AIM's New Terms Of Service

acaben writes "AOL has posted new terms of service for AIM, that include the right for AOL to use anything and everything you send through AIM in any way they see fit, without informing you. A sample passage: '...by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy.'"

Re:New Terms in A Nutshell

More like All your Rights are belong to us

Re:New Terms in A Nutshell

Which is why I've always used strong encryption [newsforge.com] to IM my friends. If AOL wants to break my 4096-bit RSA key to sell my "lol"s, then they're welcome to.

Technology is the solution to the erosion of our rights. If it's mathematically impossible to find out what you said, then... they won't know what you said. (Same for P2P. If you use Freenet you can legally share anything. Why? Because nobody knows (or can ever know) what you're sharing and what you're downloading. Laws don't solve problems!)

Re:New Terms in A Nutshell

Which is why I've always used strong encryption to IM my friends. If AOL wants to break my 4096-bit RSA key to sell my "lol"s, then they're welcome to...

Hmmm...wonder how long before any encrypted messages are blocked? After all, it is THEIR servers the messages are going through, so they can filter.

Re:New Terms in A Nutshell

Hmmm...wonder how long before any encrypted messages are blocked?

I'll say *never*.

base64/uu encoding of messages produces all standard characters. Unless AOL is going to try doing fuzzy-logic dictionary look-ups, and/or statistical analysis on ALL messages, there's no way they would even know the difference between encrypted and unencrypted messages.

The above methods would be impractical, and even if not, they would have to be very, very careful not to accidentally drop an unencrypted (though unintelligable) conversation.

Personally, I think AOL is going to eliminate encryption the same way the NSA did for e-mail... Just wait silently behind the curtain, and when there hasn't been any sign of evesdroping for some time, apathy will kick-in, and encryption will just fade-out on it's own.

dictionary look-ups?

Dictionary look-ups on AIMers? You're kidding, right? Normal AIM messages look like a base64 encoded file anyways.

Re:dictionary look-ups?

wtf r u tlkn abt? stfu, stupd n00b.

(ts a jk. laf)

Re:New Terms in A Nutshell

If you use Freenet you can legally share anything. Why? Because nobody knows (or can ever know) what you're sharing and what you're downloading.

So if you break a law and don't get caught, it's legal? Riiiiiiight.

Re:New Terms in A Nutshell

If you don't get caught, you don't get punished. Thus, the end result is that the same thing happens to a law-breaker that happens to a non-law-breaker (i.e. nothing). Therefore, effectively, a law was not violated.

So what you're saying is that Jack the Ripper, effectively, never broke the law?

Re:New Terms in A Nutshell

More like "All your old news are belong to Slashdot"

The following terms and conditions apply to all users who either registered for AIM services or downloaded AIM updates or software on or after February 5, 2004. AIM users who do not register for AIM services or download AIM updates or software on or after February 5, 2004 and are members of the Netscape Network will remain bound by Netscape's terms and conditions. All other AIM users are bound by the aol.com terms and conditions.

Re:New Terms in A Nutshell

I'm going to have to send the up the bomb then...

-kaplanfx

Re:New Terms in A Nutshell

No, you fool! You'll just give AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote the bomb as they see fit!

Re:New Terms in A Nutshell

You had better stop worrying and learn to love the bomb, then!

Re:New Terms in A Nutshell

No, the new terms are:

"Remember, it's not rape if you click 'yes'".

: )

Fine, then

I suppose if they want the rights to some irreversibly encrypted garbage, they can go right ahead.

Re:Fine, then

In Trillian 3.1 Basic: Open up your Connection Preferences for the AIM connection. Click on the Miscellaneous tab. At the bottom, check the following: "Activate SecureIM capabilities", and "When possible, make a best effort to automatically maintain a SecureIM session with my contacts." HTH.

Re:Fine, then

The problem is that while I might be willing to use encryption, some of my friends are not so comfortable with computers and technology. Some of them don't take the time to remove that aim.com window that pops up with the startup of the default AIM client. I somehow doubt that I could convince them to do something as complicating-sounding as encryption. Just my opinion though.

Help a College Student [macminis4free.com]

Re:Fine, then

That's no surprise. Is that bug still there where AIM completely ignores the preference to not show that at login unless you click on junk in the AIM.com window at least once?

