User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
en:public:collect [2017/05/22 00:45]
pepe better understand (?)
en:public:collect [2017/05/22 12:31] (current)
pepe little bit correction about remaining data from sairon (https://forum.turris.cz/t/turris-omnia-data-collection-turn-off/536/9?u=pepe) and English correction was done by user - AppAraat
Line 1: Line 1:
 ======What we collect====== ======What we collect======
  
-On the router there's running ​few programs in background if you allow themwhich collects ​data and then it is sending them to server.+**If you decide to turn the data collection on, you will have to agree with some sort of EULA that defines the scope of the data collection and the retention policy** 
 + 
 +All of the data is transmitted over a secured channel (HTTPS POST requests or TLS-secured TCP connection). 
 + 
 +On the routerthere are a few programs ​running ​in the background ​(if you allow themwhich collect ​data and sends it to our servers.
  
 =====Ucollect===== =====Ucollect=====
-Ucollect is small daemon for collecting and analyzing network data and provides plugin for doing analyzes.+Ucollect is small daemon for collecting and analyzing network data and provides ​plugin for doing analysis.
  
-Ucollect watches packets on interface to internet ​(WAN) and researching ​their headers ​(metadata?​) +Ucollect watches packets on the Internet ​(WAN) interface ​and analyzes ​their headersWe collect only the important ​information ​in the headers (for example: protocol or address) and we do not collect ​the data itself. We're only analyzing ​remote addresses (so that means that collected data doesn'​t contain ​the user'​s ​IP address).
-We collect only important ​informations ​in headers (for example: protocol or address) and we do not collect data. +
-We'​re ​doing analyzes ​only on remote addresses (It means that collected data doesn'​t contain user IP address)+
  
 ====Base statistics==== ====Base statistics====
  
-Ucollect splits packets into categories (for example: categories ​all packets, incoming, TCP, ...) +Ucollect splits packets into categories (for example all packets, incoming, TCP, etc.)For each category we continuously ​determine ​the number of packets (?) and their total size. This data is sent to our server.
-In each category we continuously ​determined ​the number of packets (?) and their total size. These data are send to our server.+
  
-These statistics help us monitor common usage of the internet; for example: ​how much IPv6 is expanding ​or ratio between download and upload+These statistics help us monitor common ​Internet ​usage; for example: ​How much the IPv6 usage is growing ​or ratio between download and upload.
  
-After 10 days we aggregated ​data to small groups of routers and we can't determine from who (= from which routerdo we have these dataData in original form are deleted.+Currently ​we retain the data for 10 days, then it’s deleted or anonymized. ​(either the local or remote end of the communication is dropped). During the 10 days, it is possible to link the records with you, but to be honest, it's far less interesting for three-letter agencies than the data collected by your ISP.
  
 ====Statistics PCAP==== ====Statistics PCAP====
  
-Interface ​PCAP is for examine ​packets passing through network card, which provide ​statistics ​- how many packets ​was made available by the application and how much it was thrown awaybecause network card was too busy to handle it.+The PCAP interface ​is for examining ​packets passing through network card, which provides us with statistics. For example: How many packets ​were made available by the application and how much of it was thrown away because ​the network card was too busy to handle it.
  
-These statistics are send to server and serves ​to check health or performance status of ucollect itself.+These statistics are sent to our server and are used to check the health or performance status of ucollect itself.
  
 ====Detecting anomalies==== ====Detecting anomalies====
  
-Traffic is splitted to compartments ​(hashing packets for example by remote IP address) +Traffic is compartmentalized ​(hashing packets for example by remote IP address)Size of these compartments are send to server, where they'​re merge together via the router group.
-Size of these compartments are send to server, where they'​re merge together via the router group (?).+
  
- --Not sure about this paragraph--+On these aggregate sizes (?) anomalies are detected (compartments which are really different from expected size are compared to other compartments and their history of sizes). If we would detect an anomaly, server requests routers for keys (IP addresses) which matches given compartners.
  
-On these aggregate sizes (?) are detected anomalies (compartments which are really different ​from expected size are compared to other compartments and their history of size). +This should help us to reveal unexpected behaviour caused by widespread malware ​(for example sending spam from compromised computers or DDoS attacks).
-If we would anomaly, server request routers for keys (IP addresseswhich matches given compartners.+
  
-This should help us to reveal unexpected behaviour caused by widespread malware ( for example sending SPAM from attacked computers or DDoS attacks)+Data are generated in aggregated form - so we can't determine on which devices anomaly was detected.
  
-Data are generated in aggregated form - so we can't determine on which devices anomaly was created. 
  
 =====Nikola===== =====Nikola=====
  
-Nikola analyzes logs from firewall (IPTablets). +Nikola analyzes logs from the router’s ​firewall (IPTables). Nikola sends records of packets, which are caught by the firewall. Usually it tries to connect ​from outside to non-existing services (for example: ​Brute-forcing your password on SSH or scanning ports).
-Nikola sends records of packets, which are caught by firewall. Usually it is tries from outside ​to connect ​to non-existing services (for example: ​brute-forcing your password on SSH or scanning ports)+
  
-After 10 days we aggregated ​(?data - so after this period we can't determine from who are they and in original form they'​re deleted.+Currently we retain the data for 10 days, then it’s deleted or anonymized. ​(either the local or remote end of the communication is dropped). During the 10 days, it is possible to link the records with you, but to be honest, it's far less interesting for three-letter agencies than the data collected by your ISP.
  
 =====Logsend===== =====Logsend=====
  
-It sends logs from automatic updates firmware from your router and also from collecting software (?). +Logsend ​ just parses the information about "​our"​ services (uCollect, Nikola) and important ​router ​health information (like if the firmware updates was success ​and if wasn’t It will send to us some stuff from syslog and sends it to our server 
-This helps us to find any problem with overall health of your router+This helps us to find any problem with the overall health of your router ​and improve automatic updates.
- +
-Data are deleted after 10 days.+
  
 +This data is deleted after 10 days.