dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8654
share rss forum feed
Expand your moderator at work

bt

join:2009-02-26
canada
kudos:1
Reviews:
·Start Communicat..
reply to globus9991

Re: Why is Tek still keeping logs???

said by globus9991:

said by bt:

said by globus9991:

Here we go again. As I explained above, there are NO *valid* business / technical or legal reasons to keep logs. Please don't repeat this without arguments to support your point of view.

Opinion

Seriously???

I'll agree that the matter of law isn't opinion, but neither of us are lawyers with full knowledge of the relevant areas of practice.

Sure, tech issues can be logged after they're noticed. But there is always a business case to be made for being proactive instead of reactive. A good enough business case to outweigh the downsides/costs/etc? That's the golden question.

It is your opinion that when it comes to logging, the risks outweigh the benefits of being proactive. A customer getting one of these emails will probably agree with you. But the customer calling in and being told that they need to suffer through some intermittent issue for a few more days so there are logs that support can go over might disagree with your opinion.

So yes - seriously.

globus9991

join:2004-11-14
Argelia
reply to TSI Gabe

said by TSI Gabe:

We need logs for many other reasons.

Spammers, abuse, troubleshooting. Usage.

We also get court ordered abuse/hacking cases unrelated to copyright.

Spammers, abuse, troubleshooting are all tech reasons. If they happened, how exactly will this help you? What's done is done. If they are happening then you can log specifically on or about the problem. Clever ISPs use trigger software instead of logs. Logs are cumbersome and obsolete. Real-time or near-real time is the way to go. This is *exaclty* what the Swedis ISPs did and it worked OK for them. Not need to have widespread logging.

Usage? You don't need to log IPs. Just session start, end and bytes transferred (if the account is limited). Many ISPs do just that.

Court orders? Sure. But *only* when you receive one. If you don't have any logs then you simply report so. If this is not the case, please provide a reference to at least 1 Canadian Law that mandates widespread logging.

Funky_

join:2004-06-05
Canada
Reviews:
·TekSavvy DSL
reply to globus9991

I don't want to be an ass and tell TekSavvy how to do their jobs. But I agree with globus9991.

There are ways around the technical aspects of requiring logs. No IPs needs to be logged. They can use account IDs and such instead. If someone is having a technical issue and having the IPs logged would help with solving that issue then the logging can be enabled temporarily for that specific reason.

They can also lower the retention time and enable longer times for specific users if required by law.


globus9991

join:2004-11-14
Argelia
reply to bt

said by bt:

Sure, tech issues can be logged after they're noticed. But there is always a business case to be made for being proactive instead of reactive. A good enough business case to outweigh the downsides/costs/etc? That's the golden question.

It is your opinion that when it comes to logging, the risks outweigh the benefits of being proactive. A customer getting one of these emails will probably agree with you. But the customer calling in and being told that they need to suffer through some intermittent issue for a few more days so there are logs that support can go over might disagree with your opinion.

So yes - seriously.

No, not seriously.
Then, how did the Swedish ISPs do it?
I didn't see an uproar in swedish customers when they stopped logging. On the contrary, I saw a healthy support from them to the ISPs that had the vision to and the ba**s to stop this practice. Besides, where does it stop?
How many fishing expeditions from shark lawyers do we have to endure before a meaningful law/regulation is enacted? Why suffer through all that if ISPs can fix it overnight.
As to a customer not getting its issue fixed overnight, don't get me laughing!!! Did you actually worked for IT??? I can pretty much guarantee that NOTHING gets solved overnight. Furthermore, it is much more time efficient to turn logging on for a specific customer when a complaint is received than to spend countless hours wading through logs. Real-time or near-real-time is the way to go.


TSI Gabe
Premium,VIP
join:2007-01-03
Chatham, ON
kudos:6

Wow, i'll come back when things calm down.


bt

join:2009-02-26
canada
kudos:1
Reviews:
·Start Communicat..

1 edit
reply to globus9991

said by globus9991:

Then, how did the Swedish ISPs do it?

