January 18, 2008
Florian Jensen beaks the news about AOL adopting the Jabber protocol XMPP â€“ at least on a test server. This is a good move for the interoperability of instant messaging service but also a good one for security and for me.
The ICQ traffic goes unencrypted over the network and I know of special programs which sniff the traffic for pop3, smtp, icq, …. communications and log the login data into a log file (good on routers 😉 ). So you don’t need someone to understand the Oscar protocol, any script kiddie can use these tools . This is the reason I don’t use ICQ except on networks I trust. You’ll ask yourself why I use ICQ (with Kopete as client) at all? Too many friends which I know for a long time (when ICQ was the only instant messaging system â€“ you know the time before it was bought by AOL 😉 ) are still using ICQ. I’ve also a Jabber account and some of my friends have switched to Jabber or are using both as I do, but most use ICQ as their only IM system for > 10 years.
As XMPP is a â€œgoodâ€ internet protocol the usage of TLS / SSL encryption is common throughout clients and servers. If AOL is really switching to XMPP it would really increase the security, so lets hope that this is the first step. Even if they are keeping their protocol and only allow XMPP Servers to send messages to their clients it would help me. I just would stop using my ICQ ID and switch completely to my Jabber ID, which than can communicate to my ICQ buddies.
Update: As Edwin Aoki from AOL pointed out in his comment you’re save if you’re using the original AOL clients. Sorry for not making that clear. The problem is only that I don’t know anyone who is using the original clients, even the friends who are using Windows are running alternative clients.