dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer

Search Topic:
uniqs
8990
share rss forum feed


TSI Gabe
Router of Packets
Premium,VIP
join:2007-01-03
Gatineau, QC
kudos:7
reply to voxframe

Re: Why is Tek still keeping logs???

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

Funky_

join:2004-06-05
Canada
said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

Would it be possible to selectively log IPs? I'm also fighting to understand how logging IPs help to curtail becoming a "cesspool" when you could just use some other identifier that isn't accessible to the public instead.

globus9991

join:2004-11-14
Argelia
reply to bt
said by bt:

said by globus9991:

Yes, but with a properly configured real-time software, it starts logging when the issue is first detected. And, it intelligently logs only relevant packets. For any intent and purposes, you are loosing almost no important information to determine causality.

Even properly configured, it can miss out on earlier stages that a human eye might spot (with the benefit of hindsight).

It's only as good as the person who programmed it, and only knows what that person thought of making it know.

Earlier stages are overrated. In real life there is very little difference if you catched the first 50 or so packets or not, considering that you got the other 10.000 or so. That's my experience.

said by bt:

said by globus9991:

said by bt:

And real-time can't give you a history to back-track through when necessary. The superior method for troubleshooting (so not getting into cost analysis, legal issues, etc, which bring further pros and cons to each method) is a combination of both real-time and logging.

Not in my experience. Widespread logs area always a headache. They do suffer as you said, from, cost analysis, troubleshooting, legal, storage, backup and a myriad of other issues.

Real-time also suffers from cost analysis, troubleshooting, etc. Not all of the issues are the same, but there are just as many of them.

Again, not in my experience, not to that degree. Sure, you still need human interaction to actually decode and give significance to what's happening, but with an intelligent system you get a head's up about possible causes instantaneously. Let's say that somebody is abusing port 25. You will know instantly by the packet analysis of the software that somebody is probably spamming. By log alone, well, it can take a while to figure out the pattern.

said by bt:

said by globus9991:

When I am looking at a log, I want the min info that will be useful, and just the timeframe that is useful. Everything else is just a pain in the neck and not worth my time.

Basic log viewing software can help with that. I'm not saying you should be popping the log open in notepad and going through it line by line...

Obviously, but even the fanciest log analyzers are just sophisticated filters. They are not good at pattern recognition. Heuristic software is. Heck! it can even detect patterns based on how normal packets are affected by abusing packets! It can do statistical analysis far beyond what a simple log analyzer can do.

analog andy

join:2005-01-03
Surrey, BC
reply to globus9991
If you're asking TS to not keep logs because you want to break copyrights I don't think they'll care much for your request.

As a business they have to protect themselves so keeping logs of whats going on on their networks is good.

The main thing I'd want from my ISP is that they don't have over logs unless instructed by the courts/warrant.

The Mongoose

join:2010-01-05
Toronto, ON
reply to TSI Gabe
said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

And therein lies the second-tier legal problem. Let's say there's no obligation to keep logs, so an ISP doesn't keep any. As a result a massive child pornography operation takes hold on their network. The RCMP busts it, and then mentions that had the ISP done even the least bit of due diligence this would never have happened, or at least would have made it far easier to stop.

Their reputation is destroyed by the press, and the RCMP decides to charge them with criminal negligence just for fun. So even though there was no requirement to keep logs, the law comes down on you anyways.

And this is just a simple scenario I came up with in 2 minutes. I bet Gabe can think of way, way worse.

globus9991

join:2004-11-14
Argelia
reply to analog andy
said by analog andy:

If you're asking TS to not keep logs because you want to break copyrights I don't think they'll care much for your request.

As a business they have to protect themselves so keeping logs of whats going on on their networks is good.

The main thing I'd want from my ISP is that they don't have over logs unless instructed by the courts/warrant.

Since you obviously did not bother reading the entire thread and do not understand the issue, I won't comment further.


