Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL: We're Not Spying on AIM Users

Posted by timothy on from the but-your-tos-says-you-can dept.

The Llama King writes "America Online tells the Houston Chronicle's TechBlog that, despite a recent Slashdot posting to the contrary, AOL Instant Messenger's terms of service do not imply that the company has the right to use private IM communications, and the section quoted in the Slashdot article applies only to posts in public forums -- a common provision in most online publishers' terms of service. AOL spokesman Andrew Weinstein says flatly: 'AOL does not read person-to-person communications.' He also says AIM communiques are never stored on AOL's hard drives. The original Slashdot item was linked throughout the blogosphere -- it will be interesting to see if AOL can extinguish this fire." (Read more below.)

It could be that they don't actually take advantage of its terms, but the Terms of Service seem to broadly favor AIM's right to do exactly what they say they're not doing; rather than drawing any distinction between IM services and public forum posts, the actual terms seem clearly to apply to all AIM products. Here's how they put it:

For purposes of these Terms of Service, the term "AIM Products" shall mean AIM software (whether preinstalled, on a medium or offered by download), AIM services, AIM websites (including, without limitation, AIM.COM and AIMTODAY.COM) and all other software, features, tools, web sites and services provided by or through AIM from America Online, Inc. and its business divisions (e.g., Netscape) (collectively "AOL") and AOL's third-party vendors.
AOL could probably erase many of the worries about conversation snooping if they would provide a definition of the words "post" and "submit" as used in the following paragraph of their ToS (which says it applies to "any AIM Product"), and explicitly disclaimed an "irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote" the contents of online conversations:
You may only post Content that you created or which the owner of the Content has given you. You may not post or distribute Content that is illegal or that violates these Terms of Service. By posting or submitting Content on any AIM Product, you represent and warrant that (i) you own all the rights to this Content or are authorized to use and distribute this Content on the AIM Product and (ii) this Content does not and will not infringe any copyright or any other third-party right nor violate any applicable law or regulation.

29 of 310 comments (clear)

  1. Right... by maotx · · Score: 5, Insightful

    "We're not evil. We promise. Trust us. Just because we say we can doesn't mean we will."

    I personally use AIM but that doesn't mean that I'm going to trust any communications I want private with a giant multi-billion company.

    --
    I'm a virgo and on Slashdot. Coincidence? Yes.
    1. Re:Right... by Anonymous Coward · · Score: 4, Interesting

      What does AOL being a giant multi-billion dollar company have to do with this? If it's private, you don't trust anyone with your communications, except the receiving end. Please don't try to take a cheap jab at a company just for the sake of it being a company. Especially in this case since you've probably been leeching off AOL's servers for years without a second thought (you don't use the official AIM client with the revenue generating ads, do you?)

    2. Re:Right... by maotx · · Score: 5, Interesting

      What does AOL being a giant multi-billion dollar company have to do with this?

      Money has a tendancy of corrupting. The bigger a company grows and the longer they are around the more likely you are to hear of some shady practices.

      Please don't try to take a cheap jab at a company just for the sake of it being a company

      I didn't for the sake of it being a company. I did it for the sake that they SAID in their TOS that they can. If AOL was meant to be a secure company then maybe I'd trust my secure communications with them.

      Especially in this case since you've probably been leeching off AOL's servers for years without a second thought (you don't use the official AIM client with the revenue generating ads, do you?)

      And why would I when they use interfaces I don't want and allow me to use someone elses for free?

      --
      I'm a virgo and on Slashdot. Coincidence? Yes.
    3. Re:Right... by the_mad_poster · · Score: 5, Insightful

      First of all, it's irrelevant whether or not it seems "unreasonable" for AOL to take and redistribute your private information. The point is that they said they're willing to do it, so it should be assumed that they will. If someone points a gun at my head and says "don't worry, it's not loaded", I'm still going to assume it's loaded on the basis that they wouldn't have put a gun to my head if they didn't intend to kill me. People's actions do, indeed, speak louder than words, and AOL has obviously taken the initiative to decide that, if they see fit, they're going to take your communications and resuse them for their own personal gain.

      And his complaint targeting a private company was perfectly valid. Corporate entities have shown an amazing lack of common sense, appropriate discretion, self restraint, and moral clarity in the time they've existed. Whereas an individual citizen has little or nothing to gain from spying on your point to point communications, a coporation most certainly has everything to gain. They exist for the sole purpose of making money, and in a capitalist system such as the one AOL exists in, moral fiber has no place. If they intercept valuable data, as a corporation, the only thing stopping them from taking it and using it for their own purposes are laws. They're effectively saying here that they refuse to be bound by any laws, so it can only be assumed that the intent is to glean valuable data and reuse it for, perhaps, marketing research.