Differently. That they have been successful with such methods just means that it's a valid method, it doesn't mean it's the only method. And if it's better or worse is a matter of opinion.

said by globus9991:

As to a customer not getting its issue fixed overnight, don't get me laughing!!!

Didn't say that.

said by globus9991:

Did you actually worked for IT???

Yes. For (gasp) an ISP! And (gasp) not as a phone drone!

said by globus9991:

I can pretty much guarantee that NOTHING gets solved overnight. Furthermore, it is much more time efficient to turn logging on for a specific customer when a complaint is received than to spend countless hours wading through logs. Real-time or near-real-time is the way to go.

Again, never said anything about an issue being solved right away, or overnight, because of the existence of logging.

MFido

join:2012-10-19
kudos:2
reply to TSI Gabe

said by TSI Gabe:

Wow, i'll come back when things calm down.

Give them a hand .... and they will tell you how to run your business ... LOL

kovy

join:2009-03-26
kudos:8
reply to globus9991

Why did you sign with Teksavvy if you knew they logged things ?


globus9991

join:2004-11-14
Argelia

1 edit

said by kovy:

Why did you sign with Teksavvy if you knew they logged things ?

Because everybody else is quite worst ... given my choices.
But you are missing the point.
Tek should be jumping at this opportunity.
The basic rule of business is that you want to differentiate yourself from your competition.
Now that this is all over the news, can you imagine the sales boost that Tek would have if it would be to announce a new: "no logging" policy?
Free marketing!
Free advertisement!
This kind of "press" you can't get even paying for it.
Alas, Tek is blind by design. They can't see beyond their CYA policies.
That's the point of this post.

globus9991

join:2004-11-14
Argelia
reply to bt

said by bt:

said by globus9991:

Then, how did the Swedish ISPs do it?

Differently. That they have been successful with such methods just means that it's a valid method, it doesn't mean it's the only method. And if it's better or worse is a matter of opinion.

Well, I worked with both methods and I can tell you from experience that what you want is a near instantaneous alarm when things go wrong (or appear to go wrong) than find out a few days after the fact when the damage is done and have to wad through a few Gigs worth of logs. Yes, heuristic, near-real-time software is better. It is adaptable and/or rule-based. It can look for new forms of abuse or detect subtleties. You can see, in real-time what's going on. Those are all things that logs can't do. Yes. it is a superior method.

said by bt:

said by globus9991:

Did you actually worked for IT???

Yes. For (gasp) an ISP! And (gasp) not as a phone drone!

Well.. my office had a phone (IP based, of course) but I didn't use it that much. Spent most of the time with hardware / software. Besides, the drone part was mainly outsourced, so I wouldn't know.

said by bt:

said by globus9991:

I can pretty much guarantee that NOTHING gets solved overnight. Furthermore, it is much more time efficient to turn logging on for a specific customer when a complaint is received than to spend countless hours wading through logs. Real-time or near-real-time is the way to go.

Again, never said anything about an issue being solved right away, or overnight, because of the existence of logging.

No, but you implied that by having logs things would get solved faster. On average, they do not.

bt

join:2009-02-26
canada
kudos:1
Reviews:
·Start Communicat..

said by globus9991:

said by bt:

said by globus9991:

Then, how did the Swedish ISPs do it?

Differently. That they have been successful with such methods just means that it's a valid method, it doesn't mean it's the only method. And if it's better or worse is a matter of opinion.

Well, I worked with both methods and I can tell you from experience that what you want is a near instantaneous alarm when things go wrong (or appear to go wrong) than find out a few days after the fact when the damage is done and have to wad through a few Gigs worth of logs.

Oh, I agree on that. But I've seen many situations where you need to wade through logs to find out what the cause of the problem is. You can do that a lot sooner if the logs already exist.

