Hacker News new | ask | show | jobs
by thanksforfish 1733 days ago
> One way to make DNS surveillance more difficult is to use a public open DNS server, such as Google's 8.8.8.8

I assumed Google ran 8.8.8.8 to collect data for targeted advertising, as one of the major players in surveillance capitalism. Am I mistaken?
4 comments
zokier 1733 days ago
There are at least two ways of looking that make using 8.8.8.8 sense.

First is that if you assume that Google has a decent profile of you anyways (from other services), then feeding in DNS data to Google would have relatively minor impact on your privacy.

Second is that at least Google is relatively competent and restrictive in providing any of the important data to 3rd parties, whereas other providers (like your ISP) is more like to sell the data wholesale left and right.

Both are sort of "better the devil that you know" ways of thinking.

link
taneq 1733 days ago
> Second is that at least Google is relatively competent and restrictive in providing any of the important data to 3rd parties, whereas other providers (like your ISP) is more like to sell the data wholesale left and right.

While this is true (of all the entities trying to gather my data I'd expect Google to be one of the least likely to leak it - after all, no matter your preconceptions, Googlers are usually pretty good at what they do) it's at least somewhat moot because while your ISP (or, say, MasterCard) is more likely to sell your data, Google is more likely to be buying that data (from, say, MasterCard). If any basket acquires more than a certain percentage of my eggs (or footprints), I start to get uncomfortable.

link
skybrian 1733 days ago
According to Google [1], they keep client IP addresses and DoH headers for up to 48 hours and then strip them after that, and don’t use the logs for any personalization.

Everyone else here is assuming you can’t trust what they say, but it’s worth pointing out that, if they’re telling the truth, none of the rest of this privacy discussion matters.

[1] https://developers.google.com/speed/public-dns/privacy

link
beermonster 1733 days ago
But ideally you shouldn’t have to trust them.
link
skybrian 1733 days ago
Sure, which is why Oblivious DNS would be a nice upgrade. One less thing to worry about.

But I expect that, compared to 8.8.8.8 or 1.1.1.1, the user experience will be unaffected, and there will be no measurable improvement in user privacy. (Because we have no way to measure it unless something bad happens and it can somehow be traced back to one of these DNS services.)

link
peddling-brink 1733 days ago
Anything that gets people online and able to use google's services is good for google.

They claim to not use it for targeted advertising. https://developers.google.com/speed/public-dns/privacy

link
taneq 1733 days ago
I've been using OpenDNS for years on the same basis... am I just being naive to assume they're not as bad?
link