Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Government United States Technology Your Rights Online

FBI Pushing For 2-Year Retention of Web Traffic Logs 256

suraj.sun writes to tell us that the FBI is pushing to have ISPs keep detailed records of what web sites customers have visited for up to two years. Claiming a desire to combat "child pornography and other serious crimes," the FBI and others are pressing for increased data retention, which they have been doing since as early as 2006. "If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant. What remains unclear are the details of what the FBI is proposing. The possibilities include requiring an Internet provider to log the Internet protocol (IP) address of a Web site visited, or the domain name such as cnet.com, a host name such as news.cnet.com, or the actual URL such as http://reviews.cnet.com/Music/2001-6450_7-0.html. While the first three categories could be logged without doing deep packet inspection, the fourth category would require it. That could run up against opposition in Congress, which lambasted the concept in a series of hearings in 2008, causing the demise of a company, NebuAd, which pioneered it inside the United States."
This discussion has been archived. No new comments can be posted.

FBI Pushing For 2-Year Retention of Web Traffic Logs

Comments Filter:
  • by ravenspear ( 756059 ) on Friday February 05, 2010 @04:13PM (#31039468)
    Seriously is child pornography going to be trotted out for EVERY encroachment on privacy that we have to endure year after year?

    It's getting so old.
    • by Monkeedude1212 ( 1560403 ) on Friday February 05, 2010 @04:16PM (#31039520) Journal

      I think the government should no longer be able to tax me, to help combat child pornography and other serious crimes.

    • by ircmaxell ( 1117387 ) on Friday February 05, 2010 @04:17PM (#31039538) Homepage
      Welcome to the world of politics...

      Seriously though, what happens when you don't use the dns provider of the ISP (either running your own, or using a 3pd DNS provider)? Would that make anyone running their own DNS server (or an alternate third party) a suspicious person? They would only be able to log IP addresses then, and given the proliferation of mass shared hosts, how is this helpful? If a child porn site was on a godaddy server, and you go to another site on the same server, would you have to prove you went to the other site? More guilty until proven innocent...
      • In that case you would need deep packet inspection to get the URL as the summary states. If you don't have that then I assume yes you would not be able to prove anything.
        • by sopssa ( 1498795 ) * <sopssa@email.com> on Friday February 05, 2010 @04:33PM (#31039734) Journal

          And what about https? Or would it be mandatory for ISP's to do man-in-the-middle attack so they can store the data?

          • "Won't Get Fooled Again"

            We'll be fighting in the streets
            With our children at our feet
            And the morals that they worship will be gone
            And the men who spurred us on
            Sit in judgement of all wrong
            They decide and the shotgun sings the song

            I'll tip my hat to the new constitution
            Take a bow for the new revolution
            Smile and grin at the change all around
            Pick up my guitar and play
            Just like yesterday
            Then I'll get on my knees and pray
            We don't get fooled again

            The change, it had to come
            We knew it all along
            We were liberated from the fold, that's all
            And the world looks just the same
            And history ain't changed
            'Cause the banners, they are flown in the next war

            I'll tip my hat to the new constitution
            Take a bow for the new revolution
            Smile and grin at the change all around
            Pick up my guitar and play
            Just like yesterday
            Then I'll get on my knees and pray
            We don't get fooled again
            No, no!

            I'll move myself and my family aside
            If we happen to be left half alive
            I'll get all my papers and smile at the sky
            Though I know that the hypnotized never lie
            Do ya?

            Yeaaaaaaaaaaaaaaaaaaaaaaaaah!

            There's nothing in the streets
            Looks any different to me
            And the slogans are replaced, by-the-bye
            And the parting on the left
            Are now parting on the right
            And the beards have all grown longer overnight

            I'll tip my hat to the new constitution
            Take a bow for the new revolution
            Smile and grin at the change all around
            Pick up my guitar and play
            Just like yesterday
            Then I'll get on my knees and pray
            We don't get fooled again
            Don't get fooled again
            No, no!

            Yeaaaaaaaaaaaaaaaaaaaaaaaaah!

            Meet the new boss
            Same as the old boss

          •     I'd expect the logs would require IP's and/or hostnames.

