Re: AOL aid in an open source IM project

From: Gordon Mohr (gojomo@usa.net)
Date: Thu Mar 29 2001 - 16:40:52 PST


Back when MSN-IM was first attempting uninvited interoperability
with the AIM servers, it was alleged that AOL was using an even
more slippery tactic for detecting non-conforming clients: sending
them fragments of raw machine code.

The real AIM client would then jump into this arbitrary code --
which presumably could always be crafted in such a way that
it returned a result acceptable to a server when inside the
memory image of a real AIM client, but not when inside
workalikes. (What sane developer would dare jump into arbitrary
code sent by their adversary AOL, anyway?)

Steve Bush writes:
> To continue using the AOL
> connection, an IM client needs to respond to a request for these bytes,
> apply an MD5 hash, and return the result. In essence, they turned
> aim.exe into an encryption key. The entire aim.exe needs to be
> available. Developers cannot reproduce the array of bytes because this
> violates copyright law.

I would like to see this copyright question tested by the
courts. Reproducing a full copy of aim to be used as a key
might very well be a "fair use", if you're not executing
the copy -- or at least if you're a registered AIM-user in
good standing.

If copyright law could truly be used in this way, then
there'd be no legal need to use a key as long and multipurpose
as aim.exe. AOL could just copyright a much shorter keyphrase --
like say "Dammit, you've got hail!" -- and use copyright law
to prosecute anyone who echoed this back to their servers
without permission.

Now on the other hand, I think they have the legal right
to refuse opening their servers to anyone, and even without
copyright law, could prosecute people who attempt to make
use of their bandwidth/CPU/etc without permission.

- Gordon



This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:15:12 PDT