August 25, 2004 | By Annalee Newitz

No Logs Are Good Logs

Deep in the darkest heart of your servers, there live files known as logs. They contain all manner of intensely revealing information about people who use your systems. Web server logs might show which URLs somebody has visited, for how long, and what they wrote on an anonymous message board. Email server logs can even contain information about who is sending email to whom.

The truly scary thing is that many Online Service Providers (OSPs) don't realize they're collecting all this personal data in their logs. Or, if they do know, they have no policy in place to protect the privacy of the people whose online activities they've routinely been logging.

This data is of great interest to third parties, including attorneys pursuing cases, industry groups like the RIAA, and state and federal law enforcement. Under the USA PATRIOT Act, the government has greatly expanded powers to request this kind of information, and OSPs must respond to requests for private user data and logs. Yet complying with these demands threatens the OSP's goal of providing users with reliable, secure network services.

To help OSPs respond to these increasing legal pressures, EFF has written a white paper outlining best data-logging practices for OSPs. This is required reading for anyone who works at an OSP, or uses one -- in other words, just about everyone.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Depende de los legisladores el rechazo al #TPP https://www.eff.org/es/deepli...

Feb 5 @ 8:04pm

Laura Poitras and her EFF lawyers stand with previously classified surveillance docs now on display at the Whitney

Feb 5 @ 11:55am

Activists say Twitter is 'leaving them in the dark' over state-sponsored attack claims: http://www.theguardian.com/te...

Feb 5 @ 10:46am
JavaScript license information