Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
America Online

AOL Selling AIM Gateway/Listener To Employers 326

PizzaFace writes "After pushing free instant messaging to more than 100,000,000 users, AOL is now selling AIM-monitoring software to businesses that want to monitor and control the messaging of their employees. AIM Enterprise Gateway will reportedly sell for about $35/employee/year."
This discussion has been archived. No new comments can be posted.

AOL Selling AIM Gateway/Listener To Employers

Comments Filter:
  • by Anonymous Coward on Tuesday November 05, 2002 @01:15PM (#4600247)
    Because you can encrypt your messages.
    • by NightRain ( 144349 ) <ray&cyron,id,au> on Tuesday November 05, 2002 @01:22PM (#4600300)
      Except of course that most employers that are willing to spy on your IM's probably aren't that keen on you running non standard version of IM software...


    • by MrFredBloggs ( 529276 ) on Tuesday November 05, 2002 @01:23PM (#4600307) Homepage
      Yeah, right.

      "Hey boss, Karen in Accounts sent out 54 megs of messages last month"
      "What were they about?"
      "Dunno, they were all just squiggly characters"
      "Ok, well lets just assume its work related. After all, like all other companies, we use pokey messaging software to talk to clients. Let me know when it looks like she's wasting my time and money."
      • Nonsense (Score:4, Insightful)

        by dachshund ( 300733 ) on Tuesday November 05, 2002 @03:38PM (#4601140)
        If companies just want to monitor your bandwidth use, there are simpler solutions that don't require them to shell out $35/employee/year.

        The whole point of this system is not to determine whether employees are using lots of IM. It's to insure that employees aren't using IM services for "inappropriate" purposes such as cybersex, or to give away sensitive information. (Or both, as the case my be.)

        Incidentally, if I had my employees using IM for intra-company communications I would damn well want them encrypting their communications. Do you really want company data going through some untrusted external server? If I didn't want my employees using IM at all, I'd just block the ports.

        • Re:Nonsense (Score:5, Funny)

          by Anonymous Coward on Tuesday November 05, 2002 @04:56PM (#4601835)
          cybersex, or to give away sensitive information. (Or both, as the case my be.)

          53xx33Gur1 Are you touching yourself?

          k0rp0r@73dR0n3 Oh yeah, baby

          53xx33Gur1 Tell me something sexy, baby

          k0rp0r@73dR0n3 Uh huh, we're expanding into the Korean peninsula FY 2004 and out 3rd quarter profits were up by 7.2 percent. I have a nine-inch cock.

    • But.. (Score:5, Insightful)

      by WiredOni ( 593210 ) on Tuesday November 05, 2002 @01:43PM (#4600406)
      The companies can still get around this, don't assume that they are that inept and encryption will protect you. One thing they can do is install and hide key logging software, software that takes screen shots of what you are writing, etc.
    • by Shamanin ( 561998 ) on Tuesday November 05, 2002 @01:53PM (#4600450)
      Most AIM users manually encrypt their message using a collection of complex command line tools. Therefore, the content IS secure.

      I thought everyone knew that!
    • Still, as far as I know Trillian does nothing to prevent a man-in-the-middle attack (no certificates, no way of knowing 'who' you're talking to.

      The attack is especially easily performed in this situation when your employer has complete control of all gateways through which all your packages has to pass. (Assuming it is external clients you would be devulging their secrets to)

      I see from their site that they are working on "More features and greater security enhancements" to come "soon", but at this moment I wouldn't trust the security of SecureIM too much

    • by WowTIP ( 112922 ) on Tuesday November 05, 2002 @03:27PM (#4601031)
      I'd rather say "yet another reason not to use any client using a protocol owned(!) by AOL". Jabber looks like a better choise for each passing day.

      If I now just could convince everyone on my 100+ contactlist to change from icq to jabber... ;P
    • by Zeinfeld ( 263942 ) on Tuesday November 05, 2002 @04:27PM (#4601575) Homepage
      Because you can encrypt your messages.

      Odd thing is that the actual AOL announcement was actually about trolling out precisely this kind of service. The Washington post take on AOL's move is kinda wierd, employers can already monitor AIM use, what was announced was the encryption piece. The Wash post mentions this, but only mid way through:

      Instead, AOL plans to offer private companies and federal agencies a premium version of the service early next year that will enable employees to send encrypted instant messages that can only be read by designated, registered recipients. America Online is developing the encrypted system in partnership with VeriSign Inc., an online security firm.

  • Why a big deal? (Score:5, Interesting)

    by NightRain ( 144349 ) <ray&cyron,id,au> on Tuesday November 05, 2002 @01:15PM (#4600248)
    Employers already monitor staff's email etc, why is this any different? I mean you're on their time, I can sort of understand why they won't want you wasting it on your own thing.

    AOL is just catering for that market. I don't see anything insidious, evil, or otherwise overly noteworthy about this...


    • Re:Why a big deal? (Score:5, Interesting)

      by sirket ( 60694 ) on Tuesday November 05, 2002 @01:26PM (#4600318)
      It is a big deal because AOL went through a LOT of trouble to make AOL a pain in the ass to filter with a firewall.

      Now they come up with a solution designed to do exactly that? That bothers me.

      (You can block access to AOL's login servers, or configure a proxy to block it, but that is not easy when they keep changing the protocol and servers. The fact that AIM operates over port 80 makes it even more difficult to block. MSN and ICQ are worse though because there are more servers to block and they can use almost any port.)
      • Ok they did not go through a LOT of trouble, but they did make it a lot more difficult than it had to be to filter. Whether that is a good thing or a bad thing is open for debate.
      • Re:Why a big deal? (Score:5, Insightful)

        by Ponty ( 15710 ) <awc2@@@buyclamsonline...com> on Tuesday November 05, 2002 @01:32PM (#4600361) Homepage
        It's a big deal because it's brilliant! It's a fantastic business plan and a wonderful idea. Get everyone to use your program such that it becomes a scourge, and make people pay to get rid of it. I love it.

        They even made it so that they could be the only ones to kill it.

        Brilliant! It makes me laugh out loud, what a wonderful move this is for AOL!
        • Re:Why a big deal? (Score:5, Interesting)

          by eyeball ( 17206 ) on Tuesday November 05, 2002 @03:07PM (#4600856) Journal
          It's a big deal because it's brilliant! It's a fantastic business plan and a wonderful idea. Get everyone to use your program such that it becomes a scourge, and make people pay to get rid of it. I love it.

          They even made it so that they could be the only ones to kill it.

          Brilliant! It makes me laugh out loud, what a wonderful move this is for AOL!

          This reminds me of the Telco telemarketer story on /. a short time ago (selling call blocking to customers, then selling a method to defeat that to the telemarketers, then selling...)

          So AOL gives away IM service, makes it impossible to block, but then sells a sniffer. What's next? They'll sell super-encrypted service for a fee to the user base, then a few years down the road, they'll sell an unencryption ad-on to the sniffer, then...

      • by Soko ( 17987 ) on Tuesday November 05, 2002 @02:03PM (#4600490) Homepage
        "Give a man a fish, he'll eat for a day. Teach a man to fish and you get to sell him fishing gear for a lifetime." :-/

      • Re:Why a big deal? (Score:3, Insightful)

        by scoove ( 71173 )
        Now they come up with a solution designed to do exactly that?

        Not exactly a new business model - "get employees hooked on something for free that is a pain in the ass for businesses, then offer an expensive solution to fix it to the businesses."

        Remember Pointcast? Early innovator of "push"? Gave away their news receiver/news screen saver and overwhelmed company T1 lines? They later came out with a sort of proxy system for business subscribers that allowed a single thread to be downloaded and then fed to the inside users.

        Apparently they didn't sell enough of them. Pointcast as it was known is gone and now points to Infogate [pointcast.com], the acquirer of Pointcast technology (can we say 'assets only'?)

        Then again, maybe there's something to this break it and offer a fix approach. Imagine IPOs of virus and trojan-writing entities with awesome virus protection scheme revenues. Or what if chinanet.cn (world class sponsorer of spam and intrusion attempts) offered a protection racket?

        Internet Insurance, now there's a business model. From that perspective, AOL may have finally found a profitable model.

    • I don't see anything insidious, evil, or otherwise overly noteworthy about this...

      You are exactly right. What's next, a Slashdot petition to ban Sun from including snoop with Solaris?
    • Re:Why a big deal? (Score:5, Insightful)

      by Inda ( 580031 ) <slash.20.inda@spamgourmet.com> on Tuesday November 05, 2002 @01:59PM (#4600475) Journal

      This sort of argument always goads me and I'll tell you why.

      I was surfing around on my home PC last week and found an interesting application that could save me some time at work. I downloaded it, put it on a floppy disk, took it to work next day, installed it and saved myself 20 minutes work for the week. This was on my time; I would never have been surfing at work to find it. I have saved my boss two days work this year, and next year, the year after and so on.

      Should I charge my boss for this? It doesn't really seem worth to me. It only took me a minute.

      Should I complain that my work life is interfering with my home life because I sometimes think about the job even when I'm not there? I think he might laugh at me. This is the year 2002 and the boundaries, rightly or wrongly, between home and work are close.

      If a company cannot trust its staff to make the odd instant message or personnel phone call then they probably are doomed. If they have the money to spend spying on staff like this then there is something terribly wrong with their attitude and I wouldn't want to work for them. If someone in the company is not pulling their weight because they are chatting all day then it will show - you don't need spying software for this.

      It's about a bit of give and take. Not spying on conversations with the missus.

    • Re:Why a big deal? (Score:5, Interesting)

      by stinky wizzleteats ( 552063 ) on Tuesday November 05, 2002 @02:07PM (#4600509) Homepage Journal

      Employers already monitor staff's email etc, why is this any different?

      Ease off the throttle there, Captain Capitalist. A few points to discuss:

      • Your employer does not assume ownership of your rights of person during business hours. You can take a non-business related phone call and use the bathroom during business hours, and it is illegal for them to monitor any of those activities.
      • While monitoring IM's doesn't yet fall under the protection of wiretap laws, there is something tragically ironic about a company which provides a free chat tool which will port scan your firewall to find a way out to the internet, and then sell the managers a tool to monitor its activities. If you think this is respectable business practice, I bet you can't wait to see the egress [well.com]!
      • Re:Why a big deal? (Score:3, Insightful)

        by CharlieG ( 34950 )
        I guess you've never worked at a job where they DON'T allow personal phone calls, OR monitor bathroom breaks - Yes bathroom breaks! Work on an assembly line, and they limit the number of BR breaks
    • What's noteworthy is that AOL is getting companies to pay AOL to fix a problem AOL created themselves. Pretty sweet deal. Kinda like the Far Side cartoon where a guy gets a brick thrown through his window, and attached to the brick is an advertisement for a window glass repair shop.
  • by RobertTaylor ( 444958 ) <roberttaylor1234&gmail,com> on Tuesday November 05, 2002 @01:16PM (#4600257) Homepage Journal
    "Ritter anticipates that encrypted instant messaging will appeal greatly to federal agencies that want secure, interagency instant messaging. "Our military and intelligence customers are more interested in the secure version," Ritter said."

