New AOL Instant Messenger Raises Privacy Concerns

AOL recently released a new Beta version of its popular Instant Messenger program known as AIM (AOL Instant Messenger) but its new features are raising some privacy concerns. First of all, AIM now logs all of your conversations on AOL’s servers and keeps them there for up to two months (and maybe for ever if AOL have some kind of archiving system, which wouldn’t be unusual). The rationale behind this is that now AOL users can see a history of their chats from any device running the software, a great convenience apparently! But what it means is that all your chats are now recorded and stored and could be made available to any law enforcement agency with the right paper work. And bizarrely AOL might not have to tell you if the Feds have been taking a peak at your conversations. Anyone remember the Bill of Rights?

Although AIM does have an “off the record” mode, this is can only be applied on a per contact basis and users of alternative (but compatible) clients like iChat or Pidgin can’t access this “off the record” mode. Worse still, there is “no off the record” mode for the group chat feature with all group chats being automatically logged.

Another privacy concern with the new preview version of AIM is that it now scans all private IMs for URLs and pre-fetches any URLs found in them. The word “private” in private IM is obviously lost of AOL. As is often the case, the new feature is meant to aid and help the end user. In this case AOL have added the ability to embed pictures and videos into instant messages. But to do this they scan the text of EVERY message for ALL links then download the content of the link to see if it is a picture or a video. Rather than adding support for the popular services like YouTube (which all have easily recognizable links), AOL are trying to be too smart and the resulting solution is way to broad and potentially dangerous. Rather than letting the individual users download the content of links sent to them, now AOL will do it for you and store the results on their servers. Lesson to be learned… Be careful what links you send in your IM’s as AOL are watching.

Worse still, if a link sent via an IM points to a private server (not publicly listed in the search engines etc) then AOL will send its little “bots” over to that private server to start downloading content. But what if the link contains authentication information like a username or password? What if the link is an unsubscribe link which AOL follows and unwittingly unsubscribes you from a service or mailing list?

All of this is part of the global move towards “the cloud”, meaning data which is stored out there somewhere on the Internet and not locally on your PC or mobile device. My recommendation is that users do not upgrade to the latest version of AIM until AOL fixes these privacy-unfriendly features or introduces certain safe guards and/or encryption to stop unwelcome third parties listening in on your conversations.

Leave a Reply