Parsing Privacy Policies: Is OpenDNS logging data forever?

OpenDNS is an alternative DNS system. It is a for-profit company which makes most of its money through Google advertisements displayed to users when they enter invalid hostnames.

OpenDNS is the frequent darling of the security press. The very same journalists frequently pummel Google (and rightly so) for their lackluster approach to customer privacy.

Last month, OpenDNS's CEO started throwing dirt at Google for their pretty shameful keyword hijacking advertisement deal with Dell and others.

In a separate matter, Google recently adjusted its logging policy (although not nearly enough), after getting smacked around in a PR dust-up initiated by Privacy International. Given the fact that David Ulevitch and OpenDNS were willing to take such an admirable public stand against Google, I decided to look into OpenDNS's own privacy and logging policies - to see how they themselves fare against the Big G.

---

The most relevant portions of OpenDNS's privacy policy include:

OpenDNS's DNS service collects non-personally-identifying information such as the date and time of each DNS request and the domain name requested.

OpenDNS also collects potentially personally-identifying information like Internet Protocol (IP) addresses of website visitors and IP addresses from which DNS requests are made. For its DNS services, OpenDNS is storing IP addresses temporarily to monitor and improve our quality of service.

In addition, we may combine non-personally-identifiable information with personally-identifiable information in a manner that enables us to attribute website and DNS service usage to an individual customer's computer or network.

Other than to its employees, contractors and affiliated organizations, as described above, OpenDNS discloses potentially personally-identifying and personally-identifying information only when required to do so by law, court order, or when OpenDNS believes in good faith that disclosure is reasonably necessary to protect the property or rights of OpenDNS, third parties or the public at large.

---

What does this mean?

OpenDNS is logging information on all DNS requests received by their servers. They log the IP address that initiated each request. Thus, OpenDNS knows and stores the fact that at 11:10PM on Friday the 22nd of June, someone at the network address of some-user-in-washington-dc.comcast.com visited www.thepiratebay.org

OpenDNS logs data on every single unique domain name that you visit. They know that you have visited www.ilikeburritos.com and sometimes.ilikeburritos.com, but they don't have any info on which specific webpages in those domains that you visit. This is still a huge amount of information - more, possibly, than Google knows.

OpenDNS keeps this information for a "temporary," yet undefined period of time. Unlike Google, who promise to anonymize the data after a set period of time, it does not look like OpenDNS makes any attempt to anonymize any of their logs.

It does not look like OpenDNS has any kind of public log deletion policy, and thus they could still be storing log data years after the queries were sent to their servers.

This information could be requested by law enforcement, the RIAA, or an angry spouse in a divorce case. These would all be legal instances in which the courts could compel OpenDNS to reveal data on customers. The only way to avoid having 8 year old DNS requests showing up in a custody dispute would be for OpenDNS to announce and enforce a data logging and log deletion policy.

---

What can you do?

While OpenDNS is not perfect, they are probably still better than your average mega-corporate ISP. Some ISPs already seem to be selling data on which websites customers visit. Likewise, AT&T has quite thoroughly sold its customers out to the RIAA and MPAA.

Instead, the best thing to do is to write to Dave Ulevitch/OpenDNS (david [at]opendns [dot] com) and ask him to revise/create a data deletion and anonymization policy.