[marcinzm]

Google can tie the DNS requests you make to your IP address and then tie that to you Google accounts. Google now knows every website you go to and can either monetize the data or sell access to it. It also knows your name.

For fun uses of this data, I recently talked to a company that ties medical conditions derived from your browsing behavior to your online profile and then provides a platform for insurances companies to target you based on it.

[xrisk]

I just looked through Google DNS’s privacy policy and what you claim seems incompatible with their claims: https://developers.google.com/speed/public-dns/privacy

Do you have any concrete evidence of what you claim?

[marcinzm]

That assumes you trust Google and many people don't. The fines companies face for violations are peanuts and there may be real incentives internally to using this data. "Accidents" happen after all in complex data systems and they're already allowed to mix the data for "security and abuse". On that note, as I read it, closing all your Google accounts as a result of suspected abuse due to DNS data would be fine under the policy.

[takeda]

First is whether you can trust it, second yes, their privacy states that they don't log IP, and frankly with dynamic IP it isn't really that much valuable anyway. The other information together can tie that to you as a person. Combined with other information that you are disclosing when using their services (since their policy changed many years ago, to allow sharing data between their services) they know exactly who you are and what you're doing on the net.

I really don't understand why those DNS services are so popular. All you need is list of 13 root DNS servers[1] (you only need one, but 13 for resiliency) and a recursive resolver and you can run your own caching server.

[1] https://www.iana.org/domains/root/servers

[protomyth]

What is your legal recourse if Google changes their privacy policy?

[eeZah7Ux]

After the PRISM revelations this argument became very weak.

[ed25519FUUU]

From Google’s DNS privacy page:

> We do not correlate or associate personal information in Google Public DNS logs with your information from use of any other Google service except for addressing security and abuse.

https://developers.google.com/speed/public-dns/privacy

[hedora]

DNS queries aren’t considered personal information in the US. They’re considered metadata. So, they can correlate the queries according to this wording.

Also, the wording implies they can aggregate data, then use it for other purposes (like spying on competitive web sites, etc.)

Finally, it implies they are retained, which means law enforcement has access to the logs (in many cases, without a subpoena).