                HTTP, it's trivial to sniff hostnames.
                HTTPS, it's trivial to see the destination IP.

                HTTPS only works one IP per host, so that gives a positive track to where they were going.

                Of course, domains change ownership, and IP's change, so what an IP is today, could be anything else tomorrow.

                I'm curious to if by "ISP", they mean the residential line providers, or both ends? At my old job, they'd end up with about 2Gb of log files per day per server. There were 15 redundant servers. That was just for one site. I don't even care to think about how much storage was required for all the logs across 150 servers. No, it didn't scale evenly. The web server logs were dumped every few hours, just so it didn't fill up the drives, but left enough for forensics, if we needed them.

                (15 * 2) * 365 * 2 = 21,900Gb. I would love to still be there, and have them ask for 22Tb of logs. :) I was joking with someone about how to deliver those. I suggested burnt CD's. 14,500 CD's would be fun to offer up. We then thought a little harder, and though paper tape would be the way to go. :) I know there would be better methods, but we were looking for the entertainment value in it. :) I'd feel really sorry for the guy who had to feed 14,500 CD's into a machine to burn for the feds on demand. :)

                Logistically, this would become a nightmare for almost any provider, except for mom & pop shops.

        • Re: (Score:3, Interesting)

          Deep packet inspection can be a very, very resource intensive thing. I seriously doubt that any such laws will be likely to require deep packet inspection. For one, it would put quite a few smaller ISPs out of business for good.

          I have a feeling I know why the FBI wants this. It used to be that all the traffic passed through telco routers owned by Verizon and AT&T. Nowadays, most traffic is being handled by companies like Level3 or UUNet. They had it easy with the telcos, who always had a close rela

      • by HangingChad ( 677530 ) on Friday February 05, 2010 @04:45PM (#31039880) Homepage

        Seriously though, what happens when you don't use the dns provider of the ISP (either running your own, or using a 3pd DNS provider)?

        I'm using Google's open DNS, but the ISP could still figure out where I was going. Which means the FBI can track anyone who doesn't know how to use TOR. And I'm guessing one of those three letter agencies figured out a man-in-middle type attack for that. So I guess that means you'll have to do the really nasty surfing at McDonald's, Starbucks or some other unsecured wi-fi connection.

        Whew, that was tough. I'm sure some of you could come up with even better alternatives. And to put people through that meager effort they're going to require your ISP to keep massive volumes of individually identifiable information for two years.

        Time for the FBI to face up to the fact they're only going to catch the stupid ones.

      • Comment removed (Score:4, Interesting)

        by account_deleted ( 4530225 ) on Saturday February 06, 2010 @01:35AM (#31043784)
        Comment removed based on user account deletion
    • Re: (Score:3, Insightful)

      When the bread has gotten stale enough, the government will open up a new loaf. This decade and the last were child porn, the decades before were drugs, the decades before those were communism. Hitler was not a phenomenon. He just knew how to keep the loaf fresher than most governments do.
      • by Nadaka ( 224565 )

        No, he just didn't get the chance for his loaf to go stale. He was in power for what? 12 years?

      • Re: (Score:2, Funny)

        by Anonymous Coward

        That gave me an idea for an album cover! This [wikipedia.org] [WARNING. Possibly NSFW: article includes an image of an album cover featuring a prepubescent girl, naked, in a vaguely suggestive pose.] isn't enough anymore. We need a picture of a naked child, drawn, not a photo of a real child, smoking pot, holding a stick of dynamite in one hand, and picture of Stalin in the other. The album title? How about "Censor This!"

    • Re: (Score:2, Insightful)

      The logs should be kept only for those willing to pay for it. This is an unrealistic legal requirement that the ISPs have the right to refuse.
    • Re: (Score:3, Funny)

      by Threni ( 635302 )

      That and terrorism. TERRORISM!!! What about TERRORPORN! Naked children with BOMBS! Won't someone please think of the photographs?

    • by dgatwood ( 11270 ) on Friday February 05, 2010 @04:31PM (#31039706) Homepage Journal

      No, but we're nowhere near the end of abuse of kiddie porn as a justification for invasion of privacy. I'm just waiting to see someone propose a law that requires children be photographed naked annually with the pictures stored in a national database so that they can more rapidly identify the victims of abuse. From a logical perspective, it's completely valid. From an ethical perspective, it's completely appalling.

