AOL question -- not a tech problem (really!)

Factual Questions
1

I’d check this myself, but – I used to use the AOL software, but it was causing conflicts, so I just use the Web interface. So can some kind, knowledgeable AOL person (yeah, I know, that’s an oxymoron, hahaha) help me out?

I’m copyediting a novel in which a person is on the run and doesn’t want anyone to find her. She gets someone to let her use their computer to log in to her AOL account. She checks her mail, and then “made sure she was screened—nobody could see her online.” And then she wrote and sent three e-mails.

Huh?? Can you do that? Granted, I never tried, or looked for such a feature. But I do know that AOL does (or at least used to) show which users, of those who turned up in a search of the member directory, were currently online. And even if she was “screened,” AOL would be able to tell that she’d been online, no?

So—is this legit, or do I need to tell the author that he’s invented a new technology?

2

Well, you can set your Buddy List preferences so that you won’t show up on anyone’s list, however if you have a member profile, and someone does a search for your screen name, it will show up with a little red arrow next to it indicating that you’re online. Also, if you read or delete an email from another AOL user, that person can do a “show status” on the mail and see the date and time it was read/deleted. AOL itself does keep logs of when a screen name signs on, and for how long.

3

Ok, I actually signed into AIM to see if I could do this. You can set your buddy list to block all users…and so that they can find nothing about you if they know your user name. As far as the AOL software in general, I don’t know.

I know that using msn I can set messenger so that no one sees me (block everyone on the list). That way they don’t know when I’m online.

4

There’s an easy way around that. Just don’t fill out a profile. That way, being blank, you have no search words to look up in the directory, see?

5

I have a screenname with just the buddy list blocked, so if I need to IM a friend I can…but no one can see me on their buddy list, and since I don’t have a profile, I’m not visible there, either. I use it for web surfing and research and stuff.

Course, the one obvious way to see I’m online…call my house. Phone’s busy.

Corr, who racks up some serious hours online

6

Here’s some info that could also be a possible twist in the story:

Not having a profile is different from having a blank profile.

If you have a profile, and someone uses Member Directory with the “Show Users Currently Online” box checked, your name will come up with a red arrow next to it (assuming that your screenname meets the criteria searched for, of course.)

If you have deleted or never made a profile, you will not show up in the directory.

But…if you HAVE made a profile, then you erase the fields (as opposed to deleting the profile,) then you WILL show up as being online, though your profile will show only a blank screen with your screenname at the top.

AOL Techs are not allowed to have profiles…so those who made one often thought that simply erasing the information would get rid of it. When we would run a search for Techs with profiles, several blank ones would come up, so we’d have to email them with instructions on how to use the delete feature.

-David

7

Scarlett67 wrote:

Um, the “nobody” is the important word in your bold text. Unless the character had some tremendous inside knowledge of AOL protocols, it’s just about guaranteed that the simple fact of logging into AOL lets AOL know that she’s online. Whether it’s full-blown AOL or just the Web interface for email, anyone who works at the appropriate jobs within AOL could find out she’s logged in. And, even if she’s just using the Web email interface, which I assume does not make one ‘visible’ via IM (there’s no guarantee that IM software is available on the computer being used), looking up the IP address she logged in from could give some general real-world location information.

So, the question becomes: is the character trying to hide from everybody (in which case she blows it by logging into AOL), or can she safely assume that the employees of AOL won’t tip off the people chasing her?

8

Scarlett-You asked a simple question, and maybe you want a simple answer–is it legit to say someone is ghosting (blocking everyone) and send three emails at the same time. Yes.

9

OK, thanks for your replies, everyone. I think this character is just your everyday AOL user (although she works for a tech company and seems fairly computer literate) who suddenly finds herself on the lam. It’s clear that she doesn’t know who’s chasing her, and they seem to have an uncanny ability to track her down as she runs. She has something on her person that they want.

So – she may or may not have had a profile before this happened, but you all seem to be saying that if she had one, clearing the fields would still leave her detectable. If she didn’t have a profile, there really wouldn’t be any need to “make sure she was screened.” And of course, AOL employees would still be able to see her.

Erwin – So how, exactly, would one do that? Where’s the command on the AOL menus or in the settings? She’s using someone else’s computer – a 486 with “an antiquated version” of AOL. (Yeah, I know, I should have included this info before, but honestly it just now occurred to me that it was there!) So I’m thinking version 3.0 at the latest, if memory serves.

I think there are still serious doubts as to whether this is possible.

10

The 4.0 software was the first to feature Buddy Lists. Anything older, and you wouldn’t be able to access the BL controls. (Privacy preferences are stored on AOL’s servers, so whatever settings you had last would remain.) I’m not sure if AOL 3.0 still works, I do know that versions older than 3.0 are blocked. However, you can install 4.0 on a 486.

By default all newly crested screen names have their Buddy List privacy preferences set wide open. Anyone that knows your screen name can add it to their list, and see when you’ve signed on. There are several levels of privacy with a Buddy List, and at the highest (no AOL member or AIM user can Buddy List or IM) you will not show up as online on a BL, during a directory search, or if someone does a “Locate Member” on your screen name. I just tested it.

