dns0 has some logging - Githubissues

privacyguides / privacyguides.org

Protect your data against global mass surveillance programs.

https://www.privacyguides.org

Creative Commons Attribution Share Alike 4.0 International

2.54k stars 198 forks source link

dns0 has some logging #2484

Closed jonaharagon closed 2 months ago

jonaharagon commented 3 months ago

Affected page

https://www.privacyguides.org/en/dns/#recommended-providers

Description

Table should note that bulk data is collected for threat intelligence (see Cloudflare DNS for example of how to format such a note)

Sources

https://discuss.privacyguides.net/t/nextdns-logging-is-opt-out-not-opt-in-as-stated-on-pgs-dns-resolvers-recommendations-page/17206/57

Before submitting

[X] I am reporting something that is verifiably incorrect, not a suggestion or opinion.
[X] I agree to the Community Code of Conduct.

jonaharagon commented 3 months ago

We should add a specific logging criteria on this page to note what is and isn’t acceptable data to store too

privacyguides-bot commented 3 months ago

This issue has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/nextdns-logging-is-opt-out-not-opt-in-as-stated-on-pgs-dns-resolvers-recommendations-page/17206/63

dngray commented 3 months ago

I think we should clearly state that logging relates to matching clients with queries, that is after all what most people are going to care about.

"If I go to this website, is anyone going to know or have a record of that?"

Basic metrics on how much of something happens that can't be tied back to a user shouldn't count as logging. We should probably switch quad9 to no logs based on their extensive privacy policy.

If anonymity is in your threat model, then anonymous technology needs to be employed. The assumption here is you wouldn't even trust a privacy policy.

privacyguides-bot commented 3 months ago

This issue has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/nextdns-logging-is-opt-out-not-opt-in-as-stated-on-pgs-dns-resolvers-recommendations-page/17206/66

ignoramous commented 2 months ago

rethinkdns dev here

clearly state that logging relates to matching clients with queries

With DNS-over-TLS and especially DNS-over-HTTPS, logging protocol-relevant information that's not PII to pin-point clients becomes "easier". I don't suspect most DNS resolvers are nefarious, but a mere mention of "no PII" in policy document shouldn't inform PrivacyGuides' judgement if "matching clients with queries" is the criteria.

anonymous technology needs to be employed

Providers that support ODoH and DNSCrypt v3 must be looked at for recommendations, imo.