dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
7
JMJimmy
join:2008-07-23

1 edit

JMJimmy to RobOutback

Member

to RobOutback

Re: Voltage decision is in

said by RobOutback:

said by resa1983:

anyone stopping downloading on TSI now couldn't be sued after 3 months, as that's how long TSI retains records for..

That's what they claim. I wouldn't bet on it, though. A record of IP address, account name, and time connected doesn't take up much space. There's no maintenance reason for them to delete old logs. They may delete them after 3 months, but I bet it's not an automated process, and I bet that whomever does it may not even bother.

The 3 month claim is probably just their minimum retention period. Probably related to a backup retention period. That is, if they replace a server they'll lose the logs and just have the ones on a backup media for 3 months. But if they don't replace a server, logs may stick around for years.

I dunno, I'm just guessing based on how I saw maintenance and backups performed in Enterprise systems. We never deleted logs manually. The only stuff that got deleted were logs that had a maximum file size.

PEPIDA is one reason why, but without getting into the legal end of things you've got a funny idea of what "not a lot of space" is.

250,000 users * (x number of requests in a period * IP length) + user's IP + datetime stamp.

X is variable but lets say on average users do 3,000 page views per month * 50 requests per page. You're talking up to 1.57TB of data/month for HTTP traffic logs alone. Add in P2P and those numbers climb very quickly and the resources required to maintain the logs become more and more expensive.
RobOutback
join:2011-07-18

RobOutback

Member

said by JMJimmy:

said by RobOutback:

said by resa1983:

anyone stopping downloading on TSI now couldn't be sued after 3 months, as that's how long TSI retains records for..

That's what they claim. I wouldn't bet on it, though. A record of IP address, account name, and time connected doesn't take up much space. There's no maintenance reason for them to delete old logs. They may delete them after 3 months, but I bet it's not an automated process, and I bet that whomever does it may not even bother.

The 3 month claim is probably just their minimum retention period. Probably related to a backup retention period. That is, if they replace a server they'll lose the logs and just have the ones on a backup media for 3 months. But if they don't replace a server, logs may stick around for years.

I dunno, I'm just guessing based on how I saw maintenance and backups performed in Enterprise systems. We never deleted logs manually. The only stuff that got deleted were logs that had a maximum file size.

PEPIDA is one reason why, but without getting into the legal end of things you've got a funny idea of what "not a lot of space" is.

250,000 users * (x number of requests in a period * IP length) + user's IP + datetime stamp.

X is variable but lets say on average users do 3,000 page views per month * 50 requests per page. You're talking up to 1.57TB of data/month for HTTP traffic logs alone. Add in P2P and those numbers climb very quickly and the resources required to maintain the logs become more and more expensive.

Teksavvy doesn't log page views, so you're completely wrong. They only log time of the PPP connection, the IP address assigned to you, the total amount of download/uploaded byes, and minutes you were connected.

That's only a few bytes of data per user per day. At most, a few megabytes in total per day. It would take them about a year to fill up 1GB of space, which is inconsequential.
Expand your moderator at work

Guspaz
Guspaz
MVM
join:2001-11-05
Montreal, QC

Guspaz to RobOutback

MVM

to RobOutback

Re: Voltage decision is in

Except they have hundreds of thousands of users, and log usage data regularly (even if they don't compile it regularly). TekSavvy's usage checker has a checkered history (heh) because their usage database ended up with huge numbers of records, requiring large amounts of computing power to handle.
JMJimmy
join:2008-07-23

JMJimmy to RobOutback

Member

to RobOutback
said by RobOutback:

Teksavvy doesn't log page views, so you're completely wrong. They only log time of the PPP connection, the IP address assigned to you, the total amount of download/uploaded byes, and minutes you were connected.

That's only a few bytes of data per user per day. At most, a few megabytes in total per day. It would take them about a year to fill up 1GB of space, which is inconsequential.

