AOL's AIM upgrade introduces 'privacy-unfriendly' features

Summary:AOL is storing more logs of communications on its servers scanning all private IMs for URLs to pre-fetch them from its servers.

If you value the privacy of your IM conversations, do not upgrade to the new preview version of AOL Instant Messenger.

That's the word from privacy rights advocates at the Electronic Frontier Foundation (EFF) after the discovery that AOL is storing more logs of communications on its servers and because the company is scanning all private IMs for URLs to pre-fetch them from its servers.

"[We recommend] that AIM users do not switch to the new version, as it introduces important privacy-unfriendly features," the EFF said in a statement.

follow Ryan Naraine on twitter

When you first sign into the new AIM, a flag is permanently set on your account to begin storing all of your conversations on AOL’s servers for up to two months, and perhaps indefinitely. AOL's intent is to make it easy to see the same messaging history even if you sign in from a different device, but the danger is that your private conversations are now available to, for instance, law enforcement agents with a warrant or a national security letter, or to criminals in the event of a data breach. In the case of government access AOL might not even be required (or allowed) to inform you that your private communications are no longer private.

The group added some recommendations for AOL:

AOL should not set logging as the default and it should not be permanent. Instead, logging should be opt-in and "off-the-record" mode should be robust and prominent in the user interface. Until AOL has either made this change or, better yet, worked to encrypt all of your logged conversations in such a way that only you can read them—a much harder solution, we admit, but doable—current AIM users who are worried about other parties accessing their data should think twice about upgrading.

The EFF discussed the issues with AOL and said the company showed a willingness to take steps to safeguard users' privacy and provide better notice about changes. "Nevertheless, we think there’s more AOL should do to respect its customers' privacy and to fully inform them about, and get opt-in agreement to, these significant changes," the group aid.

However, because signing onto the new version of AIM permanently changes your account settings to log all conversations to AOL’s servers by default, the EFF recommends that existing AIM users do not upgrade.

Topics: Browser, Collaboration, Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.