NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] A quick comment on DNS vs. NSA


A quick comment on DNS vs. NSA

You guys really read fast.  A couple of lines in the item sent out a
little while ago, touching on the issue of metadata and NSA as relates
to third-party DNS services, caused a number of instant queries to
appear in my inbox.  Is this a real problem, especially considering
that the vast majority of Internet users aren't likely of interest to
NSA anyway?

The question revolves around how sensitive resolved site lookup data
actually is, in the broader context of the Internet.  

Most users simply resolve through their ISP-provided DNS servers and
leave it at that (this can -- currently -- have some advantages in
terms of helping content distribution networks serve the user from a
geographically advantageous point, but that's a whole 'nuther
discussion and the subject of considerable ongoing work).

Some users resolve through their own DNS servers and systems, but this
is mainly done by organizations with significant in-house tech
resources (and more serious geeks).

And a large number of users choose to use third-party services like
Google Public DNS, OpenDNS (those are the two majors), and others.

Google has a policy of anonymizing key fields of DNS logs in around
48 hours, and both Google and OpenDNS have clearly stated privacy
protections overall for DNS-related data.

But do these logs in whatever form they take represent attractive metadata
targets to NSA (or whomever)?  That's the question a number of people have
been sending me this afternoon.

I'll answer this way.  In theory, they represent a metadata source that might
be of interest (especially in unanonymized form), but in the scheme of things
I don't think they're a big deal in context.

Very briefly, a key reason why is that the major ISPs themeselves
likely represent a much richer source of user metadata, having access
as they do to *all* traffic-related aspects of users' Internet
activities, one way or another.

So if you want to use a third-party DNS service -- and there are good
reasons for many users to do so -- worrying about metadata and NSA
probably shouldn't stop you.

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
 - Data Wisdom Explorers League: http://www.dwel.org
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad