dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6951
share rss forum feed

Toastertech
Premium
join:2003-01-05
Trenton, ON

3 edits

Info: Length of time Canadian ISPs retain IP address logs

Starting a new thread vice possibly hijacking another just for information purposes, I will continue to try to find out the length of time that ISPs retain logs. So far I have only found out the following, keep in mind that in the future there may be a legal minimum requirement for retention.

Teksavvy - 3 months, future unknown at this time

Start Communications - 12 months (update - currently under review »IP logging retention ) 27 Dec 12

Bell Canada - so far the answer from the Bell Direct forum page, is that the information falls under the Bell Network and Security teams and is not available to Bell Direct. 27 Dec 12

Please feel free to chime in here if you have information on your ISP.

Edits: to add information/updates



hm

@videotron.ca

Electronic Box: refused to answer.
So we can assume a very long time.

See:
»Data Retention (Privacy policy)



Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC
kudos:22
reply to Toastertech

Nothing in the link you posted has any statement from anybody at eBox, so saying they "refused" would seem inappropriate.
--
Developer: Tomato/MLPPP, Linux/MLPPP, etc »fixppp.org



Hm

@electronicbox.net

Rather than being concerned about the length of time that the ISP's carry logs, why not simply VPN your connection somewhere where this simply doesn't matter?


Who7

join:2012-12-18
reply to Toastertech

I read in post in another thread that the guys below keep 30 day logs. It's not good enough, but better then TSI.

»www.broadlinenetworks.com/

Can anyone confirm that this is accurate?


Toastertech
Premium
join:2003-01-05
Trenton, ON
reply to Hm

Thanks for the suggestion Hm, actually have been considering using a VPN although I do not bit torrent so I do not upload or share anything.
Although I do wish the papers would stop saying the present situation with Voltage is about downloading when it appears to me as usual it is the uploading/sharing that will get you into trouble.
As for the log retention it is for information only, mostly because of the rather lengthy thread with regards to Tek's 90 day retention, although some ISPs appear to keep logs for much longer periods, sort of curious which ISPs will let us know their policy. (btw I am not currently a Tek customer)


Fyodor

join:2012-08-13
reply to hm

said by hm :

Electronic Box: refused to answer.
So we can assume a very long time.

See:
»Data Retention (Privacy policy)

I have also asked them about their logs a year ago and got no response.


hm

@videotron.ca
reply to Guspaz

said by Guspaz:

Nothing in the link you posted has any statement from anybody at eBox, so saying they "refused" would seem inappropriate.

He saw it. He refused to answer.
So it's appropriate.

Riplin

join:2002-05-13
canada
reply to Toastertech

Most ISP's will not divulge this info to you. Why? Because it gives the customer something to think about (aka power) and they don't want you thinking about not signing up with them. The less you know the better for them.


Toastertech
Premium
join:2003-01-05
Trenton, ON

Personally if the ISP will not share this information with a prospective customer, in my case (if I had a choice) it would work the opposite way and make that company an immediate "no go".


Who7

join:2012-12-18
reply to Toastertech

I hope everyone makes it public whatever response they get.

Having a company means that I know EXACTLY what makes a company take notice......$$$$$$

So if those of us who feel strongly about our privacy and are vocal start to spread the word about which companies take our privacy more seriously, it will hurt and send the me$$age we want.

Voltage expects the compliant ISP to hand over the sheep......so let's turn into wolve$.


Who7

join:2012-12-18

1 edit
reply to Fyodor

said by Riplin:

Most ISP's will not divulge this info to you. Why? Because it gives the customer something to think about (aka power) and they don't want you thinking about not signing up with them. The less you know the better for them.

Not if it becomes a sales point like speed and quatnity have become.

Remember, it's OUR money that they want and we have control....

Ree

join:2007-04-29
h0h0h0
kudos:1
reply to Hm

said by Hm :

Rather than being concerned about the length of time that the ISP's carry logs, why not simply VPN your connection somewhere where this simply doesn't matter?

Based on the flack I got in another thread, people are concerned about mistakes being made. So VPN will help the people doing things they shouldn't be, but it won't help the innocent people wrongly accused (which, much like prison, makes up most of the population of dslr!)

peterboro
Avatars are for posers
Premium
join:2006-11-03
Ormond Beach, FL
reply to Toastertech

said by Toastertech:

Personally if the ISP will not share this information with a prospective customer, in my case (if I had a choice) it would work the opposite way and make that company an immediate "no go".


PIPEDA
4. (1) This Part applies to every organization in respect of personal information that
(a) the organization collects, uses or discloses in the course of commercial activities;
8. (1) A request under clause 4.9 of Schedule 1 must be made in writing.
(2) An organization shall assist any individual who informs the organization that they need assistance in preparing a request to the organization.
(3) An organization shall respond to a request with due diligence and in any case not later than thirty days after receipt of the request.

