That's the word from privacy rights advocates at the Electronic Frontier Foundation (EFF) after the discovery that AOL is storing more logs of communications on its servers and because the company is scanning all private IMs for URLs to pre-fetch them from its servers.
"[We recommend] that AIM users do not switch to the new version, as it introduces important privacy-unfriendly features," the EFF said in a statement.
When you first sign into the new AIM, a flag is permanently set on your account to begin storing all of your conversations on AOL’s servers for up to two months, and perhaps indefinitely. AOL's intent is to make it easy to see the same messaging history even if you sign in from a different device, but the danger is that your private conversations are now available to, for instance, law enforcement agents with a warrant or a national security letter, or to criminals in the event of a data breach. In the case of government access AOL might not even be required (or allowed) to inform you that your private communications are no longer private.
The group added some recommendations for AOL:
AOL should not set logging as the default and it should not be permanent. Instead, logging should be opt-in and "off-the-record" mode should be robust and prominent in the user interface. Until AOL has either made this change or, better yet, worked to encrypt all of your logged conversations in such a way that only you can read them—a much harder solution, we admit, but doable—current AIM users who are worried about other parties accessing their data should think twice about upgrading.
The EFF discussed the issues with AOL and said the company showed a willingness to take steps to safeguard users' privacy and provide better notice about changes. "Nevertheless, we think there’s more AOL should do to respect its customers' privacy and to fully inform them about, and get opt-in agreement to, these significant changes," the group aid.
However, because signing onto the new version of AIM permanently changes your account settings to log all conversations to AOL’s servers by default, the EFF recommends that existing AIM users do not upgrade.