Lycos Germany to No Longer Store IP Data

quaker5567 writes "The Register is carrying the story that Lycos Germany says it will no longer store dynamic IP addresses of its customers. According to the German Tele Services Data Protection and Telecommunications Act, ISPs are only allowed to store communications data for accounting purposes. Apparently, there is no requirement for German ISPs to keep a record of IP addresses. A decision by German ISPs not to keep logs on IP addresses would be extremely controversial as the entertainment industry is increasingly demanding that ISPs disclose the names of suspected file sharers."

Options

[panxerox]

This has always been an option for ISPs. I can see keeping IP info for a week or so in case there was an incursion but after that the only thing that it could be used for is informing (whether it was coerced or otherwise) on your customers ! As customers we must demand that our ISPs no keep long term IP records. There are plenty of options to connect to the internet and we as consumers must tell our ISPs that we will make this an important part of our bandwidth purchasing decision.

Re:Options

[geekee]

"As customers we must demand that our ISPs no keep long term IP records. There are plenty of options to connect to the internet and we as consumers must tell our ISPs that we will make this an important part of our bandwidth purchasing decision."

So what's your opinion of Morgan Stanley being fined over 1 billion for not keeping email around? It seems like the same sort of case, yet the sentiment there was they were probably guilty, so it was ok. With copyright infringement, the sentiment is, the users are probably guilty, but they should be protected anyway.

Re:Options

[BeBoxer]

As customers we must demand that our ISPs no keep long term IP records.

If you do this, you have to promise not to complain when their DHCP server starts churning out new IP addresses to you ever day or so, screwing the folks who use dynamic DNS to run servers. Just something to keep in mind. Some people do get benefit out of static addresses.

Re:Options

[WhatAmIDoingHere]

Because an ISP is a multibillion dollar financial corporation.

OH WAIT!

And nobody is "probably guilty," we're all innocent until proven otherwise.

Re:Options

[Gregg+Alan]

So what's your opinion of Morgan Stanley being fined over 1 billion for not keeping email around? It seems like the same sort of case, yet the sentiment there was they were probably guilty, so it was ok. With copyright infringement, the sentiment is, the users are probably guilty, but they should be protected anyway.

That's a great point. IMO, the fine is wrong. Here's why: Assuming Morgan Stanley IS guilty of whatever the hell they are accused of doing, keeping records to prove your own guilt is nearly a violation of the 5th amendment. Or, at least, preventing such self-incriminating evidence to come to light could be considered exercising ones right to plead the fifth.

On the other hand, Morgan Stanley is not a person so these rights do not (should not) exist for them so fuck 'em.

In conclusion, my opinion is that ISPs should be required to destroy that data as soon as it's only purpose is to inform against their own customers. I think that because I constantly see advertisements for high speed internet access telling me that I can download music and movies faster that freaking ever. It's almost as if these ISPs are enticing me to download movies and music that I would otherwise not download because I would not have able to because my internet connection would not allow it to be possible. That's close enough to entrapment for me to *form my opinion*.

So, that is my opinion.

Re:Options

[eric76]

So what's your opinion of Morgan Stanley being fined over 1 billion for not keeping email around? It seems like the same sort of case,

Nonsense. There is nothing at all similar about the two.

Morgan Stanley was trashing e-mails, likely so that they could not be used against them in court, at least to some extent. It might be argued that if it weren't for the possibility that they could be used against them, it would be something that might be valuable for them to keep.

There is nothing valuable about the IP data for the ISP after some reasonable period of time. It has a very short shelf life. Neither is there anything in it to use against the ISP. There is no reason to keep it longer than necessary. Any ISP who was concerned about the privacy of their customers would dump it once it was clear they had no need of it.

My ISP doesn't keep the information long term. There is no intention to create problems for anyone. It's just that once the data is no longer necessary, it is dumped.

Re:Options

[skarphace]

Not a good point. Working for a financial services company, I know it is required for them to keep their email around. Research the Sarbanes-Oxley act. That is law. Keeping IP addressis logged is not.

Re:Options

[tha_mink]

Here's an impression of me, the server admin of some secure data-farm...

Oh shit. They're not storing IP data...? Oh shit.

Cue the Russian hacks-for-hire..."Germany Boys...and quick..."