    Jeez, better off with RogerWilco than AIM to communicate on the battlefield ;)
    • by iamwoodyjones ( 562550 ) on Tuesday November 05, 2002 @01:44PM (#4600417) Journal
      But with AIM you could write very important messages across the battefiled such as

      Solider5554: Sarge! We're under fire! We need help! :-(

      Sarge0034: Hang in there. You're doing a great job solider :-)

      Solider5554: Arrrghhh!!!! I've been hit! :-O

      Sarge0034: God, these whining soliders never know when to quit, that god they're dispensible. ;)

      Sarge0034: Oppsss. Wrong person sorry.

      Solider5554: What!? I need a chopper. I'm losing a lot of blood over here. >:-@

      Sarge0034 (warn 10%): Hey, just because you've warned me anonymously, doesn't mean I don't know it's you.

      Sarge0034: brb *door slam* as sarge leaves

      *door open* as sarge enters

      Sarge0034: Sorry had to reboot, did I miss anything?

      Solider324: uuuuhhhhhh I don't think I'm going to make it

  • by xo0m ( 570041 )
    this could help move more and more users to use alternate messaging utilities in fear of getting fired from sending IMs to their friends...msn anyone?
    • Oh yeah, great idea...

      Use a product from a giant evil corporation trying to get away from a giant evil corporation!

      I'm sure M$ won't catch on to this stuff... *rolleyes*

      I wouldn't be suprised if M$ already was monitoring your communications on msn...
    • this could help move more and more users to use alternate messaging utilities

      In other news, corporate phone bills are on the rise.
    • Let's see: I've got issues with the trustworthiness of a large corporation and their fairly ubiquitous software. Why don't I install and use the not nearly as ubiquitous software of a large convicted monopolist company that has time and time again shown explicitly that they can't be trusted with anything, ever. Logic like that will lead straight to upper management.
  • by EminenceFront ( 619709 ) on Tuesday November 05, 2002 @01:17PM (#4600263)
    Now there's a pretty good subscription based service! Get people hopped up on IM'ing, then monitor their every move for lude and lavicious comments. Every Human Resources person must be loving the potential of this. No more 'downsizing' excuses, or we've eliminated the position.' Now is just, 'remember that comments you made two years ago...''
    • Next comes AOL Snoop-blocker, to keep your bosses from monitoring your IM conversations. For just $4.99/month.

      And introducing AOL SUPER SNOOPER. Available to businesses, it's able to monitor even more IM communications, including employees who use AOL Snoop-blocker technology. Just $55/employee.

      • [With memories of boss.el for Emacs...]

        You'll want the more sophisticated AOL Boss Spoofer continuous stegonographic translation so that phrases like:

        "Kewl! Didja see Britney's midriff last night? I swear she's gaining weight or pregnant!"
        are only visible in the realm of approved keywords with gratifying cleartext like
        "Yes, I find that our corporation's responsible and visionary management practices are beginning to pay off and be appreciated for how much they offer employees over our competitors."
  • by docstrange ( 161931 ) on Tuesday November 05, 2002 @01:17PM (#4600267) Homepage
    *friendly aol voice speaking*
    "You Got Fired!"
  • Is it just me or... (Score:2, Informative)

    by Anonymous Coward
    Has anyone with a packet logger and a campus LAN been doing this for years? Mine just finds any trafic with the (html)(body right next to each other (and the close html body tags nex to each other too). I have yet to get a false positive.
  • by georgeha ( 43752 ) on Tuesday November 05, 2002 @01:18PM (#4600272) Homepage
    I thought it was just an unfortunate coincidence when my boss and HR popped into my cube when my pants were down around my ankle due to that hot chat with an 18/f Solaris admin.
  • to hell with aol! (Score:2, Interesting)

    by claude_juan ( 582361 )
    1 - for $35 an employee, it would a wiser decision for such a company to simply ban the use of aim, and either use else, or develop their own, in house. 2 - i see this as a bottom of the barrel effort by aol to generate some revenue. hopefully, this signals the beginning of a near end for aol.
  • by OmniVector ( 569062 ) <s[ ]my homepage ['ee ' in gap]> on Tuesday November 05, 2002 @01:19PM (#4600282) Homepage
    1. open aim to non aol users and buy icq.
    2. ?
    3. profit
    • 1. open aim to non aol users and buy icq.
      2. ?
      3. profit

      You know, this could almost be funny if it wasn't retarded. You see, AOL actually has a very solid Step #2. Providing value add-on functionality and spyware/groupware to companies using AIM. Then profit.

