt' is this site: http://www.aimencrypt.com/, which goes around giving everybody in the world the same public/private keypair! Apparently, the site's been getting lots of press, including from TechTV.

The dangers of this site have been well explained here, but how many people are going to find it and read enough to understand it? It's just sad that the general population is so completely clueless about the basics of cryptography.

What TOS?

[frobnoid]

The TOS reads:
he following terms and conditions apply to all users who either registered for AIM services or downloaded AIM updates or software on or after February 5, 2004.

Many posts here are talking about using third party encryption tools to circumvent this.

This new TOS DOES NOT APPLY TO ME (nor to many of you). Why not?
I didn't agree to their terms of service.
I didn't sign up after 2/5/2004.
I don't download AOL's AIM client. I use GAIM exclusively.

AOL, use the messages I haven't give you rights to, I dare you.

1. Send interesting messages
2. Wait until AOL uses one somehow.
3. Profit.

Privacy policy?

[SenatorTreason]

In the AIM privacy policy:

"AOL does not read your private online communications when you use any of the communication tools offered as AIM Products. If, however, you use these tools to disclose information about yourself publicly (for example, in chat rooms or online message boards made available by AIM), other online users may obtain access to any information you provide.

Your AIM information, including the contents of your online communications, may be accessed and disclosed in response to legal process (for example, a court order, search warrant or subpoena), or in other circumstances in which AOL has a good faith belief that AIM or AOL are being used for unlawful purposes. AOL may also access or disclose your AIM information when necessary to protect the rights or property of AIM or AOL, or in special cases such as a threat to your safety or that of others."

IANAL...so is this a contradiction?

comments

[webworm99]

I wonder if aol instant messenger will now be consider spyware. For those thinking a switching to Msn instant messenger Aol & Microsoft are working to allow communications with both clients.

Re:comments

[forlornhope]

First, let me point out that Jabber already allows communications between both clients. But the problem is that the messages to your AIM buddies still go over the AIM network and are still subject to these TOS. So that sucks. Also if you think Microsoft won't go to TOS like this at some point in time you are nieve. And thats not just because they are microsoft. Its cause it is a corporation and will tend toward this sort of behavior till the government and/or the people put a stop to it.

Also Jabber is better cause it nativly goes over the network encrypted, and its decentralized nature. Aka, the university csee department that I work for is trying to put up a jabber server for its students. Also one of my friends that I trust runs one. I have many avenues for using Jabber that don't include a corporation in the mix and where I don't have to worrry about eavesdropping. So switch all your friends to Jabber. I'm already doing it. Why aren't you?

(Btw, there is a lovely windows Jabber client called exodus or some such. I recommend it to all my friends.)

Paying attention?

Tell that to the dude from DOD who is being extradited to the USA for 'crimes' breaking USA law he committed while in Australia, using servers in Australia.

The laws that govern the internet are the ones owned by the richest and biggest bullies. AOL will never have to defend this EULA anywhere for precisely this reason, and if they ever do, they will win.

this text is dumb and alarmist

[nazsco]

AOL just is saying that "if you put in you email and interests, we can publish a page on our servers and send that crap to another users if they request"

it don't mention messages, you bunch of dumb paranoids.

after all, you don't post a message to aim, you send it specificaly to another user.

How long is it before Google provides this service

[SockPuppet_9_5]

I wouldn't be surprised for Google to include IMs in their next Google Toolbar upgrade.

Gaim

[meheler]

Just use gaim then. Install the gaim-encryption plugin and you're good to go. http://gaim.sf.net/

Re:Gaim

[jcuervo]

Didn't work in the current versions, last I checked.

Re:Gaim

[meheler]

It must have been a while since you checked. I'm running gaim 1.1.4 in windows and linux, both using gaim-encryption 2.35.

http://gaim.sourceforge.net/
http://gaim-encryption.sourceforge.net/

Re:Gaim

[illuin]

The client isn't the problem -- if everyone was using their own public/private keypair with AIM, then it would probably be ok (I say "probably", because apparently AOL's been mum on the exact protocol used, so we don't know if there are holes in their security).

The problem is that www.aimencrypt.com is telling people that they can use the security features in AIM just by installing the certificate aimencrypt is providing. Unfortunately, that means that everyone is using the same public/private keypair, which completely undermines the security (the private key is no longer private).