TSI Gabe
Router of Packets
Premium,VIP
join:2007-01-03
Gatineau, QC
kudos:7
reply to The Mongoose
Speaking of which, we do also get child pornography court requests. I won't go into details obviously but every single one of them have been a few months in the past.

But yes Mongoose is correct on that point.

analog andy

join:2005-01-03
Surrey, BC
reply to globus9991
said by globus9991:

said by analog andy:

If you're asking TS to not keep logs because you want to break copyrights I don't think they'll care much for your request.

As a business they have to protect themselves so keeping logs of whats going on on their networks is good.

The main thing I'd want from my ISP is that they don't have over logs unless instructed by the courts/warrant.

Since you obviously did not bother reading the entire thread and do not understand the issue, I won't comment further.

Its perfectly clear to me you don't want them to keep logs so they don't give out your info to a copy right holder. I say who cares as long as they don't give it out without a warrant/forced by courts.

globus9991

join:2004-11-14
Argelia
reply to TSI Gabe
said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

Oh came on!
This is *really* bad piece of propaganda!
Really? Seriously?
Things @ Tek are in control *because* you log!!!???
As far as I can remember, most people are not even aware that Tek logs.

So, things are in control in real-time because you log and it will take you days to find a problem if one occurs, and that's assuming you are actually aware that's happening.

Uhu.... Seriously?

Fyodor

join:2012-08-13
reply to The Mongoose
said by The Mongoose:

said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

And therein lies the second-tier legal problem. Let's say there's no obligation to keep logs, so an ISP doesn't keep any. As a result a massive child pornography operation takes hold on their network. The RCMP busts it, and then mentions that had the ISP done even the least bit of due dilligence this would never have happened.

Their reputation is destroyed by the press, and the RCMP decides to charge them with criminal negligence just for fun. So even though there was no requirement to keep logs, the law comes down on you anyways.

And this is just a simple scenario I came up with in 2 minutes. I bet Gabe can think of way, way worse.

That wouldn't happen because communication providers are exempt from liability in cases like this.

If there's no log requirement in the Law then they can't sue you. That's how Law works. If the RCMP played their cards in that manner then Tek would be able to sue them for defamation.


TSI Gabe
Router of Packets
Premium,VIP
join:2007-01-03
Gatineau, QC
kudos:7
reply to Funky_
said by Funky_:

said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

Would it be possible to selectively log IPs? I'm also fighting to understand how logging IPs help to curtail becoming a "cesspool" when you could just use some other identifier that isn't accessible to the public instead.

Not having any logs about something that happened in the past and turning it on after the fact won't do you any good.
--
TSI Gabe - TekSavvy Solutions Inc.
Authorized TSI employee ( »TekSavvy FAQ »Official support in the forum )

globus9991

join:2004-11-14
Argelia
reply to Funky_
said by Funky_:

said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

Would it be possible to selectively log IPs? I'm also fighting to understand how logging IPs help to curtail becoming a "cesspool" when you could just use some other identifier that isn't accessible to the public instead.

You can't log IP selectively fast enough. You need heuristic software to do it for you.


TSI Gabe
Router of Packets
Premium,VIP
join:2007-01-03
Gatineau, QC
kudos:7
said by globus9991:

You can't log IP selectively fast enough. You need heuristic software to do it for you.

Speaking of this heuristic software, please let me know which software can do so @ 100Gbps


TSI Gabe
Router of Packets
Premium,VIP
join:2007-01-03
Gatineau, QC
kudos:7
said by TSI Gabe:

said by globus9991:

You can't log IP selectively fast enough. You need heuristic software to do it for you.

Speaking of this heuristic software, please let me know which software can do so @ 100Gbps

And by that I'm assuming you are saying we need to implement DPI.

Funky_

join:2004-06-05
Canada
reply to TSI Gabe
said by TSI Gabe:

Not having any logs about something that happened in the past and turning it on after the fact won't do you any good.

I am super sorry if I don't have a proper understanding of how your system works (I am a developer so I sort of understand how things can be done).

What is stopping you from not logging IPs and using another identifier instead? This would end the lawsuits since you would be unable to trace an IP back to it's log and would allow you to troubleshoot any problems because you would be able to trace a user based on their customer ID for example.

Also, in the case of child porn... this is an issue I agree... but if the police determine someone might be dealing with it, I would have no objections to enabling IP logging on them.

Samgee

join:2010-08-02
canada
kudos:2
reply to globus9991
said by globus9991:

Oh came on!
This is *really* bad piece of propaganda!
Really? Seriously?
Things @ Tek are in control *because* you log!!!???
As far as I can remember, most people are not even aware that Tek logs.

So, things are in control in real-time because you log and it will take you days to find a problem if one occurs, and that's assuming you are actually aware that's happening.

Uhu.... Seriously?

He's referring to legal implications if they decided not to log. All the investigations would stop at them, and the pressure that could be placed on them because they are in a way obstructing an investigation aren't worth the benefits of not logging.

I'm not sure what you're advocating here glob? Are you for no logs and no way for police to investigate crimes that take place online?


TSI Gabe
Router of Packets
Premium,VIP
join:2007-01-03
Gatineau, QC
kudos:7
reply to Funky_
said by Funky_:

said by TSI Gabe:

Not having any logs about something that happened in the past and turning it on after the fact won't do you any good.

Also, in the case of child porn... this is an issue I agree... but if the police determine someone might be dealing with it, I would have no objections to enabling IP logging on them.

How would I enable logging on that person after the fact if I dont know who that person is to begin with?
--
TSI Gabe - TekSavvy Solutions Inc.
Authorized TSI employee ( »TekSavvy FAQ »Official support in the forum )

The Mongoose

join:2010-01-05
Toronto, ON
reply to Fyodor
said by Fyodor:

That wouldn't happen because communication providers are exempt from liability in cases like this.

If there's no log requirement in the Law then they can't sue you. That's how Law works. If the RCMP played their cards in that manner then Tek would be able to sue them for defamation.

Even so, I suspect that the lawsuit would be cold comfort after they went out of business because the Toronto Star painted them as enablers of child abuse. It's just not worth the risk for them. They're making a business decision here, one that isn't positive for some users. As customers we can:

1) Live with it and know that our privacy may be breached (but only by a court order)
2) Take steps to anonymize our internet use
3) Leave TSI for a company that has privacy rules more to our liking
4) Scream on internet message boards about how evil TSI is (not saying you're doing this, Fyodor)

Personally I lean towards #2. As for #3, I'm not sure if anyone knows of an ISP that explicitly does not keep any sort of IP logs. If so, it might provide a more dignified option for the people who are currently choosing option #4.

Funky_

join:2004-06-05
Canada
reply to TSI Gabe
said by TSI Gabe:

said by Funky_:

said by TSI Gabe:

Not having any logs about something that happened in the past and turning it on after the fact won't do you any good.

Also, in the case of child porn... this is an issue I agree... but if the police determine someone might be dealing with it, I would have no objections to enabling IP logging on them.

How would I enable logging on that person after the fact if I dont know who that person is to begin with?

I guess I'm wrong. If the only evidence the police have is the users IP well... they are out of luck. But if they they actually have the users name and address they could as you to enable the logging to gather further evidence...

I guess I think that someone should have a court order on them first before the logging happens. But hey... it's just my opinion.

Thanks for responding.

globus9991

join:2004-11-14
Argelia
reply to The Mongoose
said by The Mongoose:

said by TSI Gabe:

said by voxframe:

If it's not obliged by law, I would gladly do away with it on my network. (Yes I realize it gives birth to the network being the cesspool of the internet, but in all honesty I really couldn't care less

See that's the thing, on our scale things get *really* bad *real* quick if we allow this to happen.

