Support message I sent to Anonymizer

Discussion in 'privacy technology' started by spy1, Feb 25, 2004.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    "I am considering purchasing your Total Net Shield package, but I really need to know the answers to a couple of questions, first.

    Someone using your service MUST be having all those transactions LOGGED, correct?

    (1) How long are those logs kept?

    (2) Under what EXACT circumstances do you turn over those logs to anyone? A simple verbal request from a government or police agency? Or is a PROPER court order required before you do so?

    (3) If you DO turn over the logs, is the encryption provided within the program itself sufficient to keep the log information FROM BEING OF ANY USE to the requesting agency? Or is any and all encryption used subject to any kind of "Key" use at your end?

    Looking forward to hearing from you soon with specific, detailed answers to these questions (and, I'll be posting a copy of this message on the Wilders security website, along with any answers you provide when I get them).

    If the "parameters of use/disclosure" are acceptable, I'll be the first one to buy it - AND promote it.

    Likewise, the opposite is true. Yours truly, Pete Yevchak spy1@comporium.net"

    I'll let you know what response - if any - I receive. Pete
     
  2. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Pete,
    can't wait!!

    Regards,
    bill:)
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Okay - here's the applicable portion of the response i got a few minutes ago (it sounds pretty darned good, to me):

    "Dear Customer:

    I understand your concern on this issue. No information connecting a user
    name or the identity of a user (IP address for example) with the sites
    being visited is ever kept any where in any form. Our log files do not
    contain usernames or user IP addresses. Additionally, they are purged every
    2 hours. Our own system administrators can not tell who is looking at what
    sites even in real time with root access to the servers. The only
    personally identifiable information we collect is user email addresses for
    paying customers. For users who choose to pay by credit card we must
    collect personal information such as the card number, expiration date, card
    holders name, card verification value (CVV2) (except when using an American
    Express card), and billing address for AVS security. User email addresses
    are used exclusively to notify the user of changes to our services which
    will affect the user directly, and to notify the user of the impending
    expiration of the account. Credit card information is used exclusively for
    payments, refunds, and charge backs and is kept within our credit card
    processors database. Additionally, should we receive a subpoena requesting
    information on a customers account we would be obligated by law to provide
    all requested information, however because we keep no logs of your personal
    data and the minimal logs we do keep are for a period no more than 48
    hours, that information provided would also be minimal." Pete
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Um - can someone lend me a hundred bucks, please? :D Pete
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Very nice reply indeed! :cool:
     
  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    They haven't answered question 3

    "(3) If you DO turn over the logs, is the encryption provided within the program itself sufficient to keep the log information FROM BEING OF ANY USE to the requesting agency? Or is any and all encryption used subject to any kind of "Key" use at your end?"
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Not specifically, no - but given these statements:

    "Our log files do not
    contain usernames or user IP addresses. Additionally, they are purged every
    2 hours.'"

    and

    "Additionally, should we receive a subpoena requesting
    information on a customers account we would be obligated by law to provide
    all requested information, however because we keep no logs of your personal
    data and the minimal logs we do keep are for a period no more than 48
    hours, that information provided would also be minimal."

    I'm still feeling pretty good about them (the 2-versus-48 hour references confuse me a little, however). And, yes, they didn't flat-out answer that particular question in a chrystal-clear, detailed manner.

    Notwithstanding, I would imagine that you could use your own program-of-choice for encryption of sensitive communications (email-or-IM-wise) and then use their service to send/receive those communications with the possibility of having them "broken" - by any means - reduced to virtually nothing. Pete
     
  8. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    True, if you techniclly read it like that
     
  9. srfox

    srfox Registered Member

    Joined:
    Jul 25, 2003
    Posts:
    86
    Location:
    Los Angeles
    I for one trust them and the main person behind them is at the forefront of privacy issues and an outspoken critic of things that interfere with that. I think you can find some older posts concerning them, one of which goes to a biography.
     
Loading...
Thread Status:
Not open for further replies.