Logging of Web Usage

Ben Laurie ben at algroup.co.uk
Thu Apr 3 08:04:14 EST 2003

John Young wrote:
> Ben,
> Would you care to comment for publication on web logging 
> described in these two files:
>   http://cryptome.org/no-logs.htm
>   http://cryptome.org/usage-logs.htm
> Cryptome invites comments from others who know the capabilities 
> of servers to log or not, and other means for protecting user privacy 
> by users themselves rather than by reliance upon privacy policies 
> of site operators and government regulation.
> This relates to the data retention debate and current initiatives 
> of law enforcement to subpoena, surveil, steal and manipulate
> log data.

I don't have time right now to comment in detail (I will try to later), 
but it seems to me that, as someone else commented, relying on operators 
to not keep logs is really not the way to go. If you want privacy or 
anonymity, then you have to create it for yourself, not expect others to 
provide it for you.

Of course, it is possible to reduce your exposure to others whilst still 
taking advantage of privacy-enhancing services they offer. Two obvious 
examples of this are the mixmaster anonymous remailer network, and onion 

It seems to me if you want to make serious inroads into privacy w.r.t. 
logging of traffic, then what you want to put your energy into is onion 
routing. There is _still_ no deployable free software to do it, and that 
is ridiculous[1]. It seems to me that this is the single biggest win we 
can have against all sorts of privacy invasions.

Make log retention useless for any purpose other than statistics and 
maintenance. Don't try to make it only used for those purposes.



[1] FWIW, I'd be willing to work on that, but not on my own (unless 
someone wants to keep me in the style to which I am accustomed, that is).

http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list