Real-time is better for spotting problems. Logs are better for spotting causes.

said by globus9991:

Yes, heuristic, near-real-time software is better. It is adaptable and/or rule-based. It can look for new forms of abuse or detect subtleties. You can see, in real-time what's going on. Those are all things that logs can't do. Yes. it is a superior method.

And real-time can't give you a history to back-track through when necessary. The superior method for troubleshooting (so not getting into cost analysis, legal issues, etc, which bring further pros and cons to each method) is a combination of both real-time and logging.
Expand your moderator at work

The Mongoose

join:2010-01-05
Toronto, ON
Reviews:
·TekSavvy Cable
reply to TSI Gabe

Re: Why is Tek still keeping logs???

said by TSI Gabe:

Wow, i'll come back when things calm down.

Gabe, if you can ignore the lunacy and help us have a calm discussion about this, I can assure you that most of us appreciate it. To your knowledge, is the 90 day logging window here to stay? Is there any momentum towards shortening (or lengthening) the window?

globus9991

join:2004-11-14
Argelia
reply to bt

said by bt:

Oh, I agree on that. But I've seen many situations where you need to wade through logs to find out what the cause of the problem is. You can do that a lot sooner if the logs already exist.

Real-time is better for spotting problems. Logs are better for spotting causes.

Yes, but with a properly configured real-time software, it starts logging when the issue is first detected. And, it intelligently logs only relevant packets. For any intent and purposes, you are loosing almost no important information to determine causality.

said by bt:

And real-time can't give you a history to back-track through when necessary. The superior method for troubleshooting (so not getting into cost analysis, legal issues, etc, which bring further pros and cons to each method) is a combination of both real-time and logging.

Not in my experience. Widespread logs area always a headache. They do suffer as you said, from, cost analysis, troubleshooting, legal, storage, backup and a myriad of other issues.

When I am looking at a log, I want the min info that will be useful, and just the timeframe that is useful. Everything else is just a pain in the neck and not worth my time.

Real-time is the way to go. That's how most *modern* data-centers do it.

globus9991

join:2004-11-14
Argelia
reply to The Mongoose

said by The Mongoose:

said by TSI Gabe:

Wow, i'll come back when things calm down.

Gabe, if you can ignore the lunacy and help us have a calm discussion about this, I can assure you that most of us appreciate it. To your knowledge, is the 90 day logging window here to stay? Is there any momentum towards shortening (or lengthening) the window?

Or canceling this policy altogether? (Yes, I am ignoring you MG)

voxframe

join:2010-08-02
reply to globus9991

Ditto on the calming down.

Gabe is this something you could ask/present?

I realize logging is needed for troubleshooting etc, but is it in fact 100% obligatory by law? I understand that it is useful for keeping hacking etc under control as well, but theoretically speaking, are we (as ISPs) obliged by law to do it.

I ask this more as my position as a small ISP as well. I have not been able to get 100% concrete answers to this very question either. If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less to fund all the effort it takes in managing it and dealing with requests such as this. If I could give a blanket "Sorry the logs don't exist, f*** off" reply I'd be much happier.)

No it's not a nice truth, but it's the truth.


globus9991

join:2004-11-14
Argelia

said by voxframe:

Ditto on the calming down.

Gabe is this something you could ask/present?

I realize logging is needed for troubleshooting etc, but is it in fact 100% obligatory by law? I understand that it is useful for keeping hacking etc under control as well, but theoretically speaking, are we (as ISPs) obliged by law to do it.

I ask this more as my position as a small ISP as well. I have not been able to get 100% concrete answers to this very question either. If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less to fund all the effort it takes in managing it and dealing with requests such as this. If I could give a blanket "Sorry the logs don't exist, f*** off" reply I'd be much happier.)

No it's not a nice truth, but it's the truth.

That's the spirit!!!
That's one that get's it!!!
And no, you network does not have to be a cesspool.
Congrats!!

bt

join:2009-02-26
canada
kudos:1
Reviews:
·Start Communicat..
reply to globus9991

said by globus9991:

Yes, but with a properly configured real-time software, it starts logging when the issue is first detected. And, it intelligently logs only relevant packets. For any intent and purposes, you are loosing almost no important information to determine causality.