      • Re: (Score:3, Interesting)

        by bzipitidoo ( 647217 )

        While they're at it, why not ask that vendors of red light cameras and security cameras keep 2 years of footage from every camera they install?

        Enforcers are always wishing to be allowed to do things they think will make their jobs easier. One of those things is the Fishing Expedition. Two times in over 20 years I've been held up where the police erected a roadblock ostensibly to check for drunk drivers, a valid driver's license, current inspection sticker, and current insurance. They didn't try to get

      • Re: (Score:3, Funny)

        by glwtta ( 532858 )
        From a logical perspective, it's completely valid. From an ethical perspective, it's completely appalling.

        From a pedophilia perspective, it's completely arousing.
    • by eln ( 21727 ) on Friday February 05, 2010 @04:33PM (#31039742)

      Seriously is child pornography going to be trotted out for EVERY encroachment on privacy that we have to endure year after year?

      Yes, because it works so well. Just try passing "The Invasion of Privacy Act of 2010" and you'll get laughed off the Senate floor. Present the exact same bill, only change the title to "Child Protection Against Predators Act of 2010" and it'll pass easily. If you can link your bill to child porn, then everyone who even dares to say a word against it is instantly labeled as a supporter of the sexual abuse of children. This is because whenever you say anything about child porn or child predators, the entire electorate completely loses the ability to think rationally and responds in a completely emotionally reactionary way. Emotionally reactionary people are extremely easy to manipulate.

      It's sort of funny how so many people who decry the loss of civil liberties in the name of "socialism" will gladly give up their civil liberties in the name of "protecting children".

      • Wizards's First Rule: "People are stupid; ..."
      • Re: (Score:3, Interesting)

        by happyslayer ( 750738 )

        Good "think of the children" dilemma for Haiti:

        Human trafficking, sex slavery, and other forms of abuse happen. When you start transporting large numbers of people over borders, it's pretty much inevitable that some are going to end up in a living hell.

        OTOH, kids in Haiti have lost parents, government has pretty much collapsed, and there will probably be plenty of horror stories of infection, disease, and abuse for the kids stuck in Haiti...in other words, children denied the opportunity to get out of the

    • so old it has now come of age...
    • by Locke2005 ( 849178 ) on Friday February 05, 2010 @04:54PM (#31040008)
      The people downloading "kitty porn" for free are doing nothing to encourage the creation of more of it. Go after the money trail instead -- the people that deserve to go to jail are the people that are paying for it, and I don't believe tracing the flow of funds requires monitoring every single internet connection. Also, laws are publicly recorded -- as soon as you announce you're going to start doing this, anybody that knows they are breaking a law is just going to start encrypting their connections and going through anonymous proxies, meaning that this technology is only effective against people who don't think they are doing anything wrong!
      • by Jah-Wren Ryel ( 80510 ) on Friday February 05, 2010 @06:00PM (#31040776)

        meaning that this technology is only effective against people who don't think they are doing anything wrong!

        Which perfectly suits the needs of 'law enforcement' - we've got a long history of them going after the defenseless and ignorant - like civil forfeiture laws where the property is charged with a crime (literally, lawsuits are titled like US vs One Jeep Wrangler I think being non-sentient qualifies as being 100% defenseless) or even the child porn laws where they go after kids for sexting pictures of themselves rather than hunt down the people who actually abuse kids in the manufacturing of child porn.

    • by Locke2005 ( 849178 ) on Friday February 05, 2010 @05:10PM (#31040240)
      Seriously is child pornography going to be trotted out for EVERY encroachment on privacy that we have to endure year after year? No, not every encroachment. The wars on terrorism, drugs, and gangs, will be trotted out for many other encroachments. "Terrorism" is already used to restrict your right to anonymous travel. Fighting gangs was used as an excuse for random checkpoints in California. And drugs... will, approximately half the people in jail in the US are there on drug related charges -- trust me, being in jail is a HUGE encroachment on your privacy!
      • Don't forget "illegal aliens" boogeyman - for all the ID tracking crap and the suspicion-less stops up to 50 miles from any border.