At least their preferences are laid out in a sensible Netscape-style window with the categories on the left. The problem is that there's just too many damn useless features to configure, as well as the fact that the actual preferences menu item is buried deep within a pull-down menu titled "My AIM". What the fuck does that tell me as a category and what options are under it? With the narrow amount of space in the menu area, it would be much better off with an "Actions" menu for everyday functions and a "Tools" menu for all the extra wacky features that nobody uses.

Re:Fine, then

I think GAIM is a much better client than some piece of proprietary bloatware encumbered with crapware and a nasty eula.

Do you really trust AOL to have choosen and CORRECTLY implemented a good crypto system? Do you trust they haven't backdoored it? Do you think any home-rolled cryptosystem (or even implementation of a solid design) can be trusted without peer review?

Re:Fine, then

The systray icon was finally updated with version 1.1.2 recently....full color and everything :)

Re:Fine, then

I suppose if they want the rights to some irreversibly encrypted garbage, they can go right head.

Absolutely. Go right ahead and plan on your average AOL user getting on board the clue train and encrypting their messages. Oh yeah. Really.

Re:Fine, then

AOL users already incrypt all their transmissions. Take the simple sentence "Hey dude. What are you doing later? I was thinking we should go to the mall." which becomes incrypted as:

HEY DUDE11!!!1 OMG WUT R U DONG L8R????!?? LOL I WAS THINKNG W3 SHUD GO 2 DA MAL!!1!1!11 WTF LOL

Damned if I can decrypt that

Re:Fine, then

I suppose if they want the rights to some irreversibly encrypted garbage, they can go right ahead.

UUEncode Windows and send it to yourself over AIM.

Let Microsoft and AOL club each other to death :-)

No encryption necessary

99% of what goes over AIM is garbage anyway.

(I know, I produce a lot of it)

Posts - not IM

You encrypt your posts? How will people read them?

I hate to sound like an AOL sympathizer, but the TOS specifically refers to "posts." Besides IM, AIM also provides message board services (or so I'm told by people who don't use Trillian, Gaim, or Psi).

Does "posts" refer to regular IM usage? AOL implies not, referring to "message board posts, chat participation, and homepages."

My reading of this is that AOL retains usage rights to everything you post on their static forums... forums which basically anyone can access. While I would feel better if this were not the case, that is a good bit better than AOL reading the I.M.'s you send to your co-workers.

It sounds like CYA to me. As if AOL were giving themselves the right to decide to add access to the chat forums online or through AOL's proprietary service. It's the kind of CYA that inspired them to prohibit people from using AIM "while driving, operating hazardous equipment, or engaging in other forms of hazardous activities."

On the other hand, go ahead and tell everyone on AIM about the TOS, without explaining that it's only posts. Then try to switch everyone over to Jabber. Please. The whole I.M. universe right now is about as convienient as sending E-mails from CompuServe to AOL in 1992.

Re:In response...

gaim-encryption.sourceforge.net [sourceforge.net] provides an easy-to-use wrapper for NSS. It's available for both *nix and win32 and works quite well. I like the fact they didn't try to re-implement the crypto, but rather use someone else's proper (and well reviewed) implementation.

Folks, it is time to start putting your letters in an envelope. You can no longer trust the letter carrier to protect your privacy. Envelopes are cheap...so start using them.

Re:Third Party Clients

Actually, the new TOS specifically states that it only applies if you:
1) Registered for AIM after February 5, 2005
2) Downloaded AIM updates or software after February 5, 2005

Unless I'm drastically misreading that, that means none of the terms apply to people who've been registered for more than a month or so and use a third party client.

-ShadowRanger

Re:Third Party Clients

You are drastically misreading that. As the date on the TOS is "February 5, 2004"

Re:Third Party Clients

it'll be interesting to see how AOL claims to prove that any non AIM client users can assertively agree to this license. Last time i heard you cant agree to a contract by inaction. And to the best of my knowledge, i dont think any of the 'these terms may change at any time' have been tested in court by 'agreement by inaction'

so it remains to be seen.

I use Trillian...

and any information I care about goes through their SecureIM service.

So to AOL: I say this much, exploit fjkd;arjaiwor398u233209u''rju98e32 any way you want guys!

