Sponsored Links

Research question

SpotofLight

Casual Member
Hello,

I was wondering if anyone could kindly offer me any guidance. I’m currently writing a screenplay (nothing exciting - it probably won’t even get made!) and I have a question about ISPs and their logs. I really don’t have much knowledge in this field, but the story I have to work with involves this as a plot point.

My question is whether it would be likely that a message posted on an internet forum about 15 months before the present day could be traced back to its writer?

I understand that most (nearly all?) broadband users are given dynamic IP addresses. I also read here I think that ISPs generally keep logs of who has what IP address for about a year, so I’m wondering if it’s a stretch to have an investigation launched 15 months down the line? Or would the police by this point be unable to match up the IP address of the poster with a current broadband subscriber?

Many thanks for any help you can offer,
 
Hello,

I was wondering if anyone could kindly offer me any guidance. I’m currently writing a screenplay (nothing exciting - it probably won’t even get made!) and I have a question about ISPs and their logs. I really don’t have much knowledge in this field, but the story I have to work with involves this as a plot point.

My question is whether it would be likely that a message posted on an internet forum about 15 months before the present day could be traced back to its writer?

I understand that most (nearly all?) broadband users are given dynamic IP addresses. I also read here I think that ISPs generally keep logs of who has what IP address for about a year, so I’m wondering if it’s a stretch to have an investigation launched 15 months down the line? Or would the police by this point be unable to match up the IP address of the poster with a current broadband subscriber?

Many thanks for any help you can offer,
Anything can be traced I'd say.

Websites collect a scary amount of data, someone who I've talked to in the past made this project and this just shows mostly unnecessary information that sites have access to: https://valiantwind.github.io/Device-Details/
 
Anything can be traced I'd say.

Websites collect a scary amount of data, someone who I've talked to in the past made this project and this just shows mostly unnecessary information that sites have access to: https://valiantwind.github.io/Device-Details/
Software does exist out there to specifically locate where an IP address originates from and will attempt to give you the exact co-ordinates of where something took place.

There's a lot we don't know about tracing considering the government etc would like to keep this stuff secret, but I would argue that anything can be traced.
 
Sponsored Links
Thanks for your speedy reply! So you don’t think a time limit would apply?
No, I don't think it would make too much difference. There's a lot we don't know, and I'd air on the side of caution.

Might be worth waiting for some more knowledgeable members since they would know much better than I do.
 
I understand that most (nearly all?) broadband users are given dynamic IP addresses. I also read here I think that ISPs generally keep logs of who has what IP address for about a year, so I’m wondering if it’s a stretch to have an investigation launched 15 months down the line? Or would the police by this point be unable to match up the IP address of the poster with a current broadband subscriber?
Under English law - and the law may vary in different parts of the world, so it might depend on exactly what is going on in your fictional scenario - the maximum an operator can be compelled to retain communications data such as these under a data retention notice is 12 months.

If, for its own business reasons, an ISP had logs going back beyond those 12 months, then so be it - they could still be required to provide those logs to the police under a communications data notice.

But if you are writing a screenplay, technical (legal) accuracy might play second fiddle to an interesting plot :)
 
Sponsored Links
Under English law - and the law may vary in different parts of the world, so it might depend on exactly what is going on in your fictional scenario - the maximum an operator can be compelled to retain communications data such as these under a data retention notice is 12 months.

If, for its own business reasons, an ISP had logs going back beyond those 12 months, then so be it - they could still be required to provide those logs to the police under a communications data notice.

But if you are writing a screenplay, technical (legal) accuracy might play second fiddle to an interesting plot :)
Thank you!
This is helpful. Do you think I’d be right in thinking that ISPs who for their own business reasons would keep them longer than a year might include everyday user focused ones or is it likely to just be specialised business ISPs or something?

Thanks again
 
> Do you think I’d be right in thinking that ISPs who for their own business reasons would keep them longer than a year might include everyday user focused ones or is it likely to just be specialised business ISPs or something?

Each ISP should be publishing retention periods, as part of its UK GDPR transparency information, so you could pick a handful and see what they have to say.

I'd be very surprised if (m)any kept data around for that long - it has a cost, and I can see very little benefit.
 
> Do you think I’d be right in thinking that ISPs who for their own business reasons would keep them longer than a year might include everyday user focused ones or is it likely to just be specialised business ISPs or something?

Each ISP should be publishing retention periods, as part of its UK GDPR transparency information, so you could pick a handful and see what they have to say.

I'd be very surprised if (m)any kept data around for that long - it has a cost, and I can see very little benefit.
Ok thank you. I didn’t realise they published this information. I kind of thought maybe they’d have to be a bit secretive about what they do with data and for how long in order to not let criminals know how it all works.
 
Ok thank you. I didn’t realise they published this information. I kind of thought maybe they’d have to be a bit secretive about what they do with data and for how long in order to not let criminals know how it all works.
Neil runs the site https://decoded.legal which talks about legal stuff and tech, recommend a visit if you haven't done so already
 
Sponsored Links
Ok thank you. I didn’t realise they published this information. I kind of thought maybe they’d have to be a bit secretive about what they do with data and for how long in order to not let criminals know how it all works.
Bear in mind that you were talking about retention for business purposes at this point, so harder to claim secrecy obligations around it.

It might be easier though to work out the plot / the situation you need to be the case, and then identify the facts that fit that scenario.
 
Bear in mind that you were talking about retention for business purposes at this point, so harder to claim secrecy obligations around it.

It might be easier though to work out the plot / the situation you need to be the case, and then identify the facts that fit that scenario.
Ah ok I think I understand.

Thank you.
 
@SpotofLight more things to consider:

1 - Could be the forum host - not the ISP - that might keep IP data for long term or indefinitely.

2 - if the forum uses 3rd party "analytics" then they too might have this data. Eg Google analytics.

3 - many ISPs and almost all mobile/4G ones increasingly use CGNAT, ie sharing the same public IP for many/most/all clients since there is an ipv4 shortage, so this could hide the user to a degree.

4 - the user could be using a VPN which could also hide them among many others, similar to point 3.
 
I would suggest an ISP or webhost keeping logs for 15 months "just because" is unlikely, unless there is other business need or maybe value (for example monetising data held in the logs).

As others have noted there is a cost, not only storage space but also a regulatory burden. Most logs contain PII (personally identifiable information) either directly or indirectly which brings them into scope of GDPR where the data subject is an EU or UK citizen (and the scope of the regulation is worldwide). Therefore any retention of such data must be for specific purposes, proportionate and necessary, etc. as per the control required in the Act.
 
Anything can be traced I'd say.

Websites collect a scary amount of data, someone who I've talked to in the past made this project and this just shows mostly unnecessary information that sites have access to: https://valiantwind.github.io/Device-Details/
This is pretty unimpressive. It lists some very basic details from my browser's user agent, tells me my device has "at least 0.5 GiB of RAM" (really, in 2024?) and that its battery is "100% and charging" (it's a desktop PC). My location is given as London.
 
Sponsored Links
@SpotofLight more things to consider:

1 - Could be the forum host - not the ISP - that might keep IP data for long term or indefinitely.

2 - if the forum uses 3rd party "analytics" then they too might have this data. Eg Google analytics.

3 - many ISPs and almost all mobile/4G ones increasingly use CGNAT, ie sharing the same public IP for many/most/all clients since there is an ipv4 shortage, so this could hide the user to a degree.

4 - the user could be using a VPN which could also hide them among many others, similar to point 3.
1. Yes, though doesn’t it depend on having the ISP’s IP assignment logs to match up with the forum’s IP logs?

3. That’s interesting

Thanks for your response
 
I would suggest an ISP or webhost keeping logs for 15 months "just because" is unlikely, unless there is other business need or maybe value (for example monetising data held in the logs).

As others have noted there is a cost, not only storage space but also a regulatory burden. Most logs contain PII (personally identifiable information) either directly or indirectly which brings them into scope of GDPR where the data subject is an EU or UK citizen (and the scope of the regulation is worldwide). Therefore any retention of such data must be for specific purposes, proportionate and necessary, etc. as per the control required in the Act.
Good points, thank you
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6026)
  2. BT (3639)
  3. Politics (2721)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2146)
  8. FTTC (2083)
  9. Statistics (1901)
  10. 4G (1816)
  11. Virgin Media (1764)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1407)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules