• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Privacy

Started by Ninho, March 27, 2010, 05:30:57 AM

Previous topic - Next topic

Ninho

I posted a question way back about our privacy when using the tunnel broker; since however I'm surprised there has been no response. I'm tempted to bring the subject up again, with due apologies. Though IHNTH (I have nothing particular to hide  :) ... ) & I am NOT suspecting HE of doing anything nefarious, I think it is in order to be made precise what is/isn't logged by HE when using the tunnels it provides to us.

As in (not a limitative list) :

- tunnel establishment / rupture time, tunnel end IPv4

- connection (TCP...), packet exchange (non connected protocols) times, connected IP addresses...

- packet contents (data)

- DNS requests...

What kind of data is kept for how long and to which end (technical process, legal obligation...) is what I'd like to be made clear. Indeed as I stated in my previous post, this might as well be written down as a "privacy policy" on the tunnel broker web pages.


mleber


In general, you should assume the same security stance you would with public wifi.  Hurricane Electric strongly recommends clients use SSH, secure IMAP, TLS, HTTPS, etc.

That said, we treat the tunnel service the same as we treat wholesale IP transit connections.  We do not do any transparent caching or NXDOMAIN redirects.  We do not do deep packet inspection.

Our efforts are focused on improving connectivity by expanding our native IPv6 and IPv4 backbone to more countries internationally and more states in the US; the free tunnel service will be expanded geographically as our underlying backbone is expanded.

Ninho

Quote from: mleber on March 27, 2010, 12:25:22 PM
In general, you should assume the same security stance you would with public wifi. 
(...)
That said, we treat the tunnel service the same as we treat wholesale IP transit connections.  We do not do any transparent caching or NXDOMAIN redirects.  We do not do deep packet inspection.


Fine, thanks !