All ISPs would have to log each request - otherwise how would the police be able to prove that a pedo downloaded an image/video. They couldn't do it by simply saying they were connected at a given time, they couldn't even do it if they logged page views as they could be browsing with images disabled or without the plugins required for video.
Expand your moderator at work

sbrook
Mod
join:2001-12-14
Ottawa

sbrook to JMJimmy

Mod

to JMJimmy

Re: Voltage decision is in

said by JMJimmy:

All ISPs would have to log each request - otherwise how would the police be able to prove that a pedo downloaded an image/video. They couldn't do it by simply saying they were connected at a given time, they couldn't even do it if they logged page views as they could be browsing with images disabled or without the plugins required for video.

The police seize computers and then do forensic analysis of the storage which includes deleted files etc. It's not done by logging individual page views etc.
MaynardKrebs
We did it. We heaved Steve. Yipee.
Premium Member
join:2009-06-17

MaynardKrebs

Premium Member

1) Encrypt the drive.
2) With enough RAM you can forget about having a swap file (in Windows anyway) so there's no traces there.
3) Put anything you consider sensitive into a separate encrypted container (either a container on the encrypted drive, or a separate outboard encrypted drive).
4) Secure erase Trash folders
5) Use Tools like Eraser (Win) to wipe/overwrite unused disk space, and to erase files.
6) Keep the machine off except when you're actually using it (that would typically be 60%+ of a day). This protects the encryption keys from memory scavenging.
7) Secure erase application log files and MRU lists (CCleaner can do this Mac/Win)

8) For the paranoid, use the computer in a Tempest rated room (and wear a tinfoil hat while you do).

shrugs
@videotron.ca

shrugs

Anon

said by MaynardKrebs:

8) For the paranoid, use the computer in a Tempest rated room (and wear a tinfoil hat while you do).

Tempest rated room does nothing if there is a bug in it to capture frequencies emitted from the keyboard.
(used to work in this cloak and dagger stuff for gov to prevent the Russians from capturing what is typed from across the street, or a dark van with tinted windows, or if they crawl up next to your igloo at that secret arctic radar station).

You need zero emission on the computer itself and that contained within a tempest rated room. Then you are golden. Unless the person behind you has a shoe-camera and the shoelace eyelets are really camouflaged camera lenses. But then we would take out the tinfoil and cover people shoes instead of their heads. Tinfoil hat stuff is for kids. Once you get into tinfoil body dressings then I know you are serious.

sbrook
Mod
join:2001-12-14
Ottawa

sbrook to MaynardKrebs

Mod

to MaynardKrebs
said by MaynardKrebs:

1) Encrypt the drive.
2) With enough RAM you can forget about having a swap file (in Windows anyway) so there's no traces there.
3) Put anything you consider sensitive into a separate encrypted container (either a container on the encrypted drive, or a separate outboard encrypted drive).
4) Secure erase Trash folders
5) Use Tools like Eraser (Win) to wipe/overwrite unused disk space, and to erase files.

That's exactly the kind of thing that police treat as "suspicious".

And then they will start digging deeper.
MaynardKrebs
We did it. We heaved Steve. Yipee.
Premium Member
join:2009-06-17

MaynardKrebs to shrugs

Premium Member

to shrugs
said by shrugs :

said by MaynardKrebs:

8) For the paranoid, use the computer in a Tempest rated room (and wear a tinfoil hat while you do).

Tempest rated room does nothing if there is a bug in it to capture frequencies emitted from the keyboard.
(used to work in this cloak and dagger stuff for gov to prevent the Russians from capturing what is typed from across the street, or a dark van with tinted windows, or if they crawl up next to your igloo at that secret arctic radar station).

You need zero emission on the computer itself and that contained within a tempest rated room. Then you are golden. Unless the person behind you has a shoe-camera and the shoelace eyelets are really camouflaged camera lenses. But then we would take out the tinfoil and cover people shoes instead of their heads. Tinfoil hat stuff is for kids. Once you get into tinfoil body dressings then I know you are serious.

4:40 in the clip

»www.youtube.com/watch?v= ··· cUvTM5pk