      1. Make stupid ass list
      2. ?
      3. Post on slashdot
      • AOL sells advertisment space on the main AIM and ICQ windows, as well as at the bottom of every ICQ message and filetransfer window. They have enough users they can probably cover their bandwidth costs with that.
  • Thank god for GAIM (Score:3, Insightful)

    by RandomUsername99 ( 574692 ) on Tuesday November 05, 2002 @01:20PM (#4600286)
    Well, if you hadn't made the switch already, now it is time to. GAIM supports encrypted messaging, which would make the monitoring useless, but I'm sure that the server will just as easily be able to block that client from using the service once it is discovered. They have a Win32 alpha out that I have not tried yet, but it is a step in the right direction.
    • Problem with Encrypted IMs on company computers is that it's fairly easy to circumvent. Unlike e-mail whih is not decrypted the moment it is recieved, an IM has to be decrypted as it's recieved in order fo rit to display, therefore it's simply a matter of your company installing a tiny program on your computer that monitors for incomming IMs and broadcasts them in decrypted form back the the main server.
  • A quick search on freshmeat turns up a few gaim plugins and such that will encrypt your traffic...

    Whether or not they're usable, I don't know... I do intend to find out, though... Anyone have any experience with them?

    Freshmeat search on gaim + encrypt [freshmeat.net]

  • This is the old business plan of "Give away the razor, sell-out your user base"

    as long as I can keep looking at pr0n and playing atomica at work I have no problem with this.
  • by Bonker ( 243350 ) on Tuesday November 05, 2002 @01:22PM (#4600295)
    Even moreseo than email.

    The logic is like so:

    1. I send a request to you to add you to my buddy list, like most IM clients do.

    2. If you accept, your IM client automatically forwards me a public key tied to your IM handle.

    3. If you add me as a 'buddy', then the previous is repated.

    4. When I send you a message, my IM client automatically encrypts the message with your public key.

    5. When you receive that messages, your IM client automatically decrypts with your private key.

    This *should* work with all instant messengers with the possible exception of MSN Exchange messenger. The protocols are not that difficult to work with and third party IM clients have been doing it for quite a while. Let's see a PGP or GPG plugin for an IM client that will do this. Once we have plugins for all the major IM clients, you'll see this snowball quite a bit-- espcially from the people who IM while at work.
    • by igs ( 260162 ) on Tuesday November 05, 2002 @01:38PM (#4600386)
      Heh, almost... Except you're forgetting that your scheme, especially if used from work, is wide open to tampering by the employer. You request key, he gives you his key, and gives the other person his key. Reencrypts everything on the fly.. and Bam, "You've Got Fired" :)

      Read mah lips, public certification authority..

      • I think that the article talks about AOL using just what you're describing. While this new product (the gateway snooper) is being promoted as a means for employers to monitor their employees, they're also promoting secure communication. So I can only assume they're proposing a scheme like what you're describing here in your post.

      • That won't work (Score:3, Insightful)

        by Alethes ( 533985 )
        That won't work with keypair encryption, since you're only exchanging public keys. The private key doesn't go anywhere, and if the PHB grabbed the public key, it would only make it possible for him to encrypt to send to the person that he has a key for, not decrypt.
    • Actually, your public key exchange should also include a whole suite of symmetric encryption keys that you then use on all subsequent transactions. IMHO, public key encryption should be relied on as little as possible. I think there's a strong possibility it will be completely broken in 10 years due to quantum computing.

  • by burgburgburg ( 574866 ) <splisken06@nOspAm.email.com> on Tuesday November 05, 2002 @01:23PM (#4600303)
    Or at least licensing it. The commercial version is a one time price. But the business version is an annual thing.

    There has been alot in the press recently about the need for brokers/financial counselors who have a statutory obligation to save all such messages. This is a tool for that.

    I do find their plans for an encrypted IM tool to be interesting. It's always suprised me that something like this hasn't come up sooner, considering how extensively IM is used in business.

    • Any broker who uses AIM or any other public IM service to consult about personal finances should be shot. Then again so should any broker that uses unencrypted email. Here at work we uses Sametime which has built in encryption, yes it sucks but at least it doesn't let the world know all the intimate details of your stock potfolio.
      • Because there are a large number of broker/advisors who don't use encryption in emails (ignorance, sloth, client resistance) and do use AIM (high presence with clients, not technically taxing, "instant").

        Wrong, stupid, bad? Yes. Happening all over the place? Yes.

    • If you want conversations logged, you can get that on AIM for free. Trillian (Windows-only) [ceruleanstudios.com] has built-in logging and supports AIM, MSN, Yahoo, ICQ, and IRC. I personally don't like Trillian's interface, and the logging is plain-text. I use AIM+ [big-o-software.com] instead, it's a plug-in to AIM for Windows that does HTML logging, allows multiple AIM instances, and removes ads. Both are Windows only, but I assume GAIM [sourceforge.net] does logging too. For Mac Adium [adiumx.com] has logging, and iChat might too.
  • by GnomeKing ( 564248 ) on Tuesday November 05, 2002 @01:24PM (#4600310)
    that I use an SSH connection to my linux machine at home to use ICQ

    Yes, I can understand the arguments that the boss should be able to see what their employees are doing during work hours - but it can go WAY too far

    IMHO, bosses should use productivity figures as the yardstick to measure how uhhh productive their employees are being
    Not if they send a couple of non work related IM's a day

    I guess one of the main problem is that you cannot secure IM's... emails can be encrypted at your computer and decrypted by the recipient, thus bypassing ur employers very long nose...
    Theres no viable alternative which includes encryption for AIM (yes, some clients support encryption - but the vast majority do not)

    Long live putty [greenend.org.uk] and ! [konst.org.ua]
    • IMHO, bosses should use productivity figures as the yardstick to measure how uhhh productive their employees are being
      Not if they send a couple of non work related IM's a day

      One the one hand, yes. I agree. Bosses should really look at how much you get done, and use that as your measure of productivity. If you can code 100,000 lines a day and still chat on IM, more power to you.