  • Think of the kids (Score:3, Insightful)

    by Dyinobal ( 1427207 ) on Friday February 05, 2010 @04:14PM (#31039482)

    Claiming a desire to combat "child pornography and other serious crimes" the FBI and others are pushing for increased data retention, which they have been doing since as early as 2006.

    ahh the old think of the kids line. It always works and people never have the guts to say that some things don't simply protect kids.

    • by TiggertheMad ( 556308 ) on Friday February 05, 2010 @04:32PM (#31039726) Journal
      ahh the old think of the kids line. It always works and people never have the guts to say that some things don't simply protect kids.

      Isn't that the problem with child pornography, that people are 'thinking of the kids'....?
    • Re:Think of the kids (Score:4, Interesting)

      by ottothecow ( 600101 ) on Friday February 05, 2010 @04:34PM (#31039758) Homepage
      The thing is...for how much they go after the child pornography viewers...is it really that much of a problem?

      It is much more rare that I see stories about the actual pornographers being caught and while the viewers are certainly depraved (and you can argue that by consuming the child porn, they encourage those who make it), aren't the pornographers the ones we would rather catch? It wouldn't surprise me if the amount of children actually being forced into child porn is VERY small since the already existing library of images probably contains enough to keep the perverts trading for a long time.

      If that is true...then this definitely is an excuse to encroach on peoples rights and use the old "think of the children" excuse because if this much effort was really being put in to catching so few potential criminals...it would be a huge waste compared to what those officers could be doing elsewhere.

      • by BarryJacobsen ( 526926 ) on Friday February 05, 2010 @04:47PM (#31039920) Homepage

        The thing is...for how much they go after the child pornography viewers...is it really that much of a problem?

        It is much more rare that I see stories about the actual pornographers being caught and while the viewers are certainly depraved (and you can argue that by consuming the child porn, they encourage those who make it), aren't the pornographers the ones we would rather catch? It wouldn't surprise me if the amount of children actually being forced into child porn is VERY small since the already existing library of images probably contains enough to keep the perverts trading for a long time.

        If that is true...then this definitely is an excuse to encroach on peoples rights and use the old "think of the children" excuse because if this much effort was really being put in to catching so few potential criminals...it would be a huge waste compared to what those officers could be doing elsewhere.

        Agreed that the producers are much more of a problem. To that end, wouldn't a much better law be that all digital cameras have embedded 3g that transmits all taken images to the FBI directly?

        • If you make film and developing supplies illegal, only criminals will have film and developing supplies.

        • You'd also have to make every copy of Photoshop transmit every image created to the FBI -- remember, images of "The Simpsons" cartoon kids in sexual positions is ALSO considered "child pornography"!
          • by Barny ( 103770 )

            Nah, lets go a step further, run a screen cap on every computer in the world at 30fps (to catch the ones watching child porn movies) and just pipe it strait to the FBI servers...

      • 1) It's easier to catch dumb people than smart ones. People who run anything larger than home-made porn are probably going out of their way not to be caught.

        2) If the media is right, a large percentage of circulating child porn is produced outside the United
        States. In some countries 16- or 17-year-olds can, or could until recently, be porn stars. Such pictures are illegal in America.

        3) When someone is busted for "made at home" child porn, the media won't publish his name to protect the kids. They may ev

  • Evidence Already? (Score:5, Insightful)

    by Doc Ruby ( 173196 ) on Friday February 05, 2010 @04:15PM (#31039498) Homepage Journal

    Will the FBI give us some evidence already that mandatory retained data has been essential to actually solving some significant fraction of crimes, or some convincing evidence that its lack is the only reason some significant fraction goes unsolved?

    Without that evidence, their insistence on invading our privacy instead of protecting it as they're instructed by the Constitution that gives them their powers should just be laughed at.

    • They can argue that keeping their methods secret increases their chances of catching criminals.

      Its a beautiful world we live in where the FBI can ask for more power without having to prove that it won't be abused.

      • by Doc Ruby ( 173196 ) on Friday February 05, 2010 @04:54PM (#31040022) Homepage Journal

        That isn't an argument. That's a contradiction.

