How do you create a "No Logs" network?

EnthusiastXYZ

Limp Gawd
Joined
Jun 26, 2020
Messages
149
My little experience in networking says that no matter how hard VPN providers can try to create "No Logs" networks, it is simply not possible because logs are stored for everything and everywhere - hardware routers, OS, specific applications, etc. I am not even talking about VPN tunnel entrance and tunnel exit nodes that are not encrypted, but sensitive user-identifying metadata and data within the encrypted VPN tunnel.

Not only that, but VPN providers use 3rd party servers all the time. For example, my initial connection to VPN shows I am actually connecting to Amazon Web Services (AWS) server via MQTT. There is no way AWS equipment does not include a ton of metrics, telemetry, and other logs that collect all kinds of metadata that can identify a VPN users inside the tunnel. I just can't believe that the opposite is true. Many routers maintain some logs even after you perform a hard reset, which is why a 30-30-30 power cycle is recommended when resetting routers.

Is there actually a "No Logs Equipment" manufacturer?
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
4,295
Most consumer routers don't log anything that makes sense, and pretty much lose everything when they're rebooted. But these aren't the routers used on the Internet--those will stay on for years and probably send enough information directly to nation-states for whatever purpose.

But considering that people like this guy that earned $135 million via ransomware in 2016-2018 and are only fined 100k and have enough to pay an attorney to file appeals and live life probably much better than any of us, I really don't think you have anything to worry about--even if you are doing really bad stuff and they're watching you:
https://www.securityweek.com/french-appeal-set-convicted-russian-money-launderer

When they come knocking you already have enough money to buy your way out of anything you did wrong, and still have a massive retirement paycheck to live life beyond your wildest dreams. This is why cybercriminals are on the rise--because it DOES pay--big time.
 
Last edited:

scrappymouse

Limp Gawd
Joined
Mar 18, 2016
Messages
220
The more you try to secure the easier you are to track actually look as browser fingerprinting, there comes a point where adding additional security is actually not good thing, you're never going to be 100% safe online, you'll never be 100% anonymous online, you can continue to try, but you're just increasing your attack surface, every security application you download can have vulnerabilities, each new shiny piece of network security hardware you buy adds higher chances for misconfigurations and there own set if vulnerabilities, each private DNS pi-hole device additional attack points, Target did the same thing you're doing with a much higher budget, they still got hacked, their tools caught the attempts, logged them, didnt matter because theybdidnt have the right people looking at those, you're actually weakening your security posture at this point
 

Farva

Extremely [H]
Joined
Feb 3, 2004
Messages
37,929
The more you try to secure the easier you are to track actually look as browser fingerprinting, there comes a point where adding additional security is actually not good thing, you're never going to be 100% safe online, you'll never be 100% anonymous online, you can continue to try, but you're just increasing your attack surface, every security application you download can have vulnerabilities, each new shiny piece of network security hardware you buy adds higher chances for misconfigurations and there own set if vulnerabilities, each private DNS pi-hole device additional attack points, Target did the same thing you're doing with a much higher budget, they still got hacked, their tools caught the attempts, logged them, didnt matter because theybdidnt have the right people looking at those, you're actually weakening your security posture at this point
 

EnthusiastXYZ

Limp Gawd
Joined
Jun 26, 2020
Messages
149
VPN providers obviously can't control browser-related fingerprinting with a "No Logs" policy. VPN providers just spoof your IP, encrypt traffic, and supposedly do not keep logs of your activity. I am saying that I don't believe you can create network in which routers do not log activity that can be tracked back the original user. To have a functional "No Logs" policy, you have to have hardware that does not log. Such hardware does not appear to exist.
 

cjcox

[H]ard|Gawd
Joined
Jun 7, 2004
Messages
1,957
nope, not that i know of. i think you might be a bit obsessed with network security...
Actually, from a security perspective, you want tons of monitoring. Probably the term should be "privacy" instead of "network security".

Just remember that absolute privacy is a great vehicle for evil.
 

EnthusiastXYZ

Limp Gawd
Joined
Jun 26, 2020
Messages
149
At this point I am just keeping myself informed. Everything is moving towards the cloud - work, business, gaming, entertainment, life, etc. Understanding local networking, the internet, related security topics, and practicing network safety is becoming similar to brushing your teeth or using condoms. You just do it.
 

Nobu

Supreme [H]ardness
Joined
Jun 7, 2007
Messages
6,198
What you want is to secure the logs, maybe obfuscate them, encrypt them. Or use devices that have no logging capability, if/when possible.

Logging is essential for network management and intrusion detection, so eliminating them altogether is impractical and not a solution to the problem.
 

scrappymouse

Limp Gawd
Joined
Mar 18, 2016
Messages
220
Actually, from a security perspective, you want tons of monitoring. Probably the term should be "privacy" instead of "network security".

Just remember that absolute privacy is a great vehicle for evil.
Tons of monitoring is only good if you have someone analyzing those logs for signs of compromise, I've seen too many companies buy all sorts of logging security tools, endpoint, network, deep packet inspection, etc, but they don't hire the right people to look at those logs, or worse they don't hire anyone and they "set it and forget it" the same way Target did, all their tools caught the attack they had all the IOCs(indicators of compromise) but no one knew what to look for in those logs, it wasn't until about a year after the attack that they hired someone who was poking around and realized that they were already compromised.

It's not just tons of logs(again too many logs can be a bad thing)it's getting the right type of logs and getting the people to analyze those logs that is the real key
 
  • Like
Reactions: cjcox
like this

EnthusiastXYZ

Limp Gawd
Joined
Jun 26, 2020
Messages
149
Tons of monitoring is only good if you have someone analyzing those logs for signs of compromise, I've seen too many companies buy all sorts of logging security tools, endpoint, network, deep packet inspection, etc, but they don't hire the right people to look at those logs, or worse they don't hire anyone and they "set it and forget it" the same way Target did, all their tools caught the attack they had all the IOCs(indicators of compromise) but no one knew what to look for in those logs, it wasn't until about a year after the attack that they hired someone who was poking around and realized that they were already compromised.

It's not just tons of logs(again too many logs can be a bad thing)it's getting the right type of logs and getting the people to analyze those logs that is the real key

Yeah, it makes me wonder if there is any reason to use IDS/IPS with a correctly configured NAT and firewall.
 

scrappymouse

Limp Gawd
Joined
Mar 18, 2016
Messages
220
Yeah, it makes me wonder if there is any reason to use IDS/IPS with a correctly configured NAT and firewall.
Of course there is a reason, first you need to understand that there is a BIG difference between an IDS and an IPS, an IDS is an "intrusion detection system" it simply detects and alerts you, it's than up to the user to take some sort of action on the alert, but if you have no one looking at alerts.....than at least in real-time it won't help you much, but in hindsight and for investigation later it is critical.

An IPS is an "Intrusion Prevention System" it not only detects, but it will also apply an Action(drop connection, Quarantine, Run X action...) so even though a lot of sites will say "IDS/IPS" they are in no way the same, an IPS is better if you don't have someone or a team looking and analyzing logs
 
Top