14 DAY TRIAL // The Electronic Frontier Foundation (EFF) analyzed the preview version of the latest AOL Instant Messenger and concluded that users should not install it due to some serious privacy concerns it raised.
The first issue is that conversation logs are stored by default and secondly, all private instant messages are scanned for URLs, which means that all the chats are fetched to AOL’s servers in Virginia.
AOL’s decisions to move some of their services to the cloud, where data is usually stored in a plain text form, raises serious concerns because both cybercriminals and law enforcement agencies could access it if they have a warrant.
The customers’ privacy is at stake because in both scenarios their private conversations may become exposed even without their knowledge.
Regarding the fact that conversations are fetched to their servers to be scanned for URLs raises concerns with the EFF because AOL gives no clear indication on how this process occurs in their terms of service or privacy policies.
The Foundation believes that the company should not only give users initial notice with an opt-in check box, but also explain to them in clear and specific terms how everything is handled.
The good part is that AOL promises to disable this functionality for conversations that are marked to be “off the record.” On the other hand, the “off the record” feature is available only for customers who utilize the latest version which means that those who rely on previous variants or other alternatives are still exposed.
“We met with AOL to discuss how these features work and why the company should take greater care with your data, and we’re happy to say that AOL is promising to make some important changes as a result, especially in response to our second concern,” the EFF’s report reads.
“However, we still recommend that AIM users do not switch to the new version, as it introduces important privacy-unfriendly features.”