Actually, a nit-picky point of clarification... Instant Messenger was created by MCIWorldCom (not sure if it was pre-merger or not) and is exclusively licensed to AOL.
I think this would be a great surprise to all the AIM developers down the hall from me. AIM was conceived, designed and developed at AOL.
In addition to what seebs writes, they have sent mail with forged headers (redirecting the bounces to a nonexistent mailbox at usa.net), they have purchased e-mail lists from other companies (whose recipients did not give permission for their names to be sold), they have failed to cancel their "associate" sites for spamming, and an affiliate company (pets.com) has harvested web sites for e-mail addresses to spam.
ASFAIK it's still fairly common practice for ISPs to include in their usage agreements something along the lines of "You can be monitored, and there really isn't much you can do about it".
It may be in your agreement, but the Electronic Communications Privacy Act of 1986 (ECPA) overrides it for e-mail. An ISP cannot monitor or intercept your e-mail. This is different from businesses; ECPA applies only to the ISP-customer relationship, not the employer-employee relationship. "Necessary incident[s] to the rendition of service" are exempted (e.g. the aforementioned sendmail queue debugging), as is protecting the rights or property of the ISP.
Isn't it a current legal precedent for ISPs and other people in similar situations to basically be held legally responsible for what's on their servers?
The other way around. Section 230 of the Telecommunications Act of 1996 states that ISPs cannot be held liable for their members' actions, pages, etc. See Doe v. AOL and Zeran v. AOL.
I used to work for a pretty big ISP and I got hundreds of bounced messages (that get bounced to postmaster) sent to me every day.
If it was your own default sendmail config that sent all copies of bounces to postmaster, including contents, then yes, I'd say that's pretty risky. If other sites were sending you these as "bounced bounces", then you weren't the one doing the intercepting.
Jay Levitt Chief Architect, AOL Mail Drawing on my job, but speaking for myself
This thread is already a day old (slashdot effect #2: discussions die in 24 hours), but what the hell.
Trick wrote:
>Unfortunately, with AOL, this is not true (and >I'm not just talking out of my ass here --
Maybe not, but you're definitely wrong.
There is no scripting capability in AOL mail. It doesn't support VBScript, JavaScript, ActiveX, anything. It's pure text, with a small bit of pseudo-HTML mixed in for fonting.
There's no way to get a virus/trojan without actually downloading the attachment - and, as mentioned, we put up a big splash screen before you download telling you all about the nasty things people will try to send you.
As for passwords, as of 4.0 (July 1998), we don't store them in the clear, nor do we transmit them in the clear. The vast majority of users are now on 4.0. However, I believe most of the modern trojans will capture live keystrokes straight out of the keyboard driver.
And then there are the "click here for our new NetMail web page that requires you to enter your password" scams...
Actually, while Sears is probably a more well-known merchant, both CompuServe and AOL's services (Q-Link/AOL/PC-Link) had various online shopping vendors: Eaasy SAABRE, the Comp-u-card brands (comp-u-store, auto-vantage), Long Distance Roses, Express Music, and a few others that escape memory.
They were a pioneer from a success perspective; Prodigy was the first to break 1 million members, and the first to have Normal People (as opposed to geeks like us) as subscribers.
When I used to try to explain what AOL was, the easiest way was to say "You know Prodigy? Like that."
Actually, PC-Link was a separate service for most of its life; only towards the end were PC-Link members able to communicate with AOL members. Promenade was a stripped down version of the GeoWorks-based PC AOL, exclusively for IBM PS/1 users. Mac users were always AOL members; Apple II users started with AppleLink Personal Edition, which quickly became America Online when Apple pulled out. And rounding out the AOL-operated brands was the original: QuantumLink, the Commodore Connection. All but AOL was gone by 1994.
eWorld was based on the AOL system software, operated by Apple, and was launched and gone within a year or so, sometime around 1993.
Jay Levitt, AOL mail guy, Q-Link member, 1986 - 1994
Nobody makes the decision for paying customers but the paying customers. Each ISP has their own suite of blocking tools. Some of these are the null set, some are the RBL, some are custom.
The customers decide what mail they do or don't want blocked via their choice of ISP. It's called the free market. Home Depot doesn't carry Nelson's sprinkler products, so if I want to buy them, I go to a competing chain.
Slashdot Mirror
Actually, a nit-picky point of clarification... Instant Messenger was created by MCIWorldCom (not sure if it was pre-merger or not) and is exclusively licensed to AOL.
