SafeWeb ain't all that

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/6/22331.html

By Thomas C Greene in Washington
Posted: 18/10/2001 at 12:08 GMT

What a total idiot I am. I never asked Web anonymizer SafeWeb exactly
what they mean when they say they "collect NO logs or user data beyond
what is required for performance tuning and security monitoring of our
servers. Any such data is carefully safeguarded, only analyzed
statistically, and is destroyed soon thereafter."

To me, 'soon thereafter' means 'during the next shift' when we're
talking about a company that sells anonymity. And that's what I pretty
well expected. And 'soon thereafter' is all you'll find in the
company's privacy statement.

Thanks to Cryptome's John Young, we now know that the logs are kept
seven days.

Seven days. Christ, I've 'researched' http exploits from behind
SafeWeb. Long enough ago not to have anything to fear, but still, the
idea that the logs live seven days is a jolt.

That's not anonymity. It's a decent shot at anonymity.

But who's got anything better? Anonymizer doesn't even mention logs in
their privacy statement. God knows what that means. Do they have no
logs? Do they not mind getting hacked? If you DoS them will they be
content never to know it?

That sort of obscurity is even worse. SafeWeb tells you they'll keep
the logs briefly, though seven hours seems a lot briefer than seven
days to me. Anonymizer won't dare broach the topic.

Now that ZeroKnowledge has cancelled Freedom, where's the true on-line
anonymity?

Where the hell is Peekabooty? Where the hell is Steve Gibson when you
need him? 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.