      But for most folks at most jobs, the measure of how many e-mails you send out and how much you use IM is probably a pretty good indicator of how much you're slacking off. I've worked across-the-cube-wall from several people who have astoundingly low productivity, and in most cases, they've been censured because someone noticed how many e-mails and IM's they send out. It shouldn't be the ONLY indicator used, but it's definitely a good one.

      Now, to really know how much someone is slacking off, you'd need to look at the actual text of e-mail and IM's that get sent out... and that's a whole different privacy issue that I'm not really comfortable with.
  • Already done... (Score:5, Informative)

    by SealBeater ( 143912 ) on Tuesday November 05, 2002 @01:26PM (#4600320) Homepage
    There is already a product out there that does this, tho it's open source and
    free. It's called aimsniff and it can work on it's own or take a snort log
    file. Only problem with this sort of thing (both the free and the commercial
    product) is that there is likely to be too much information to grab. You would
    have to have some sort of keyword search or something. I wonder if 3l373
    speak would have an effect.

  • No Problem... (Score:5, Informative)

    by Squeezer ( 132342 ) <awilliam@@@mdah...state...ms...us> on Tuesday November 05, 2002 @01:27PM (#4600323) Homepage
    http://vtun.sourceforge.net/ [sourceforge.net] Set up a VPN from your work box to your DSL/cable box at home and then run a proxy http://www.privoxy.org [privoxy.org] to bounce your AIM IM's off of. Have a port 80 proxy server you have to use? No problem http://www.agroman.net/corkscrew/ [agroman.net]
  • Not surprised (Score:4, Interesting)

    by Arcturax ( 454188 ) on Tuesday November 05, 2002 @01:28PM (#4600333)
    Not surprised at all, being that its a given that most corporations could care less about your privacy if destroying it makes them money.

    But there are ways to fight back. Trillian allows encrypted IM.

    It would also be nice to have a nice open standard (Jabber comes to mind) which uses strong encryption by default. Maybe if we push for Jabber support in Trillian, more people would use it.

    Another way is to attack AOL directly by cutting off this source or revenue? How? Well ironically by developing an open source and free version of the AIM spyware. I mean, the companies are going to try to spy anyway, we might as well make sure AOL can't profit from it in the process. A rather interesting way to punish AOL for their actions. We lose either way so we might as well take AOL down with us.

    The way to win of course, is to push an open source strong encrypted IM and market it as much as possible as being bug (the spying type) free.
  • OMG!!! (Score:5, Funny)

    by Noryungi ( 70322 ) on Tuesday November 05, 2002 @01:28PM (#4600334) Homepage Journal
    You mean... you mean... AOL actually spies on some of its customers! The outrage! Oh, the humanity!

    What is going to happen to us now? First Microsoft wins the day in court, and now this... The world truly is going to heck in a handbasket.

    (all of this with tongue firmly in cheek...)
  • by _LORAX_ ( 4790 ) on Tuesday November 05, 2002 @01:29PM (#4600340) Homepage

    For those out there who wonder why this is a bad thing, as yourself.

    1) How would you feel if your employer started recording conversations at the water cooler or in the smoking lounge ( insert place where employees congrigate ).

    2) IM != Email since people believe that IM is a transient way of "chatting" and not a e-mail where it get stored and cataloged on both yours and their PC.

    3) Without informing the employees this could very easly breach electronic privacy laws in many countries.

    I have no problem with informed consent monitoring, but blanket monitoring does not halp anyone. It gives managers a sense of control where they are basing evaluations on information that may or may not have anything to do with performace. Employees if informed will have a reduced moral since they will even further feel like sheep. If not informed employees, once they find out, will fell violated because of above mentioned "chat" or transatory nature of the conversations that normally take place.

    I still say that for the majority of comanies should spend their money on benifits and good managers, this is just another dumb idea.
    • Correct me if I'm wrong, but don't most companies have a policy in which when you are on company time, all privacy other than personal (bathroom) privacy basicaly goes to hell in a handbasket? If you are on company time, and you are using company systems, you have no privacy.
  • by iamwoodyjones ( 562550 ) on Tuesday November 05, 2002 @01:31PM (#4600352) Journal
    That people already have been encrypting their messages through reverse engineered AIM protocol clients which aren't the standard one that AIM allows people to download.

    And on the flip side, people already have been snooping on AIM conversations through the regular sniffing tools that come with any standard linux distribution.

    But! If you make it official that you will remain in control of your protocol instead of opening it up, and roll your own equivalent tools up, and sell them at a decent price, then they will bite. I agree.

    However, at 35 bucks a head a year at a large company, I'd be tempted to just have the employees use a stock client distribution with/without encryption abilities and hire a technie to take care of the snooping if I care to do that. Or just ditch AOL and use one of those others ones like jabber with all the same abilites.

    But hey, sometimes you just get that knack to spend your corporate money you know?

  • Now is your chance to move to jabber. Jabber is an open source server/client/protocol. Some of the clients even support ssl (encrypted) messages. You have to be careful, however, as the auth is still plaintext, even using ssl. But still, jabber may be a good answer: It supports 'gateways' to AIM, yahoo, etc.
  • by brandido ( 612020 )
    I can just see the add campaign now -

    Think you have some slackers around the office spending all their time chatting online, spilling the beans about your financials, or just bad-mouthing the CEO? Take AIM and blow them away with our instant message monitoring software!

