undefined | Better HN

0 pointsikeboy6y ago0 comments

They all have anti-abuse mechanisms, but that doesn't mean logging.

Why couldn't you have a flagging system in real-time that shuts down accounts but doesn't save the data to disk?

0 comments

lsc6y ago

>Why couldn't you have a flagging system in real-time that shuts down accounts but doesn't save the data to disk?

That's what I described with the deep packet inspection. You could hook up an IDS and block users based on the IDS output, but like I said, the sort of people who like no log VPNs will not like that. At one point I set that up at my VPS company a long time ago, (of course, I was very up front about it and told my customers, and I was surprised that customers were really, really angry about it, so I took it down within a day or two. Sorry guys, I mean, I should have stuck with the traditional route of only examining packet headers.)

If you act in the usual way for an ISP and only examine packet headers, then you will need to react to complaints about your users. Those complaints can roll in up to a week after the abuse happened.

I could believe a VPN service that said it kept logs for a week. That seems possible. (of course, there's still the legal issues, but I personally haven't seen those, while I have been almost disconnected by my upstream for customer abuse before)

It gets worse, too, if I use shared IP addresses. So, the way my VPS company was setup, everyone had a static IP. And that was really pretty easy; an abuse report comes in saying that a certain IP did something at a certain time. As all my customers had their own IPs, all I had to do was make sure the IP hadn't been moved to a different customer recently, and I knew who to go after. Aside from that ill considered day-long experiment with the IDS, I didn't do any network logging at all outside of total packet/byte counts (outside of troubleshooting) because I didn't really have to in order to go after abuse. I knew what IP was owned by who.

But, in a shared-IP system? this is way worse. All your users are behind a NAT, right? so you get that same abuse complaint a few days after a thing happened saying that IP X did this thing at time Y to target IP Z. Well, all your customers are coming out of IP X, so that doesn't help you. In a NAT system, to manage abuse complaints without deep packet inspection, you need to log the headers from every connection. User X connected to IP Y on port Z, etc... It's the only way to trace back the abuse to the customer.

(Things get dramatically easier if every customer has it's own IP; then you just need to record who had what IP when. I don't know how many "no log" VPNs use NAT vs giving each active user their own IP. Of course, things get even easier with IPv6)

ikeboyOP6y ago

>PIA absolutely does not keep any logs, of any kind, period. While this does make things harder in some cases, specifically dealing with outbound mail, advanced techniques to handle abuse issues, and things of that nature, this provides a high level of security and privacy to all of our users. Logs are never written to the hard-drives of any of our machines and are specifically written to the null device, which simply acts if the data never existed.

From https://www.privateinternetaccess.com/helpdesk/kb/articles/d...

They don't say they aren't using deep packet inspection, and it acknowledges that makes it more difficult to handle abuse.

j / k navigate · click thread line to collapse