I think this would be a great surprise to all the AIM developers down the hall from me. AIM was conceived, designed and developed at AOL.
Well, they buy the Impact...
In addition to what seebs writes, they have sent mail with forged headers (redirecting the bounces to a nonexistent mailbox at usa.net), they have purchased e-mail lists from other companies (whose recipients did not give permission for their names to be sold), they have failed to cancel their "associate" sites for spamming, and an affiliate company (pets.com) has harvested web sites for e-mail addresses to spam.
Jay Levitt
ASFAIK it's still fairly common practice for ISPs to include in their usage agreements something along the lines of "You can be monitored, and there really isn't much you can do about it".
It may be in your agreement, but the Electronic Communications Privacy Act of 1986 (ECPA) overrides it for e-mail. An ISP cannot monitor or intercept your e-mail. This is different from businesses; ECPA applies only to the ISP-customer relationship, not the employer-employee relationship. "Necessary incident[s] to the rendition of service" are exempted (e.g. the aforementioned sendmail queue debugging), as is protecting the rights or property of the ISP.
Isn't it a current legal precedent for ISPs and other people in similar situations to basically be held legally responsible for what's on their servers?
The other way around. Section 230 of the Telecommunications Act of 1996 states that ISPs cannot be held liable for their members' actions, pages, etc. See Doe v. AOL and Zeran v. AOL.
I used to work for a pretty big ISP and I got hundreds of bounced messages (that get bounced to postmaster) sent to me every day.
If it was your own default sendmail config that sent all copies of bounces to postmaster, including contents, then yes, I'd say that's pretty risky. If other sites were sending you these as "bounced bounces", then you weren't the one doing the intercepting.
Jay Levitt
Chief Architect, AOL Mail
Drawing on my job, but speaking for myself
Sound and video editing. That's what I bought my Cool Athlon 900 for.
This thread is already a day old (slashdot effect #2: discussions die in 24 hours), but what the hell.
Trick wrote:
>Unfortunately, with AOL, this is not true (and >I'm not just talking out of my ass here --
Maybe not, but you're definitely wrong.
There is no scripting capability in AOL mail. It doesn't support VBScript, JavaScript, ActiveX, anything. It's pure text, with a small bit of pseudo-HTML mixed in for fonting.
There's no way to get a virus/trojan without actually downloading the attachment - and, as mentioned, we put up a big splash screen before you download telling you all about the nasty things people will try to send you.
As for passwords, as of 4.0 (July 1998), we don't store them in the clear, nor do we transmit them in the clear. The vast majority of users are now on 4.0. However, I believe most of the modern trojans will capture live keystrokes straight out of the keyboard driver.
And then there are the "click here for our new NetMail web page that requires you to enter your password" scams...
Jay Levitt
Chief Architect, Mail Systems
AOL
Actually, while Sears is probably a more well-known merchant, both CompuServe and AOL's services (Q-Link/AOL/PC-Link) had various online shopping vendors: Eaasy SAABRE, the Comp-u-card brands (comp-u-store, auto-vantage), Long Distance Roses, Express Music, and a few others that escape memory.
They were a pioneer from a success perspective; Prodigy was the first to break 1 million members, and the first to have Normal People (as opposed to geeks like us) as subscribers.
When I used to try to explain what AOL was, the easiest way was to say "You know Prodigy? Like that."
Actually, PC-Link was a separate service for most of its life; only towards the end were PC-Link members able to communicate with AOL members. Promenade was a stripped down version of the GeoWorks-based PC AOL, exclusively for IBM PS/1 users. Mac users were always AOL members; Apple II users started with AppleLink Personal Edition, which quickly became America Online when Apple pulled out. And rounding out the AOL-operated brands was the original: QuantumLink, the Commodore Connection. All but AOL was gone by 1994.
eWorld was based on the AOL system software, operated by Apple, and was launched and gone within a year or so, sometime around 1993.
Jay Levitt, AOL mail guy, Q-Link member, 1986 - 1994
"my AP Literature 12 teacher with a sense of humour that had been translated to french and back"
Heck, we don't need computers to have funny sentences!
Nobody makes the decision for paying customers but the paying customers. Each ISP has their own suite of blocking tools. Some of these are the null set, some are the RBL, some are custom.
The customers decide what mail they do or don't want blocked via their choice of ISP. It's called the free market. Home Depot doesn't carry Nelson's sprinkler products, so if I want to buy them, I go to a competing chain.