Even properly configured, it can miss out on earlier stages that a human eye might spot (with the benefit of hindsight).

It's only as good as the person who programmed it, and only knows what that person thought of making it know.

said by globus9991:

said by bt:

And real-time can't give you a history to back-track through when necessary. The superior method for troubleshooting (so not getting into cost analysis, legal issues, etc, which bring further pros and cons to each method) is a combination of both real-time and logging.

Not in my experience. Widespread logs area always a headache. They do suffer as you said, from, cost analysis, troubleshooting, legal, storage, backup and a myriad of other issues.

Real-time also suffers from cost analysis, troubleshooting, etc. Not all of the issues are the same, but there are just as many of them.

said by globus9991:

When I am looking at a log, I want the min info that will be useful, and just the timeframe that is useful. Everything else is just a pain in the neck and not worth my time.

Basic log viewing software can help with that. I'm not saying you should be popping the log open in notepad and going through it line by line...

The Mongoose

join:2010-01-05
Toronto, ON
Reviews:
·TekSavvy Cable
reply to voxframe

Vox,

I've been reading up on this and can't find anything legally obliging an ISP to keep logs. They certainly aren't obligated to in the USA, but most of them do...the bigger the ISP, the longer the logging window.

The reason seems to be that law enforcement gets fairly snippy in the US if you trim back the logging window. Given that we're talking about the land of the Patriot Act and quite a bit of anti-terror snooping, that's not really surprising. So even though they don't have to most ISPs do log...for the reasons Gabe gave, plus a desire not to instigate any friction with law enforcement agencies that can make life difficult.

I'm still looking for concrete rules in Canada. Oddly some privacy regulations like PIPEDA actually require companies to retain certain information, even though the primary purpose of the regulation is supposed to be privacy protection.

I'll let you know if I come across anything concrete...hopefully you're allowed to just turn off the logs.



TSI Gabe
Premium,VIP
join:2007-01-03
Chatham, ON
kudos:6
reply to voxframe

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

Funky_

join:2004-06-05
Canada
Reviews:
·TekSavvy DSL

said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

Would it be possible to selectively log IPs? I'm also fighting to understand how logging IPs help to curtail becoming a "cesspool" when you could just use some other identifier that isn't accessible to the public instead.

globus9991

join:2004-11-14
Argelia
reply to bt

said by bt:

said by globus9991:

Yes, but with a properly configured real-time software, it starts logging when the issue is first detected. And, it intelligently logs only relevant packets. For any intent and purposes, you are loosing almost no important information to determine causality.

Even properly configured, it can miss out on earlier stages that a human eye might spot (with the benefit of hindsight).

It's only as good as the person who programmed it, and only knows what that person thought of making it know.

Earlier stages are overrated. In real life there is very little difference if you catched the first 50 or so packets or not, considering that you got the other 10.000 or so. That's my experience.

said by bt:

said by globus9991:

said by bt:

And real-time can't give you a history to back-track through when necessary. The superior method for troubleshooting (so not getting into cost analysis, legal issues, etc, which bring further pros and cons to each method) is a combination of both real-time and logging.

Not in my experience. Widespread logs area always a headache. They do suffer as you said, from, cost analysis, troubleshooting, legal, storage, backup and a myriad of other issues.

Real-time also suffers from cost analysis, troubleshooting, etc. Not all of the issues are the same, but there are just as many of them.

Again, not in my experience, not to that degree. Sure, you still need human interaction to actually decode and give significance to what's happening, but with an intelligent system you get a head's up about possible causes instantaneously. Let's say that somebody is abusing port 25. You will know instantly by the packet analysis of the software that somebody is probably spamming. By log alone, well, it can take a while to figure out the pattern.

said by bt:

said by globus9991:

When I am looking at a log, I want the min info that will be useful, and just the timeframe that is useful. Everything else is just a pain in the neck and not worth my time.