FTR, this is not “ghosting”. “Ghosting” refers to an old exploit of the software (since patched) that allowed a user to truly be invisible. They could chat but not IM, and generally wreak havoc without the AOL system logs even registering them as signed on. But, it doesn’t work anymore :slight_smile:

11

So, Vera, let me make sure I understand you correctly. If this 486 computer had AOL 4.0 installed, the character could have signed on, set her buddy list to the highest privacy setting, and no regular AOL user would be able to tell that she was online?

(I’m willing to overlook the possibility of AOL staff seeing her, as perhaps she didn’t think of it in her befuddled state. and later it’s obvious that “they” are still after her.)

12

You’re copyediting The Net?

AFAIK, there have always been buddy lists on AOL…I know they worked on 2.5 and later.

I actually signed onto AOL using version 2.5 so I could answer this (that antiquated enough?)

Keyword: Buddy brings up the Buddy List control panel (Keyword: BuddyView is what would actually show your Buddy List.)

At the control panel (titled “xxxxxx’s Buddy Lists”,) you would click on the button marked “Privacy Preferences”, which brings up the privacy settings panel.

There, click on the radio button marked “Block All AOL Members And AOL Instant Messenger Users”.

Then, click the radio button marked “Buddy List And Instant Message”.

Then, click the button marked “Save”.

A messagebox appears which says, “Preferences Updated.” The only button there is marked “OK”, so click it.

All that’s left is to close the Buddy List control panel…poof–nobody can see you.

Extra information:
The tools used by AOL employees to manage accounts are called CRIS and Merlin (Merlin is the newer version.)

AOL reps cannot see your complete credit card or checking account number (only the last 4 digits and expiration date.)

AOL reps cannot see your passwords. At best, they can “reset” them.

They can see how old the account is, which screennames are on the account, whether one of the screennames is online (yes, even if blocked by the above method,) which node and TIH the member is connected to, and assorted billing data like billing date and payment plan.

Of course, different departments have access to different information…Billing would see different things than the Community Action Team would.  Also, as expected, the higher up the ladder someone is, the more access rights they have.

This applies to actual AOL in-house employees–typical chatroom hosts and whatnot have no CRIS or Merlin access whatsoever.

-David

13

Scarlett67, the things about you that impress me just don’t stop. I pray that if and when I get my novel into the hands of someone who’s willing to publish it, I get an editor who cares even half as much about details like this as you. :slight_smile:

14

KneadToKnow: Oh, stop it! :wink: Hey, it’s just my job. I’m a paid skeptic (or as one of my e-colleagues puts it, “a professional idiot” – one who must misunderstand the text in every way possible, and then eliminate those possibilities.

The rest of you – good enough! I’m convinced that this is possible. STET! Thanks again.

SoulFrost: Heh, I wish. The three times I had the chance to work on anything by an author people have heard of, I had to turn it down because I was already booked. WAH!! Although I have something fluffy, based on the work of a Famous Artist, that’s been in limbo for a while. Maybe eventually it’ll land on my desk.

15

I think your key phrase is “see her on-line”, which to me implies something very close to “in real rime”, more like somebody listening in on a phone tap.

Regardless of her computer skills, if she uses AOL she’s only as safe as an AOL administrator allows her to be.

If the “enemy” has corrupted the right AOL employee, then she can be “seen” in real time. However, if she and the recipient share encryption software, she can disguise her data. So if the writer’s concerned about getting a message past a spy, maybe with a little replotting. If it’s about not being “spotted” at all, well any self-respcting globe-spanning computer conspiracy would have AOL thoroughly penetrated. Only a “lone nut” hacker chasing the heroine? Then she’s probably safe, except for the worm the nut implanted in AOLs code years ago when he wrote code for them. yadayadayada

16

One more plot twist…

if your writer names AOL by name, and suggests that it is corruptible and/or hackable. you can expect a call from corporate suit types from the legal division.

Whatever happens, if the writer names AOL, AOL had better work exactly as advertised. If the ISP needs to be vulnerable, make it a fictional one like NOL!

17

Simulpost! Agreed, yojimboguy. I’m going to go with the idea that using the methods described above, she would indeed be able to make herself invisible in real time to regular users. She is indeed being pursued by an organization, rather than a lone nutjob, and she has some sense of that. And it’s possible that they can hack AOL somehow. But she accepts other risks (using her phone card, for example), and she’s trying to minimize them as much as possible while still getting where she needs to go.

So, it’s logical that she may (or may not) understand that AOL might be able to track her, but she is doing what she can (and we seem to have confirmed that it’s possible) to disable MOST tracking methods.

18

Simulpost again! I think we’re safe here, as there’s no such suggestion made – just the character blocking herself. But thanks for the thought – that actually hadn’t occurred to me to watch for, and I do query legal issues when I spot them.

19

I might be missing something here but why doesn’t she just us an email anonymizer web site & give a return address that is her AOL acct? That way she can appear to send from AOL but no one knows she was online.

For example, I use Agent I can type in any email reply address I want. So I can be anyone I want to be. It’s not an anonymizer, but there are some such web sites I bet.

20

I don’t mean 'email reply address" I meant ‘email reply from address’