| Logging Information |
Skip to "Logging Examples" section below if you just want to know what we log and for how long.
Why don't we market as anonymous with no logging?
It's pure marketing hype. It's not possible for a paid service to provide iron clad anonymity nor to operate without a single log anywhere. To even attempt to be able to back up the promises associated with lies like those the services claiming it have to alter the definitions both the word anonymity and the word no.
We'll explain. You pay for a service from someone. You connect to their servers. You have lost your anonymity just by connecting. They can look and see your IP connected to them. You are also doing everything through their machines. They own every machine you pass through. They can see everything you do through each of those machines if they want. That is not anonymous. You also probably pay them with paypal or a credit card, neither of which are anonymous. There is nothing anonymous here yet.
They must tie the payment info to the account to know who to update and they must be able to address stolen credit cards, bounced checks, fake money orders, and other fraud (they have to be able to remove the payment up to sixty days after it was made in case it turns out to be a chargeback). They'll also say trust them. Trust is not anonymous, anonymity actually implies a lack of trust. No need to trust anyone if no one knows who you are, which is what anonymous means. The simple fact that you must trust that they will not violate your privacy means that they know enough about you to be able to violate it, that's not anonymity.
They say to guarantee anonymity from them pay by cash. You still have to connect to them, they will know what IP connected to what account and what it did if they choose to do so. So to really guarantee anonymity with them you'll also have to connect to them anonymously. Wait a minute, if you have to pay anonymously and connect anonymously to get anonymity from them, well, hope you aren't paying them for anonymity. The definition of anonymity they use in their marketing apparently doesn't include being anonymous to them. They changed the definition of the word.
"No Logging! We don't even know what you do while using us." Another big marketing claim. Let me ask you this, if you just started using stolen credit cards everywhere for everything you could order, and you spread viruses, and spammed mail and/or guestbooks, and initiated denial of service attacks against the FBI, and sent bomb threats to the secret service, and tried to hack into the pentagon, and tried to solicit the young daughters of FBI agents for sex, and sent continuous racial epithets to Jesse Jackson, or did any of the myriad of other things that would cause complaints to anyone and everyone who would listen, how long do you think you would stay online? A month? You'd probably be taken off line in less time than that.
These services have the same issues, even more so because if you offer it someone will abuse it. Their servers will be rapidly disconnected if they cannot control abuse. Even if they tried to run with a "who cares" attitide they'd be down more than up because once it becomes known that abuse has no consequenses every scammer on the planet will flock to it and fast. This will force action by the service just to protect itself from the stolen credit cards and fraud committed to get an account, never mind pressure from any outside party.
They cannot just allow anything and everything. They have to have some control. They have to prevent abuse to stay online. Both to keep their internet connections and to stay financially solvent. So, they have to make sure the service doesn't become a haven for carders (who also pay them with a stolen credit card), nor does it become a haven for trading in child porn, nor that it allows unfettered threats of violence, nor spam, nor spreading of viruses, nor hacking, nor any sustained abuse.
How do they handle it? Account termination. They tell you so in their terms of service (don't do this, don't do that, or risk account term). That is not anonymous. That is not no records of your actions. Really anonymous without any records would mean you could send continuous threats to fire missles at incoming planes to the FAA and never get caught nor would they even know what account to terminate for doing it no matter how hard they looked.
Besides all this, there are many things on a server that log. Account payment records and updates - have to log those, what good is a service that doesn't know who paid for what and for how long. Processes log when they start and stop. Errors are logged. These error logs are critical to providing a reliable service and troubleshooting problems. Intrusion detection systems and firewalls log (an unsecured machine cannot even provide privacy, so they better have these and their logs). Many things keep records (logs).
They have changed the definition of the word no when they claim "No logs". They really mean "We don't log what you do in a tunnel" when they say "No Logging". Well, Cotse doesn't do that either. But there are a thousand other things that log on a system and many that can ID you. To say "No logging" because you don't log one specific thing while you do hundreds of others means that you have to alter the definition of "no" not to be lying.
