Agreement with ICQ

Sun May 22 21:04:54 EDT 2011

Hi Ivan!  Thanks for keeping in touch with us and with ICQ.  In
general I agree with the other replies to this discussion.  I'll just
chime in with a few small points.

On Thu, May 19, 2011 at 5:28 AM, Ivan Komarov <ivan.komarov at dfyz.info> wrote:
> According to them, I should "accept" the online version of the
> agreement (http://icq.com/legal/icq_developer_network_agreement.html),
> then print a hard copy of the document they mailed me (which is
> basically the same as the online version, only with a Signature
> field), sign it and send a signed copy to their Moscow office (they
> will forward it to Israel).
>
> So, a couple of questions to those who care:
> 1. Is it ok (legally) if I sign this document? Perhaps someone else is
> in better position to do that (I don't know, maybe President of
> Instant Messaging Freedom, Inc.)?

I think IM Freedom would need to take a vote to decide whether to
authorize you to enter this agreement on our behalf.  Or a member of
IM Freedom could sign the agreement (I think we would need to take a
vote in this case, too).  But as has already been discussed, I don't
think we can agree to their terms.

I guess you could sign the agreement on your own, on behalf of
yourself.  But I'm not sure what you would gain from this.

> 3. The ICQ guys say we can continue using the developer ID issued by
> AIM to Mark for ICQ authorization, but suggest that it might be a good
> idea to request a separate developer ID for ICQ. Should we?

I'm a little worried about the developer IDs/keys we're currently
using.  AOL has taken almost all of their OpenAIM web site down, and I
don't even see our keys listed at
http://developer.aim.com/manageKeys.jsp when I log in.  If those keys
were to be revoked, and if AOL or ICQ were to continue enforcing that
clients use a valid key, then I believe clientLogin would stop working
in our clients.

And so I agree with them that obtaining a new key is probably a good
idea.  However, as previously discussed, We can't agree to their
contract without violating our license (which we cannot do).

As a side note, I think Pidgin, Finch and Adium all have their own
key.  libpurple has a default fall-back key, but we encouraged clients
to override this with their own key (of course, this isn't possible
anymore for AIM, since new keys cannot be registered on the OpenAIM
website).

This is the part of my email where I tell AOL and ICQ what they should do:
The whole "client key" concept is misguided.  It seems like maybe AOL
wanted to be able to restrict access to their servers by only allowing
authorized clients to connect?  I believe this is not a constructive
endeavor.  It is not technically possible to restrict which clients
access a server-side resource because "official" clients can always be
spoofed.  Since client keys are therefore useless, they should be
removed in order to simplify the system.  Keeping them around, trying
to issue new ones, etc. is a waste of resources (both theirs and ours)

--Mark