AOL, AIM and Openness

When I started working on Pidgin eight years ago (eight years‽ holy crap!) my main focus was the code used to connect to AIM and ICQ. The protocol is called ‘OSCAR,’ and it is a proprietary protocol created by AOL.

As IM protocols go, OSCAR is actually quite decent. Flexible, extensible, reasonably concise. Could maybe be simpler.


AOL’s history with public access to their IM network has had its ups and downs.

  • In 1998 a few AOL employees released a GPLv2-licensed IM program called ‘TiK.’
  • Sometime in 1999 this project was abandoned by the AOL employees. Some non-AOL employees created a TiK project on SourceForge and continued development.
  • Things were good.
  • In 2001 AOL made changes to their protocol in an attempt to block unofficial clients. Some people believe these changes were made to block Jabber<–>AIM transports, and that Pidgin (named ‘Gaim’ at the time) got caught in the crossfire. Pidgin developers were able to keep the program working for the most part, and AOL relaxed their efforts to block unofficial clients.
  • Things were good again.
  • In 2008 AOL announced Open AIM. Open AIM was a lot of things: A set of SDKs for interfacing with AIM and the AIM servers. Documentation for the OSCAR protocol. A forum for users to ask questions.
  • Things were great… for a time.

Recent Changes

Sometime in January, February or March of this year AOL decided to shut down the Open AIM program. No more SDKs, no more protocol documentation, and no more developer outreach.

More specifically, the OSCAR documentation provided by AOL described a method of authentication (using a “startOSCARSession” API request) that required the use of a developer application key. The current Open AIM website implies that new keys cannot be created.

Now What?

Does this mean the use of startOSCARSession is deprecated? If so, what auth scheme should we use, instead? Should we go back to BUCP, the authentication scheme used by AIM 5.9? Should we try to reverse engineer the authentication scheme used by current version of AIM? Should we go back to masquerading as the official AIM client and stop politely identifying ourselves as ‘Pidgin’?

To quote the great Yoda, “the shroud of the dark side has fallen.”

This entry was posted in All, Computers, Pidgin. Bookmark the permalink.

7 Responses to AOL, AIM and Openness

  1. Pingback: AOL, AIM and Openness |

  2. Rob Gibson says:

    Sadly, I think the time has come to consider the ultimate fate of a proprietary protocol. AIM has been the juggernaut for years, but I haven’t spent a great deal of time on AIM, even though I log into that account every time I run Pidgin.

    For my 2 cents, the two most important networks (Google and Facebook) run Jabber/XMPP. Everyone I regularly talk to via an IM is available through one of these two services.

    I would like to see some refinement here, particularly in the notifications. Users on Jabber/XMPP accounts seem to go offline regularly and come right back on. But otherwise, the support is spot-on. I haven’t checked the bug tracker, but I think I will now.

    It’s just a gut instinct that tells me that well-documented XML being passed around seems far more useful and flexible than a protocol whose sole source of documentation is turning its back on an entire developer community.

  3. Alex says:

    It’s 9 years! We took that project class in the spring of 01.

  4. Baylink says:

    Well, that’s fine, and all, but the issue is Metcalfe’s law: the people who are going to use a multiprotocol IM client are doing it *because there are people on those networks they want to talk to*.

    And that’s a much larger number, in aggregate.

    Dropping AIM screws Pidgin, and its users, not the network, and not those people at the other end; I really hope Pidgin doesn’t.

    If it does, I’ll have to replace it in my image at work… or move *everyone* to a local Jabber server, which is almost as painful.

  5. Truefire says:

    I say get some reverse engineering done on the new protocol. This will have least impact on the end users.

    This comment is pretty new for a rather old post…is this somehow fixed in the ‘new’ 2.7.0?

  6. Mark Doliner says:

    Truefire: I’m not sure I follow… is _what_ somehow fixed in the recently-released Pidgin 2.7.0?

Leave a Reply

Your email address will not be published. Required fields are marked *