The software was released in conjunction with the EFF white paper, “Best Data Practices for Online Service Providers,” which suggest that online service providers should record as few logs as possible in order to curtail possible legal requests for the information.
“People who choose to follow recommendations in the white paper might not know what kinds of logs they have,” said EFF Staff Technologist Seth Schoen, the program’s author. “Logfinder is an example of one way a system administrator could become aware of the presence of logs, as well as discover sensitive information being collected in known logs.”
According to the EFF, service providers face significant legal pressure from industry and government groups to turn over user logs, but the group says this is inconsistent with their goal of providing users with secure network services.
In response to this, the group has made suggestions that service providers draft policies that limit the amount of information collected about users and retain those minimal logs for only a few weeks.