Re:I use Trillian...

So to AOL: I say this much, exploit fjkd;arjaiwor398u233209u''rju98e32 any way you want guys!

"Be sure to drink your Ovaltine."?

I'm just guessing,

I'm just guessing, but I think they dont want customers. I'm not sending much thru AIM with those terms of Service.

Also, what about users of GAIM, et al, that havent agreed to those terms? Can they enforce this there?

Re:I'm just guessing,

I disagree. I use iChat on a Mac. I have a .mac account. I never signed up for an AIM account nor agreed to their terms of service.

All this means...

...Is that any smart business will not send proprietary information through AIM.

Of course, I say any smart business because I know some dumb ones will. Doesn't Microsoft have a similar policy with Hotmail?

I also really doubt if this were ever tested in court that it would stand. This is evil, but about what I'd expect from AOL.

New "reality tv"?

Perhaps we're about to see AOL/Time Warner roll out a new tv show... When 12 year old girls chat to each other over AIM - Uncut and Raw!

Re:New "reality tv"?

The FBI might have a problem with the conversations of their Special Agen...um... 12 year old girls, being broadcasted on late night cable.

Re:Not really surprising

Does it mean that USPS has a right to open all your mail, and then copy and use the contents as it wishes?

AOL is not any different from a mail carrier service because they do the same thing - deliver messages from one person to another.

You do not have a reasonable expectation of privacy when using it.

Why not? Many people abuse telephone network by tying up lines for hours at a time, so what? It does not allow the phone company to record and sell conversations.

New terms of service?

I dunno, but that sounds like typical terms of service for something like Instant Messenger, and doesn't sound very surprising or new at all. Granted, I haven't thoroughly read their ToS before... They're supposedly used so that they can distribute your messages (IMs) without any possibility of "infringement," but who knows?

Re:New terms of service?

They're supposedly used so that they can distribute your messages (IMs) without any possibility of "infringement," but who knows?

They don't need an irrevocable, perpetual right to do that. A 10-minute right would be plenty.

Sheer volume

Even though it looks pretty bad, just remember that the service is so popular that the chances any conversation would acutally be used in any meaningful way by a third party would be about as small as they are now.

Re:Sheer volume

You're kidding, right?

You can bet everything you own that AOL archive every message that's routed through their system. Their new TOS means that when Government Agency X comes a-knockin' demanding all the messages User Y posted in the last three years, they can simply turn over the records without having to go through all that annoying stuff of warrants, sub-poenas and so on.

In fact, it doesn't even have to be Govt Agency X. It can be anyone. If they want to let them search the archive, they can.

Re:Sheer volume

Okay, nobody seems to get the point of this change, so let me spell it out for you:

ADVERTISING

They don't care about reading what 12 year olds gossip about, and they don't care about finding criminals, terrorists, or anyone else. They care about *making money* by selling targeted ads to you, and they will figure out what you like by parsing context out of your chat logs. Y'know, like Google does with Gmail and Google Groups. The TOS let them do whatever they want with the data so they can store it, mine it, and sell the results anytime they feel like with no consequences.

Your AIM encryption options

1. Trillian. [trillian.cc] SecureIM, but Windows only.
2. SILC. [silcnet.org] Open encryption standard, many *nix ports.
3. JohnyTech. [johnytech.com] Windows encryption for a bunch of different IM protocols.
That ought to get you started.

Re:Oooh, I'm shocked!

I'm pretty sure this is wrong. Everything goes through AOL's servers.

And it couldn't possibly be any larger than the amount of data Echelon has to deal w/ regularly, my guess is they're doing this as a way of appeasing the govt. "Sure, we'll change our privacy policy, but please allow us to use your beefy data centers..."

Re:Oooh, I'm shocked!

Actually, all messages ARE routed through AOL's servers. Peer-to-peer traffic only occurs when you are a) doing a file transfer, or b) using AIM's DirectConnect feature. Therefore, AIM can see anything you transmit over their network, and that includes all messages as well as file names/sizes/etc for transfers (but not the actual files themselves).

This is actually standard through virtually all Instant Messaging systems, partially due to the complexities of routing that NATs and firewalls introduce to the internet, and partially because client/server is just plain more reliable and easier than P2P.

