Instant Messaging Users Victims as Giants Do Battle

For the last several weeks, cyber-giants America Online and Microsoft have been at war over instant messaging.

There have been incursions into each other’s territory, alliances formed and very public salvos from both camps. And all over a readily available utility that lets you chat live, rather than through e-mail, to other people on the Internet.

AOL is seeking to protect its proprietary software. What’s at stake is AOL’s dominant role in instant messaging, with an estimated 43 million people using its software either as AOL members or its nonmembers’ AOL Instant Messenger (AIM). That’s a vast audience for the advertising AOL displays on the messaging programs. Advertising is where AOL generates revenue on instant messaging since the software itself is free.

Microsoft, which finds itself in the unusual role of the little guy in the IM wars, would like to build its user base for MSN Messenger, and AOL is the biggest target on the Net. So Microsoft designed its software to make it possible to exchange messages with AOL and AIM users.

And therein the fight began.

Before I go on, I should disclose that I write a column that appears on the AOL service and AOL is one of the sponsors of my Web site, SafeKids.Com.

But in this conflict, the victims are users, who are being denied the benefits of a universal standard for instant messages.

In order for MSN Messenger users to communicate with AOL users, the software has to interact with the servers that AOL maintains for its own service.

AOL says that’s a form of trespassing and further claims Microsoft is violating its AOL members’ privacy and security because in some cases MSN asks for an AOL or AIM user name and password.

Microsoft says MSN Messenger follows the privacy guidelines of “notice, consent and control.” Asking for the AOL password, according to Microsoft, “is exactly the same procedure someone would go through if they were using the AIM client or any other software to log in to the AIM service.”

In the latest round, Microsoft seized the moral high ground by announcing that it would publish the protocols for its instant messenger service so that all instant messaging users can communicate quickly and seamlessly. Opening its source code is an unusual step for Microsoft, but with less than 2 million IM subscribers, it stands to gain more than it loses.

By publishing the code, Microsoft is allowing anyone who develops instant messenger software to configure their program so that their members can interact with MSN subscribers.

AOL is also committed to “open standards” that would enable AIM and AOL users to interact with users of other instant messaging services, said spokeswoman Tricia Primrose.

Primrose said AOL is currently working with the industrywide Internet Engineering Task Force (IETF) to create standards.

IETF has yet to receive AOL’s instant messaging protocols, said Vijay Saraswat, co-chair of the IETF’s Instant Messaging and Presence Protocol committee.

“In terms of moving the whole process forward, it would be significantly helpful to have AOL’s protocols published, but different companies choose to participate in different ways,” Saraswat said. The committee is “delighted” that Microsoft has turned over its protocols, he added.

Although the timetable isn’t clear, I’m confident that a deal will eventually be struck to create an industrywide standard that will make exchanging instant messages as easy as sending e-mail from one Internet service provider to another.

Even if AOL can maintain a short-term competitive advantage by keeping its service proprietary, users will eventually gravitate toward open standards embraced by Microsoft, Excite, Yahoo, AT&T;, Prodigy and other major players.

The battle between Microsoft and AOL is not only a war of words but also a war of programming codes.

AOL has repeatedly taken steps to prevent users of MSN Messenger to access its members and Microsoft has, on several occasions, made modifications to its software to thwart AOL’s blocking efforts.

Although there are no reports of any serious problems related to this blocking and recoding, it does create an unstable environment for users.

Recently, a Microsoft employee, masquerading as an independent computer consultant, sent an e-mail to a security expert warning of a flaw that resulted from AOL’s efforts to block access from MSN Messenger.

The letter was a fake, but the issues it raised may be valid, according to Robert Graham, chief technical officer of Network Ice, a company that builds anti-hacker software.

“AOL is basically hacking its own client,” Graham said, by exploiting a bug in its own AIM software.

Graham said he isn’t aware of any problems associated with this “clever hack,” but he worries that real hackers could figure out a way to exploit what he considers to be a security hole.

In theory, he said, it is “possible for hackers to use this to download passwords, steal credit card numbers and other nasty things.”

The chances of someone invading a users’ computer through this alleged flaw are remote, but any risk associated with this silly game--no matter how slight--is unacceptable.

What users need are industry standards that let anyone exchange instant messages in a way that is safe and open. A standards committee is in place to work out those protocols, and it’s time for all players to put aside their competitive differences to cooperate on a standard that will make instant messaging as ubiquitous as e-mail.

*

Technology reports by Lawrence J. Magid can be heard at 1:48 p.m. weekdays on KNX-AM (1070). He can be reached at larry.magid@latimes.com. His Web site is at https://www.larrysworld.com. On AOL, use keyword “LarryMagid.”