Are 'chats' automatically stored when using AOL IM?  Can they be
stored by one party (or a third party) without the knowledge of one
(or both) users?  Finally, is there an, easy, reliable cross platform
(MAC-WIN) means for private chat?

hi,

try this:

AOL Instant Messenger Encryption

The latest versions of AIM now have the capability to use your email
certificate to encrypt your AIM conversations with any other Instant
Messenger user who also has "Security Enabled." This is easily
recognisable, as the "Security Enabled" users have a lock icon next to
their screen names - in your buddy list.

To set up your AIM to use encryption, export the full path of your
certificate from the IE certificate configuration window, include both
the public and the private keys. You should then be able to import the
certificates into AIM using My Preferences -> Security -> Advanced.
The only difference will be having to type an extra password to give
AIM access to your private key when you log on.

The answer to your other question is that the client locally can log
the information received or sent by the local client - even if it was
sent encrypted.  This is a trust thing!!  Encryption should prevent
any sniffing of messaging - however you must ensure that the key you
receive from your buddies is verified out of band (i.e. not over the
internet).

Good luck,

Tigerfish

Once a message reaches the person you're talking to, you have no way
of knowing whether he stores it or not. It's the same with a
traditional letter, once you put it inside the mailbox, you don't know
who'll open it and whether it is kept or burned. Likewise, first, you
have to be sure that the person you want to talk to is actually
sitting in front of the computer. There is nothing you can do to
prevent logging on the recipients computer, if you send it encrypted,
the other side needs to be able to decrypt it. Otherwise, he/she
wouldn't be able to read the message, which would make everything
pointless.

Whether or not the message is stored is entirely up to the client
software (the official AIM client, gAIM, Adium or another), with no
way of you knowing whether it was stored or not.

In addition to that, all messages pass through the AIM server.
Technically, AOL can easily look at what you are writing. Also, anyone
providing the links between the AOL server, your Computer and your
buddy's computer can look at your messages.

If you want more privacy, you will first have to decide whom to trust:
If you do not trust AOL, you should not use tools they provide. Then
there is encryption, it can either be client-to-server or
client-to-client encryption.

With client-to-server encryption I mean a connection from you to the
server, that prevents third parties who are not the server (i.e. AOL)
or you to evasdrop on what you send. Once the message reaches the
server, it is sent unencrypted to the recipient, unless he is also
using an encrypted link to the server. Typically, this is done through
TLS (Transport Layer Security) or similiar.

Client-to-client encrypted means that the message is encrypted by you
for the recipient and only the recipient can read it. The server won't
be able to decrypt it, and can only forward the encrypted message. In
the Open-Source-World, GPG (GNU Privacy Guard) is often used for this
task.

Ultimately what I can tell you is that:
1. Privacy and encryption are no trivial matters
2. The most important thing apart from knowing how-to is knowing whom to trust.
3. You cannot prevent a person that reads a message from logging it -
he/she could copy it down on a sheet of paper, for all you know.
4. If you are concerned about this, read AOLs privacy policy (they
have a bad track record on that issue) or better, ditch AIM.

An alternative would be using an XMPP ("Jabber") Messenger. PSI (found
at <http://www.psi-im.org>) is an open and free Jabber-client, that
supports encryption to the server and in beta versions,
client-to-client encryption. Instead of one server run by a big
company, there many smaller servers, it should be possible to find one
that you can trust. Finally it runs on Windows, Mac and other
platforms.