tag:blogger.com,1999:blog-16750015.post8625969424795120569..comments2024-01-24T20:01:37.600-05:00Comments on slight paranoia: Parsing Privacy Policies: Is OpenDNS logging data forever?Christopher Soghoianhttp://www.blogger.com/profile/08950937382104783909noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-16750015.post-60572279743326960052011-03-30T09:00:35.752-04:002011-03-30T09:00:35.752-04:00Your ISP can filter, capture and store all of your...Your ISP can filter, capture and store all of your DNS queries (as with all unencrypted date you are sending/receiving) anyway, no matter whether the queries as such are directed at their own DNS servers or not. As such, an argument considering the switching of the DNS service provider away from your ISP only for privacy reasons appears to be entirely futile.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-6479473119614704652011-02-12T11:29:41.282-05:002011-02-12T11:29:41.282-05:00I don't buy what OpenDNS posted here either. ...I don't buy what OpenDNS posted here either. Their privacy statement even says they still store "backups" of the logs, which means they store them. There is absolutely no excuse to justify any business storing things like this. Except to cater to big brother.<br /><br />Here is a part of their privacy statement Notice where they claim they remove the IP after 2 days, then goes on to say "except for".... the stored logs.<br /><br />"For its DNS services, OpenDNS temporarily stores logs to monitor and improve our quality of service, and to collect high-level aggregate Statistics. For customers without an account, OpenDNS generally removes the IP address from its logs within 2 business days, except for backup or archival copies which are not generally accessed in the normal course of business."Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-45265785617184426082009-05-20T11:59:29.480-04:002009-05-20T11:59:29.480-04:00I had an account with OpenDNS, but after reading t...I had an account with OpenDNS, but after reading their privacy policies, I wrote to them, and had them delete my account. Now I use them anonymously. However, if you have an account with them, there is an option there for you to delete/purge your info in your settings. You can do this as many times a day as you want. Now after reading this, I may stop using them all together, as I find it quite disturbing. All this time I was under the impression of it being more "secure" than my ISP. I liked the fact that pages are cached, therefore if you got no results, or your ISP dns went down, with OpenDNS you could still obtain results. Now, I too, just find this "creepy"Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-60375617329150030512008-08-23T10:46:00.000-04:002008-08-23T10:46:00.000-04:00The following excerpts from the current OpenDNS pr...The following excerpts from the current OpenDNS privacy policy are worrysome to me.<BR/><BR/>1. "when a website visitor searches on OpenDNS, the IP address and query are shared with OpenDNS's advertising partners"<BR/> I'm not clear on exactly what this means, since there's no search feature on the OpenDNS site that I see. If searching means use of the popular web search engines (google etc), that's creepy.<BR/><BR/>2. "This policy does not apply to the practices of third parties that OpenDNS does not own or control, or to individuals that OpenDNS does not employ or manage"<BR/> If this doesn't apply to their advertising partners, again creepy.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-4061425209567170002008-07-13T11:05:00.000-04:002008-07-13T11:05:00.000-04:00"To be explicit -- we will never disclose or sell ..."To be explicit -- we will never disclose or sell ANY personally identifiable data to ANY third party."<BR/><BR/>You can not guarantee that. You can be compelled via civil tort discovery and criminal subpoena to release any and all publicly identifiable information you stored live or via backup mediums.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-3578977802287845412007-06-26T11:36:00.000-04:002007-06-26T11:36:00.000-04:00We are absolutely, unquestionably and unequivocall...<STRONG>We are absolutely, unquestionably and unequivocally uninterested in collecting personally identifiable information on you.</STRONG> <BR/><BR/>That specifically includes anything like a log record that has the tuple of "timestamp + src_addr + query."<BR/><BR/>The author of this post gets one thing absolutely right, the best thing to do is talk to us. I think the author of this post did talk to me, and knows we're in the process of updating our policy.<BR/><BR/>To be explicit -- we will never disclose or sell ANY personally identifiable data to ANY third party. <BR/><BR/>As for the RIAA, they can bite me. :-) As for law enforcement, they won't come talk to us when they already have "lawful intercept" rights on your ISPs network. <BR/><BR/>I'm putting together a reply on our blog now. I think we're sending our changes to the privacy policy and Terms of Service to the lawyers tomorrow and it should be posted by Friday.David Ulevitchhttps://www.blogger.com/profile/04789441983097240175noreply@blogger.com