[12956] in cryptography@c2.net mail archive
Re: Logging of Web Usage
daemon@ATHENA.MIT.EDU (Ben Laurie)
Thu Apr 3 13:46:24 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Thu, 03 Apr 2003 14:04:14 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: John Young <jya@pipeline.com>
Cc: cypherpunks@lne.com, cryptography@wasabisystems.com
In-Reply-To: <E190oQp-0007pI-00@smtp10.atl.mindspring.net>
John Young wrote:
> Ben,
>
> Would you care to comment for publication on web logging
> described in these two files:
>
> http://cryptome.org/no-logs.htm
>
> http://cryptome.org/usage-logs.htm
>
> Cryptome invites comments from others who know the capabilities
> of servers to log or not, and other means for protecting user privacy
> by users themselves rather than by reliance upon privacy policies
> of site operators and government regulation.
>
> This relates to the data retention debate and current initiatives
> of law enforcement to subpoena, surveil, steal and manipulate
> log data.
I don't have time right now to comment in detail (I will try to later),
but it seems to me that, as someone else commented, relying on operators
to not keep logs is really not the way to go. If you want privacy or
anonymity, then you have to create it for yourself, not expect others to
provide it for you.
Of course, it is possible to reduce your exposure to others whilst still
taking advantage of privacy-enhancing services they offer. Two obvious
examples of this are the mixmaster anonymous remailer network, and onion
routing.
It seems to me if you want to make serious inroads into privacy w.r.t.
logging of traffic, then what you want to put your energy into is onion
routing. There is _still_ no deployable free software to do it, and that
is ridiculous[1]. It seems to me that this is the single biggest win we
can have against all sorts of privacy invasions.
Make log retention useless for any purpose other than statistics and
maintenance. Don't try to make it only used for those purposes.
Cheers,
Ben.
[1] FWIW, I'd be willing to work on that, but not on my own (unless
someone wants to keep me in the style to which I am accustomed, that is).
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com