This article is more than 1 year old
SafeWeb ain't all that
Logs kept seven days
What a total idiot I am. I never asked Web anonymizer SafeWeb exactly what they mean when they say they "collect NO logs or user data beyond what is required for performance tuning and security monitoring of our servers. Any such data is carefully safeguarded, only analyzed statistically, and is destroyed soon thereafter."
To me, 'soon thereafter' means 'during the next shift' when we're talking about a company that sells anonymity. And that's what I pretty well expected. And 'soon thereafter' is all you'll find in the company's privacy statement.
Thanks to Cryptome's John Young, we now know that the logs are kept seven days.
Seven days. Christ, I've 'researched' http exploits from behind SafeWeb. Long enough ago not to have anything to fear, but still, the idea that the logs live seven days is a jolt.
That's not anonymity. It's a decent shot at anonymity.
But who's got anything better? Anonymizer doesn't even mention logs in their privacy statement. God knows what that means. Do they have no logs? Do they not mind getting hacked? If you DoS them will they be content never to know it?
That sort of obscurity is even worse. SafeWeb tells you they'll keep the logs briefly, though seven hours seems a lot briefer than seven days to me. Anonymizer won't dare broach the topic.
Now that ZeroKnowledge has cancelled Freedom, where's the true on-line anonymity?
Where the hell is Peekabooty? Where the hell is Steve Gibson when you need him? ®
Next Week
Do-it-yourself Web anonymity. Be there.
Biting the hand that feeds IT
