AIMing For Your Privacy

UPDATE: AOL appears to be listening to concerns about the AIM TOS. has an interview with an AOL spokesperson indicating they are working on adressing the issue.

This experience should still encourage IM users to take anything personal or sensitive to their business to an encrypted space where prying eyes can’t see the conversation.

Original Report:

You may have the biggest buddy list on the planet. Your kids may talk to all their friends using AIM. Based on the current terms of service, anyone using AIM should dump the service immediately and switch to any other messaging product on the planet. Am I being alarmist? I don’t think so. Read their terms of service and you’ll begin to understand where I’m coming from.

From the Content You Post section of the AIM Terms of Service, relating to all users who either registered for AIM services or downloaded AIM updates or software on or after February 5, 2004, which likely means everyone using AIM:

Although you or the owner of the Content retain ownership of all right, title and interest in Content that you post to any AIM Product, AOL owns all right, title and interest in any compilation, collective work or other derivative work created by AOL using or incorporating this Content. In addition, by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy. You waive any right to inspect or approve uses of the Content or to be compensated for any such uses. {Emphasis added}

Ben Stanfield, one of the guys behind MacSlash, broke this story on his blog. Unfortunately, it’s not a hoax. AOL is stating very clearly anything written or shared via AIM belongs to AOL. As Ben points out, sharing any kind of sensitive information via an instant messaging client is taking an inherent risk, because it’s not difficult for someone with the right software tools to eavesdrop.

This sets a frightening precedent. What this means, as far as I can tell, is that anything you say using an AIM client is usable by AOL in any capacity they see fit. If you post a creative work of any kind to an AIM affiliated product, AOL can sell that creative work, re-publish that creative work or generally use that creative work in any way they see fit. It’s safe to assume they are logging every IM conversation taking place on the AIM network. Use video chat and the video clip might show up somewhere later. Share a file and the file potentially shows up somewhere else. Using AIM is wholesale forfeiture of your rights to anything taking place within AIM.

I’m not a paranoid person. For the most part, I like to assume there’s too much information floating across the Internet at any one time for there to be any more likelihood that someone is paying attention to what I’m saying online than there would be offline. For the most part, I assume I’m not saying anything important enough in my IM messages for anyone to take notice. When a company paying providing a service publicly states they have the right to anything you do with their product, it’s time to reassess that assumption. Chances are good that clause is there for a reason. It’s high time to replace the standard IM clients with something encrypted so the companies providing service can’t see what’s being said.