Skip to main content

Best Practices for Online Service Providers [old]

Note: This document has been updated and remains online for archival purposes only.

Online service providers (OSPs) are vital links between their users and the Internet, offering bandwidth, email, web, and other Internet services. Because of their centrality, however, OSPs face legal pressures from all sides: from users, industry, and government. Here we offer information for people who run and use OSPs in order to help them make sound, ethical decisions about how to safeguard private data and preserve freedom of expression online.

Legal and Technical Policy Suggestions for Data Logging

As an intermediary, the OSP finds itself in a position to collect and store detailed information about its users and their online activities that may be of great interest to third parties. The USA PATRIOT Act also provides the government with expanded powers to request this information. As a result, OSP owners must deal with requests from law enforcement and lawyers to hand over private user information and logs. Yet, compliance with these demands takes away from an OSP's goal of providing users with reliable, secure network services. In this paper, EFF offers some suggestions, both legal and technical, for best practices that balance the needs of OSPs and their users' privacy and civil liberties.

Software

logfinder 0.1 - Locate Log Files on Your Systems

Many system administrators don't know exactly what logs they have until they have looked into the question. Often, logging was enabled by defaults -- or by previous system administrators -- and so your systems may be keeping logs you never intended. We have created a program called logfinder as a simple means of locating files that might be logs on an existing system. logfinder uses regular expressions to find local files with "log-like" contents; you can customize those expressions if necessary to meet your needs.

logfinder requires Python 2 or greater and finds logs in text files on a POSIX-like system. (It might also find some log-like data in binary files if the binary files represent that data in textual form.)

ยป Download logfinder [16K tar.gz file] Feb 04, 2005

Other Resources

The developers at Riseup Labs have produced a useful set of Privacy Patches and Packages aimed at system administrators who want to retain less data. These tools modify popular open source packages to help you limit the amount of information you log.

JavaScript license information