Blogging about logging..

After this recent article on techcrunch.com many of our users have contacted freenode staff to express their concern, shock, surprise and unease that IRseeK have for some time now been operating covert clients in various channels on freenode (and other IRC Networks) logging all communication and publishing it on their website.

We, freenode staff, are also surprised, not to mention rather upset, that this company has chosen to completely ignore our policies and perform actions which our users see as an invasion of their privacy. While we have contacted B & C Advanced Solutions, the company behind IRseeK, to request that they discontinue unauthorized logging on freenode and also that they remove any published logs, we have unfortunately had to take the additional step of blocking new tor connections while we pursue the matter further. The logging bots primarily connect through tor, seem to have no distinguishing characteristics that we can identify, and so far the company has not been willing to remove them voluntarily. We are currently removing the bots as we see them, and if you do spot a client you believe may be a IRseeK logging bot, please do let staff know and they will look into whether the client needs to be removed from the network. To all legitimate tor users out there, I apologise for the inconvenience caused and hope to have normal service restored as soon as possible.

Our website clearly states our policies on this topic, which have been published for several years. For those who haven’t read them recently, I quote one of the relevant sections:

“If you’re considering publishing channel logs, think it through. The freenode network is an interactive environment. Even on public channels, most users don’t weigh their comments with the idea that they’ll be enshrined in perpetuity. For that reason, few participants publish logs.

If you’re publishing logs on an ongoing basis, your channel topic should reflect that fact. Be sure to provide a way for users to make comments without logging, and get permission from the channel owners before you start. If you’re thinking of “anonymizing” your logs (removing information that identifies the specific users), be aware that it’s difficult to do it well—replies and general context often provide identifying information which is hard to filter.

If you just want to publish a single conversation, be careful to get permission from each participant. Provide as much context as you can. Avoid the temptation to publish or distribute logs without permission in order to portray someone in a bad light. The reputation you save will most likely be your own. “

And this perhaps, is where I feel that IRseeK has gone horribly wrong. I believe that this could have become a popular service had it been done in a way which promotes choice — operating on an opt-in basis could very well have meant that a lot of channel owners would have chosen to request an IRseeK logging bot in their channel so that logs could be referenced and looked at later.

However, currently there is no way to opt-in, or even to opt out. The bots aren’t easily identifiable and you’re not aware that they are present in your channel. Ideally, I would have liked to see:

  1. Logging bots clearly identifiable as such.
  2. Logging of channels occurring only at the channel owners’ request.
  3. Channels that opt in to this service displaying, in a way which is visible to all current and new users of the channel, that the channel is being logged and the logs made publically available on the web. The channel topic and on-join notice could easily be used to this effect.
  4. An easy method to remove logging bots from a channel should it join in error or a channel owner decide that they no longer wish their channel to be logged.

Perhaps, in this regard, they could have taken a leaf out of CIA’s book and become a lot more popular in the process.

To me, the biggest surprise is that the people behind IRseeK defend their actions and believe that they are entirely within their rights to do what they do in the manner that they do it. Leaving our guidelines aside for a moment, what irks me is this: freenode caters primarily to people from the FOSS communities, people to whom choice and freedom are important. For us, providing a service such as freenode to our community is important; our users give a lot, we share code, knowledge, hints, frustrations, laughter.. and we like to give back in the little way we can. It then does not feel comfortable or at all right to have someone intrude upon our privacy, sneaking into the circle and observing with the singular aim of publicising our conversations entirely without our knowledge or consent. By taking the route that they did, IRseeK has taken away our freedom and our choice. They have forced something down on us and in the process soured and poisoned a community which thrives on trust and collaboration. It has created a bad atmosphere and made a lot of people uncomfortable.

I am really sorry that this problem has reached our network, and I am really sorry for the way it has affected our community. I am also sorry for the way in which IRseeK choose to perform their actions, and sorrier still that we did not catch it sooner.

I sincerely hope that IRseeK will honour our request to stop attempting to log channels on freenode without the channel owner’s explicit permission, and I also hope that they will honour our request to remove logs already in their system.

Lastly, I would like to wish IRseeK well, and I hope that you re-consider your approach. I believe that if done properly, what you have could be turned into a respectable service which would be used by and appreciated by a lot of people.