You are 100% anonymous with us and "No logging" are both marketing lies designed to trick the neophyte. We feel that is dishonest. Paid privacy services are based upon trust, how can you trust a service who lies to you before you even sign up? This is why we don't make those claims. Instead we put everything on the table, below is the information we have on you when you use our service.
Logging Examples
We have standard SMTP transaction logs for our e-mail, every service that provides e-mail has these.
Ours roll (overwrite) every five days. A sample of what a standard SMTP transaction log looks like that would have
user information in it is here:
Nov 18 13:25:23 www mta[12345]: AUTH=server, relay=domain.com [127.0.0.1] (may be forged), authid=account, mech=<type
of auth>
Nov 18 13:25:23 www mta[12345]: XXXmpe12345: from=<from@domain.com>, size=405, class=0, nrcpts=1, msgid=<messageID>,
proto=ESMTP, daemon=TLSMTA, relay=domain.com [127.0.0.1] (may be forged)
Nov 18 13:25:23 www mta[12346]: XXXmpe12345: to=<mail@domain.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
pri=12345, relay=receivingmachine.domain.com. [receivingmachineIP], dsn=2.0.0, stat=Sent (iAIIPOAb089975 Message
accepted for delivery)
The content of the SMTP log is nothing different than what is already in the header of the message, sans authenticated
username, that is how we tell which account to terminate if someone decides to try to spam through us or sends a death threat, etc. (we think that is better than putting that info in the header for all to see).
We also
use them for support issues like "I sent/posted/etc this and it never made it". The logs are needed
so we can go look at them to see if the remote server accepted it or not, and if not, why. Without them the only answer we could
give would be "Sorry, can't help you", which isn't very good customer
support.
We have standard apache logs for our web site.
Every single web site has these logs. We use them to trace errors, to alert us to DoS and hacking attempts, and for website statistics. A sample standard apache log entry looks like this:
<connectingIP> - - [18/Nov/2004:13:22:47 -0500] "GET /index.html HTTP/1.1" 200 10210
Our proxy logs are standard too. We need them to trace errors, counter DoS and hacking attempts, etc. A sample of a proxy log:
127.0.0.1 - - [18/Nov/2004:13:42:05 -0500] "CONNECT www.domain.com:443 HTTP/1.0" 200 15088
(above is a https connection via a proxy, no target filenames, etc can be seen because the datastream is a direct
connection encrypted.)
127.0.0.1 - - [18/Nov/2004:13:41:40 -0500] "GET http://www.domain.com/file.html HTTP/1.0" 200 361
(above is a plain http connection, unlike https this is not an encrypted direct connection and the proxy is told
the filename to go retrieve)
Our proxy logs do not log your IP. The ip logged is ours because the requests all come from localhost.
Our SSH logs are also standard, a standard last log (last login from:). This is mostly for you, but allows us to also counter people attempting to guess their way into your account. A standard SSH log entry that would have user information in it looks like this:
accountname ttyp1 <connecting IP> Tue Nov 16 03:16 - 21:32 (1+18:15)
From the SSH logs we cannot tell what you did, where you went, or anything else, only that you connected to us
and for how long. This allows
you to see who last logged into your account (so you know someone else didn't break into your account) and enables us to autolockout repeated failed attempts at guessing passwords.
We have scripts monitoring all of our services for attacks, mostly anomaly and signature detection. We have scripts
that monitor performance and the services and servers themselves. They will trigger automatic failover to backup
servers in the event of system or service failure. They can and do automatically manage power as well, they are
able to automatically powercycle a machine if it locks up. All of these scripts work with the logs above, to some
extent, and those that have their own logs have absolutely no individual user identifiable information in them.
None of our logs record the datastream, as in contents of the email, web request, or SSH tunnel. We do not know
what you do in the SSH tunnel or any communications, only that you set up a tunnel or sent a message. You'll notice
that very little information is kept in the logs, only what is needed for the abuse issues, troubleshooting problems,
and anomaly/intrusion detection. All but the proxies are on a five day rotation (due to the size of the logs, proxies
are on a three day rotation). This means that at any given time we do not have any information in web and mail
logs for six days ago and no information from proxy logs for four days ago. |
|
|
|
|