Re:Options

[rawb]

Morgan Stanley *IS* guilty because email now qualifies as memo's did in the past. All paperwork within a corporation must be kept for records and potential audits by the SEC.

There is no such rule regarding the internet and it's users' IP addresses... at least not yet.

Re:Options

[tha_mink]

" In conclusion, my opinion is that ISPs should be required to destroy that data as soon as it's only purpose is to inform against their own customers."

In principal, I agree with you. However, as a server admin trying to fight off attacks from the Russians, Koreans and Chinese script kiddies, I disagree.

It's a fool that believes that the internet is like air, in that once you speak something it should evaporate into the air as vibration. A fool. It's not the record companies you should be worried about, it's the script kiddies and the real crack-ers. If you only knew what they do, you would want a way to track them.

I know that the people, not unlike yourself, who use the internet for downloading "Star Wars" think that everything should be anonymous and so forth but, truth be told, there are other uses for bandwidth. Like making money. If you can't track people posthumous, you're dead. It's the last line of defense between you and a would-be cracker. The only thing stopping most people who COULD crack-n-hack is the fact that they know they can be found out.

It would be like you being able to walk around, completely invisible. The thing stopping you from robbing a bank is the cameras right? (oh wait...you've probably got morals)

Of course, I guess you could log IPs from the other side but...but...but...

Re:Options

[timmarhy]

ip logging and the S&M case are a completely diffferent context. S&M were in the middle of a court case and these emails suddenly disappeared. logging ip's is assuming all your customers are breaking the law. i know i'm not going to stand for my isp treating me like a criminal.

Re:Options

[Gregg+Alan]

I know that the people, not unlike yourself, who use the internet for downloading "Star Wars"

You're wrong on that point, but I certainly can't fault you for that assumption considering where we are.

Of course, I guess you could log IPs from the other side but...but...but...

Hmm... well, this would help you if all you needed/wanted to do was try to stop the next attack. It's useless (as you are well aware) if the ISP that owns that particular IP has no idea who used it. It's also useless in preventing the next attack if it is a dynamic IP unless you are willing to block more than /32s.

I empathize with the desire to make the internet a safer place. I really do.

But tracking everyone's actions on the internet does not make the world a better place. It has the potential to make *your* job/bottom line/whatever better and that's not something I care about. (Nothing personal)

In other news...

[Kinky+Bass+Junk]

... crackers have obsessively moved to Germany, and signed up for accounts with dynamic IP addresses.

Re:In other news...

[merreborn]

In other news... crackers have obsessively moved to Germany, and signed up for accounts with dynamic IP addresses.

Obsessively? You'd think moving to Germany once would be enough.

Re:In other news...

[Kinky+Bass+Junk]

You'd think moving to Germany once would be enough.

Oh, it's actually quite addictive.

Re:In other news...

[Kinky+Bass+Junk]

Will they pay for my first move?

Only if you sign up to a 24 month contract, whereby you move to Germany once a month.

Just to play devil's advocate....

[Ninwa]

What happens when somebody does something more serious than steal music, are they just going to look the law enforcement trying to get information and shrug? I hope this does not mean that people will feel even more anonymous and get the gull to do things they wouldnt've otherwise.

Re:Just to play devil's advocate....

[jm92956n]

Any person with less-than honorable intentions won't do so from the comforts of their own home.

They're going to haul their laptop, equiped with Wi-Fi, to some random unsecured access point on the far side of town and do it there. In a situation like that, logs are almost entirely useless.

Re:Just to play devil's advocate....

[ergo98]

Any person with less-than honorable intentions won't do so from the comforts of their own home.

They're going to haul their laptop, equiped with Wi-Fi, to some random unsecured access point on the far side of town and do it there. In a situation like that, logs are almost entirely useless.

And here it is. Of course this explanation would appear, despite the fact that if this was the case then this story wouldn't be an issue at all. All of the file sharers could just grab their laptops and head to a wifi location.

Of course we know that is nonsense - criminals generally are dumb, and the police endlessly bust child-porn rings, as well as find people who communicate with children through IM services, via trusty IP logs and warrants. Even outside of this, though, forcing a criminal to go to a specific wifi point, itself easily identifiable, is vastly more of a lead to go on than "somebody in the state of New York". If you know that somebody sent a serious death threat from Joe's Coffee Shop at 2 in the afternoon, you can connect the dots and build some evidence.