(This is from a guy that's done a lot of IM protocol observation/hacking/developing)

In Plain English

"We retain the right to spy on you, profit from any good ideas you have, and tell your wife about your girlfriend."

I'm just guessing, but I'll bet no one thought to run that last part past their management team...

People still use AIM?!

Why aren't you using Jabber [jabber.org] instead?

It's Free Software, it's non-evil and there are clients for every platform out there.

You can even use it for cool stuff like IM'ing system alerts to you, as a cheap replacement for SMS on mobile phones (AUD$0.02 vs AUD$0.25) and to publish and subscribe to news feeds.

Data mining for patents?

They could scrub all the text for phrases like "I have a great idea" and then human parse them for interesting bits. Lots of false hits, but some gold in the rough to take, steal, and go to market first with the ideas? Who knows. Comb for ideas, sell to other companies and VC firms. Skim the filthy froth of the weary intarweb and sell it!

Re:Only affects those signing up after 5 Feb 2004

Until they change it just enough so that you can't use it without updating it and are then bound by the new terms.

Hmm.. Contradiction?

The new statement, if taken in a "harmful" manner, seems to contradict their privacy policy, unless they intend to not "read" it, but simply mangle it, compile it, stamp it, then mail it to anyone they please....

The snippet from the privacy policy (here [aim.com]) with emphasis from me:

AOL does not read your private online communications when you use any of the communication tools offered as AIM Products. If, however, you use these tools to disclose information about yourself publicly (for example, in chat rooms or online message boards made available by AIM), other online users may obtain access to any information you provide.

Interpretive Dance

So they could perform your AIM chat session in Times Square, or maybe even... Your AIM Chat Session! On Ice!

Hey, how about getting that guy, whathisname, the one did that thing in Central Park, to interpret your chat session in plastic sheeting or whatever, like a big condom over the Empire State.

Free association really sometimes scares me...

It's time for Jabber

This is precisely one of the reasons everyone should start paying attention to the XMPP standard. We shouldn't be trusting a corporate entity and closed standards with what has become a very viable form of internet communication. Just like the standards we use for http, ftp, ssh, and everything else, we all need to start supporting the standards for Instant Messaging too. It's time to get everyone we know off of AIM. And start showing them jabber. And those of us with programming skills need to contribute to the servers and clients to make the better and well known.

New?

Seeing as how these terms were introduced on February 5, 2004, I wouldn't exactly call them "new." In fact, I had already come across these ridiculous terms a few months ago in one of my first forays into the world of 'reading the licensing agreement.' I was a little taken aback at first, but then I realized that most of what I, and most people, say over IM is complete garbage anyway and probably hardly worth the expense of any kind of data mining. Plus, if I ever really wanted to send sensitive information, I'd find a better way. So essentially, I think, this is a non-issue. But I could be wrong.

Put another way...

How would people feel if their phone company came out with a new terms of service which said that anything which was spoken over a phone on one of their lines becomes the property of the phone company itself and may be reproduced, rebroadcast, that its users forfeit all rights to privacy, etc...?

illegal in my country

and probably elsewhere.

Re:illegal in my country

Untrue...

Companies that provide services over the internet must obey the laws of each country which their services may be used in. If a country has laws disallowing this, AOL may find itself (if pushed) in a situation of having to make many localized copies of AIM.

conflicts with common carrier status

Isn't AOL considered a "Common Carrier" and therefore immune from prosecution because they claimed that they do not, will not and cannot monitor the content going through their "wires". This was back in the days when ISPs were getting shut down if they allowed child porn through their servers or something like that -- and the bill came through that said that ISPs were responsible for the content of their users, unless they were Common Carriers such as AT&T and AOL (and any other big company that could afford to buy a Senator).

Now here comes along AOL saying that they WILL monitor and so, I have to ask, if we send child porn through IM, doesn't this mean that if AOL lets it go through, AOL can be taken down for allowing trafficing of child porn because they have given up their common carrier status?

Great!

At least they are honest about it, unlike some other services like, say, short messages on cellphones which give you an illusion of privacy. Face it - we are in an era when to have any privacy you have to actively protect it and sometimes it might be even illegal (example - encryption in France).

