undefined | Better HN

0 pointsdevit6y ago0 comments

Probably the ISP, since it already has a working business model unrelated to selling your DNS query data and doing so is probably illegal in several countries.

0 comments

sciurus6y ago

The terms of the Trusted Recursive Resolver program explicitly disallow selling your DNS query data.

> Your DNS data can reveal a lot of sensitive information about you, and currently DNS providers aren’t subject to any limits on what they can do with that data; we want to change that. Our policy requires that your data will only be used for the purpose of operating the service, must not be retained for longer than 24 hours, and cannot be sold, shared, or licensed to other parties.

https://blog.mozilla.org/netpolicy/2019/12/09/trusted-recurs...

https://wiki.mozilla.org/Security/DOH-resolver-policy

(Disclosure: I work for Mozilla, but not on this)

3xblah6y ago

NextDNS purports to be a DNS provider that will use public blocklists and filter queries and block ads and tracking like a PiHole.

The Mozilla TRR policy states that the DNS provider must not filter any queries unless the user explicitly opts-in.

How would a user selecting NextDNS as a TRR indicate that she wants NextDNS to filter queries in order to block ads and tracking.

The TRR policy also states that the provider must not use the EDNS Client Subnet extension. It looks like NextDNS does use some modified version of ECS, at least in its plaintext DNS service.

The FAQ states users can submit a query with class CHAOS instead of IN to get some diagnostics, e.g.,

   drill -t example.com @45.90.28.0 a chaos

Unfortunately, someone who ISP is filtering port 53 cannot make this query.

heavyset_go6y ago

If you're in the US, read your ISP's privacy policy sometime: part of their business model involves selling the data about the sites you visit.

RussianCow6y ago

Having a steady revenue stream has not stopped many companies from also selling user data. See: ads in Windows, smart TVs, cell carriers selling location data, etc. The list goes on... Why would ISPs be any different?

j / k navigate · click thread line to collapse