Freshness Warning
This blog post is over 19 years old. It's possible that the information you read below isn't current and the links no longer work. | Instant Messaging: Tear Down the Walls: "[AOL] consistently says [third-party AIM client] applications compromise the security of AOL’s own network by storing users' screen names and passwords beyond AOL’s control. That, however, doesn’t explain why the company still allows users of the long-defunct program Claris Emailer to retrieve their AOL mail remotely. Nor has AOL blocked every third-party IM program: Users of Odigo Inc.’s software have been able to access AOL’s network."

AOL also has two different IM proptocols. One is called OSCAR and is the one that the official AIM clients use. The other is TOC and is the protocol that AIM has opened up to allow FCC-mandated interoperability.

Clients that use the TOC protocol store the AOL screen name and password just like those that use OSCAR, but I don’t hear AOL saying that is a security risk. In fact, they designed it that way.

So why don’t third-party clients use TOC instead of butting heads with AOL over OSCAR? TOC is outdated and bug-ridden. It doesn’t support newer instant messaging features like file transfer, or even basic features like online status.

AOL doesn’t want third party apps connecting to AIM for a simple reason. If I can communicate with my AIM contacts without using AOL software, there is one less reason to use AOL. And there is one less thing that the vast AOL-TW empire has control over.

So next time you hear people discussing a company with dominant market share that is using predatory practices to prop up market share for another software package and squash competition, remember that they might not be talking about Microsoft.

February 19, 2002 7:09 AM

I am an avid Trillian user (, and I would assume this is what you're referring to. I sent AOL an email rationally complaining about this. When they had that big blocking MSN problem, the court told them they have to make their protocol accessible by third party applications. The stipulation though? The *next* version of the protocol. So they just will never upgrade. Gotta love loopholes. Incidently, AOL did reply to my email with a form email saying they're sorry that I'm having a connection problem, and I should call their free member service number for help.

Adam Kalsey
February 19, 2002 8:42 AM

I use Trillian on Windows and GAIM on Linux, and they both have had these sort of problems at one time or another. The interesting thing is that AOL doesn't seem to be able to block everything but AOL clients. They appear to have to block each client specifically. Odigio works fine right now, but Trillian doesn't. That itself is a horrible way to implement security. When designing a security solution, you deny everything first and then open up access to the specific things. If you do it the other way and leave yourself wide open but actively block unauthorized access, you are only protecting only against threats you know about.

This discussion has been closed.

Recently Written

The Trap of The Sales-Led Product (Dec 10)
It’s not a winning way to build a product company.
The Hidden Cost of Custom Customer Features (Dec 7)
One-off features will cost you more than you think and make your customers unhappy.
Domain expertise in Product Management (Nov 16)
When you're hiring software product managers, hire for product management skills. Looking for domain experts will reduce the pool of people you can hire and might just be worse for your product.
Strategy Means Saying No (Oct 27)
An oft-overlooked aspect of strategy is to define what you are not doing. There are lots of adjacent problems you can attack. Strategy means defining which ones you will ignore.
Understanding vision, strategy, and execution (Oct 24)
Vision is what you're trying to do. Strategy is broad strokes on how you'll get there. Execution is the tasks you complete to complete the strategy.
How to advance your Product Market Fit KPI (Oct 21)
Finding the gaps in your product that will unlock the next round of growth.
Developer Relations as Developer Success (Oct 19)
Outreach, marketing, and developer evangelism are a part of Developer Relations. But the companies that are most successful with developers spend most of their time on something else.
Developer Experience Principle 6: Easy to Maintain (Oct 17)
Keeping your product Easy to Maintain will improve the lives of your team and your customers. It will help keep your docs up to date. Your SDKs and APIs will be released in sync. Your tooling and overall experience will shine.


What I'm Reading


Adam Kalsey

+1 916 600 2497


Public Key

© 1999-2021 Adam Kalsey.