And therein lies the second-tier legal problem. Let's say there's no obligation to keep logs, so an ISP doesn't keep any. As a result a massive child pornography operation takes hold on their network. The RCMP busts it, and then mentions that had the ISP done even the least bit of due diligence this would never have happened, or at least would have made it far easier to stop.

Their reputation is destroyed by the press, and the RCMP decides to charge them with criminal negligence just for fun. So even though there was no requirement to keep logs, the law comes down on you anyways.

And this is just a simple scenario I came up with in 2 minutes. I bet Gabe can think of way, way worse.

Oh came on!
Here we go again. The big boogie man of child pornography. Aren't you tired of using this kind of BS?
I mean, each time somebody can't find a rationale excuse to censor something they mention child porgnography!!
Have you actually seen the statistics for child pornography? It is more probable that you will die of a meteorite falling directly over your head than you will come across such an operation.

But fine, let's analyze the issue:
How *exactly* will logging solve this problem? By the time the RCMP asks the ISP, the damage is done. Your reputation is destroyed. The logs will have *exactly* ZILCH impact. The photos / videos whatever had been distributed. Oh... hold on... that would mean that the RCMP would not be able to catch the users right? Of course! the RCMP is stupid and would not let the ring operate until they find every one of them!
The RCMP is stupid and will shut down everything instead of asking a Judge to issue a warrant for the ISP to log. How silly of me.... Besides, I am sure the owners of such a ring are utterly stupid and won't hide their tracks. They will sing on to Tek using their real names and credit card numbers. Of course!!!

Now, let's go a ludicrous step further. Let's say that the RCMP actually decides to charge the ISP with criminal negligence and in the process shoot themselves in the foot. Of course! They are stupid. They will accuse of negligence to the very ISP whose records they need to prosecute offenders. How silly of me. I did not see this angle.

Really? Seriously???

For the umpteenth time.
Logs do nothing for you.
They are just retroactive records.
If the RCMP wants to get somebody, then they can very easily let the process play along and get a warrant for logging.

Sheesh!!

Samgee

join:2010-08-02
canada
kudos:2
reply to Funky_
said by Funky_:

I guess I'm wrong. If the only evidence the police have is the users IP well... they are out of luck. But if they they actually have the users name and address they could as you to enable the logging to gather further evidence...

I guess I think that someone should have a court order on them first before the logging happens. But hey... it's just my opinion.

Thanks for responding.

There may be something missing here. Teksavvy has not said they log online activity (what websites you visit, how much data is transferred). What they do have is the ability to link an IP address to a user account. Those are very very different things.

globus9991

join:2004-11-14
Argelia
reply to TSI Gabe
said by TSI Gabe:

Speaking of which, we do also get child pornography court requests. I won't go into details obviously but every single one of them have been a few months in the past.

But yes Mongoose is correct on that point.

Right!
And all of these people get prosecuted and found guilty right?
My point is that if there is a would-be offender, they will continue to do so and hence they are susceptible to logging going forward. There is no need for retroactive logs.

Samgee

join:2010-08-02
canada
kudos:2
said by globus9991:

said by TSI Gabe:

Speaking of which, we do also get child pornography court requests. I won't go into details obviously but every single one of them have been a few months in the past.

But yes Mongoose is correct on that point.

Right!
And all of these people get prosecuted and found guilty right?
My point is that if there is a would-be offender, they will continue to do so and hence they are susceptible to logging going forward. There is no need for retroactive logs.

Again, how do they know who the person is if IP logs don't exist to begin with?

Clarify what you think they should or should not be keeping track of please.


TSI Gabe
Router of Packets
Premium,VIP
join:2007-01-03
Gatineau, QC
kudos:7
reply to Samgee
And yes, I should probably clarify that. WE DON"T LOG what activity/web sites/whatever you browse.

Only that you were online using x IP at a certain time and downloaded X MB

BrianON

join:2011-09-30
Ottawa, ON
Reviews:
·TekSavvy Cable
reply to The Mongoose
Logging of IP address to subscriber/device information results in pretty small logs, often a kilobyte or less per subscriber/device over 90 days.