4.9 Principle 9 — Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. Note: In certain situations, an organization may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement should be limited and specific. The reasons for denying access should be provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.

4.9.1 Upon request, an organization shall inform an individual whether or not the organization holds personal information about the individual. Organizations are encouraged to indicate the source of this information. The organization shall allow the individual access to this information. However, the organization may choose to make sensitive medical information available through a medical practitioner. In addition, the organization should provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed.

4.9.2 An individual may be required to provide sufficient information to permit an organization to provide an account of the existence, use, and disclosure of personal information. The information provided shall only be used for this purpose.

4.9.3 In providing an account of third parties to which it has disclosed personal information about an individual, an organization should attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, the organization should provide a list of organizations to which it may have disclosed information about the individual.

4.9.4 An organization shall respond to an individual's request within a reasonable time and at minimal or no cost to the individual. The requested information shall be provided or made available in a form that is generally understandable. For example, if the organization uses abbreviations or codes to record information, an explanation shall be provided.

4.9.5 When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the organization shall amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.

4.9.6 When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge should be recorded by the organization. When appropriate, the existence of the unresolved challenge should be transmitted to third parties having access to the information in question.

As part of the request specifically ask how long the retention logs are retained.

funny

join:2010-12-22
reply to Hm

said by Hm :

Rather than being concerned about the length of time that the ISP's carry logs, why not simply VPN your connection somewhere where this simply doesn't matter?

because after they all get you on vpns cause your not fighting anyhting they will then require by law all encryption keys be handed over to them... that's the goal and why they are largely silent on said issue.
YOU Better smarten up cause the end of being nice and cosy to them is near.


Whois

@teksavvy.com
reply to peterboro

Where exactly is there a requirement that an organization should log the activities of the customer?

News flash, that's what court orders are for in criminal investigations.


funny

join:2010-12-22
reply to Riplin

said by Riplin:

Most ISP's will not divulge this info to you. Why? Because it gives the customer something to think about (aka power) and they don't want you thinking about not signing up with them. The less you know the better for them.

would not a threat then of legal action as they are beholden to a privacy law and to make an informed choice on any actual contract all the options that can way in MUST be provided as there is case law that states that if one side knowingly holds back vital information that the contract can be null and void ergo there right to even have the data might be null if they dont tell you....banks have to tell you , your doctor has to provide your stuff the govt ....mostly unles syuo got terror links LOL...and this is why freeodm of information requests can be made as well.

funny

join:2010-12-22
reply to Toastertech

said by Toastertech:

Personally if the ISP will not share this information with a prospective customer, in my case (if I had a choice) it would work the opposite way and make that company an immediate "no go".

correct sounds fishy dont it...why bother with them if they cant even be honest to you about a simple thing as logging?
even evil bell and rogers will tell you
Expand your moderator at work


hm

@videotron.ca
reply to Toastertech

Re: Info: Length of time Canadian ISPs retain IP address logs

said by Toastertech:

sort of curious which ISPs will let us know their policy. (btw I am not currently a Tek customer)

All of them should (as peterboro pointed out). I'll contact privcom after New Years and ask some questions in regards to this and privacy policies. I didn't like what I saw from Ebox, so I'll use them as an example when I call privcom. And I'll use Start as an example for surpassing the need of data retention.

Have lots of questions that I am unsure of, so no choice but to call them and ask.


rocca
Start.ca
Premium
join:2008-11-16
London, ON
kudos:22

said by hm :

And I'll use Start as an example for surpassing the need of data retention.

Or maybe you could use Start as an example of how a simple customer request asking about our retention policy was answered by the CEO within an hour, who was completely forthcoming with the current policy and committed to shortening that period upon review. I'd imagine that if I was on the other side of that conversation I would think it was pretty cool to see how responsive and customer-focused that company was.

Just say'n.


hm

@videotron.ca

Oh i'm not knocking the openness on that part. Just answering people is above what a lot of other ISP's are doing, as we are seeing. But you are surely not the only one keeping data for a year. It wouldn't surprise me to see an ISP hanging on to data for even longer than this.

As I said, these will just be some examples. These aren't written complaints or anything. Just going to call for info. It's not like PIPEDA spells thing out either.

What is also troubling is that certain ISP's think that parts of their privacy policy are secret and for internal use only. Videotron did this (was in a press release), and it seems Ebox is similar but worse in many ways. So yeah I have a few ISP's I will be using as examples.