Re:Just to play devil's advocate....

Children are one of the most easily produced resources. Emotional attachment has no valid function in the industrialised world.

2 Sides to Every Coin

[Anti-Trend]

What about data pertaining to spam and hack attempts? Wouldn't IP data be crucial for those purposes in addition to file sharing? Now don't get me wrong, I have zero respect for the RIAA/MPAA. But I'd have a great deal more admiration if they had simply put their collective foot down about the file-sharing privacy issue and left it at that.

I for one...

[PyWiz]

...think this is a good move on the part of ISPs to quit doing the government's dirty work for tracking down criminals. It's not a company's job to keep tabs on their customers for the sole purpose of turning them over to law enforcement.

On the minus side, it is very likely some kind of political backlash will occur and a law will be passed requiring ISPs to keep much more detailed records than they do even now...

Sad state of affairs

[philovivero]

From the article:

A decision by German ISPs not to keep logs on IP addresses would be extremely controversial as the entertainment industry is increasingly demanding that ISPs disclose the names of suspected file sharers.

It is quite a sad state of affairs when a company does something that is popular with the people, and yet there is controversy because another company doesn't want it to be done.

This is the most artificial sense of the word "controversy," because it is completely artificial.

Sad, sad state of affairs.

Re:Sad state of affairs

[s.fontinalis]

That phenomenon ended with Napster? Your kidding me, right? If anything it's grown.

Re:Sad state of affairs

[slashdot.org]

I personally appreciate the fact that a child-porn sharer, for instance, can easily be, as are regularly, tracked down because ISPs keep logs that can be used to track back from networks

Can we PLEASE for once keep the kiddie porn stuff out of an argument? I'm really getting sick and tired of the 'me too - I'm on the right side of the fence - I'm against kiddie porn' crap.

You know, it's pretty easy to win any argument on the planet by pulling out the child pornography card. If anyone challenges you, all you have to do is say that your challenger supports child pornography.

How about this. We do the following:
- make cars illegal. It has turned out that nearly 99.5% of all kiddie porn is at some point transported by a car, therefore if we make cars illegal we can illiminate child pornography.
- make incandescent light illegal. 99.5% of all kiddie porn is at one time or another observed by incandescent light. If we illegalize incandescent light, that should take care of that problem.
- require the Postal Office to keep a perfect log of every piece of mail that they sent. 99.5% of hard-copy kiddie porn is being handled by good ole USPS, better keep track of that.
- do I need to go on?

Now, everybody point at me and scream 'OOOHHH!!!'.

Entertainment?

[Mensa+Babe]

"A decision by German ISPs not to keep logs on IP addresses would be extremely controversial as the entertainment industry is increasingly demanding that ISPs disclose the names of suspected file sharers."

Entertainment industry be damned. What we should worry about is network and systems security, DDoS, botnets, zombies, and of course SPAM and PORN. I hope we will not have to block *.de on our SMTP relays and TCP/IP firewalls like we had with *.cn and *.ne. Hopefully Germans will know how to be responsible with their privacy and lack of control. Only time will tell.

Potential to become a hotspot

[Sv-Manowar]

If this IP block is known to be safe from identification, its certainly possible that crackers could choose to scan the area more heavily for exploits and rootable machines, making the block a source for malicious traffic.

On the other hand, it should make quite a selling point for tech-savvy customers in the area when in comparison with other ISP's. This may be effective protection against copyright lawsuits, providing enough obscurity that the regional enforcement agency choose not to pursue cases.

It should be interesting to see if this trend continues to other ISP's, and what effects occur as a result of this change

Law Enforcement?

[guyfromindia]

While everybody is obsessed about 'music' and 'file sharing', its time to think about what effect this will have on law enforcement... E.g. how will the police trace a criminal without the precious info?

Privacy and copyright in German law

[Peter+Eckersley]

Unlike most other nations' legal systems, human dignity and therefore privacy is central to the German constitution (this was a result of its being drafted in the wake of second world war). It follows that German copyright law does not trump privacy concerns; this was one of the reasons why Germany invented the levy-funded private copying system.

