NNSquad - Network Neutrality Squad
[ NNSquad ] Google's New Public DNS Service -- and Data Retention Issues
Google's New Public DNS Service -- and Data Retention Issues
http://lauren.vortex.com/archive/000645.html
Greetings. In a move potentially of significant importance to the
vast majority of Internet users who do not run their own DNS servers
to resolve Internet site domain names, Google has announced their own
publicly accessible DNS service ( http://bit.ly/8JeYrz - [Google
code blog] ).
Unlike some other publicly accessible DNS services that may redirect
nonexistent domain queries for advertising purposes, Google explicitly
states that "Google Public DNS never blocks, filters, or redirects
users." ( http://bit.ly/4qyUlu [Google code] )
This is a key point for users who by default are configured to resolve
their Internet DNS queries through sometimes restrictive ISP DNS
services that may redirect or even block some DNS queries.
Using a different DNS service is usually as "easy" as changing the IP
addresses in your OS DNS settings, but note that if your ISP is
actually diverting the TCP/IP ports that DNS uses to communicate, it
will be impossible for you to switch DNS servers through normal
mechanisms. (For more information on testing for this condition,
please see my "Testing Your Internet Connection for ISP DNS
Diversions" page - http://lauren.vortex.com/archive/000377.html ).
A concern that frequently arises with DNS services is their logging
policies. A DNS server potentially can gather a great deal of
information about the Internet sites that you use. Both some ISPs and
particular public DNS services have been criticized for their DNS data
retention policies, which sometimes provide for indefinite or
long retention of full DNS logging data.
Google has obviously recognized the sensitivity of this issue. Their
separate privacy policy for the Google Public DNS strikes me as utterly
reasonable, particularly given its very rapid (24-48 hours) deletion
of what I would consider to be the key privacy-sensitive data
( http://bit.ly/8XPwNV [Google code] ).
No doubt this won't satisfy some hard-core Google haters, who will
either suggest that Google shouldn't log any DNS query data even for a
very short period of time -- or will simply claim that Google is lying
about their privacy and data retention policies.
But I view graduated "data destruction" policies such as this one
announced by Google as being completely appropriate to provide for
reasonable research purposes without unreasonably impacting user
privacy concerns. I can't help those critics who seem to cynically
assume that Google is a serial liar about their privacy or other
policies, or are convinced that integrated circuits were an "alien
technology" gift from an extraterrestrial civilization.
Since I run my own DNS servers, I'm not in an immediate position to
rigorously test the real-world performance of Google's new DNS
service. But I'd be interested in your reports about this, including
as much detail as you care to provide.
DNS is, for better or worse, at the heart of today's Internet. It
will be fascinating to see what Google's efforts in this area will
bring forth over time.
--Lauren--
Lauren Weinstein
lauren@vortex.com
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
- Network Neutrality Squad - http://www.nnsquad.org
Founder, GCTIP - Global Coalition
for Transparent Internet Performance - http://www.gctip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein