Support message I sent to Anonymizer

"I am considering purchasing your Total Net Shield package, but I really need to know the answers to a couple of questions, first.

Someone using your service MUST be having all those transactions LOGGED, correct?

(1) How long are those logs kept?

(2) Under what EXACT circumstances do you turn over those logs to anyone? A simple verbal request from a government or police agency? Or is a PROPER court order required before you do so?

(3) If you DO turn over the logs, is the encryption provided within the program itself sufficient to keep the log information FROM BEING OF ANY USE to the requesting agency? Or is any and all encryption used subject to any kind of "Key" use at your end?

Looking forward to hearing from you soon with specific, detailed answers to these questions (and, I'll be posting a copy of this message on the Wilders security website, along with any answers you provide when I get them).

If the "parameters of use/disclosure" are acceptable, I'll be the first one to buy it - AND promote it.

Likewise, the opposite is true. Yours truly, Pete Yevchak spy1@comporium.net"

I'll let you know what response - if any - I receive. Pete

 

Pete,
can't wait!!

Regards,
bill

 

Okay - here's the applicable portion of the response i got a few minutes ago (it sounds pretty darned good, to me):

"Dear Customer:

I understand your concern on this issue. No information connecting a user
name or the identity of a user (IP address for example) with the sites
being visited is ever kept any where in any form. Our log files do not
contain usernames or user IP addresses. Additionally, they are purged every
2 hours. Our own system administrators can not tell who is looking at what
sites even in real time with root access to the servers. The only
personally identifiable information we collect is user email addresses for
paying customers. For users who choose to pay by credit card we must
collect personal information such as the card number, expiration date, card
holders name, card verification value (CVV2) (except when using an American
Express card), and billing address for AVS security. User email addresses
are used exclusively to notify the user of changes to our services which
will affect the user directly, and to notify the user of the impending
expiration of the account. Credit card information is used exclusively for
payments, refunds, and charge backs and is kept within our credit card
processors database. Additionally, should we receive a subpoena requesting
information on a customers account we would be obligated by law to provide
all requested information, however because we keep no logs of your personal
data and the minimal logs we do keep are for a period no more than 48
hours, that information provided would also be minimal." Pete

 

Um - can someone lend me a hundred bucks, please? Pete

 

They haven't answered question 3

"(3) If you DO turn over the logs, is the encryption provided within the program itself sufficient to keep the log information FROM BEING OF ANY USE to the requesting agency? Or is any and all encryption used subject to any kind of "Key" use at your end?"

 

Not specifically, no - but given these statements:

"Our log files do not
contain usernames or user IP addresses. Additionally, they are purged every
2 hours.'"

and

"Additionally, should we receive a subpoena requesting
information on a customers account we would be obligated by law to provide
all requested information, however because we keep no logs of your personal
data and the minimal logs we do keep are for a period no more than 48
hours, that information provided would also be minimal."

I'm still feeling pretty good about them (the 2-versus-48 hour references confuse me a little, however). And, yes, they didn't flat-out answer that particular question in a chrystal-clear, detailed manner.

Notwithstanding, I would imagine that you could use your own program-of-choice for encryption of sensitive communications (email-or-IM-wise) and then use their service to send/receive those communications with the possibility of having them "broken" - by any means - reduced to virtually nothing. Pete

 

True, if you techniclly read it like that

 

I for one trust them and the main person behind them is at the forefront of privacy issues and an outspoken critic of things that interfere with that. I think you can find some older posts concerning them, one of which goes to a biography.