> By contrast, would you want your neighborhood association looking at your ISP logs?
Maybe you misinterpreted? He said:
> " ... we talk to them and figure out what they are doing."
He didn't say, "we transparently force all traffic through a proxy and log what sites everyone is visiting".
I work for an ISP and we have some customers (both business and residential) that are completely clueless about what's going across their network and out to the Internet.
"We monitor all the connections" could mean many things. More to the point, they have the capability to do so; you don't need a proxy for that, just root on the gateway box and a mapping from IP addresses to users. Or, for that matter, DNS logs if they have a local DNS server. It's clear that they could have the capability; it's not obvious from the article what they're doing with it.
I'm the "Senior Network Engineer" and I have full administrative control over every device (of ours) in our network. Thus, I have the capability to monitor any traffic passing through any point of our network. That doesn't mean I do, indiscriminately, 24/7.
Perhaps it's because of my role but I interpreted the statement, "We monitor all the connections", a little differently than you, I think. Replace "connections" with "links" and, like the man in the article, I also monitor all the connections. When a problem occurs, I want to know about it before we hear about it from our customers.
I think that by "connections", you assumed, for example, TCP connections. Unless they have a bunch of extra money laying around -- and it didn't sound like they do -- I'd be willing to bet they are NOT recording every connection that passes through their network.
Not every ISP is evil and trying to track everything you do -- and the small community-based ones like this are probably the last ones you should worry about -- and you shouldn't automatically assume that they are.
The quotes in the article seem ambiguous. Monitoring all the links, and monitoring aggregate bandwidth usage, seems perfectly fine.
I wouldn't expect them to keep logs, but I also wouldn't find it surprising if, when they observed a problem, they ran tcpdump on the gateway.
> the small community-based ones like this are probably the last ones you should worry about
I certainly wouldn't expect "evil" from people who have gone to these lengths to do something awesome. But I would expect a well-paved road of good intentions. A small community-based ISP like this would 1) not have an army of people telling them what will get them in legal trouble or create a PR incident, and 2) have the kind of "play nice" mindset that makes them not automatically think to treat customer log data and other personal information as radioactive. Unless the designers and maintainers of the network are specifically privacy-minded folks, the thought might not even have occurred to them.
Maybe you misinterpreted? He said:
> " ... we talk to them and figure out what they are doing."
He didn't say, "we transparently force all traffic through a proxy and log what sites everyone is visiting".
I work for an ISP and we have some customers (both business and residential) that are completely clueless about what's going across their network and out to the Internet.