Slashdot Mirror
AOL: We're Not Spying on AIM Users
The Llama King writes "America Online tells the Houston Chronicle's TechBlog that, despite a recent Slashdot posting to the contrary, AOL Instant Messenger's terms of service do not imply that the company has the right to use private IM communications, and the section quoted in the Slashdot article applies only to posts in public forums -- a common provision in most online publishers' terms of service. AOL spokesman Andrew Weinstein says flatly: 'AOL does not read person-to-person communications.' He also says AIM communiques are never stored on AOL's hard drives. The original Slashdot item was linked throughout the blogosphere -- it will be interesting to see if AOL can extinguish this fire." (Read more below.)
It could be that they don't actually take advantage of its terms, but the Terms of Service seem to broadly favor AIM's right to do exactly what they say they're not doing; rather than drawing any distinction between IM services and public forum posts, the actual terms seem clearly to apply to all AIM products. Here's how they put it:
For purposes of these Terms of Service, the term "AIM Products" shall mean AIM software (whether preinstalled, on a medium or offered by download), AIM services, AIM websites (including, without limitation, AIM.COM and AIMTODAY.COM) and all other software, features, tools, web sites and services provided by or through AIM from America Online, Inc. and its business divisions (e.g., Netscape) (collectively "AOL") and AOL's third-party vendors.AOL could probably erase many of the worries about conversation snooping if they would provide a definition of the words "post" and "submit" as used in the following paragraph of their ToS (which says it applies to "any AIM Product"), and explicitly disclaimed an "irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote" the contents of online conversations:
You may only post Content that you created or which the owner of the Content has given you. You may not post or distribute Content that is illegal or that violates these Terms of Service. By posting or submitting Content on any AIM Product, you represent and warrant that (i) you own all the rights to this Content or are authorized to use and distribute this Content on the AIM Product and (ii) this Content does not and will not infringe any copyright or any other third-party right nor violate any applicable law or regulation.
"We're not evil. We promise. Trust us. Just because we say we can doesn't mean we will."
I personally use AIM but that doesn't mean that I'm going to trust any communications I want private with a giant multi-billion company.
I'm a virgo and on Slashdot. Coincidence? Yes.
Didn't MSN MEssenger once have a similar claim in its TOS?
I'm sure there was some storm in a teacup around it a while ago.
liqbase
I already uninstalled my AIM and done gone somewhere else with my IMing.
Their PR parrots and Legals should have collaborated BEFORE they opened their big mouths on this matter. Now they are having to play catchup, in a BIG way.
Bad timing aoHell. In this day and age, that kind of legal play can lose you a couple of million users as fast as your CSRs (customer service reps) can field them.
First rule of holes; When in one, stop digging.
Why are people walking around surprised that AOL would, at the very least, not guarantee absolute privacy in conversation?
The best way to deal with this is to always treat any conversation, ESPECIALLY over the internet, and ESPECIALLY on a service like AIM as insecure. Period.
Everyone and their mother who read that previous Slashdot anti-privacy post will of told ten people. Everyone who reads this one, will probably forget about it in ten minutes and revert back to thinking AOL is logging all of your chats. Damage is done.
-Imidazole
Hilarious Office Prank!
Maybe, CowboyNeal (who posted the original) would be nice enough to go back and put an Update at the FRONT of the old story, as an act of good faith and fair reporting. :-)
----- Lotus Super 7 - A real car.
This is another case of agreements being way beyond what a company needs, but lawyers saying "well what about this one bizarre case that might happen once in a hundred years where you might want to use this clause?" So the company makes an agreement like this one, not counting on geeks like us to actually read it and cause trouble.
Companies exist only to enrichen their owners and shareholders. All decisions are based on this one fundamental truth.
If they have the authority to do something, and it becomes in the company's best interest to do it, they will do it, without hesitation.
Translating what they are saying now, it just means "it's not currently in AOL's overall best interest to monitor instant messaging traffic, so right now we're (probably) not doing it. But we can change our minds at any time, without notice."
I work for the Department of Redundancy Department.
i like to live dangerously
(parody of their stupid commercials)
It really wouldn't take much to store all AIM communiqués.
I'm sure there's a clever compression tool out there which can take advantage of common data such as "ME TOO!" and "I'M OFF TO MASTURBATE. BRB."
Everything being in uppercase helps too.
Unfortunately, I am not Wil Wheaton
AOl probably has no intention of doing what they've demanded the rights to. It's prbably illegal anyway whatever the customer agrees to. What they do want is sufficient legal protection that they can avoid any spurious legal challenges that people might beempted to do based on the basic functionality of the system (including logging, temporary storage, occasional viewing of private messages during maintainance etc.)
