As AOL uses a proprietary protocol for the communication between the AOL client and the AOL host, it is hard to know what traffic travels on that line beside the webpages and AOL content that the user, er... pardon, the AOL member requests. And I'm not talking about advertizing here. Take a freshly installed AOL 4.0 client (this is probably true for later releases, but I haven't checked) - if you look at the upstream and downstream traffic (there are tools to do this, for network connections as well as serial, ie. modem connections), you might notice downstream traffic during the first few connections that is not related to any user action. If you watch the files on your harddisk close enough, you might notice that there's a file that holds a database of dialup numbers for global access that seems to receive new and updated entries.

Use this client to sign on and off a couple of times. Analyze the traffic - you cannot find any clear text in the data stream, but you can count the bytes. Now sign on and wait for the next GPF to crash the client. Sign on again. Wasn't that significantly more upstream traffic (ie. traffic from your client to AOL's host) than usual? Let's try that again. Compare it to the next sign-on after a clean logout. Noticed something? Don't take my word for it, try it yourself.

If AOL's client had a phone home or talk back feature, just like other AOL products (e.g. Netscape's Quality Feedback Agent), this is what it would look like. And while AOL goes through all the pain of asking the user for permission to send an automagically created bug report when Navigator crashes, they don't need to ask members who have complied to AOL's TOS.

There's actually a chain letter from around January, 1999, that is supposed to be written by an ex-employee of AOL and that describes essentially a very advanced phone home feature in the AOL client that can be remote controlled. AOL denied all those allegations.

A phone home feature would actually not send back the contents of your hard disk, but rather technical information that could be used by QA to track down a problem in the client software - such as detailed version information, or information on the internal state of the client or the CPU at the moment when the GPF occured. There could also be sensitive data among the technical information, for example screen names of your friends, a list of websites you visited (I hope you don't have the habit to store username and password in bookmarked URLs), but then: all of that is information that you trusted AOL with before.

Log in or register to write something here or to contact authors.