  • More Secure? (Score:3, Interesting)

    by PhoenixK7 ( 244984 ) on Tuesday November 05, 2002 @01:32PM (#4600362)
    "A new, more secure version of AOL Instant Messenger, or AIM, will enable businesses to read instant messages sent by employees"

    How, under any definition of security does this make it more secure?

    side note: does slashdot seem very slow to anyone else today?
  • a little snoop based on ip address, then grep out the relevant stuff.

    I only do this when directed by management, for bandwidth reasons, but it's nice to know that I'm doing my part to save marriages and relationships.

    But if you want to line the pockets of AOL/Time-Warner, go right ahead.
  • by cduffy ( 652 ) <charles+slashdot@dyfis.net> on Tuesday November 05, 2002 @01:34PM (#4600372)
    I can appreciate the need to do this -- but Jabber seems a better solution.

    Company runs its own Jabber server. Everyone there has a user@yourcompany.com address. Internal messages between folks in the company never go outside. Admins who want to do monitoring or whatever can do that. Users who want interoperability with AIM or whatever can do that -- *if* the admins decide to install the AIM connector on the server. And it sure doesn't cost $35/seat.
  • by Veovis ( 612685 ) on Tuesday November 05, 2002 @01:40PM (#4600394)
    My managers are listening to my phone calls

    My managers are reading my e-mail

    My managers are reading my IMs

    My managers are monitoring what candy I get from the vending machine

    You know for someone who is supposed to be in charge of managing a department/whatever, has work (or should have) of their own to do, he's taking a really big interest in what I'm doing back here.
  • MS has had IM as part of Exchange 2000 for 2 years now. Other vendors have sold similar products. I always wondered why AOL never used their IM clout to make money in the enterprise market and try to lock MS out of it in at least 1 product.
  • by Gruneun ( 261463 ) on Tuesday November 05, 2002 @01:42PM (#4600403)
    Employees should have no expectation of privacy for any information placed into the business equipment of the Company/government... This policy shall serve as notice to any and all that Company/government equipment may be monitored without further notice.

    There is plenty of other text that details this, but that's the meat of it. Companies have a right to monitor any traffic to protect their interests. If you don't want your AOL messages watched, find a company that supports employee privacy on company equipment over covering its own ass. Good luck, because I've never heard of one.

    I think it's kind of shady on AOL's part to suddenly roll over on its user base. However, there are a lot companies that don't allow IM because it's more difficult to keep an eye on than email. AOL may benefit from more acceptance as a result of this move.
    • "find a company that supports employee privacy on company equipment over covering its own ass. Good luck, because I've never heard of one."

      My previous career was as a legal secretary.

      One very nice thing about that job was that you could very safely assume that you had privacy while working, using the equipment, phones, faxes, etc. Reason? EVERYTHING you touch has Attorney-Client privilege and is either employee- or company- confidential. Anyone who is not supposed to be privy to your data, communication, files, etc., would be putting the company at risk by snooping, and no-one, not an IT manager, not the president, has authority that supersedes an attorney's requirement for privacy.

      So, if you work anywhere in the legal field, you won't have to put up with this kind of thing (routine transcripts of your commo without clear accountability at every step.)

  • by drunkrussian ( 619107 ) on Tuesday November 05, 2002 @01:43PM (#4600407) Journal
    Ritter anticipates that encrypted instant messaging will appeal greatly to federal agencies that want secure, interagency instant messaging. "Our military and intelligence customers are more interested in the secure version," Ritter said.

    This is certainly at least a little bit of an exaggeration. You can't put classified information on any system that has any kind of communications software or hardware on it. You have to physically disconnect all connections before starting in classified mode. The only exception is machines on a network that has only classified systems and uses some form of secure line for transport between the nodes in the network. There are only a handful of such networks, and you won't have one on your desk. There will most likely be only a few such machines per facility.

    There already is a system for the transmission of classified data between different personnel in the government. It's called, to use technical terms, the "secure telephone." For documents, you can use a technology called the "courier" - an organic system that has advanced intelligence functions and is capable of defense through the use of an integrated firearm.

    Much of the unclassified stuff is transmitted in the same way as classified information. There are also secure networks that are used for the transmission of unclassified but sensitive information.

    If it's anything that requires encryption, it will be transmitted over a secure network, or will be handled through other procedures. This IM system really has no application to the military or intelligence communities.
  • So - Fred the McDermitt file, where can I find it?

    Yeah. the game was great! The beer girl ... oh my god...
  • by Wills ( 242929 ) on Tuesday November 05, 2002 @01:45PM (#4600419)
    USD35/employee/year is not really expensive for the benefit to employers of being able to demonstrate that they are "doing something" to monitor and prevent inappropriate comms. It's a reasonable step for an employer to take given the lawsuit risks these days. An employer who doesn't take any steps to monitor comms doesn't look good in court if they end up being sued, for example, in an employee-employee harrassment case.

    P.S. Rob, Nate, Jeff, your change of hosting service this week from Exodus East to Exodus West has made Slashdot incredibly s...l.........o...........w....... from Europe. It's taking 2 minutes to load a page compared to 10 seconds on the old host. Did OSDN pull the plug on your funding for the larger pipe at Exodus East? It's understandable but a shame nonetheless because it's going to stop people visiting.