Lets be honest if the service is free to you in a monetary sense, it's nice to think that there are no other costs to you. I'm not a nut in a shelter somewhere in the tundra - but a little paranoia can be healthy. I have met and worked for enough companies/individuals to know that altruism does not currently stand as the dominate principle in business. (though, evolution of society...OSS...who knows what will happen) It's just common sense to assume that there are hidden strings attached to something given to you for "free" from a corporation (and most individuals, even you grandma). I never buy anything on my Super Saver Card that I don't want the Super Saver Company to know about, and I treat AIM/MSN/Hotmail/Whatever the same way. If I want a private conversation I use something I can control - Point to point with encryption.
The rock, the vulture, and the chain
Don't forget to not use their servers as well. Oh wait, then you aren't using AIM.
stuff
Sincerely,
Your neighborhood AOL conglomerate
Yes, GAIM does log if you want it too. I live in Texas, where logging only requires one-party consent, and thus I log every conversation I have, then manually delete the ones I don't want (spambots, etc).
http://gaim.sf.net/ is the GAIM site, so you don't have to go looking for it later.
When I first read the post regarding the TOS I didn't think too much of it. I just noticed a lot of people getting bent out of shape because they failed to notice it did not apply to instant messages, rather to chat rooms and message board postings. This however did not stop me from griping to many people online about the TOS's blatant disregard for privacy rights. Bla bla bla etc... As of last night my account is blocked and I have no idea why. I am still able to log into my AOL account to check my mail, but instant messaging has been disallowed. I am out of the states right now and in the middle east so tech support (if you would even bother to call it that, as anyone who has called AOL before would likely know how crappy the service is) is somewhat out of the question due to international phone calls being expensive and whatnot. Any suggestions as to how I can figure out what the hell happened?
It's all over teh place!!11!one
Eh? Encryption isn't the solution to end users logging conversatations in their IM client.
This issue relates to the main central servers eavesdropping on EVERYONEs conversations.
Encrypting the conversation should prevent eavesdropping on route, but won't prevent logging in the client.
liqbase
I've never been able to find the option to actually -delete- an AIM account. Has anyone else?
"The original Slashdot item was linked throughout the blogosphere -- it will be interesting to see if AOL can extinguish this fire."
I would think it would be fairly easy to put out the fire. Instead of making the assurances below in public, put them in the TOS in an invariant section.
"AOL Instant Messenger's terms of service do not imply that the company has the right to use private IM communications, and the section quoted in the Slashdot article applies only to posts in public forums -- a common provision in most online publishers' terms of service. AOL spokesman Andrew Weinstein says flatly: 'AOL does not read person-to-person communications.' He also says AIM communiques are never stored on AOL's hard drives."
all the best,
drew
FreeMusicPush If you want to see more Free Music made, listen to Free
To be fair, Slashdot at least says, on every page, " All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2005 OSTG."
So, to tie it with a meme:
1. Register Anonymous Coward as your legal name
2. Find all AC posts.
3. ???
4. Profit!
At least it's good to see the "Blogosphere" really pays attention. They don't. Which, really, makes them just like journalists.
*ducks*
Small potatoes make the steak look bigger.
yeah, let's make a big deal of someone reading our IMs but totally forget that email can be read too. Here's an idea...don't write anything online that you wouldn't want publiched. Problem solved.
That said, I doubt AOL employees really care about your fucking IMs.
xXx-@DeathBecomesME@-xXx: LOL
supertard: heh
xXx-@DeathBecomesME@-xXx:dude, did you see that one show? LOL
supertard: yeah lollerz!1
*rolleyes* who fucking cares if they read your chat logs?
It isn't security through obscurity, it's security through absurdity.
http://xkcd.com/386/
When will my anti-spyware apps start seeing AIM as spyware, and offering to remove it for me?
You see? You see? Your stupid minds! Stupid! Stupid!
in gaim encryption is done client>client, the server doesn't get anything readable because the protocol doesn't support it.
"In each such case, the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive, transferable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable license." - Thus go the TOS of slashdot.org. Surprize, surprize!
I tried to submit this story to ./ sometime back but of course, they wont accept it :-)
AOL will have to change the ToS. The cat is out of the bag. Drudge Report is carrying the story as of this morning.
I heard someone being paranoid about people intercepting his communications through unshielded telephone lines if Broadband-over-Powerlines was offered. I think we've gone too far. Some paranoia keeps you alert, but you people are running around with a tinfoil hat, just bent on finding a big corporation that you think is trying to screw you. MS, Valve, AIM and so forth. The minute any one of these actually does something to any one of you, I'd be interested to hear about it. Until then, there's no reason to have this hive of paranoia.
