LebGeeks

Abbabbj

Member

ISP user log

Hello
i have heard that in USA there is a law which states that every internet service provider should keep a log of the users input output data:(link requests /messages /posts /uploads /downloads /even streaming)
all this data should be stored for one year
does anything similar happen in Lebanon?
i.e: what is our ISP's or ogero (government)  storing??
I am sure there is a log
can any one find a list of ogero forbidden sites, any idea for finding it list?

rolf

Member

Re: ISP user log

At the very least they have an IP<=>User log for DHCP (IP lease log), unless they dont know their job...
I dont think its required by law, but everywhere in the world, any decent ISP is expected to have this information.

battikh

Member

Re: ISP user log

ISPs do have to keep logs by law. i believe they have to log the http gets.
i guess nuc can give more details about that, but i remember him or teo talking about this in some thread a long time back. so if you find the thread, you'll find your answer (the content of the logs and for how long they have to keep it).

Abbabbj

Member

Re: ISP user log

thnx rolf and battikh
but i didnt find the thread
i was only wondering how far is our online privacy  attained becuase there is no privacy statement mentioned in any isp regestration form (for adsl) or maybe its just mine
another fact is that if such logs exist then with enough amount of money you could know every thing about a person not to mention the lebanese curosity @ the isps staff
Imagine it like that:(Its like fixing someones pc without taking look at the data he have)

rolf

Member

Re: ISP user log

Imagine it like that:(Its like fixing someones pc without taking look at the data he have)

I dont have a problem with that... if I'm bored and have time on my hand, I might take a look. But if I'm expected to respect the privacy of the user, then I just wont.

rolf

Member

Re: ISP user log

I know that in some countries, ISP are required to provide a standard interface for police sniffing equipment to be quickly plugged into their network and immediately start capturing information. The interface specification even has a name. I do not know about lebanon.
ISPs (or anyone with access to your connection) can capture anything that is unencrypted and reconstruct your activity, so it's better to assume that anything you do online can be captured and read by others, and if you want privacy use encryption.
Also keep in mind that if you open an encrypted connection with another computer, others will not be able to see the contents of the data that is exchanged (it will be encrypted) but they will still see that there is exchange of data if it is a direct connection.
I used to chat with someone in israel, and also exchanged some files with him over MSN (music and other stupid things, but direct connection!). He also ran a webserver on his computer and I connected a couple of times. Nobody ever bothered me for that.

Last edited by rolf (February 14 2010)

Abbabbj

Member

Re: ISP user log

Thanx Rolf but it isn't practical to use encyreption always (i tried a lot of soft it has very low speed)
and i am not affriad about isreal ain't talking to any body there
but some time i work with sensetive data that may cause a lot of problems if it got in the wrong hands
like an ISP staff for example or take it like this :(i posted something against *******presedint this presedint can know my ip and then my isp after that he need to know the users for that ip at the time the message wass posted so he need an ISP log with little money or intelligence help he could know my identity) this is just an EXAMPLE
any way thanks for your help and i want you to see from where i got this idea

Computer bits
Brett Markham

What does your ISP know about you?

The Department of Justice recently requested search engine records from Google, Yahoo, AOL and MSN. The latter three companies complied with the request without need for any sort of warrant or subpoena, but Google is fighting in court to protect the privacy of its users. This brings up the question: just what, exactly, does your Internet Service Provider (ISP) know about your Internet surfing and email? Everything.

Each dialup or broadband connection receives a unique Internet Protocol (IP) address that is logged and tied to the owner of that account. That IP address is then logged for every web search that is done, and every website that is visited. Quite literally, an ISP's logs can be examined to see every website visited by a particular subscriber including the exact times and dates, or provide a list of every subscriber who visited a particular website. Everyone who visits MoveOn.Org is in the ISP's logs—and you can be certain that information has monetary value to somebody.

Email activity is logged as well. Every time a piece of email is received the information about the sender, recipient and subject is logged. The same information is logged every time an email is sent. Electronic voyeurism by some ISPs even analyzes the words used in email in order to more effectively target you with ads that will induce you to part with hard-earned cash. 

Most ISPs keep such logs for at least a year. In essence, these logs allow anyone who looks at them to know about everyone with whom you correspond, your interests, and where you shop. Did you visit Pfizer to look up Viagra? Your ISP knows. Did you look up the side effects for a mental health medication you've been prescribed? Your ISP knows. A look through these records can tell the searcher an awful lot about you—and an awful lot that most people have no right to know. 

Probably the first and best piece of advice is to consider all electronic communications to be public, and never do anything you would find embarrassing. But even after doing that, you still don't want people you have never met knowing intimate details about your life because, after all, it is your life and not theirs. But how can you protect your privacy in an era when ISPs hand over all of their records to marketers and even government agencies without even a warrant or subpoena? 

There are a number of answers to that question depending on your ISP, budget and level of technical expertise.

The easiest approach is to use an anonymous proxy service. An anonymous proxy service masks your personal details, including the IP address that correlates to your particular account. If a search engine is used via a proxy, the content of your web searches can't even be traced back to your ISP, much less to you personally. There are dozens of anonymous proxy services available, but some of the more popular anonymous proxy services are findnot.com, cotse.net, somebody.net and anonymizer.net.

Anonymous proxies vary considerably in their sophistication, and many even allow bypassing various forms of censorship and filtering. Some proxies automatically encrypt connections to them so that even direct surveillance and packet capture is ineffective.  Because of the increasing invasiveness of various governments and corporations, the number of companies offering proxy services to protect privacy and bypass censorship has grown exponentially in the past five years, and the cost for service is generally less than $10 a month.