        That's why we have to demand evidence. The more we let the police have power without evidence, the more our police state abuses our rights instead of protecting them. A faithy police state is precisely what the Qaeda wants. And exactly the opposite of the government our Constitution creates.

    • Fun thing is, the summary is wrong too.

      Hostnames require DPI, thanks to http/1.1 - you can have (and do have) hosting companies out there with hundreds of thousands of hosts on a single IP address.

      If they keep IP addresses or hostnames only, your likely to get lumped into all kinds of bad searches.

  • Skewed rulings (Score:3, Interesting)

    by pwnies ( 1034518 ) * <j@jjcm.org> on Friday February 05, 2010 @04:17PM (#31039536) Homepage Journal
    Why only require it here? Why not make the local hot dog stand on the street keep records of who bought their food for the last two years? Because it's inconvenient and it's not effective. If laws are put in place to do this, then people will find a way around it. Any form of p2p transfer will easily let people gain access to those images without touching the loggers. Criminals are smart, stop treating them as fools and punishing the common masses because of it.
  • How many PB? (Score:2, Interesting)

    Two years worth of logs for every single page visit for every single user? The ISPs, especially the larger ones, are going to need some serious storage arrays for that.
    • by sopssa ( 1498795 ) *

      Even better when people start using a program that for example does random searches on Google and does a request to every search result.

      • Re: (Score:3, Informative)

        Even better when people start using a program that for example does random searches on Google and does a request to every search result.

        What if one of those results happens to be an illegal Web page? Maybe you should call this program the Auto-Incriminator.

        Chaff traffic may defeat human observers, but I doubt grep will bat an eye. And your ISP will pass the costs of tracking your chaff traffic on to you.

    • Not just the ISP's. My employers main product has over 1 1/2 billion page impressions a month, needless to say we don't store (most) logs related to them for very long...
  • This just in: (Score:5, Insightful)

    by honestmonkey ( 819408 ) on Friday February 05, 2010 @04:18PM (#31039558) Journal

    All stores and restaurants will have to keep logs of every customer that comes in, whether they buy anything or not, including full video of them while they were in the store. Microphones must be set up at every table in the restaurant to record all dinner conversation. All of this data must be kept for ever and a day, and available to anyone who appears to be in law enforcement. Why is real life any different than the web?

    • yeah I mean, some people could have been discussing what kids they molested recently over dinner.

      It would be unconscionable to miss this valuable peace of information in bringing them to justice.
    • Combine GPS with Google Maps (which includes details of millions of businesses) along with back-doors built into most, if not practically all, cell phones and the government can practically do this now on a selective basis.

      And it's quite conceivable, that in such a situation, the government could utilize all cell phones in the near vicinity to eavesdrop too, so even if the target's phone was not responding / not picking up all the conversation / image detail, one or more other cell phones nearby possibly co

    • More to the point... how is it that my digital camera isn't required to keep a log of every image I take with it? Why isn't my camcorder sending samples of everything I tape? Why doesn't every teddy bear come with a GPS tracker and camera built in?

      In short, how is it that none of the equipment required to actually make child porn is immune, yet I - who run a web site that has zero upload capacity - am in theory being required to keep its visitor logs?

      Bite. Me.

      Evidently the person who hacked my server and

  • by adipocere ( 201135 ) on Friday February 05, 2010 @04:25PM (#31039616)

    We should log lollipop purchases, so we can crack down on those guys in big white vans with FREE CANDY on the side.

    • Re: (Score:2, Funny)

      by CTalkobt ( 81900 )

      We should log lollipop purchases, so we can crack down on those guys in big white vans with FREE CANDY on the side.

      You mean the white vans that have been following me with those guys in white coats actually pass out lollipops?

      And here I thought it was because they were out to get me...

    • Re: (Score:3, Insightful)

      by Locke2005 ( 849178 )
      Or, you could require all windowless vans to be registered with the state -- oh wait, they already are! And it's not much help in tracking down predators due to the SHEER VOLUME OF DATA one must go through... anybody expect tracking all internet access to actually be useful, given it generates several orders of magnitude more data?
    • We should log lollipop purchases, so we can crack down on those guys in big white vans with FREE CANDY on the side.