Yes, you still need an AIM ID. Which involves going onto their website, which is defined in the TOS as being an AIM Product. And if you somehow manage to get around that, you're still using their servers, so you're *still* using an AIM Product. If you look, you accept the TOS just by using any AIM Product, so just by going to their website you're expressing your acceptance of their TOS.
I wonder - what about people using .mac accounts on iChat? Do they have to click through AOL agreements to get to that point?
(I know that isn't an option for everyone, but it is something to consider.)
Gaim Encryption plugin Use gaim, use plugin. Give friends, etc. an ultimatum. I strongly encourage the use of this in more sensitive environments, especially if you're slinging account numbers around.
This message brought to you by the letter Q and the number 8.
"AOL is answerable to its shareholders. "
And to the law, and the people of the United States throught their elected representatives.
Corporations are not nations, immune from all considerations other than profit. They are entities licensed to exist by the people of the U.S. and other nations, for the benefit of all. They are our servants, we are not theirs.
Fink. The gaim version in Fink works fine.
What does AOL being a giant multi-billion dollar company have to do with this?
Case 1:
Mr. Aspiring Songwriter writes a song, and asks some friends for their opinions. He sends the lyrics and an MP3 to friends using his AOL email and/or AIM. The song becomes big a year later. AOL searches their records, and finds he used the AOL network to transfer the work. According to this license, AOL may now:
- publish the song on the internet,
- include the song on CD,
- use the song in a movie,
- use the song in advertisements, and
- have their current boyband record it
without ever giving any compensation to the Mr. A.S.
Case 2:
Mr. Writer works on his book or movie script. He sends each chapter to his agent from his AOL email. AOL can use his work without compensation.
Case 3:
Mr. Small Business writes software. His team uses AIM to discuss the code being developed. AOL may use any of the code transferred on their network for any purpose without compensation.
Case 4:
Mrs. Sporting Goods owns a small store. It does not have an e-commerce website; her AOL email address is enough for the few online orders. One of her customers becomes famous. AOL may publish information about the athlete's purchases and any concerns discussed in her emails. (They may have difficulty justifying the use of the athlete's emails, unless the athlete also used AOL software.)
If this license was used by a small private business, the materials collected could soon become the most valuable resource of the business. AOL is already part of a major media conglomerate, and the threat of using all meterials transferred on their network without compensation is real. AOL's music and movie divisions should be drooling over the ability to find free resources.
I spend my life entertaining my brain.
"He also says AIM communiques are never stored on AOL's hard drives."
/super obvious?
of course not... they don't have the need... all of the "communiques" are stored on the NSA's servers.
I read the excerpts and it sounds like they are saying they can use any info passed through their server...if you set Gaim up to use your AOL account, and it is passed through the AOL server, then they will still have (in their opinion) the right to use the info you transfer...
Use the GAIM-Encryption plug-in for your sensitive conversations.
IANAL
What if you send parts of your own already published book to a friend through AOL? Or someone elses? What if you send an mp3 disguised as your own that's really using some samples of some famous work (happens all the time with DJ/producers remixing famous tracks into their own special genre (i.e. drum n bass versions of hiphop songs)).
If AOL were to ever publish those tracks then the actual AOL user could be losing out but then AOL would get into hot water with any material that actually was already copywritten.
Of the 'major' IM services (MSN,AIM,Y!,ICQ), AIM is the only one that allows you to direct-connect, and encrypt. (Not via AOL's AIM software though).
I have gotten most friends(that use windows) to switch to trillian, and have it automattically set up to do the 'secure link' which also helps w/ employers w/ prying eyes.
I believe that GAIM also allows encrpytion over AIM, but it isnt compatable w/ trillian's, which is unfortunate. I also believe that the Jabber protocol supports it depending on your server. (Google i hope when you launch your service, you include this function)
Im glad
The short version:
The ToS specifies the rights that AOL has. Storing your IMs is not a right specified in the ToS. Therefore, AOL doesn't have the right to retain your IMs.
The longer version:
If the company does not specify it has the right to do something (i.e., the contract is "silent" on the issue), the company generally cannot do that thing. Contracts are read this way to better protect the consumer. And it also just makes sense. If the company could do anything except what was specifically prohibited, then the consumer would have no rights except those explicitly guaranteed by the contract, which, coincidently, was written by the company. Traditional contract law does not allow this. Here, where AOL does not reserve their right to retain info, they may not do it.
In fact, there are two doctrines of contract law that apply to this type of situation.
The first is that "the inclusion of one is the exclusion of all others." By listing specific things it can do, AOL is essentially saying it cannot do anything it does not list. So by specifying that it could keep "posts" and other specific types of information, the contract would be read as prohibiting it from keeping other types of information (IMs, in this case) not specifically discussed.