      The conclusion here is quite simple. If a corporation refuses to be bound to appropriate, decent behavior by the law, it won't act appropriately or decently. Individuals have no such problem in most cases because, unlike corporations, they have little or no need for the sorts of things that would require them to be bound.

      His jab at a company for being a company was perfectly legitimate, even if he wasn't sure why that was so.

      --
      Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
    4. Re:Right... by ticklejw · · Score: 4, Informative

      I have one word for you. Er... two... they're sorta hyphenated:

      gaim-encryption

      Of course, this doesn't mean that I agree with or approve of AOL or anything they do... I'm just saying, if you have to use the protocol, it provides a level of protection.

      --
      "Software is like sex; it's better when it's free." -Linus Torvalds
    5. Re:Right... by WebMink · · Score: 3, Interesting

      I agree. This whole hypefest may be a storm in a thimble but it reinforces the need to use an end-to-end encryption that you control. Personally I think Ethereal is a more real threat than the AOL ToS but the solution is the same.

      For encryption, I'm not an advocate of gaim-encryption as the answer. It means that people all need to use Gaim and that's just not practical. Personally I think OTR is a better option. As well as a GAIM plug-in it offers a proxy so that any IM tool can be made secure, and it addresses the weaknesses gaim-encryption ignores - from their FAQ:

      The gaim-encryption plugin provides encryption and authentication, but not deniability or perfect forward secrecy. If an attacker or a virus gets access to your machine, all of your past gaim-encryption conversations are retroactively compromised. Further, since all of the messages are digitally signed, there is difficult-to-deny proof that you said what you did: not what we want for a supposedly private conversation!
      Best of all, it's dead simple to use.
  2. MSN Messenger had similar claim by LiquidCoooled · · Score: 3, Informative

    Didn't MSN MEssenger once have a similar claim in its TOS?

    I'm sure there was some storm in a teacup around it a while ago.

    --
    liqbase :: faster than paper
    1. Re:MSN Messenger had similar claim by LiquidCoooled · · Score: 5, Informative

      Hate replying to self, but found an article about it being changed.
      here

      --
      liqbase :: faster than paper
  3. too late.. by TheHawke · · Score: 5, Insightful

    I already uninstalled my AIM and done gone somewhere else with my IMing.

    Their PR parrots and Legals should have collaborated BEFORE they opened their big mouths on this matter. Now they are having to play catchup, in a BIG way.

    Bad timing aoHell. In this day and age, that kind of legal play can lose you a couple of million users as fast as your CSRs (customer service reps) can field them.

    --
    First rule of holes; When in one, stop digging.
  4. Surprise? by mattmentecky · · Score: 5, Insightful

    Why are people walking around surprised that AOL would, at the very least, not guarantee absolute privacy in conversation?

    The best way to deal with this is to always treat any conversation, ESPECIALLY over the internet, and ESPECIALLY on a service like AIM as insecure. Period.

    1. Re:Surprise? by TheoMurpse · · Score: 5, Insightful

      There is a difference between what you are saying -- what a person says via AIM is insecure -- and what the terms of service actually allow -- that AOL has the right to go as far as publish your writings in a book if they wanted to.

      That is what people are surprised about -- that AOL would have the gall to allow themselves something like that.

    2. Re:Surprise? by Twanfox · · Score: 4, Insightful

      That's pretty dismissive, and an inappropriate way to view their TOS. That's like saying "if you have nothing to hide, you won't mind if we search your home for contraband." "Judging by the quality of items in your home, you won't mind if we steal or break a few of them." It doesn't f'king matter if the quality is good or not, no company should ever say "Hey, something you created, but happen to transmit to someone else over our network... well, that's ours. We get to do whatever we want with it."

      What would happen if the phone company did that? How about your ISP for anything you ever sent? Oh, I'm sure that you probably don't mind yourself, as you haven't written anything that's truely astounding to the world of Men. However, it's the rare gems, the potential for abuse, that should be, at all times, limited. The ability to usurp someone else's writings is one such potential that should be curtailed, no matter if it's likely or not.

      After all, if it's this today, what will happen tomorrow after we're used to this little abuse?

  5. No fire extinquishing here... by Imidazole · · Score: 3, Insightful

    Everyone and their mother who read that previous Slashdot anti-privacy post will of told ten people. Everyone who reads this one, will probably forget about it in ten minutes and revert back to thinking AOL is logging all of your chats. Damage is done.

    --
    -Imidazole
    Hilarious Office Prank!
    1. Re:No fire extinquishing here... by AllUsernamesAreGone · · Score: 4, Interesting

      Well, since you ask...

