People have been using many various instant messengers and this trend is going to continue and number of users to be increased in next years. It is used for chats, voice communications, file sending and even some additional services such are remote assistance, application sharing, playing games etc. IMs are used for both: private and business communications.
There are many security issues that are related to use of IMs. It can be used for spreading malicious software, phishing, spam. But what many users avoid is that it might be easy to monitor and eavesdrop someone’s instant messenger conversations. This is attack on privacy.
Let’s mention here some of instant messengers that are used widely: MSN, Skype, Yahoo Messenger, Google Talk, AIM, ICQ… I probably missed many on this list.
There are many discussions about these issues on many discussion groups, blogs and Web sites. I tried to find more about this and to look at some solutions to protect privacy in instant messenger conversations. I focused on MSN / Windows Live Messenger, Skype and partially on some others.
Even with careful reading I haven’t found is Microsoft able (I think they are) to eavesdrop instant messenger conversations. It is understandable that this can be enforced by government agencies and bodies for security reasons. What is concern for many companies that use MSN as important mean of internal communication between employees, does this give Microsoft possibility, for example, to look at others’ plans, architecture, design, and development of software.
There is interesting discussion on AOL instant messenger (AIM) titled “AOL Eavesdrops, Grants Itself Permission to Steal Your AIM Conversations”, here.
“Although you or the owner of the Content retain ownership of all right, title and interest in Content that you post to any AIM Product, AOL owns all right, title and interest in any compilation, collective work or other derivative work created by AOL using or incorporating this Content. In addition, by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy. You waive any right to inspect or approve uses of the Content or to be compensated for any such uses.”
I wrote at this blog about similar issues related to Skype security concerns here, here and here. There also voices that some companies banned use of Skype in their systems and networks (for example here).
There are many articles or posts that talk about similar issues, I’ve found interesting:
- Are my Instant Messaging conversations private?
- Instant-messaging conversations can easily linger for years as evidenced in Foley case
To be honest, even moderate software developer or network administrator, can either develop solution for eavesdropping or sniffing of network communication. There are many tools for this available on Internet as source code, or toolkits that developer can use to add additional features such as content filtering, analyze and so on. I will disappoint many of readers here as I don’t want to direct you to that tools and development kits. I will rather talk about some possibilities how to protect your privacy.
How to protect your privacy?
There are different products on the market that you can use to protect content of your conversations. I’m going to mention and discuss couple of them here.
Zone Alarm (Check Point Company) has separate product IMSecure Pro for advanced instant messaging protection. This tool keeps your instant messages confidential and protects your privacy. It also safeguards your PC from dangerous IM traffic and works with your existing IM clients: AOL Instant Messenger, ICQ, MSN Messenger, Yahoo!, ICQ, and Trillian. Also it is part of ZoneAlarm Internet Security Suite.
You should have in mind that you should check with local laws can you use these products. I’ve heard that some governments / countries will not allow encrypting your communication. Also you should be aware that fact that you use encryption can be trigger for other to pay special attention on you.