The second is the doctrine of "contra preferentem" which literally means "against the party who proffers or puts forward a thing" and is defined as "used in connection with the construction of written documents to the effect that an ambiguous provision is construed most strongly against the person who selected the language." (Black's Law Dictionary). So where AOL puts forward contract language (and the parties are of unequal bargaining power), the contract will construed against AOL.
Both the doctrines work quite nicely together, as you can see. Maybe this really is one of those things that a lawyer is just going to read differently -- but reading the ToS it seemed pretty clear to me that IMs were not one of the things that AOL gave itself the right to collect.
but personally, I don't want to worry about some third party reading through posts or messages not intended for them. To remedy this problem, I recommend grabbing GAIM with one of the many GAIM encryption plugins. As a bonus, paranoid folks won't have to worry about the (insert governmental agency of choice) snooping on them.
4 .exe?download
More information regarding this topic is available on the technology blog "It's Geek to Me" located at http://itsgeektome.blogspot.com/
For Windows users, you can grab GAIM here:
http://prdownloads.sourceforge.net/gaim/gaim-1.1.
You can get a nice GAIM Encryption Plugin here:
http://gaim-encryption.sourceforge.net/
I read the TOS, and concluded it was just a case of lawyeritis (inflammation of the lawyers). The actual intent seems to be to establish that AOL shall NOT be held liable for copyright infringement due to copyrighted material (specifically meaning words written *by* AIM users) being passed through their servers.
So if you write something and send it via AIM, you have given AOL the right to "reproduce" it on their servers, and therefore you cannot sue AOL for copyright infringement, nor can you claim that AOL owes you anything for "distributing" it. (However, this does not *assign* the copyright to AOL.)
IOW, it's just overly-paranoid ass-covering as performed by lawyers, probably due to some asshole having actually sued them for "storing my works on your server and thereby infringing my copyright" (even if that's just for the few seconds as it passes through) without grokking that this is how sending stuff via AIM works.
[I can readily see someone like Harlan Ellison going off the deep end about this natural side effect of transmitting data, thus getting the lawyers in a tizzy.]
~REZ~ #43301. Who'd fake being me anyway?
You have to love the panic mongers. If you have a deep, dark secret, don't shout it in a public place, don't share it on a public network. It just takes a bit of common sense. Yeah, they could monitor me, but is there anything that they'd want to know?
Then there is the logistics of the matter. I know that they could filter out 99% of my conversations. I know many people like myself who just leave their chat clients up as a sort of answering machine or phone replacement. If you have a potentially sleeping baby in the house, or are working on a vexing problem from which you cannot be distracted, ringing the phone for minor things is considered rude. IM is a safe, quiet conversation. I can speak to a friend, and come off as semi-articulate and intelligent, and they can't hear me yelling at my 4 kids in the background.
A typical conversation of mine:
Of course, "pick up bread" is code for pseudo ephedrine, coffee filters, drain cleaner, ether....
People can intercept your email too, so what? The implementation of Martial Law, oh, I mean The Patriot Act, has extended the government's wire tap privileges further into the phone system, with less and less of a reason needed. What about the security of cell phones? And how many of these panic mongers don't think twice before using a regular cordless phone at home. I can tell you from experience that these are not secure! I had to quit using a baby monitor, as I was sick of listening to my neighbor's late night drunken sobs to her friends about her husband. Hmm, the things that you learn when you listen to people's private calls. That was a morbid fascination for a short time, but it wore off quickly.
Much of it comes down to the fact that monitoring most people's communication would be a crashing bore. Sure, you could write content filters, as you do for spam detection, but how many false negatives, and how many false positives do you have with that? I'd expect the same level of difficulty monitoring IM's
IM is great for jotting off a few thoughts. It's not for exchanging company secrets. If you want to do that, at least use a private network, or better yet, meet in person. IM is great for multi-tasking. As you sit on hold, or buried in the 7th level of voice mail hell, you can carry on a conversation, or give and get tech support. "What was the command to fix that problem on my machine again?" copy, click, paste, Fixed! "Thanks again!" Do you realize how much easier that former scenario is than saying "Pipe, that straight line, on the key over the enter key, do you see it? It didn't work? Did you hit shift? Is the line vertical, or slanted?...(continue ad infinitum)"
With IM, you can, potentially help multiple people at one time as well. (All while playing a game of whatever keeps you from slitting your wrists on a daily basis.) As your minions actually attempt to execute what you have given them, there is invariably some time wasted. If you were on the phone with them, you'd have to hang on while they check to see if the fix worked. This way, they are still in your que, and yet you can move on to someone else.
There is also another great element to IM on a public server, with public profiles. People can, if they wish, put things in their public profile that would bring together people with like interests from around the world. I have developed many online friends due to one common interest or another listed on a public profile. Sure, for the