  • Any other netadmins out there figure out how to block the kid in the back with a Voicestream cell doing dialup for his IM? He's actually got enough free minutes to stay dialed into his ISP during all 9 hours of the business day, 20 days a month. The boss made me take the tin foil down. What else can I try?
  • by jfruhlinger ( 470035 ) on Tuesday November 05, 2002 @02:10PM (#4600516) Homepage
    AOL will NOT be monitoring AIM communications -- what this product essentially does is set up a private network WITHIN a company, based on the AIM protocols. It is that internal communication that is being monitored -- and not by AOL but by the company that buys the software from AOL. I imagine that the users will be able to use their clients to communicate with other AIM users outside their network, but if they don't want to be monitored, they can just download the standard free AIM client and use that instead.

    Several of my friends work for IBM, and they have been using something like this software, called Sametime, for a couple years. Sametime may have been a beta of this product.

  • Simple solution (Score:3, Interesting)

    by L0neW0lf ( 594121 ) on Tuesday November 05, 2002 @02:15PM (#4600534)
    As a network sysadmin, I generally don't want anything on the computers I work on that I didn't put there. Simple solution: user rights. My users cannot install any software without oversight. Limited privileges = no instant messaging software = no viruses transferred through IM software, pr0n, mp3's, etc. =no need to govern over IM use in the first place. Problem solved.
    • Re:Simple solution (Score:3, Insightful)

      by Reziac ( 43301 )
      You're right, of course -- simply disallowing problem software solves the problem from the gitgo. But let's say AIM is one of the programs your company uses, so it's already installed. Seems to me the AIM-monitor's goal is preventing unscrupulous employees from sneaking confidential info and files out thru the AIM client, not preventing employees from using it in the normal way. Even if you don't catch 'em in the act, logging everything should make it easier to figure out how and by whom something was leaked, yes?

      [Disclaimer: I work for myself so have no stake in this; however I do use AIM for groupthink with other folks.]

  • by Boss, Pointy Haired ( 537010 ) on Tuesday November 05, 2002 @02:19PM (#4600551)
    ... and every other kind of IT employee monitoring solution is that they are implemented by the IT DEPARTMENT.

    Who by definition are the worst offenders.

    And because they're all buddies, they "bypass" the monitoring for their own IP addresses.

    Total waste of time.
  • PLAC (Score:2, Interesting)

    by EvilOpie ( 534946 )
    I don't see what the big deal about this is, it's not like you couldn't find this stuff out in the past without this.... and for free no less.

    I work at a college, and the network admin here wanted to try out this mini-distro called PLAC [freshmeat.net] for Portable Linux Auditing CD. Basically it's supposed to be small enough to be burned onto one of those business card sized CD's, and they're bootable. So basically you can pop it into a CD drive and boot a machine to this auditing software. Well, since he wanted to try it out, we setup a small box just inside the firewall here to see what it could find. Well... to be honest, it found a lot. It could grab URL's that people were looking at, emails that they were sending out, and yes, even AIM messages.

    The amazing thing is that it would sniff the network packets, but yet report everything in a simple, easily-readable format. It's amazing how much private stuff on the internet isn't private.

    This makes me appreciate licq [licq.org] with an SSL connection even more.
  • Whose security? (Score:5, Insightful)

    by drew_kime ( 303965 ) on Tuesday November 05, 2002 @02:26PM (#4600588) Journal
    A new, more
    secure version of AOL Instant Messenger, or AIM, will enable businesses to read instant messages sent by employees, just as businesses can now monitor their workers' e-mail.

    How is allowing someone else to monitor my communications more secure?
    "We are familiar with the Wall Street group," Stewart said. "We don't believe standards are at a place that makes us comfortable we can ensure
    customer privacy and security as well as network performance."

    Instead, AOL plans to offer private companies and federal agencies a premium version of the service early next year ...

    Just keep in mind who the customer is. In the mass market, the customer is rarely the user.
  • by Anonymous Coward on Tuesday November 05, 2002 @02:31PM (#4600617)
    "So easy to spy with, no wonder its Number 1!"
  • What a great way... (Score:5, Interesting)

    by Alethes ( 533985 ) on Tuesday November 05, 2002 @02:34PM (#4600635)
    to demonstrate a company talking from both sides [slashdot.org] of its mouth. [com.com]

    In April 2001, AOL filed a motion to quash Nam Tai's subpoena, arguing it should not be required to reveal subscriber information because it would "infringe on the well-established First Amendment right to speak anonymously."
  • Funny how this topic came up because just yesterday I sent a long-winded email to our LAN Support Admin practically begging for a more feasible (and responsible) way to use IM in the workspace.

    The company I work for uses ICQcorp, which, AFAIK, is dead software and has sat in beta since it was released in 1999.

    Now I won't get into most problems our company has had with instant messenging (the second biggest being users abusing their broadcasting rights), but I will dwelve on one...

    ICQcorp is terribly insecure... well, at least the way it was implemented in our office environment. In my department, most people don't have a workstation they can call their own. When you get in, you pick an NT box, log in, and that's that. The problem is that anyone who used that particular box (and logged into ICQ) can have their history of messages viewed easily. The *.dat files can be opened through notepad, and sit locally on the C: drive in the ICQcorp folder. Albeit, the formatting is bad, but you can definitely read it. Since I've discovered this, I've really toned down my instant messenging to the point where it is pretty much all work related, and if I actually remember to do it, I'll delete my own .dat file on the computer before I log off.

    I just recieved a response back from LAN support and it wasn't very encouraging:

    " There are no other departments ... that use any type of instant messaging and the justification for changing this system has not been met."

    I think it's time I maybe had a chat with Corporate Security. Do you guys agree?

