August 25, 2004 | By Annalee Newitz

No Logs Are Good Logs

Deep in the darkest heart of your servers, there live files known as logs. They contain all manner of intensely revealing information about people who use your systems. Web server logs might show which URLs somebody has visited, for how long, and what they wrote on an anonymous message board. Email server logs can even contain information about who is sending email to whom.

The truly scary thing is that many Online Service Providers (OSPs) don't realize they're collecting all this personal data in their logs. Or, if they do know, they have no policy in place to protect the privacy of the people whose online activities they've routinely been logging.

This data is of great interest to third parties, including attorneys pursuing cases, industry groups like the RIAA, and state and federal law enforcement. Under the USA PATRIOT Act, the government has greatly expanded powers to request this kind of information, and OSPs must respond to requests for private user data and logs. Yet complying with these demands threatens the OSP's goal of providing users with reliable, secure network services.

To help OSPs respond to these increasing legal pressures, EFF has written a white paper outlining best data-logging practices for OSPs. This is required reading for anyone who works at an OSP, or uses one -- in other words, just about everyone.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

.@zeynep Agreed. While key mgnt choices are complex & security critical, it may be unfair to call them backdoors. https://www.eff.org/deeplinks...

Jan 23 @ 6:52pm

EFF is on @CREDOMobile's January ballot! Your votes help us get more of the $150K+ donation pool. https://www.credodonations.co...

Jan 23 @ 5:22pm

Trump's nominee for Attorney General, Sen. Jeff Sessions, wants the government to be able to "overcome" encryption: https://www.eff.org/deeplinks...

Jan 23 @ 4:47pm
JavaScript license information