NNSquad - Network Neutrality Squad
[ NNSquad ] "Global Internet Speedup" edns-client-subnet geo location info and privacy issues
"Global Internet Speedup" edns-client-subnet geo location info and privacy issues
http://j.mp/r6mpU2 (This message on Google+)
- - -
http://j.mp/qIqaaS (CNET Article)
"OpenDNS, Google, and a few others have built a new technology into
their Internet operations that's designed to speed up the delivery of
data around the globe. The technology augments the Domain Name System
that provides the numeric Internet Protocol (IP) address needed to get
data to an Internet domain such as news.com. Those that developed it
include OpenDNS, Google, and VeriSign. Called edns-client-subnet in
technical circles, or more ambitiously the "Global Internet Speedup,"
it uses geographic information associated with IP addresses to help
computers fetching data get it from the closest--and therefore
fastest--server."
- - -
RFC Draft "dnsext" ( http://j.mp/rig1UN [IETF] ) notes the potential
privacy issues related to this extension, and recommends mitigation
techniques (see section 9.1). Whether or not truncation to 24 bits is
sufficient to satisfy relevant concerns of all users seems somewhat
problematic, given that this permits identification down to the Class
C network level, which is frequently dedicated statically to
individual organizations. The dnsext recommendation for specifying a
"fully hidden" IP address would not be easily usable by most users
given existing DNS tools.
Better geolocation data to aid CDN efficiency is a laudable goal, but
I am not convinced that this particular "hack" is the best way to go
about it. In any ground-up redesign of the antique, overextended, and
failing DNS system (e.g. IDONS - http://j.mp/h7T2gF [Lauren's Blog]),
CDN-aiding locality signals should be possible without any significant
negative privacy implications, e.g.: http://j.mp/gHbgxs (GCTIP
Forums).
It is certainly true that full IP addresses are already visible to
various servers and transit entities in the course of existing
Internet name resolution and communications procedures. However,
given rising concerns re ISP and other snooping, and
government-mandated data retention efforts, any plan that
significantly expands the availability of IP address data (even if
partly truncated) that could potentially be used for retrospective
tracking purposes, should be approached with significant caution.
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
- PRIVACY Forum: http://www.vortex.com
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren
Twitter: https://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com