      The CIA and NSA are answerable to the government and, in theory, the people. AOL is answerable to its shareholders. The CIA and NSA will do what is necessary to carry out their mandate within the legal boundaries the government provides, AOL will do everything it can get away with to make money.

      Quite frankly, I'd sooner trust the CIA and NSA and I'm a tinfoil hatter.

  6. Lawyers by MagPulse · · Score: 5, Insightful

    This is another case of agreements being way beyond what a company needs, but lawyers saying "well what about this one bizarre case that might happen once in a hundred years where you might want to use this clause?" So the company makes an agreement like this one, not counting on geeks like us to actually read it and cause trouble.

  7. Storage by CleverNickedName · · Score: 4, Funny

    It really wouldn't take much to store all AIM communiqués.
    I'm sure there's a clever compression tool out there which can take advantage of common data such as "ME TOO!" and "I'M OFF TO MASTURBATE. BRB."

    Everything being in uppercase helps too.

    --


    Unfortunately, I am not Wil Wheaton
  8. The TOS is a CYA by 91degrees · · Score: 4, Informative

    AOl probably has no intention of doing what they've demanded the rights to. It's prbably illegal anyway whatever the customer agrees to. What they do want is sufficient legal protection that they can avoid any spurious legal challenges that people might beempted to do based on the basic functionality of the system (including logging, temporary storage, occasional viewing of private messages during maintainance etc.)

  9. "Free" not as in Beer by Fox_1 · · Score: 4, Insightful

    Lets be honest if the service is free to you in a monetary sense, it's nice to think that there are no other costs to you. I'm not a nut in a shelter somewhere in the tundra - but a little paranoia can be healthy. I have met and worked for enough companies/individuals to know that altruism does not currently stand as the dominate principle in business. (though, evolution of society...OSS...who knows what will happen) It's just common sense to assume that there are hidden strings attached to something given to you for "free" from a corporation (and most individuals, even you grandma). I never buy anything on my Super Saver Card that I don't want the Super Saver Company to know about, and I treat AIM/MSN/Hotmail/Whatever the same way. If I want a private conversation I use something I can control - Point to point with encryption.

    --
    The rock, the vulture, and the chain
  10. Re:bah by TheoMurpse · · Score: 4, Informative

    Yes, GAIM does log if you want it too. I live in Texas, where logging only requires one-party consent, and thus I log every conversation I have, then manually delete the ones I don't want (spambots, etc).

    http://gaim.sf.net/ is the GAIM site, so you don't have to go looking for it later.

  11. Highly coincidental by HiMyNameIsSam · · Score: 3, Interesting

    When I first read the post regarding the TOS I didn't think too much of it. I just noticed a lot of people getting bent out of shape because they failed to notice it did not apply to instant messages, rather to chat rooms and message board postings. This however did not stop me from griping to many people online about the TOS's blatant disregard for privacy rights. Bla bla bla etc... As of last night my account is blocked and I have no idea why. I am still able to log into my AOL account to check my mail, but instant messaging has been disallowed. I am out of the states right now and in the middle east so tech support (if you would even bother to call it that, as anyone who has called AOL before would likely know how crappy the service is) is somewhat out of the question due to international phone calls being expensive and whatnot. Any suggestions as to how I can figure out what the hell happened?

    --
    It's all over teh place!!11!one
  12. Re:bah by LiquidCoooled · · Score: 3, Insightful

    Eh? Encryption isn't the solution to end users logging conversatations in their IM client.
    This issue relates to the main central servers eavesdropping on EVERYONEs conversations.

    Encrypting the conversation should prevent eavesdropping on route, but won't prevent logging in the client.

    --
    liqbase :: faster than paper
  13. Is it possible to delete AIM accounts? by fialar · · Score: 4, Interesting

    I've never been able to find the option to actually -delete- an AIM account. Has anyone else?

  14. Kidding me... by The-Bus · · Score: 5, Interesting
    This was already deduced in the original story by this post. To wit:

    I hate to sound like an AOL sympathizer, but the TOS specifically refers to "posts." Besides IM, AIM also provides message board services (or so I'm told by people who don't use Trillian, Gaim, or Psi).

    Does "posts" refer to regular IM usage? AOL implies not, referring to "message board posts, chat participation, and homepages."

    My reading of this is that AOL retains usage rights to everything you post on their static forums... forums which basically anyone can access. While I would feel better if this were not the case, that is a good bit better than AOL reading the I.M.'s you send to your co-workers.

    It sounds like CYA to me. As if AOL were giving themselves the right to decide to add access to the chat forums online or through AOL's proprietary service. It's the kind of CYA that inspired them to prohibit people from using AIM "while driving, operating hazardous equipment, or engaging in other forms of hazardous activities."

    On the other hand, go ahead and tell everyone on AIM about the TOS, without explaining that it's only posts. Then try to switch everyone over to Jabber. Please. The whole I.M. universe right now is about as convienient as sending E-mails from CompuServe to AOL in 1992.


    To be fair, Slashdot at least says, on every page, " All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2005 OSTG."

    So, to tie it with a meme:
    1. Register Anonymous Coward as your legal name
    2. Find all AC posts.
    3. ???
    4. Profit!

    At least it's good to see the "Blogosphere" really pays attention. They don't. Which, really, makes them just like journalists.

    *ducks*
    --

    Small potatoes make the steak look bigger.

  15. Re:Maybe there should be an edit... by Jussi+K.+Kojootti · · Score: 3, Insightful
    I don't see the need for an update. Their TOS still says what it said back then, and CowboyNeal didn't claim they actually had a habit of monitoring AIM messages.

    The fact that they now say they're not monitoring, does not covince me that the TOS weren't intentionally vague.

  16. Re:bah by mattyrobinson69 · · Score: 3, Insightful

    in gaim encryption is done client>client, the server doesn't get anything readable because the protocol doesn't support it.

  17. Gaim-Encryption by accessdeniednsp · · Score: 3, Insightful

    Gaim Encryption plugin Use gaim, use plugin. Give friends, etc. an ultimatum. I strongly encourage the use of this in more sensitive environments, especially if you're slinging account numbers around.

    This message brought to you by the letter Q and the number 8.

  18. Meme killin' time by Catbeller · · Score: 5, Informative

    "AOL is answerable to its shareholders. "

    And to the law, and the people of the United States throught their elected representatives.

    Corporations are not nations, immune from all considerations other than profit. They are entities licensed to exist by the people of the U.S. and other nations, for the benefit of all. They are our servants, we are not theirs.

  19. AOL can use copyrighted material w/o compensation by solprovider · · Score: 4, Interesting

    What does AOL being a giant multi-billion dollar company have to do with this?

    Case 1:
    Mr. Aspiring Songwriter writes a song, and asks some friends for their opinions. He sends the lyrics and an MP3 to friends using his AOL email and/or AIM. The song becomes big a year later. AOL searches their records, and finds he used the AOL network to transfer the work. According to this license, AOL may now:
    - publish the song on the internet,
    - include the song on CD,
    - use the song in a movie,
    - use the song in advertisements, and
    - have their current boyband record it
    without ever giving any compensation to the Mr. A.S.

    Case 2:
    Mr. Writer works on his book or movie script. He sends each chapter to his agent from his AOL email. AOL can use his work without compensation.

    Case 3:
    Mr. Small Business writes software. His team uses AIM to discuss the code being developed. AOL may use any of the code transferred on their network for any purpose without compensation.

    Case 4:
    Mrs. Sporting Goods owns a small store. It does not have an e-commerce website; her AOL email address is enough for the few online orders. One of her customers becomes famous. AOL may publish information about the athlete's purchases and any concerns discussed in her emails. (They may have difficulty justifying the use of the athlete's emails, unless the athlete also used AOL software.)

    If this license was used by a small private business, the materials collected could soon become the most valuable resource of the business. AOL is already part of a major media conglomerate, and the threat of using all meterials transferred on their network without compensation is real. AOL's music and movie divisions should be drooling over the ability to find free resources.

    --
    I spend my life entertaining my brain.
  20. I read the TOS, it's just legal ass-covering. by Reziac · · Score: 3, Insightful

    I read the TOS, and concluded it was just a case of lawyeritis (inflammation of the lawyers). The actual intent seems to be to establish that AOL shall NOT be held liable for copyright infringement due to copyrighted material (specifically meaning words written *by* AIM users) being passed through their servers.

    So if you write something and send it via AIM, you have given AOL the right to "reproduce" it on their servers, and therefore you cannot sue AOL for copyright infringement, nor can you claim that AOL owes you anything for "distributing" it. (However, this does not *assign* the copyright to AOL.)

    IOW, it's just overly-paranoid ass-covering as performed by lawyers, probably due to some asshole having actually sued them for "storing my works on your server and thereby infringing my copyright" (even if that's just for the few seconds as it passes through) without grokking that this is how sending stuff via AIM works.

    [I can readily see someone like Harlan Ellison going off the deep end about this natural side effect of transmitting data, thus getting the lawyers in a tizzy.]

    --
    ~REZ~ #43301. Who'd fake being me anyway?