As I said, we have gotten in touch with the people behind IRseeK and they have asked to have until this sunday (tomorrow) to respond. I will give you an update when we hear back from them and know which way the tide is turning.

For now, thank you for using freenode and have a great day!

29 thoughts on “Blogging about logging..

  1. Thanks for your fast response and clarification on this matter. I fully agree with how you see it. I hope IRseeK will respond in a mature way and set things right.

  2. A fullack from me too. Seeing you have already contacted the folks behind irseek and they did not respond the way I thought would be natural and of course the other facts about irseek (using tor for for their bots for example) is just… embarrassing and shocking!
    I truly hope your efforts at freenode will succeed!

  3. Pingback: teh geekosphere.org » IRSeek: Fragwürdiges Datamining im IRC

  4. Pingback: laxu » Blog Archive » Privatssphäre im IRC oder Volltextsuche?

  5. Just another Freenode user saying “Thank you”. It’s great to know that before the issue had even hit news sites for me to hear about it, it was already being addressed.

  6. Thanks Christel (and the rest of the staff) … because I was shocked when i knew that my conversations were recorded! but sounds that everything is fine now :) and again, Thanks

  7. If every concerned user just looks up one of his own quotes and sends a DMCA request to remove it, it won’t take long for them to get overwhelmed. I suppose they will get the message.

  8. The policy you cite seems to be designed for people running or organizing a channel. Furthermore, it doesn’t prohibit the publication of logs, it simply discourages them. Are there any more concrete policies in effect?

  9. Why is this different from Google indexing these comment responses? I’ve made comments in forums that I look back on and wish I could erase from all the web caches in the world, but that doesn’t mean there isn’t a whole lot of helpful comments made in forums that are great to be able to search through.

    I don’t see the difference at all, and think you’re being nieve if you thought you were talking privately in a public IRC channel.

  10. I’ve read both sides of the story, and honestly IRSeeK sounds like they are just doing backpedaling and justification, but the clear winner is Freenode staff by simplying saying “you could’ve given channels a choice, and you didn’t have to hide the bots”.

    If I make a faux pas in a circle of friends in public park under a tent, I have a reasonable expectation of privacy, even in a public place. Very well put, freenode staff. Touche.

  11. dmca: I fear that the DMCA is not applicable in this case as they are based in Israel. Still, both copyright and privacy laws are on the side of our users. You can see a relevant excerpt of Israel’s laws at http://www.outsourcing-law.com/privacy_israel.9.20.04.htm

    Creidieki: While it is true that you can read our channel guidelines that way, the spirit of them are clear in both meaning and reasoning. As they did not ask anyone for permission, deliberately hid themselves and do all this for profit, http://freenode.net/policy.shtml#unlawful applies. We will look at addressing this issue in our policies more directly, though.

    kestasjk: Nobody expects what he says in a public channel to be truly private. The difference between having people you more or less loosely know reading what you say and having every word you type on the web for eternity is huge, though. A basic difference between forums and IRC is that IRC is volatile and non-permanent by nature. On a forum, you submit your comments by yourself. In the case of IRSeek, a third party is taking what you say without your knowledge, consent and, in most cases, against people’s expectation, and putting it online in another place, fully indexed, searchable and with the express purpose of generating revenue for their company.

  12. To all of you out there who claim that anything you say in IRC is public anyway, I offer the following analogy. Suppose you and a bunch of friends are out walking in a park, conversing amongst each other. Now, you all are in a public place, and so anyone who walks by can hear your conversation, and in theory can record it. But if you found out that someone has been taping all your public conversations and putting them up on the internet in searchable form, that’s quite a different matter. Public and private aren’t absolutes, there are gradations in them, and in the end, what matters is not what is technically “public” or “private” but that unpleasant feeling you get when your expectations of privacy are violated.

  13. This is exactly like when Dejanews came.

    It proved to be a valuable resource in the long run, once people got used to it.

  14. OK so we know they are using tor at this point no ?…. well now that tor has been blocked they will move to plain proxies or vpns. I’m not sure what is better. I suggest we log the bots. They are programs. They are going to have some name lists. So lets do the sneaky stuff. I suggest we allow tor cough cough but only if you identify your self. As in when you first come onto tor you have to type YES I AM A HUMAN and then some random stuff. I think we have to get all the information possible. I recommend we also start a petition against this company and take action against it. I do not mean we attack their site I mean we email and call etc. to get them to conform. I think we have to remember that one assumes that we are being watched on irc. This current problem is nothing compared to what an intelligence organization could log and perform. I recommend a full logging and analysis of this program. Lets find ways to kill of the watchers so only the honest ones prevail. Tor is not for the commercial benefit or privacy invasion of others. I think this is the only case were Tor should advocate that nodes ban irc traffic from exiting from them. Once we get enough nodes to do this then we can log these bots from a few exit nodes.

  15. Jonas: While there are similarities, some Usenet groups used to maintain public logs before DejaNews came along. You can argue that nowadays, people on Usenet need to expect their messages to be logged indefinitely, but this was definately not the case back when they started, basically breaking the expectation of reasonable privacy. Back then, there was both social and legal pressure on DejaNews to better protect a user’s right to not have his contributions logged. This lead to the support of opt-out via X-No-Archive and nuking, both of which are a lot harder to to implement on IRC. For this and several other reasons, we believe that opt-in with a clear announcement of logging taking place is the only right way to provide such a service. The offer of keeping valuable information indexed and searchable is not a bad one in and as of itself, but the service needs to respect the rights, wishes and its moral obligation to the creators of said content: Our users.

    dbmoodb: They used tor almost exclusively. We are in contact with several other IRC networks and coordinate our efforts. We did, of course, look for and find patterns that helped us in detecting and removing the log bots. But solving what is basically a social and legal problem through technical means can not work in the long term. Which is why we have contacted the people behind IRSeek and are trying to come to a solution that is in the interest of our users, the community and our policies.

  16. It is not just irseek:

    irc-archive.com
    http://www.irclinux.org
    http://www.irctrace.com
    http://www.irclog.org

    all these domains appear to carry logs, and there are probably more.

    A few are even using privacy guards on their domains, so a double standard going on here. Most appear to be using an ad revenue stream, so what we have here is people profiting from the work of others, without first asking for a release.

    IRC is fluid, like having a conversation and most countries do not allow the recording of conversations without first gaining consent. Especially if the conversation is used for commercial purposes.

    It might be wise to send a message and go after them with a court case, I don’t see the logs being pulled off general access without some form of legal case, and compensation for those affected. This does have the potential for being quite large.

    If this logging it is left to snowball IRC will probably die off, which would be a shame as there is a lot of value to it.

  17. While the DMCA route would be nice, I think it won’t apply. There is no way that you can verify someone is who the logs say they are.

    I can still log into #wikipedia as ta_bu_shi_da_yu and converse with people without using NickServ to register. Thus I can’t prove I am who I say I am. IRC logs just don’t provide that sort of info.

    All IRseeK would have to do is say “Prove that you wrote this” and the one making the DMCA order would be screwed.

  18. Oh, I am not the same person as anonymouse I have a capital A.

    Or maybe I am, and this highlights how easy it is for people to get mixed up on irc. I am willing to bet though quite a few people who had read the comments above (and obviously I didn’t – now you think I am not prior anonymouse – but I could be – now you think there is a chance), thought I was the same person.

    Now this does have implications, most folks would think I was the same if they were searching the web, one tie in and they are off jumping to conclusions. This is why you want to be in control of what is written that is associated with you, or just not have it recorded.

    When people prepare reports or articles , they will often revise what they say.
    IRC is not like that – and neither are these comments in webblogs, except I know when I add something to a webblog, that it will be more public, so I tend to re-read. Though you may note when I added ‘this logging’ to the last sentence I left the ‘it’ in it.

    If IRC continues to get logged it will become so stilted or full of smear campaigns that it just won’t be workable.

    Thinking about it, I probably contribute more to IRC than I take – I find it enjoyable and sure it works the gray matter a bit, but I am often working whilst it is on, so it acts more as a distraction. Until someone gets sued for this, and a group action would probably work, I am not logging on again.

