Information Security News mailing list archives
SafeWeb ain't all that
From: InfoSec News <isn () c4i org>
Date: Fri, 19 Oct 2001 13:26:29 -0500 (CDT)
http://www.theregister.co.uk/content/6/22331.html By Thomas C Greene in Washington Posted: 18/10/2001 at 12:08 GMT What a total idiot I am. I never asked Web anonymizer SafeWeb exactly what they mean when they say they "collect NO logs or user data beyond what is required for performance tuning and security monitoring of our servers. Any such data is carefully safeguarded, only analyzed statistically, and is destroyed soon thereafter." To me, 'soon thereafter' means 'during the next shift' when we're talking about a company that sells anonymity. And that's what I pretty well expected. And 'soon thereafter' is all you'll find in the company's privacy statement. Thanks to Cryptome's John Young, we now know that the logs are kept seven days. Seven days. Christ, I've 'researched' http exploits from behind SafeWeb. Long enough ago not to have anything to fear, but still, the idea that the logs live seven days is a jolt. That's not anonymity. It's a decent shot at anonymity. But who's got anything better? Anonymizer doesn't even mention logs in their privacy statement. God knows what that means. Do they have no logs? Do they not mind getting hacked? If you DoS them will they be content never to know it? That sort of obscurity is even worse. SafeWeb tells you they'll keep the logs briefly, though seven hours seems a lot briefer than seven days to me. Anonymizer won't dare broach the topic. Now that ZeroKnowledge has cancelled Freedom, where's the true on-line anonymity? Where the hell is Peekabooty? Where the hell is Steve Gibson when you need him? - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- SafeWeb ain't all that InfoSec News (Oct 19)