What informations do ISPs usually log?

Discussion in 'privacy problems' started by user405, Feb 24, 2013.

Thread Status:
Not open for further replies.
  1. user405

    user405 Registered Member

    Joined:
    Feb 23, 2013
    Posts:
    7
    Location:
    You don't want to know
    I am curious if anybody can share any information on what an ISP could possibly log or could be traced back to users.

    It's obvious there is a timestamp on your internet activity and usage of an IP address but what else is there?
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Well, for starters, if you use your ISP's DNS servers (rather than a neutral alternative like OpenDNS servers), then your ISP gets to log where you visit on the Internet.

    If your ISP uses Deep Packet Inspection (DPI), then if you are using Tor which even though it is encrypted, they can eventually identify where you visit on the Internet if they have the interest, time, money and storage to investigate your use of Tor or assist the authorities at their request.
     
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Do you have any link about this kind of attacks on TOR that involves only entry nodes? Or were you referring to the ISP as one of the links in an attack chain? Thanks!
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    This seems implausible. Traffic to your entry guard, which specifies (among other things) the next router in your circuit, is encrypted with the entry guard's key. Just seeing payloads with DPI wouldn't help. They'd just see encrypted data. In order to identify the next router in your circuit, they'd need to get your entry guard's private key, or break the encryption. Neither seems very likely.

    Even if your attacker accomplished that, they'd need to do the same for the next router in your circuit. And then, they'd need to do it again for the third. That seems altogether implausible.

    Alternatively, they'd need to collect data from enough of the Tor network to perform traffic analysis. Even with lots of data, traffic analysis is nontrivial for users. If you're operating a hidden service, they can send distinctive sequences of requests. It's also possible for hidden services to probe their users, but it's harder.

    Have I missed your point?
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    As I mentioned, it was purely an ISP thing to employ DPI to assist authorities at their request which should imply that there are more resources being employed behind the curtain (think Wizard of OZ)! Identification depends on the total collection of information which at that point would include traffic analysis (which would mean someone with the resources to do so).
     
  6. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,414
    Expect everything, and I do mean EVERYTHING is being logged, saved, and shipped of to the nation's intelligence agencies.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Indeed! But make that nations' ;)
     
  8. user405

    user405 Registered Member

    Joined:
    Feb 23, 2013
    Posts:
    7
    Location:
    You don't want to know
    I know that saying: You are never paranoid enough about your Internet privacy but what I was looking for was: what sort of information does an ISP log on a daily basis so to speak...

    From the responses above I deduct one could be DNS requests (Never thought about that). What else? :rolleyes:

    BTW I'm not a big fan of conspiracies (the government watching every move) so that Expect everything doesn't really work for me :D Sorry.:shifty:
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    They probably log all network conversations, at least. Likely variables:

    account ID
    start date and time
    end date and time
    local IP aka your assigned IP address
    remote IP aka server you connect to
    packets transmitted
    packets received
    bytes transmitted
    bytes received
     
  10. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    This is not the case if the circuit is encrypted end to end. The payload of the packet data is protected.

    Not true from an ISP stand point, it takes a lot of overhead and money to "log everything". Anyone here who has ever been blessed (sarcasm) with the pleasure of log aggregation will tell you. Even for a small cluster of nodes and a medium client base, you are taking multi-millions easily and if you are talking full PCAP for any reasonable legal time frame? You are talking petabytes. Then there is the storage server capacity, not to mention the arrays and maintenance, failure rates of hard drives/ repair costs...yuck. Now if you are using Google as your ISP, well their pockets are a little deeper then most, I'd expect them to tie more together to create a deeper profile of their client base.

    Regular ISPs will do the bare minimum to follow the laws (e.g log IP address to account unqiueID per date.) unless they can turn a profit from it, I do not see them dishing out such complex deployments anytime soon.
     
  11. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,414
    OK I admit I'm a little paranoid, but I suspect there is logging going on. They have to for gathering data about usage for plans that are capped.

    Maybe not EVERYTHING, but they still do log a bit. I think o_O o_O o_O
     
  12. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Oh no you are correct, there is indeed logging going on. At most mirimir hit the nail on the head with what would be logged (however I'd expect that level of detail with ISPs residing in countries with strict data retention laws).

    Which is why VPNs do come in handy if you are trying to give yourself an additional layer of privacy. ;)
     
  13. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,414
    EncryptedBytes do you think Tor traffic is logged? I think it is.
     
  14. user405

    user405 Registered Member

    Joined:
    Feb 23, 2013
    Posts:
    7
    Location:
    You don't want to know
    EncryptedBytes & mirimir thanks for clearing this up for me. :cool:

    Maybe in states like Iran, Syria, North Korea etc. But in western countries unless you have been flagged I don't think there is reason to do so.
     
  15. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I assume many US folks saw the recent reports about the "Copyright Alert System" going live. Perhaps I'm not the only one who thinks logging may have been increased in order to support that.
     
  16. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I don't think that TOR traffic is logged more than other types of traffic. :)
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I'm not sure about that. It's become clear that ISPs will merely be enforcers. IP industry consultants will still be joining torrent swarms to compile lists of "illegal downloaders". Their clients will provide lists of suspects to ISPs, and the ISPs will warn the suspect account holders. It does not appear that ISPs themselves will be snooping more on their customers, doing deep packet inspection, or whatever.
     
  18. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    There even Internet does not exist, being used just by goverment's agencies.
    And even if you go there for business, your pc gets confiscated upon arrival (togheter with all your electronic devices) and returned upon departure.
    I have a friend who went there few months ago. He told me unbelievable things.
     
  19. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Depends on the country in question honestly. I can see some ISPs in say Iran, China blocking known Tor ports, however logging the payload traffic of a user would again be futile unless you are talking about exit nodes.
     
Loading...
Thread Status:
Not open for further replies.