Amazingly calm response

Guys, I'm amazed at how calmly you're discussing this issue! Most of you're discussing workarounds -- e.g. how to use gpg or secure-im to avoid being eavesdropped on.

In my opinion the real issue is that the statement "You waive any right to privacy" may be the most evil statement in any EULA ever. Shouldn't these six words alone cause an outrage beyond belief here?

Privacy Policy: AOL does NOT read IMs

"AOL does not read your private online communications when you use any of the communication tools offered as AIM Products. If, however, you use these tools to disclose information about yourself publicly (for example, in chat rooms or online message boards made available by AIM), other online users may obtain access to any information you provide.

Your AIM information, including the contents of your online communications, may be accessed and disclosed in response to legal process (for example, a court order, search warrant or subpoena), or in other circumstances in which AOL has a good faith belief that AIM or AOL are being used for unlawful purposes. AOL may also access or disclose your AIM information when necessary to protect the rights or property of AIM or AOL, or in special cases such as a threat to your safety or that of others."

The content referred to in the Privacy Policy is for posts in AIM forums and message boards and such, and the point of all that crap in the TOS is so that AOL has the legal right to copy and display anything you put in the forum worldwide, for as long as the forum/website exists, and you can't in any way sue them over something you post in the forum. It's NOT saying "we will read your IMs and reproduce and use them however we want". Please mod this up so at least some people read it and stop freaking out and spreading FUD unneccessarily.

-Jay

Obligatory "1984" AOL-as-BB reference...

6079SmithW: Do you remember the thrush that sang to us, that first day, at the edge of the wood?
AntiSexJulia: He wasn't singing to us. He was singing to please himself. Not even that. He was just singing.
6079SmithW: We are the dead.
AntiSexJulia: LOL! We are the dead.
AOL System Msg: You are the dead.

~Philly

An opportunity to play devil's advocate

you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy.'"

Where does it say they assert _sole_ownership_ of your content? Aren't they, in effect, pressing you to GPL of your content?

How progressive of AOL.

get a grip...

so, out of some 200 comments rated 2 or higher as i write this (not counting one comment i made in the bottom of some thread somewhere) it seems that almost everyone here has missed the point....

a) only 2 people have mentioned that these terms of service are over a year old.

b) only 2 people have pointed out that these terms of service apply to posts on message boards and forums, which they reserve the right to replicate, duplicate, etc, and not to instant messages.

c) no one has pointed out that the vast majority of the messages sent through aim are sent client to client, and never travel through aol's central server, so even if they did reserve the right to use your im's any way they saw fit, and they had the desire to, there's no way that they ever could.

man, talk about making a mountain out of a molehill. one person yells "0 my g0d. teh AOL r stealing our pr1v4cy!1!!" and the whole army of slashdotters goes running for their tinfoil hats. get a grip people.

What TOS?

The TOS reads:
he following terms and conditions apply to all users who either registered for AIM services or downloaded AIM updates or software on or after February 5, 2004.

Many posts here are talking about using third party encryption tools to circumvent this.

This new TOS DOES NOT APPLY TO ME (nor to many of you). Why not?
I didn't agree to their terms of service.
I didn't sign up after 2/5/2004.
I don't download AOL's AIM client. I use GAIM exclusively.

AOL, use the messages I haven't give you rights to, I dare you.

1. Send interesting messages
2. Wait until AOL uses one somehow.
3. Profit.

Privacy policy?

In the AIM privacy policy [aim.com]:

"AOL does not read your private online communications when you use any of the communication tools offered as AIM Products. If, however, you use these tools to disclose information about yourself publicly (for example, in chat rooms or online message boards made available by AIM), other online users may obtain access to any information you provide.

Your AIM information, including the contents of your online communications, may be accessed and disclosed in response to legal process (for example, a court order, search warrant or subpoena), or in other circumstances in which AOL has a good faith belief that AIM or AOL are being used for unlawful purposes. AOL may also access or disclose your AIM information when necessary to protect the rights or property of AIM or AOL, or in special cases such as a threat to your safety or that of others."

IANAL...so is this a contradiction?

assigning copyright?

So if I understand this correctly, AOL is assuming the copyright on anything you post. So if you post something inflammatory, libelous, or hateful, AOL owns it....

So if someone wants to sue, they sue AOL?