    I don’t mind helping out open source by helping folks, it increases the market share a bit and I mainly use open source so allies help in the business world, even if you never meet these people – there is only 7 degrees of separation, and increasing the avg is a good thing.

    I don’t do the work for people on irc (though sometimes I get close to it), I like to think I show people how to work out problems and do give out some quick one liners to make things smoother.

    But, I am not going to support others who wish to record my words, then publish them online surrounded by advertising, and for me not to see a penny of it, and take the risk someone associates in way that is negative to me, that is sheer folly.

    I am quite capable of publishing up to the web, and when I do and it associates I treat it as a marketing exercise, irc is just to awkward for that to work – you might sort out problems for say 10 people but if you get into an argument with one person, that argument will be the thing people remember.

    And I cannot think of anyone who has not got into an argument who contributes to freenode irc, there are just too many ways for people to misread, or misunderstand context, and some just bait.

    And once this becomes a matter of record, there is going to be the problem of defamation of character, which without logging and publishing would be most likely seen as slander, but with the logging and publishing it becomes libel, the c (chat) of irc is there for a reason.

    Apologies, if I come over a bit harsh here, but when I read you think they could have done it another way and it would have been alright, as a rational human being, I agree with you, but I suspect without legal recourse they won’t give two hoots.

    What they have done already is underhand, and there is a lot of folks who have joined freenode, I am off to read the T&Cs again, but I am fairly sure I did not signup up to have my words immortalized over the web, and I don’t think Freenode wanted their members to have their words all over the web either, so please put your foot down – I think you will find support, and once it becomes uneconomical to publish irc logs for extended periods without prior consent that is the point they will be removed and it will stop.

    I imagine you are already thinking along these lines, and are perhaps just being diplomatic. But, if you are not, then I think if you extend a way people can form a group action against these businesses you may find quite a lot jump onto the wagon. Feel free not to publish this comment if you are in the process of testing the legal waters.

  19. IMO we should *thank* IRSeeK for doing this. Heaven knows how many people and how many bots have over the years logged and selectively distributed IRC logs. This “scandal” has brought it to the notice of the common user. Thanks to TechCrunch as well.

    As for the regular STFU-gang, well, at least now, you will STFU with STFU !!

  20. I should hope so too; afaic those logs were taken in breach of Data Protection legislation in the UK and EU. It’s one thing to walk into a shopping mall where there is a TV camera crew, quite another to have someone following you covertly with a microphone recording everything you say in conversation with your peers.

    The first is the equivalent of a channel whose /topic says “This channel is logged.” A user can expect logs to be used by an official channel in the case of disputes, but this is nothing like the same as giving consent for every word to be published on the web, in clear breach of user copyright.

    It comes down to the “reasonable expectation of privacy” and given the publically published policy of Freenode, this is in clear breach of the contract implicit by agreeing to the terms of service for the network.

    I give freenode a non-exclusive royalty free license to transfer my words within the network
    I never gave that company a license
    so are they going to pay the usual rate of 10$/word?

    ;-)

  21. Pingback: On Message by Ben Gross » Blog Archive » Link roundup for 12/7/07

  22. Hi!

    I would like improve my SQL experience.
    I red so many SQL resources and want to
    read more about SQL for my occupation as oracle database manager.

    What would you recommend?

    Thanks,
    Werutz

  23. Hi people!
    The interesting name of a site – blog.freenode.net
    I today 9 hours
    has spent to the Internet So I have found your site :)
    The interesting site but does not suffice several sections!
    However this section is very necessary!
    Best wishes for you!
    Forgive I is drunk :))

  24. I have an idea of how we could find the bots that do logging.
    Users suspected of running bots could be sent messages that only they get so that these customised messages would be in there logs and be traceable back to the user (as having been sent that message)

    - The obvious way around this would be that bots would have 2 connections and if they had a discrepancy they would leave it out of the log. A way of solving this would be to send messages to groups of users so that the bots would have some common messages, and some that do not match. Based on the info logged and the messages sent the users could be tracked down.

  25. Can you please tell me how I can log in on freenode after registering my nickname? tankk you

  26. you please tell me how I can log in on freenode after registering my nickname? tankk you

Comments are closed.