NNSquad - Network Neutrality Squad
[ NNSquad ] Re: Privacy issues in proposed DNS protocol extension
I'm not currently convinced that there are major privacy problems with this DNS extension proposal, given the existing Internet infrastructure and typical modes of operation. One issue (that doesn't just involve this situation) is whether anonymization of the low order octet of IPv4 addresses provides sufficient privacy protection in any contexts. For typical consumer Internet users it's probably good enough. But for any entity that controls blocks of IP address space, it becomes more problematic. I know of many one-man businesses that operate entire Class C networks, for them lowest order octet anonymization provides no privacy benefits at all. The DNS extension proposal does include a full anonymity opt-out, though it's unclear to me how widely it would be implemented or understood, especially early on. BUT. As I said at the top, I don't think that in the real world of the Internet this DNS proposal introduces significant new privacy risks, and it would bring significant efficiency and other benefits, especially in edge caching environments. The reason I don't see a real problem is that the main source of location data (and any associated privacy issues) is the IP address as delivered by necessity to Web site servers themselves. Most consumers use the DNS resolvers of their ISP -- even if they didn't the ISP could track and log every site that they visited via direct (non-VPN, non-proxied) connections. Most people don't run their own DNS resolvers. Whether you use your ISP's recommended DNS, the Google DNS, OpenDNS, or other similar services, you are exposing your IP address to them, and your next step of course will be to expose your IP address to the actual Web sites to which you connect. If you connect to an anonymizing proxy, you're exposing your IP address to the proxy. This is just how the Internet works. I just don't buy into the argument that there is a significant change created in the "privacy spectrum" by this DNS extension proposal, when viewed in the context of the many ways that IP addresses are of necessity exposed during the normal status quo operations of the Internet today. --Lauren-- NNSquad Moderator - - - On 01/29 10:51, Joe Baptista wrote: > I'm taking this opportunity and invitation from Lauren to address the > privacy issues in the Google DNSEXT proposal. > > This protocol will be welcomed by big business. It's perfect for targeted > marketing campaigns. Based on your IP address an authoritative name server > can direct your query to specific resources. > > The new protocol will allow geo-targeted responses based on the users > network address location. The rationalization seems to be that a user will > be better served by a nearby server therefore improving speed, latency, and > network utilization. > > I'm sure the protocol will be used for this purpose in some cases but not in > all. I predict the use of the protocol by big business will have less to do > with improving the user experience and more to do with target marketing > efforts. After all if they know where you live they can better target their > products and services to you. > > Those concerned about privacy have good reason to red flag this protocol. > The user will have less privacy in the DNS then they do now. Thats a given. > Even with the recommended anonymization procedure privacy issues are a > concern. > > But let's not forget that every time you visit a web site your IP address is > known. Is it a big deal that now the DNS servers know your network address? > If the protocol becomes a reality I have no doubt that with the state of the > DNS and security issues these days that abuses will happen. > > There will be provacy issues when it comes to anonymous proxy services. > Anonymous proxies are used to hide users IP addresses from websites. It > seems to me the new Google DNSEXT protocol may defeat the purpose behind > anonymous proxy services. > > regards > joe baptista > > On Wed, Jan 27, 2010 at 10:22 PM, Lauren Weinstein <lauren@vortex.com>wrote: > > > > > Several people have already asked me about the privacy implications > > associated with http://bit.ly/cAS0rO (Google Code Blog). > > > > For now, I recommend reading the full Draft: > > > > http://bit.ly/bf7wa7 (IETF) > > > > for details, but the executive summary is that the default > > recommendation is anonymization of the low order octet of IP > > addresses, and includes a mechanism for full address opt-out > > from the extension (see section 8.1). > > > > I welcome discussion here in NNSquad of the perceived implications of > > this proposal, both positive and/or negative. > > > > --Lauren-- > > NNSquad Moderator > >