    On a totally unrelated note... anyone else experience unbelievable slowness with /. the last 2 days? My dsl connection seems fine everywhere else. Did a traceroute but didn't see any noticeable jump.
  • by batkiwi ( 137781 ) on Tuesday November 05, 2002 @02:55PM (#4600737)
    It's not a magical AIM filter, which is what all the comments are suggesting.

    It's a way to run your OWN aim gateway server at your business.

    So I am at franks widgets (fwidg). I install the gateway server. Everyone at fwidg logs into the company aim server instead of the official AIM server, as employee@fwidg.com.

    So now we have intranet messaging, and apparently others can add us to the contact list as well (outsiders).

    OBVIOUSLY since all communication is going through this server, they can log/etc it. But htis is not some sort of magical firewall dropin that listens to aim conversations... there's been opensource projects that can do that for years now.

    It looks to me like it's aiming at the jabber and MSN/exchange messenger market. It's a locally hosted central server, so your business stuff isn't going out over the internet, and it authenticates against stuff you already have, according to their marketing. I'd guess that means ldap and active-directory.

  • That's great. Now I can sit at my desk and see what AOLholes have to say:

    hpyrabbit1981: Ya! LOL! :)):)
    dlscowboys0101: hi rabbit how r u?
    tina23992: me 2!
    hpyrabbit1981: @->-- cowbyos ;)
    memphisflowershop2: me too! a/s/l?

    I don't want that. I let the AOLers have their little messenger and chat rooms and they can crap all over it as much as they want. I much prefer slashdot, where frist porst's and goatse.cx reign supreme!
  • by jpetts ( 208163 ) on Tuesday November 05, 2002 @03:01PM (#4600779)
    This story immediately put me in mind of anti-virus software companies, although in this case it appears to be a matter of the company that sells the solution having caused the problem in the first place.

    I'm sure that AOL did not have that in mind* when they first developed AIM but I can't believe that they are not relishing the opportunity to generate even more cash from the monster they created.

    *Or am I not being paranoid enough?

    I'd rather fall off Ilustrada than ride any other horse
  • by GangstaLean ( 102189 ) <gangstaleanNO@SPAMbirdinthebush.org> on Tuesday November 05, 2002 @03:05PM (#4600831) Homepage
    Ok, I'm getting ready for the flames, but I can see perfectly well why this is a good product for corporations.

    1. Gives security conscious corporations a reason to allow AIM rather than ban it (not so long ago, I seem to remember, the AIM client had a security hole. Wasn't that '99?)
    2. Allows companies to unify their methods of IMing, a product which is actually a really good business tool. If you're on a conference call, phone call, in a meeting...there are lots of times it's great to have a live medium to communicate with a coworker. Easier than remembering Joe down at helpdesk is B1gP3n1s.
    3. The CYAN (Cover your ass network). Hey, I know that you don't have to worry about this when you're down at the bar putting the moves on the blonde, but do that at work and it's all of a sudden the company's liability. Of course, you could lose your job. But they could lose money and time too. Don't forget, not every company out there is a big evil CORPORATION.

    Those are three fine reasons. Hey, we don't open up the firewall and have mail delivered to a server on every desktop, why do the same with IM? It's a logical way to start partitioning off Instant Messaging, rather than having massive servers off somewhere else handling messages. And in a lot of cases, companies are leery about plaintext running around the web with potential trade secrets. It's silly, when it could route locally.

    I'm not saying that AOL's solution is the one and only, but the idea is a good one. For the same reason we use mail servers, file servers, PBX systems, it makes sense. With companies convinced that IM is necessary for productivity, it opens the doors for other solutions, non proprietary in nature. And it opens the demands for secure features to be built into clients. Hey, somebody's gotta pay the bills, right? And we know that it won't be AOL people dialling up...

  • Brilliant (Score:3, Interesting)

    by nurb432 ( 527695 ) on Tuesday November 05, 2002 @03:13PM (#4600906) Homepage Journal
    Create a wide spread business problem, then sell the solution to the problem...

    Who ever thought that one up gets 2 points..

    10 years ago it would have been called a fraud.. but in todays world....

  • by Ageless ( 10680 ) on Tuesday November 05, 2002 @03:19PM (#4600953) Homepage
    For the past few weeks I have been writing a program I currently call SecureIM. It is a encrypting proxy server that runs on your computer and allows you to have secure conversations over AIM. It's runs under Win32 and is tested with AIM 4.x and higher and Trillian.

    If you would like to check out the beta version, it's available at http://www.vonnieda.org/SecureIM [vonnieda.org]

    The program will be getting a name change before v1.0 since there are several SecureIMs out there.

    Before you flame me about security or what not, please at least have a read of the Readme.txt [vonnieda.org] file where I think I explain pretty well what SecureIM is and isn't capable of.

    I hope someone finds some use of it. Enjoy :)
  • by jfortier ( 141983 ) on Tuesday November 05, 2002 @03:52PM (#4601233)
    A lot of companies have a very important need for this, other than just the desire to "snoop" on their employees. For example, many firms such as brokerage houses are required to monitor and keep records of their employees' interactions with clients. The article alludes to these groups slightly, without going into much detail. These companies would like to be able to use instant messanging to communicate with clients, but right now regulations stop them from using AIM, unless they somehow develop their own monitoring software. It's companies like these that AOL is really targeting with this product. Of course, a lot of these companies are also demanding that all the IM providers adopt and open/interoperable standard, which AOL isn't quite as willing to do.

"We don't care. We don't have to. We're the Phone Company."