ISP data collection and retention policy

[trev4422]

Hi have just been reading about Phrom and was wondering if any U.K ISP ever actually put it into use? As far as I can tell there was so much objection over privacy concerns that no company ever went ahead with it.
But it got me thinking about how much information my ISP collects on my internet activity already, I have read the prvacy policy of both my current provider (SKY) and my previous provider (Talk Talk).
I cant seem to get a clear idea of what data these company's collect about my internet activities and how long they store such data, if anyone has any information on this I would be most grateful, I know there is a certain amount they must collect and store by law but as far as I'm aware this is only basic stuff such as I.P address allocation and session start and finish times, I also believe there is a limit to how long they can store these details, but what else are they getting? are they recording clickstream data, every url visited, and every keystroke and if so how long are they holding on to it?
Thanks in advance for any help anyone can provide.

[Stuart]

No UK ISP put Phorm webwise into use. Just checked the last Phorm annual report and they mention being active in 3 markets. Brazil, Romania and Turkey (described in the report as an "important Southern European market").

[Qtx]

Vaguely remember something about retention time of data to be 2 years (by law?). They may keep data about who had which IP address and when, for longer. Not 100 % sure but may find most isp's log every site visited but don't link it directly to your account. That way they can use the data for their own research without breaking data laws. For example it helps them see trends, popular sites they may decide to put adverts on + lots of other things

With GCHQ/NSA having a direct copy of an isp's data stream as it happens, they will be no doubt storing all the data forever.

Phorm was scrapped as a bad idea, but with the goverment's new plans who knows?

[qasdfdsaq]

I thought all ISPs had to log every site visited by law and make sure it is traceable to each customer and retain for at least 6 months.

[BenMcr]

This should cover it http://www.out-law.com/en/topics/tmt...ice-providers/

[qasdfdsaq]

Close enough. Thanks.

[Dude111]

Welcome to cableforum trev4422

Quote:

Originally Posted by everyday

Phorm was scrapped as a bad idea, but with the goverment's new plans who knows?

Hehe ya got that right bud!!!!

We dont even know 1/2 the stuff they may be doing!

[joglynne]

I still occasionally visit NoDPI too see what is going on in the snooping world.

<< Jo checks that her tin foil hat is securely in place before exiting the thread >>

[trev4422]

Hi thanks for the welcome and replies, been a great help, I actually emailed Sky's data officer and got a reply that they store data on I.P address allocation for 12 months from the date in question, which gives me some peace of mind, not really sure if they store data on basic domains visited or the whole URL but I'm going to keep digging.
Thanks.

[Dude111]

Dont ALL ISPs store info on where you go?? (They have a right to I think)

[Qtx]

If you use a VPN then all they ever see is one encrypted connection to the VPN and no other links you visit. Take away their ability to see what you are doing and then you don't really have to worry about what they log and for how long

[qasdfdsaq]

Perhaps, but then they still log the fact you connected to the VPN server, when, and how often. And by law you can be compelled to reveal everything you send over the VPN or be sent to jail for not doing so, even if it's entirely innocent material.

So it's really no protection whatsoever

[ferretuk]

The relevant law being what exactly? Not saying you're wrong of course but without a reference it looks like meaningless scaremongering...

[Qtx]

Oh that can't be forced by law. The have a think about encryption keys being handed over to unlock files but wouldn't help them with a VPN, Kinda no point for some, especially if you further route TOR through that original encrypted VPN connection. Few machines with different gateways and you can have layers of encrypted that the NSA won't casually scrape up