Even if a person has successfully maintained privacy from the ISP and websites that are visited, home computers keep logs of everything. There are a number of tools available for cleaning up all the stray information that Internet browsers leave on the hard drive, but some of the most popular free programs for this purpose are Windows Cleanup, Window Washer and Eraser.

An Internet user who is more technically inclined, or who doesn't trust proxy providers, can actually set up a local proxy that does the same thing via free software called Privoxy. The Onion Router, also a free download, obfuscates the path packets take across the Internet. There is also an alternative Internet known as FreeNet that is accessible only via encrypted proxy and that resists censorship efforts through port shifting and redundancy.

BELD Broadband has a strict policy of limiting access to subscriber information, and not sharing it with any other entity for marketing purposes. We don't censor private Internet connections and we don't share any information about subscriber Internet activity with other government agencies unless presented with a subpoena or a warrant. 

Unfortunately, the evidence of AOL, Yahoo and MSN surrendering logs to government agencies without requiring warrants indicates that BELD is the exception rather than the rule. So it makes sense for Internet users to look into what is required to protect their privacy.
++++++++++++++++++++
Brett Markham is Network Engineer for the Braintree Electric Light Department.

J4D

Member

Re: ISP user log

I used to chat with someone in israel, and also exchanged some files with him over MSN (music and other stupid things, but direct connection!). He also ran a webserver on his computer and I connected a couple of times. Nobody ever bothered me for that.

i hope no one bothers you after me reading this ! (kidding) but you know its something at least morally bad ! i hope you are not doing it anymore as besides being immoral , its something guarded by law " communication with an enemy "

nuclearcat

Member

Re: ISP user log

Most probably noone will gives a shit about rolf talking with Israeli, till it is not a matter of big money or some serious political question. Or... ur future career. As soon as you post it, bots crawl it... you set a ticking bomb for yourself. As soon as you cross road for someone, he will have a chance to use this bomb. Try next time to keep mouth closed, in this cruel world it is important.

Also there is things ISP will never know also, even me. There is a very BIG chance that someone like mokhabarat keeping all records. Maybe they will need them in future. As soon as you become enough important to be interesting for them - they will use this info to put you under the heel.

rolf

Member

Re: ISP user log

@AbbaBbj
Last time I wanted to encrypt something, I used AxCrypt. It's a free, just zip, encrypt, then send. Then use it to decrypt the received file. Only someone with the passphrase can decrypt it.
if you're talking to someone with whom you have no physical contact, then i dont know how to safely send the passphrase to him...maybe PGP.
Other then that, plaintext (non-encrypted) internet is not safer then telephone. Anyone who has physical access to your phone line can probably listen to your conversations. Same thing for internet.
And if they want to save it, they can. ISP do some logging (saving stuff) to help law enforcement to track, find, and prosecute abusers (people who crack other peoples account for example - that is illegal in the US - or people who make death threats, or terrorists, etc.).
There are even some grades of encryption (256bits I think) which are illegal to use (or provide, not sure) in the USA, probably because they are impossible to crack and will be in the near future.
Again, i dont know the details about Lebanon.

Last edited by rolf (February 14 2010)

rolf

Member

Re: ISP user log

Most probably noone will gives a shit about rolf talking with Israeli, till it is not a matter of big money or some serious political question. Or... ur future career. As soon as you post it, bots crawl it... you set a ticking bomb for yourself. As soon as you cross road for someone, he will have a chance to use this bomb. Try next time to keep mouth closed, in this cruel world it is important.

Also there is things ISP will never know also, even me. There is a very BIG chance that someone like mokhabarat keeping all records. Maybe they will need them in future. As soon as you become enough important to be interesting for them - they will use this info to put you under the heel.

Thank you.
You might be right. But the nice thing about following your own principles is that you keep your pride, and maybe (hopefully) one day you will get paid for it.
I have been in such a situation before, I could not "keep my mouth shut". I am not saying I did the right thing, but I am looking forward now and often believe there is a reward.

Last edited by rolf (February 14 2010)

nuclearcat

Member

Re: ISP user log

Use double layer and AES + Blowfish for example. Also sometimes good idea not to use complicated software, where flaw can be hidden. Use some generic encryption, that can be "generated" and confirmed by many programs.

If first stage( encrypted material by AES) is high entropy, second will be extremely difficult to crack.
It depends A LOT on encrypted data. If they can predict what can be some block or byte sequence - they can try their luck with one layer encryption. If they find weakness in Blowfish - they cannot be sure that they got required data, since entropy level will be still high after decryption. Sure best encryption that will give also on false password - just wrong data, and doesn't have "integrity", that will say "wrong password", and will make bruteforcing possible.

Abbabbj

Member

Re: ISP user log

Thanks all for help i know how to encrypt chats and messages but this is not my case since most of the posts are to general forums (i know also how to post safly in this forums using other proxys which i find too slow)but i was only wondering If any one knows about this issue in lebanon
And nuclear cat thanks for your advice but freedom Isnt cheap it may cost and (if you are right)
And thanks all for help again

rolf

Member

Re: ISP user log

Excerpt from the Universal Declaration of Human Rights.
Lebanon (among others) voted for in in 1948, and is committed to it.

Article 19.

    * Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

Article 20.

    * (1) Everyone has the right to freedom of peaceful assembly and association.

Abbabbj

Member

Re: ISP user log

yes your right but governments have their convincing excuses for spying on their people starting by terrorism and ending by frauds and i think USA also accepted Universal Declaration of Human Rights and they aren't applying it
any way thanks a lot for the info