Re:Gaim

[airConditionedGypsy]

The grandparent post does present a viable solution: the encryption plug in for GAIM creates your own public/private keypair and transmits your public key to other people who contact you. This is exactly what AOL IM client should do, but they want to make money for Verisign, so they tell people to buy certs.

Enter social engineering of aimencrypt.com, creating a bigger problem out of something that shouldn't be a problem in the first place.

iChat users?

[acadiel]

I wonder how this will affect iChat users. After all, we can use the AIM service, but I don't think we go through a AIM TOS, because iChat is an Apple product. It'd be interesting to see.....

Re:Speaking of "their network"...

[Unknown+Lamer]

It's no different than email. You no longer have to rely on one company to provide service to you. The servers may not be entirely reliable, but it's better than relying on AOL to continue providing AIM to everyone for free forever. What happens when they decide to cut it off?

assigning copyright?

[iplayfast]

So if I understand this correctly, AOL is assuming the copyright on anything you post. So if you post something inflammatory, libelous, or hateful, AOL owns it....

So if someone wants to sue, they sue AOL?

So much for using AIM at work

[johncel]

I know plenty of co-workers and friends who use AIM at work to make work-place communication more efficient.

Do they have to worry that AOL might publish their company's ideas and new products?

Probably not... But, now my friends will have to think twice before asking "are we going to launch super blogger 9000 today?" over AIM.

and people wonder

[ironfroggy]

And, people wonder why I suggest using Jabber...

Yo...who cares about privacy...

[Alpha_Traveller]

They're going to steal my new rap album I've been cooking up with my homeys over IM!!! De Don Got Da Riiiiiiiiggghhhhhtttt!

>you grant AOL, its parent, affiliates, subsidiaries,
> assigns, agents and licensees the irrevocable, perpetual,
> worldwide right to reproduce, display, perform,
> distribute, adapt and promote this Content in any medium.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Actually Apple did it for you.

[momus_radar]

Apple has an agreement with AOL to allow .Mac users access to the AIM service so therefore by using iChat to Log In to AIM you automatically agreed to AOL's TOS since it's their servers.

AIM Products For purposes of these Terms of Service, the term "AIM Products" shall mean AIM software (whether preinstalled, on a medium or offered by download), AIM services, AIM websites (including, without limitation, AIM.COM and AIMTODAY.COM) and all other software, features, tools, web sites and services provided by or through AIM from America Online, Inc. and its business divisions (e.g., Netscape) (collectively "AOL") and AOL's third-party vendors.

In this case, Apple is a third party vendor.

that's why I use...

[SailingDeity]

... gaim-otr http://www.cypherpunks.ca/otr/

AOL Response to AIM TOS Rumors

[AndrewWeinstein]

I wanted to make sure you knew that the rumors about the AIM Terms of Service are totally false. First and foremost, AOL does not monitor, read or review any user-to-user communication through the AIM network, except in response to a valid legal process. The AIM privacy policy (which is part of the AIM TOS) makes that crystal clear: "AOL does not read your private online communications when you use any of the communication tools offered as AIM Products. If, however, you use these tools to disclose information about yourself publicly (for example, in chat rooms or online message boards made available by AIM), other online users may obtain access to any information you provide." The second sentence of that same paragraph -- and the related section of the AIM Terms of Service -- is apparently causing the confusion. The related section of the Terms of Service is called "Content You Post" and, as such, logically and legally it relates only to content a user posts in a public area of the service. If a user posts content in a public area of the service, like a chat room, message board, or other public forum, that information may be used by AOL for other purposes. One example of this might be a user who posts a "Rate a Buddy" photo and thus allows AIM to post it for other AIM users to vote on it. Another might be AOL taking an excerpt from a message board posting on a current news issue and highlighting it in a different area of the service. Such language is standard in almost all similar user agreements, including those from Microsoft (appended below) and most online news publications. That clause simply lets the user know that content they post in a public area can be seen by other users and can be used by the owner of the site for other purposes. Finally, there seems to be a misimpression that the change was recently made. In fact, the current AIM Terms of Service was last updated in February 2004 and has been in place for more than a year. The prior terms of service had very similar language reserving the same rights. In short, AIM user-to-user communication has been and will remain private, the AIM TOS was not changed, and the TOS includes a standard clause on publicly posted material. Andrew Weinstein Spokesman, America Online MSN TOS: 6. MATERIALS YOU POST OR PROVIDE; COMMUNICATIONS MONITORING For materials you post or otherwise provide to Microsoft related to the MSN Web Sites (a "Submission"), you grant Microsoft permission to (1) use, copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, modify, translate and reformat your Submission, each in connection with the MSN Web Sites, and (2) sublicense these rights, to the maximum extent permitted by applicable law. Microsoft will not pay you for your Submission. Microsoft may remove your Submission at any time. For each Submission, you represent that you have all rights necessary for you to make the grants in this section.