But if privcom tells me I can put these in writing as a complaint w/o being a customers of the various companies, then I will. Because Quite frankly, how are people suppose to know stuff if things are kept secret or the ISP owner refuses to answer (you are not in this boat).



dillyhammer
START me up
Premium,MVM
join:2010-01-09
Scarborough, ON
kudos:10
Reviews:
·Start Communicat..
reply to Toastertech

said by Toastertech:

Start Communications - 12 months, working on a system to possibly get rid of logs

My understanding is that they are reviewing the process to see if the length of time can be shortened, not gotten rid of.

I'm on auto-pilot at the moment, I'll let the next court date come and go at least, and see what flows from that.

I'm hoping I and the rest of us may be pleasantly surprised, though I'm not holding my breath.

Mike
--
Cogeco - The New UBB Devil -»[Burloak] Usage Based Billing Nightmare
Cogeco UBB, No Modem Required - »[Niagara] 40gb of "usage" while the modem is unplugged

Who7

join:2012-12-18
reply to rocca

said by rocca:

said by hm :

And I'll use Start as an example for surpassing the need of data retention.

Or maybe you could use Start as an example of how a simple customer request asking about our retention policy was answered by the CEO within an hour, who was completely forthcoming with the current policy and committed to shortening that period upon review. I'd imagine that if I was on the other side of that conversation I would think it was pretty cool to see how responsive and customer-focused that company was.

Just say'n.

Well.....yeah.....after you disparaged my baby face good looks by calling me a troll! LOL!

As you can see from all the posts, there is a pretty good business model brewing for a company that takes customer privacy to the next level. Now imagine all these people taking your industry leading privacy solution to multi-thousand member sports forums and social media. After all, that is how I learned about TSI and left Rogers after almost 2 decades.

MaynardKrebs
Premium
join:2009-06-17
kudos:4
reply to Toastertech

Actually, the questions ought to be in multiple parts:

1) Current log retention policy & proposed log retention duration
2) Does the ISP currently do DPI?
3) What is the ISP's stance on government mandated DPI, Bill C-30?
ie, do they conceptually support it, are they opposed, if opposed how much opposed .... blow with the wind or will they support a public fight against C-30?
4) What is the ISP's position vis-a-vis what their 'partners' (Bell/Rogers/Shaw/Telus) will do to sell out the customers of the indie ISP?

These are questions which help us gauge the commitment of the ISP to privacy.



rocca
Start.ca
Premium
join:2008-11-16
London, ON
kudos:22
reply to hm

said by hm :

Quite frankly, how are people suppose to know stuff if things are kept secret or the ISP owner refuses to answer (you are not in this boat).

Absolutely and I would not be surprised if the CRTC expanded their review on something like the 'wireless code of conduct' to all telecommunications providers in the future.


hm

@videotron.ca

said by rocca:

said by hm :

Quite frankly, how are people suppose to know stuff if things are kept secret or the ISP owner refuses to answer (you are not in this boat).

Absolutely and I would not be surprised if the CRTC expanded their review on something like the 'wireless code of conduct' to all telecommunications providers in the future.

Yup.

Also, I just may try and involve the CRTC after new years as well as Privcom. Privcom stated on many occasions that the CRTC is just as involved in all this as they are and are in complimentary roles. Privcom also stated the CRTC has more power than they do when it comes down to the privacy aspect of telecom.

So I have a lot of questions to ask them after new years. Now it's all a matter of who I get on the phone.

Toastertech
Premium
join:2003-01-05
Trenton, ON
reply to Toastertech

Updates, see original post


Toastertech
Premium
join:2003-01-05
Trenton, ON
reply to MaynardKrebs

MaynardKrebs, well put, if you do not mind I will include these questions in any inquires to ISPs going forward.

said by MaynardKrebs:

Actually, the questions ought to be in multiple parts:

1) Current log retention policy & proposed log retention duration
2) Does the ISP currently do DPI?
3) What is the ISP's stance on government mandated DPI, Bill C-30?
ie, do they conceptually support it, are they opposed, if opposed how much opposed .... blow with the wind or will they support a public fight against C-30?
4) What is the ISP's position vis-a-vis what their 'partners' (Bell/Rogers/Shaw/Telus) will do to sell out the customers of the indie ISP?

These are questions which help us gauge the commitment of the ISP to privacy.


Who7

join:2012-12-18

1 edit
reply to rocca

said by rocca See Profile
Absolutely and I would not be surprised if the CRTC expanded their review on something like the 'wireless code of conduct' to all telecommunications providers in the future.



Which of course would take it out of the political sphere. As a Conservative supporter, I can $cream in con$ervative ears...but absolutely vacuum in CRTC ears.

Big mistake was not limiting damages to simple loss of commercial value. I can see where someone downloaded a $5000 piece of software or an entire library of movies would pay the piper, but hardly a $1 business model to a 12 year old downloading a tune.

Of course, if the courts only award $100 damages, you can do something about that by charging $200 per IP for "administration".

Worse yet, politics being what it is, the next government will just leave it in place and blame the other guy.