[kitteh]

What about your ISPs employees? Do you trust a sysadmin pulling 40-50k a year (or less) to not sell your DNS resolver data?

Do you think your ISP has better controls and a security team than some of the big CDNs and cloud providers to detect and prevent this?

The reason I bring it up is because I know a number of ISPs whose sysadmins were on the take and selling bulk regular dumps of DNS resolver data under the table to other parties for years.

[stiray]

That would be criminal offense - it would mean criminal investigation and quite probably a fine for ISP (negligence). It is just not worth the risk.

If we go into those waters they can also break into my house, smack me on my head, use rubberhose cryptoanalysis, decrypt my machines and copy data from there.

For 3rd party company outside of our juristiction there is nothing that protects my data, actually they will abuse them as part of their bussines model.

The data transfers are not free, if someone is setting up free DNS resolving (cloud storage, providing emails, operating system for phones,...) there is some hidden profit within (the good old: "if something is free you're the product")

For ISP I pay for their service and this is a huge difference (also regarding laws - a much broader set applies)

[hurtyfi]

> The reason I bring it up is because I know a number of ISPs whose sysadmins were on the take and selling bulk regular dumps of DNS resolver data under the table to other parties for years.

Can you substantiate this claim? I've heard of ISPs in the USA who sell data, but what you're describing sounds a little bit far fetched.

[belorn]

When you say "under the table", do you mean unbeknown to the customer or the employer? The later will likely result in the employee being fired, fined and possible jailed. I would also suspect that a criminal do not file taxes for selling stolen data, so one can likely add tax fraud.

If you know such people you should consider reporting it to the police.

[gsich]

>What about your ISPs employees? Do you trust a sysadmin pulling 40-50k a year (or less) to not sell your DNS resolver data?

Yes. What use do you have for that data? Especially if it's only one user. There is not much that you can do.