A few would complain loudly

[karlandtanya]

Most people would quickly convince themselves that it doesn't matter and go on about their business.

mod parent... double-plus-ungood (n/t)

[DJCF]

double-plus-ungood!

Funniest/scariest thing I've read all day!

Who? Re:New Terms in A Nutshell

[hacksoncode]

If you're asking "Did some unidentified person referred to as 'Jack the Ripper' break the law, the answer is almost certainly 'yes'".

However, if you were to phrase it as "Did Fred Brinkley, whom I believe to be Jack the Ripper, break the law?" the answer would be "no", even if your belief happens to be correct, *until* he is tried and convicted. Since that can't happen, then as a technicality there's no actual person who broke the law, even though some unidentified person did. Confused yet?

That's what "presumption of innocence" means.

(Ignoring, for the moment, that I know nothing about British law other than it is the source of Common Law precedence rules, and that they may not have a strict "presumption of innocence").

Re:Who? Re:New Terms in A Nutshell

[STrinity]

The presumption of innocence only applies in courts of laws -- and only in those courts in those countries where that presumption is part of the law. But we are not in a court of law right now. We are not bound by such things, and to limit conversation to such technicalities is absurd.

As Ambrose Bierce once pointed out, there is ample legal evidence, including confessions, that witches once existed and were bent on destroying humanity.

This could have dire consequences

[jonfields]

*posts windowsxp.iso to AOL's forum* Uhoh AOL now owns the rights to Windows XP.

Are they sure I have the rights?

[NotWearingMyTinHat]

If I IM does AOL think they own it? How can they assume I have the right to give up the material to them?

Hey DA

[storzy]

If you can read moron To: AOL Instant Messenger (AIM) Users From: America Online Re: Rumors about Changes to the AIM Terms of Service and Your Privacy on AIM A number of online media outlets and blogs have recently written about rumors that AOL has changed the AIM Terms of Service (TOS) to weaken the privacy of AIM users. We want to assure you that those rumors are totally false. There was no recent change to the policy, and AOL does not read private user-to-user communication on the AIM network (which is fully explained in the AIM Privacy Policy). As the policy says, "AOL does not read your private online communications when you use any of the communication tools offered as AIM Products." Despite that statement, language in a different section of the AIM Terms of Service caused some confusion about the overall policy. The other section is called "Content You Post" and, as the name indicates, it applies to content a user might choose to post in a public area of the AIM service, such as a chat room or online message board. It does not apply to private user-to-user communications over AIM. The "Content You Post" section explained that content posted in a public area of the AIM service also might be used by AOL for other purposes. One example of this is when AIM posts a photo submitted by a user for the "Rate-a-Buddy" feature so other AIM users can vote on it. Another might be taking an excerpt from a message board posting on a current news issue and highlighting it in news coverage of that issue. A similar clause is a standard part of almost all user agreements for online publishers, including news outlets, portals, and blogging sites. The language simply lets the user know that content they post in a public area can be seen by other users and can be used by the owner of the site for other purposes. Nonetheless, as some users were confused by the meaning of this section, we have clarified it by adding language that makes clear that it only refers to content posted in public areas of AIM and not to private user-to-user communication. This is not a change to the policy, but it hopefully helps make this section easier to understand. Finally, we wanted to note that the AIM Terms of Service (TOS) were last updated in February 2004, and they have been in place for more than a year, so there was no recent change other than the language clarification discussed above. We hope this addresses any rumors you may have heard and any questions or concerns you might have had. Thank you for your continued use and support of the AIM product and community.