The Electronic Frontier Foundation is advising users to think twice about upgrading to the new version of AIM due to privacy concerns.The build in question is the revamped version of AIM that AOL debuted back in November of 2011 that offers fresh features like message syncing and in-chat media embedding.
The EFF’s concerns stem from the fact that once users login using the new AIM, “a flag is permanently set on your account to begin storing all of your conversations on AOL’s servers for up to two months, and perhaps indefinitely.”
While this feature is meant to provide users with the convenience of having full-access to their chat history regardless of the device they’re using to login to their account, it also potentially leaves user’s chat history open to the eyes of a party that wasn’t included in the original conversation. For instance, law enforcement officers armed with a warrant or even hackers targeting AOL’s servers.
There is an off-the-record feature within the new AIM client, but it must be enabled on a per-contact basis and cannot be applied to any Group Chats. The ‘off-the-record’ feature doesn’t work for third-party chat clients like Pidgin or iChat either.
Another concern was the fact that the new AIM automatically scans messaged links in order to retrieve and embed any shared media, whether it’s an image or video.
While on-the-fly media embedding is fine for the most part, the problem lies in the fact that links are scanned regardless of their type or purpose and may point to private network resources, contain authentication data within the URL or even be single-use URLs like unsubscription links.
The EFF has voiced their concerns to AOL, who has agreed to make changes to the new AIM chat client – including updating marketing content to make it crystal clear to users what information is being scraped, shared and stored.
However, due to the fact that merely signing onto the new version of AIM permanently changes your account settings to store ALL chat conversations on AOL’s servers, the EFF strongly recommends that existing AIM users do NOT upgrade to the new version.
Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.
No comments:
Post a Comment