Basic log viewing software can help with that. I'm not saying you should be popping the log open in notepad and going through it line by line...

Obviously, but even the fanciest log analyzers are just sophisticated filters. They are not good at pattern recognition. Heuristic software is. Heck! it can even detect patterns based on how normal packets are affected by abusing packets! It can do statistical analysis far beyond what a simple log analyzer can do.

analog andy

join:2005-01-03
Surrey, BC
reply to globus9991

If you're asking TS to not keep logs because you want to break copyrights I don't think they'll care much for your request.

As a business they have to protect themselves so keeping logs of whats going on on their networks is good.

The main thing I'd want from my ISP is that they don't have over logs unless instructed by the courts/warrant.


The Mongoose

join:2010-01-05
Toronto, ON
Reviews:
·TekSavvy Cable
reply to TSI Gabe

said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

And therein lies the second-tier legal problem. Let's say there's no obligation to keep logs, so an ISP doesn't keep any. As a result a massive child pornography operation takes hold on their network. The RCMP busts it, and then mentions that had the ISP done even the least bit of due diligence this would never have happened, or at least would have made it far easier to stop.

Their reputation is destroyed by the press, and the RCMP decides to charge them with criminal negligence just for fun. So even though there was no requirement to keep logs, the law comes down on you anyways.

And this is just a simple scenario I came up with in 2 minutes. I bet Gabe can think of way, way worse.

globus9991

join:2004-11-14
Argelia
reply to analog andy

said by analog andy:

If you're asking TS to not keep logs because you want to break copyrights I don't think they'll care much for your request.

As a business they have to protect themselves so keeping logs of whats going on on their networks is good.

The main thing I'd want from my ISP is that they don't have over logs unless instructed by the courts/warrant.

Since you obviously did not bother reading the entire thread and do not understand the issue, I won't comment further.


TSI Gabe
Premium,VIP
join:2007-01-03
Chatham, ON
kudos:6
reply to The Mongoose

Speaking of which, we do also get child pornography court requests. I won't go into details obviously but every single one of them have been a few months in the past.

But yes Mongoose is correct on that point.


analog andy

join:2005-01-03
Surrey, BC
reply to globus9991

said by globus9991:

said by analog andy:

If you're asking TS to not keep logs because you want to break copyrights I don't think they'll care much for your request.

As a business they have to protect themselves so keeping logs of whats going on on their networks is good.

The main thing I'd want from my ISP is that they don't have over logs unless instructed by the courts/warrant.

Since you obviously did not bother reading the entire thread and do not understand the issue, I won't comment further.

Its perfectly clear to me you don't want them to keep logs so they don't give out your info to a copy right holder. I say who cares as long as they don't give it out without a warrant/forced by courts.

globus9991

join:2004-11-14
Argelia
reply to TSI Gabe

said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

Oh came on!
This is *really* bad piece of propaganda!
Really? Seriously?
Things @ Tek are in control *because* you log!!!???
As far as I can remember, most people are not even aware that Tek logs.

So, things are in control in real-time because you log and it will take you days to find a problem if one occurs, and that's assuming you are actually aware that's happening.

Uhu.... Seriously?

Fyodor

join:2012-08-13
reply to The Mongoose

said by The Mongoose:

said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

And therein lies the second-tier legal problem. Let's say there's no obligation to keep logs, so an ISP doesn't keep any. As a result a massive child pornography operation takes hold on their network. The RCMP busts it, and then mentions that had the ISP done even the least bit of due dilligence this would never have happened.

Their reputation is destroyed by the press, and the RCMP decides to charge them with criminal negligence just for fun. So even though there was no requirement to keep logs, the law comes down on you anyways.

And this is just a simple scenario I came up with in 2 minutes. I bet Gabe can think of way, way worse.

That wouldn't happen because communication providers are exempt from liability in cases like this.

If there's no log requirement in the Law then they can't sue you. That's how Law works. If the RCMP played their cards in that manner then Tek would be able to sue them for defamation.