Re:Privacy and copyright in German law

[henni16]

Well that _was_ once true.
People like Gestapo-minister Otto Schily and his lackey Brigitte Zypries as minister of justice
don't give a flying f... about the constitiuon and everybody applauds.
Besides from DMCA-like plans to give "Copyright holders" the right to request customer data from ISPs,
they are pushing laws to require ISPs to not only store IPs but also all communication data including visited URLs. email header info, IM data, SMSes, telephone connection data and much more stuff.
The only thing they aren't sure about is how many years ISPs and telcos will be required to store all that information and who pays for it.

Btw. they are also pushing to build nationwide DNA- and fingerprint databases.

The East-German STASI and the Gestapo would have had wet dreams about the infrastructure that is going to be created.
I think it isn't necessary to point out that all this is done "to fight islamistic terrorism"
and to "protect our freedom".
Apropos: because of their severeness the anti-terror laws passed after 9/11 were limited in time and to be reevaluated after five years.
Since they were such a success (not proven), now minster Schiliy and others suggest to keep them forever without a mandatory reevaluation and even extend their scope/power.


Do I even have to conclude this rant by saying that I am much more worried about
the actions of our politicans than about terrorist attacks?
But hey, as long as you have nothing to hide..

Re:Privacy and copyright in German law

[dunkelfalke]

Yep.

And the worst thing is, Schily backs those antiterror laws about like that:

Schily stands somewhere in the wood and repeatly hits a drum.
The Germans ask: why are you doing this?
Schily answers: to keep the elephants... err... terrorists away
Germans: but there are no terrorists in Germany
Schily: see, it's working!

Re:Privacy and copyright in German law

[DancesWithBlowTorch]

You are partly right. Yet, writing from (and living) outside of Germany, I have to tell you that Germany is still a shining example for privacy, freedom of speech and other personal freedoms.

Examples: When was the last time you have seen a public CCTV in a German street or public place? In London (where I live) there is nearly no street left without one, and the Authorities now want to introduce microphones as well.
Yesterday, we read about a Professor being fired for stating his opinions in public. In Germany, Professors cannot be fired. IANAL, but I think we are about the only country worldwide that has academic freedom carved into the first page of the constitution. ("Forschung und Lehre sind frei.")
As to the personal ID cards. I don't think the nationwide DNA databases you mention will be coming anytime soon (the public outcry was too big). On the other hand, the personal ID cards we have today are a very good thing in my eyes. You have to keep in mind that there are actually good uses for these things. In the UK, everybody is scared that public ID cards will be introduced, and how Orwellian that will be. But they forget that, up to now, they have to bring drivers licences, bank statements (! -- you would never have to disclose your monetary situation in Germany, just to rent a flat, for example), hell, even birth certificates for every minor participation in public life, like voting, renting a flat or bying booze. And these ways are still less secure than a personal ID.

To end this: Be happy about your Personalausweis. And get less paranoid about Schily. If we would have a conservative government (as Britain de facto has), we would already have all the things you (and I) are so scared about.

Re:Privacy and copyright in German law

[henni16]

When was the last time you have seen a public CCTV in a German street or public place
That's right, they are not that common here, although the usual suspects every now and then talk about installing some more.

Yesterday, we read about a Professor being fired for stating his opinions in public To get somewhat offtopic:
Reading that I was upset like probably most people but thinking about it later, I really would like some more information about that case.
There was an interesting comment on the professor's blog that he announced (probably to the university and even to the Spanish RIAA equivalent as he said he told them about the lecture) to download some copyrighted works and then explaining why that wasn't illegal.
Now, if he was wrong about it being legal (who knows..) or it being doubtful, perhaps the university was threatened to be held liable for knowingly supportig copyright infringement.
So maybe this was more a cover-your-ass-reaction from the university('s legal department) than censorship.
Who knows (I don't understand Spanish) if they said something like: "Uh, well, go ahead talking , but you are not allowed to download Episode III using the university's network".
Don't know if that happend, but in that case it wouln't surprise (and upset) me that much..

As to the personal ID cards. I don't think the nationwide DNA databases you mention will be coming anytime soon
I didn't mention the ID cards. I was more going in the direction of lowering the requirements for taking DNA samples of suspects,
like dropping the need for an judge to approve this, widening the number of cases that allow taking DNA samples.
I read an interview with minister Zypries where she herself had to admit after continuous inquiry that her proposed law changes
would technically allow the taking and storing of DNA samples in cases like repeated shoplifting or even repeated riding-the-bus-withou-paying.
Well, and the public support for all this after the murder of Mooshammer a few months ago..
(To paraphrase comedian (is there something like "political cabaret artist" in English?) Matthias Richling:
"With all those supporters for extending DNA-collection jumping out of the woodwork and the backing they get now,
you could think that Mooshamer was murdered by a hired killer of the CSU" ;-)

P.S. I also don't think that the Personlausweis (without RFID chip for fingerprints and DNA)is a bad idea; not sure about the legal requirement to have one, though.

Then resolve...

[msimm]

If you're smart enough to run a server your certainly smart enough to A) pay for a static address B) set up dynamic redirection.

Aside from the fact that this would never happen in the US you've brought up essentially a stupid, non-point.

I pledge allegiance to the flag, Michael Jackson

[tepples]

Alleged child molester, RIAA recording artist, same thing.

Meanwhile, spammers rejoice

[Otterley]

This isn't just good news for unauthorized file sharers. It's also good news for spammers, who assuredly will race to use any ISP which does not log IP allocations. Untraceable senders are great both for direct spammers, who will benefit from their untouchability, as well as indirect spammers, who will benefit from having infected spam relays on the net for a much, much longer time.

Loss of Internal Audit Trail

[PhoenixRising]

While it's nice to know that this will make it more difficult for the **AA to come knocking on your door, this removes one of the three big A's in security: auditing. If a machine with a dynamic IP address is engaging in malicious behavior, this makes it much more difficult for the ISP to identify the account associated with the behavior. This is a real problem if you want to disable machines that are compromised and are being used for spamming/DDOS/whatever. I hope that there are provisions for the ISP to keep the data for a short period of time and/or keep interesting data available for investigative purposes.

Re:What?

[zerbot]

Doesn't sound like a joke to me.

Re:Where do I sign up?

[Monkeman]

Where do I sign up?
Germany, I think.

Oh, the irony...

[tamrood]

That the birthplace of the Gestapo and the SS may well become one of the last remaining strongholds of personal liberty and privacy in the world.

Oh, wait. They've seen this before, haven't they?

-- Alice Uber Deutchland

This is complying with German law, FWIH

[WoodstockJeff]

There have been several German PHPBB users asking how to disable the storage of IPs with messages on their boards, because saving that information is a violation of German law. Personally, I think it is ridiculous, but they're very serious about it.

These actions would just be extending that to the ISPs themselves. If they have no need for the data, it must be disposed of, or not collected in the first place.

Of course, given that this means there is no accountability through the ISP for the actions of users, I know I won't be allowing random IPs from Germany to connect to my email servers!

Re:This is complying with German law, FWIH

[vidarh]

Not storing information that can directly identify a person unless there is a well defined business need for it is the general rule in all EU/EEA countries, not something exceptional for Germany. The only thing that differs between the countries is how strictly it is being enforced.

In other words I would not be surprised to see this extend in some form or other to ISP's in other parts of Europe as well.

Re:This is complying with German law, FWIH

[tomhudson]

Its now the same in Canada under the Personal Information Protection and Electronic Documents Act.

Information can't be collected without your consent, and can only be used for the purpose for which it was collected. The fine us up to $100,000.00 per INCIDENT, so keeping excessive data on just 10 people could in theory cost a company a million bucks.

Yeah, but what if...

<flame>

I can't believe all this crap I'm hearing about "what if somebody does something bad and the ip address isn't logged" shit.

What fucking country did you grow up in where monitoring your every move IN CASE you MIGHT break a law was tolerated. When did we let our privacy and freedom get JACKED from us?

Real IDs, IP monitoring, etc... This kind of shit was UNTHINKABLE here in the US before the 1980's, and now, because we believe everything we're told about bad things happening if we don't do it, we've given away all of our freedoms and tolerate monitoring and intrusion that was considered science fiction material 20 years ago.

Other countries are NOT following our example- Spain didn't turn itself into a police state after the train bombings, politicians there went as far as to say "we are NOT at war", whereas, hear in the US, politicians say just the opposite, and we buy that shit!!!

Land of the Free, my ass....

</flame>

Re:Yeah, but what if...

[tamrood]

THIS IS THE CENTRAL SCRUTINIZER...

Your lack of docility has been noted, along with your IP address. Please be advised that to continue to disagree with the State is an abomination in the sight of God, and is prohibited under the same law that requires approved identification for airplane travel.

You are ill. For your safety and convenience, please take increased doses of the low-level neurotoxins we have been marketing as artificial sweeteners, right away.

The Constitution is only an historical document, it is not relevant to your life. Ignore it. This is in the interest of National Security, Democracy and Freedom.

Calm down. Have another diet cola. Watch Fox News.

Sleeeep...

It will be almot as bad as the real world!!!!

[Ricardo]

The other day I was able to walk down the street, go into a shop and buy some milk - get this - WITHOUT ONE PERSON ASKING ME TO IDENTIFY MYSELF!.
Can you imagine all the possible marketing information I squandered selfishly by not informing a central database about this action (this report not included). The cash I used was totally UNTRACEABLE!!! it could have come from anywhere. Not only that, but the person behind the counter was happy to undertake the transaction without me identifying myself (obviously some kind of terrorist).
I could have been going to use the milk for a BOMB!, would the authorities have had any way to check this? NO!!!!
When did everything become like this?
Oh wait - it has always been like this in Democracies.

Re:The sword cuts both ways...

[1u3hr]

Lest we forget that an ISP turning over an IP address could be one way to catch a pedophile...

24/7 camera surveillance in your (not "you", specifically) would be another.

Re:What?

[Arker]

I don't think it's funny, no, it's serious. What the heck do you have against consenting adults making, distributing, and viewing erotic imagery and texts? To the point you classify it with spam and trojans, cite it as worse than those things in fact, and think you get to BLOCK IT AT THE ROUTER? Just what have you been smoking?

No ISP is"guilty"if there's no user to incriminate

[D4C5CE]

Not to log the IP address (...) will cost them zillions!!!

If the ISP is not logging the IP address, then he is responsibly of the illegal use of that IP.

When any crime is committed using a computer trough a network, the operator of the network must prove that he is not accountable of that crime. The only way of proving this is pointing out the actual identity of the crime author, showing the pertinent documentation and logs.

Your proposition is ridiculous. If there is no record incriminating anyone, nobody can be held responsible. In all but the most dysfunctional legal systems there has to be a burden of proof when alleging liability, and a presumption of innocence regarding criminal prosecution. There is probably not even one single (legitimate) court on earth which, failing to find anyone responsible, sentences the nearest innocent bystander instead.

BTW, bear in mind that data protection is nothing less than part of a constitutional civil/human right in most civilized societies, making it illegal (even for the state to tolerate) that unnecessary records are being kept on anyone by public officials or private entities. Thus creating (let alone preserving) traffic logs by flat-fee ISPs (other than for very short-term performance/quality assurance or intrusion detection) that can only be used for spying on users or clandestine gathering of data for unsolicited commercial exploitation have no legitimate purpose whatsoever.

Holger Voss

[slavemowgli]

The article also mentions that another case (Holger Voss vs. Deutsche Telekom / T-Online) is currently being heard by a court; Wikipedia has some more background information on Holger Voss and on another case which is probably related.

"no requirement to keep a record"

[anno1602]

Apparently, there is no requirement for German ISPs to keep a record of IP addresses

There is not only no requirement to keep the data, the ISPs (and everybody else) are prohibited to keep personal data (which includes anything that might identify an individual) unless immediately required for conducting their business or explicitely allowed by the customer. In other words, people are suing because the providers are not complying to German Datenschutz (data protection) laws.

How would it be controversial?

[rfc1394]

If you don't store information you can't be subpoenaed for it. And you can't compromise information you don't keep. People can't perform identity theft or harm your customers by stealing information from you if you don't keep the information in the first place. And the government can't turn you into an informant collecting information for them if you have no information to collect.

How is it controversial to treat customers with respect by not recording information not absolutely necessary to provide service to them? When I go into Office Depot, I can buy supplies, pay cash and leave. They don't ask me my address, my religion or my political opinions; all they care about is that my money is the right color, as it should be. Other business should consider doing the same thing: If you don't need the information in order to provide the product or service, don't ask for it. If you don't need to retain the information once the product or service is provided, don't keep it.

I have run my businesses that way for years; it saves a lot of paperwork hassles. Too many businesses see additional information collected from customers as a business asset they can sell. Which turns it into more data that can be prostituted into use for other purposes, not all of them good. Correction, most of them definitely bad.