The basic information is useful for at least in the short term (14 days or less) in responding to or acting upon abuse complaints sent to the ISPs abuse email address which is listed against all the IP address blocks it owns. (example of registration information for one of Teksavvy's IP Addr blocks: »whois.domaintools.com/24.212.186 ··· 12.186.0). To ignore such messages risks getting address blocks or addresses added to various block lists.

Live monitoring of customer's activity seems worse to me than letting the traffic pass as is and responding to complaints.


TSI Gabe
Router of Packets
Premium,VIP
join:2007-01-03
Gatineau, QC
kudos:7
said by BrianON:

Logging of IP address to subscriber/device information results in pretty small logs, often a kilobyte or less per subscriber/device over 90 days.

The basic information is useful for at least in the short term (14 days or less) in responding to or acting upon abuse complaints sent to the ISPs abuse email address which is listed against all the IP address blocks it owns. (example of registration information for one of Teksavvy's IP Addr blocks: »whois.domaintools.com/24.212.186 ··· 12.186.0). To ignore such messages risks getting address blocks or addresses added to various block lists.

Live monitoring of customer's activity seems worse to me than letting the traffic pass as is and responding to complaints.

Exactly!
--
TSI Gabe - TekSavvy Solutions Inc.
Authorized TSI employee ( »TekSavvy FAQ »Official support in the forum )


TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:28
reply to TSI Gabe
Gabe, please get back to work

Gang, The retention of logs is for sure an issue central to all of this. 90 days, as it is now, is certainly not a long time.. for this motion that has been brought on us, it is what it is, it's too late. If you look around at what ISPs are doing... I'd assume we would be on the low range at 90 days.

Prior to this, we were planning on extending the retention to 6 months. Obviously that wont happen now or at least not without further contemplating these events.

Going forward, this is all new territory though, we need to understand exactly what's expected of us. To my mind the obvious factor is safety concerns.. past that, if we can find new ways to deal with stuff, I'm happy to do that.

Right this minute, I dont know what our ability is to make such changes. So, we need to let this play out some more.
--
Marc - CEO/TekSavvy
Expand your moderator at work

The Mongoose

join:2010-01-05
Toronto, ON
reply to Funky_

Re: Why is Tek still keeping logs???

said by Funky_:

I guess I'm wrong. If the only evidence the police have is the users IP well... they are out of luck. But if they they actually have the users name and address they could as you to enable the logging to gather further evidence...

I guess I think that someone should have a court order on them first before the logging happens. But hey... it's just my opinion.

Thanks for responding.

When it comes to copyright, I don't think the police ever get involved. A copyright troll logs an IP as being engaged in downloading copyrighted material. Said troll gets a court order for the ISP to reveal the name and address of the person who was using that IP at that time. The troll then attempts to extort money from the person who had the IP (who is probably the person downloading the content, though not definitely).

The copyright troll can only get the name and address from the ISP. Unfortunately the new laws make it easier for them to obtain that information. Clearly if the ISP kept no logs the trolls would be completely out of luck...but such a policy would have other, highly negative effects, as Gabe has pointed out. There's not perfect answer, unfortunately.

The Mongoose

join:2010-01-05
Toronto, ON
reply to BrianON
said by BrianON:

Logging of IP address to subscriber/device information results in pretty small logs, often a kilobyte or less per subscriber/device over 90 days.

The basic information is useful for at least in the short term (14 days or less) in responding to or acting upon abuse complaints sent to the ISPs abuse email address which is listed against all the IP address blocks it owns. (example of registration information for one of Teksavvy's IP Addr blocks: »whois.domaintools.com/24.212.186 ··· 12.186.0). To ignore such messages risks getting address blocks or addresses added to various block lists.

Live monitoring of customer's activity seems worse to me than letting the traffic pass as is and responding to complaints.

Damn right.