Quite a few people have already expressed their discontent with AOL’s recent update to their AIM Terms Of Service (see Ralph, see Slashdot) and they are right. The good thing is that AOL is pretty outspoken on how they deal with this.

Let’s have a look inside the new terms to demonstrate what I mean:

Although you or the owner of the Content retain ownership of all right, title and interest in Content that you post to any AIM Product, AOL owns all right, title and interest in any compilation, collective work or other derivative work created by AOL using or incorporating this Content. In addition, by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium.

That means: whenever you post something you own, it gets 0wn3d by AOL. If you privately talk about your work, you give it to AOL. If you pass along confidential information, you allow AOL to post it on their website. And not only AOL, but to almost anybody („affiliates“, „licensees“ etc.). In other words: Fuck Yeah!

But that’s not all. Listen:

You waive any right to privacy. You waive any right to inspect or approve uses of the Content or to be compensated for any such uses.

This couldn’t be clearer: go away and eat shit. We not only don’t care about your privacy we are actively going to re-use it to make money from it and we’re not going to give anything back to you. Fuck Yeah!

Well, you might argue that the AIM service is free. But it’s a danger to your freedom. Right, that’s true. Free as in beer. But that’s it. Now is the time to think about alternatives. There are basically two ways to proceed:

1. Encrypt your IM conversation

There are two options for encryption. The obvious one is to use OpenPGP-compatible encryption as it is (more or less) widely in use in e-mail these days. However, almost no IM client supports PGP encryption for AIM today. The only solution (on the Mac) I know of is getting the latest PGP Desktop product which is able to plug into iChat or AOL’s IM client. But the chance of forcing somebody else to have the same set-up is low.

Option two is to use Off-The-Record encryption (OTR). It’s quite new, but I think it’s going to make its way into most clients soon as it is apparently easy to integrate and takes care of more than just the basic service of authentication and encryption. It also adds forward secrecy which means that no past conversation can be uncovered by losing private keys (which is not the case with PGP!) and deniability which ensures that you can revoke any statements you made in a conversation as it could have been forged (in theory) by your conversation partner. It’s obvious that eavesdropped IM conversation will be a huge problem in the near future so OTR just comes on time.

gaim supports OTR today via a plug-in. For early adopters on the Mac, I recommend Adium. The next version 0.8 will show native support for OTR (on all protocols) and it’s the best tool for IM power users anyway. Version 0.8 is already in private beta is about to be released soon. So do hold your breath ;).

2. Choose another IM network

Moving away from AIM is a good idea for many other reasons. For instance, AIM does not allow to control who’s got you on his/her buddy list. There is also no way to be „invisible“ (being online without showing up on others buddy lists) on the IM network. Furthermore, you always have to use AOL’s central IM server which you can’t trust anyway (does it show correct states for other buddies? Who else is listening?)

The only viable option is of course Jabber which is the Internet standard in the form of XMPP anyway. The next version of iChat is going to support Jabber so there’s no need to stay on AOL when that’s you primary chat client.

Also of importance is that Jabber allows you to run your own private chat server. That way you can be in control of your operational and security settings. This is even more important for companies. If you don’t want or can’t run your own server, you can select from a variety of publicly available servers, like jabber.ccc.de for instance.