      Why? They haven't arrested Santa Claus, and we KNOW how perverted he is

      1. Santa Clause haunts the shopping mall trying to get little kids to sit on his lap;
      2. Santa Clause promises them all sorts of fun stuff;
      3. Santa Clause says he's going to sneak in when everyone's asleep;
      4. Santa Clause dresses funny;
      5. Santa Clause's first name is an anagram for SATAN!
      6. Santa Clause's full name is an anagram for
  • by Anonymous Coward on Friday February 05, 2010 @04:25PM (#31039620)

    This goes beyond the data retention laws in the EU, and even those are under a lot of public pressure and currently being looked at by the highest courts. What you'll see is that your guys will back down from requiring access logs and make ISPs "just" keep a log of the IPs of their customers for two years, like the EU requires, and they'll call it a compromise.

    • by kill-1 ( 36256 )

      One should note that EU data retention laws also require that the following is logged:

      • date, sender, recipient and IP address of every email you send/receive
      • date and IP address of every access to your mailbox
      • date and phone number of each call you make/receive or SMS you send/receive including your current location if you use a mobile phone
  • by neonprimetime ( 528653 ) on Friday February 05, 2010 @04:27PM (#31039660)
    If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant
  • by florescent_beige ( 608235 ) on Friday February 05, 2010 @04:28PM (#31039664) Journal
    until someone offers $100,000 to a $15/hr tech to give them two years of Senator X's browsing records. After that, it will have "served its purpose" and will "no longer be in the public's interest".
  • by swschrad ( 312009 ) on Friday February 05, 2010 @04:33PM (#31039748) Homepage Journal

    and in the event somehow that the devil intervenes to allow this to come true, the feds should pay to store the data. pay the upfront money to build the servers and the additional air conditioning and power, pay the maintenance money to hire techs and buy tape and repair the machines and run a 24x7 watch on the center. and pay all legal, recovery, and processing fees for every single request.

  • by Anonymous Coward on Friday February 05, 2010 @04:37PM (#31039780)

    As someone that works in the Adult hosting industry, this is going to be poorly received. A lot of our clients are already hurting for money and as such have scaled back their server footprint. We're pushing servers (disk IO) a lot harder than before -- one easy solution we have is to just disable access logs. Writing 1GB+ of log data per hour swamps disks and just adds huge amounts of overhead. Since these logs are of clients browsing through porn ... it'll cost a decent amount of money to actually be able to start logging again AND to store raw log data for two years.

    • by Kjella ( 173770 )

      The hosting industry would just go somewhere else, and leave the bill to all the ISPs whose meatbag customers can't emigrate as easily.

  • and if they do that I would only expect US based hosts to suffer.
  • by Ron Bennett ( 14590 ) on Friday February 05, 2010 @04:44PM (#31039854) Homepage

    Deep packet inspection for URL not required, in theory, if the U.S. government mandates both ISPs *and* websites to maintain logs.

    That may be how they'll rope websites, and other types of internet services for that matter, into complying with log retention.

    Another route, though I've never seen it mentioned in context to log retention laws, is to require web browsers to log the information in tamper-resistant (think DRM) hidden files. MSIE, in a matter of speaking, already does with index.dat files (some suggest their real purpose is, in large part, to help law enforcement), which the regular computer user has no clue of, let alone know how to get rid of, since Windows makes it difficult to delete them.

    Ron

    • Deep packet inspection for URL not required, in theory, if the U.S. government mandates both ISPs *and* websites to maintain logs. Somehow, I suspect that the websites actually serving up child pornography might have a problem complying with mandatory record retention laws...
      • Excellent point.

        However, the real purpose of the proposed log retention requirement, presumably, is to collect personal data of all kinds for various government uses; child porn is just a convenient, easy excuse to get it enacted.

        Ron

        • But, like gun laws and restraining orders, it only protects you against people that try to follow the law... and those are not the people whose privacy you should be violating! Like many ill-conceived violations of privacy, it disproportionately affects law-abiding citizens (making them susceptible to blackmail and extortion) while doing little to inconvenience professional criminals. Case in point: what do you think happens to the career of a US serviceman, when the logs show him visiting a perfectly legal
  • Monitoring is good (Score:5, Insightful)

    by Anonymous Coward on Friday February 05, 2010 @04:45PM (#31039878)

    I have an even better idea. Let's have all law enforcement officials be required to wear audio and video recording equipment at all times, which are available for all citizens to watch. They do work for us, after all, and I think this would help curb police brutality. I know that most officers are good people, but there are a few bad apples, so we can't be too vigilant.

