[jsnell]

The article isn't making that claim. Logging the traffic can for example mean storing CDRs for the connections. The kind of thing your ISP could also do, and in many jurisdictions is legally obligated to.

They could do per-flow logging of TCP flows (subscriber 89 made a TCP connection to 1.2.3.4:567 starting at 12:00:05, ending at 12:02:04, transferring 10kB up and 1MB down). In the worst case this would also include the TLS SNI, which is transmitted in plaintext.

Or it they could do logging based on the endpoint (subscriber 89 transmitted 1MB from IP 1.2.3.4 in the 15 minute interval 12:00-12:15).