Slashdot Mirror

← Back to Stories (view on slashdot.org)

HideMyAss.com Doesn't Hide Logs From the FBI

Posted by timothy on from the technically-sir-you-were-being-a-donkey dept.

An anonymous reader writes "People use VPN services to hide their identities online, right? And a UK-based service called HideMyAss would seem to fit that bill perfectly. Not so, unfortunately: they have to hand over the logs to the FBI when a UK judge tells them to." Reader wiredmikey points to a story at SecurityWeek, too.

6 of 233 comments (clear)

  1. So disappointed by the name by antifoidulus · · Score: 5, Funny

    I was hoping something like hidemyass.com would be devoted to the anti-muffin top movement :P

    --
    Monstar L
  2. Re:Who would have thought so.... by Runaway1956 · · Score: 5, Insightful

    Now, THAT is the correct question. A server that keeps no logs is a fairly secure server from which to run a VPS. Ditto proxies. When shopping for something of this sort, the important question to ask is, "What logs do you keep, and how long do you retain them?" Every server makes and keeps logs - there is no getting around that. The lifetime of the logs should depend on administrative necessity. Generally, logs should be flushed every 24 hours. Performance logs, security logs, things that pertain to the ongoing health and security of the server should be retained for as long as necessay - sometimes, for months. But every publicly facing server should routinely delete logs that aren't central to the server's main mission. VPS and proxy servers main mission being to protect the anonymity of it's users.

    Shouldn't it be considered a fraud, to advertise they you will protect a user's identity, then maintain logs which can be seized by any government agency that demands them?

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  3. This is what you do to truly hide your ASS! by MindPrison · · Score: 5, Informative

    Not everyone understands computers, that doesn't mean they're incompetent, wikileaks, openleaks and other needs to help their submitters keep anonymous, and there are better ways to do this, follow my instructions below, and you'll be as safe as you CAN be in this world:

    1) First of all, you need to download TAILS

    http://tails.boum.org/download/index.de.html

    2) Burn this .ISO on a CD

    3) Get a second computer

    4) Tear out its harddisks

    5) Make sure there are NO USB-memory sticks either.

    6) Make it boot from the CD only, (enter the bios and set Boot Priority to CDROM)

    7) Now you can surf relatively safely, but you're not done yet!

    8) When surfing, do NOT surf into familiar places of yours, do NOT use your real name, do NOT search for your real name or even your internet alias, if it's known in combination with your name (if you surfed with it on your computer, google already knows your IP, so forget it!)

    TAILS uses TOR, google it if you're truly curious. It can't keep you 100% anonymous but it's the safest "service" out there, and it's only relatively safe if YOUR SURFING HABITS ARE SAFE TOO.

    Good luck!

    --
    What this world is coming to - is for you and me to decide.
  4. Anonymouse by E.I.A · · Score: 5, Interesting

    Would the same go for anonymouse.org? I have visited my own website through their proxy, and it remains unlogged in (wordpress) WassUp stats. Hidemyass actually shows up though, along with my browser type and screen res. Also, why do more people not consider that these anonymity services are not honey pots?

    --
    Laws are like sausages. It's better not to see them being made. - Otto von Bismarck
  5. Re:Who would have thought so.... by jhoegl · · Score: 5, Funny

    Ass logs can get pretty big.

    I just dont know if I want to be the one sifting through the logs to find kernels of information.

  6. Lol indeed by siddesu · · Score: 5, Informative

    Actually, there is a ton of things the government will attempt to do to try to get you, even if it is a puny, pariah, poor government. I was helping a few friends of mine who live in a country, where people who laugh at politicians are still beaten up, to publish some funny videos about their top politician. Since I also visit there occasionally, we took full precautions. Private VPN to a foreign country, rather unfriendly to the regime, chained proxies, then TOR, new email addresses and video upload accounts, different chained proxies to access each of those, etc.

    Once the videos hit the tubes,some people got mightily pissed off, and started an official, but silent investigation. Imagine my surprise, when two of our e-mail accounts (free, with a large US-based web mail provider) that we used for the services were blocked, and login attempts redirected us to customer support barely a day into the operation. Since the investigation in these countries tends to leak like a sieve, we got info that that particular country was paying someone mid-level in customer support dept. to give them data on customers.

    They hit the video upload sites with official requests and apparently tried to hack into one, obtained logs from the ISPs of all online forums that we used to advertise the videos to, had videos deleted and did other funny things. They persisted into this business for about 18 months until they decided to close it down.

    Given this much effort about a few videos from a near-third world country, imagine what a really powerful government can do to you, and despair :)