  • Host names (Score:3, Informative)

    by unix1 ( 1667411 ) on Friday February 05, 2010 @04:48PM (#31039924)

    Host names cannot be logged without packet inspection unless they assume that a corresponding request against the ISP's DNS services constitutes to "visiting" the resolved host name. You are also free to use DNS servers of your choice that are different from your ISP's. You can run your own DNS server too.

    When a client "visits" a URI it:

    1. resolves the host name to IP address via a DNS service
    2. makes a connection to the said IP address
    3. if connection uses SSL, proceeds with the "handshake"
    4. sends host name, URI, and other request info via the above connection

    ISPs can log #2, but cannot log #4 without packet inspection. It's even more complicated if the connection is encrypted (e.g. https).

  • by Trerro ( 711448 ) on Friday February 05, 2010 @05:02PM (#31040134)

    The 4th amendment is supposed to require a warrant to BEGIN surveillance. The law doesn't say "they can tap your phones and record all of your conversations, but they can't actually listen to them until a warrant is issued against you." No, they can't tap until they have the warrant.

    This shouldn't be any different.

    Then again, we all know the results of the last large-scale warrantless wiretapping incident (no one was punished, and it's likely still occurring), so I guess it is, in fact, not any different.

    • by davidwr ( 791652 )

      In New York at least, phone companies have to keep transaction data for 2 years. I think this is a nationwide requirement but I'm not sure.

      The feds will argue that URLs are like phone numbers, and since they aren't actually requiring the ISPs or web sites to log the bits that went over the wire the feds don't see a problem.

      • Re: (Score:3, Insightful)

        by Trerro ( 711448 )

        There's a key difference, however.

        Although both logs will reveal everywhere you've been, a phone record reveals ONLY that - who you called, not why.

        URLs, on the other hand, usually include variables that reveal things such as exactly which articles you clicked, and exactly what you searched for. Even worse, they can easily be used to break post anonymity - all they have to see is that you loaded the post form, and upon submitting it we're directed to a post with ID X, and they know exactly what you posted b

    • Re: (Score:3, Insightful)

      by ISoldat53 ( 977164 )
      Who knows what the 4th Amendment means anymore? With this Supreme Court any Constitutional Law you may have learned is useless.
  • by gmuslera ( 3436 ) on Friday February 05, 2010 @05:08PM (#31040204) Homepage Journal
    like destroying the meaning of privacy for all the users of internet?
  • the Internet protocol (IP) address

    Really? Explaining what “IP address” means? Are Cnet reader really that stupid?
    Every child knows what that is. Hell, even my grandma knows it from crossword puzzles.

    I call “intentional dumbing down of humanity” on that one.

  • That's what /dev/null is for.
  • That way what you do today that is completely legal, can be used against you in 10 years when it isn't legal. Oh, and add location services, based on cell phone records, credit card purchases ( must ban cash ) street corner cameras, etc.

    Stop the bus, i want off.

  • What good is it to log a URL without logging what data was at the URL at that point in time. The content at a URL can change dynamically, so it doesn't matter what the URL says unless you actually know what data was actually retrieved at that point in time.
  • ipredator [ipredator.se]

    Use offshore VPN for everything. Because what you're doing today may be frowned upon tomorrow. Or maybe you like reading extremist blogs for the lolz and you apply for a job that needs an FBI background check. Wow, this guy sure likes militias.

  • by koan ( 80826 )

    Anyone here know of why a commercial VPN connection would be a way around this sort of thing? Would TOR work for this as well?

  • Yes officer (Score:4, Funny)

    by PPH ( 736903 ) on Friday February 05, 2010 @06:22PM (#31040992)

    We have those log hard copies right here.

    Dammit! Who forgot to put a new ink cartrige in the printer last year?

Don't get suckered in by the comments -- they can be terribly misleading. Debug only code. -- Dave Storer

Working...