Re: Privacy issues in proposed DNS protocol extension

[David Farber <dave () farber net>]

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: January 29, 2010 5:29:54 PM EST
To: dave () farber net
Subject: Privacy issues in proposed DNS protocol extension


Dave, I'm not currently convinced that there are major privacy
problems with this DNS extension proposal, given the existing Internet
infrastructure and typical modes of operation.

One issue (that doesn't just involve this situation) is whether
anonymization of the low order octet of IPv4 addresses provides
sufficient privacy protection in any contexts.  For typical consumer
Internet users it's probably good enough.  But for any entity that
controls blocks of IP address space, it becomes more problematic.  I
know of many one-man businesses that operate entire Class C networks,
for them lowest order octet anonymization provides no privacy benefits
at all.

The DNS extension proposal does include a full anonymity opt-out,
though it's unclear to me how widely it would be implemented or
understood, especially early on.

BUT.  As I said at the top, I don't think that in the real world of the
Internet this DNS proposal introduces significant new privacy risks,
and it would bring significant efficiency and other benefits, especially
in edge caching environments.

The reason I don't see a real problem is that the main source of location
data (and any associated privacy issues) is the IP address as delivered
by necessity to Web site servers themselves.  Most consumers use the
DNS resolvers of their ISP -- even if they didn't the ISP could track
and log every site that they visited via direct (non-VPN, non-proxied)
connections.  

Most people don't run their own DNS resolvers.  Whether you use your
ISP's recommended DNS, the Google DNS, OpenDNS, or other similar
services, you are exposing your IP address to them, and your next step
of course will be to expose your IP address to the actual Web sites to
which you connect.  If you connect to an anonymizing proxy, you're
exposing your IP address to the proxy.

This is just how the Internet works.

I just don't buy into the argument that there is a significant change
created in the "privacy spectrum" by this DNS extension proposal, when
viewed in the context of the many ways that IP addresses are of necessity
exposed during the normal status quo operations of the Internet today.

--Lauren--
NNSquad Moderator

- - -

On 01/29 10:51, Joe Baptista wrote:
> I'm taking this opportunity and invitation from Lauren to address the
> privacy issues in the Google DNSEXT proposal.
>
> This protocol will be welcomed by big business. It's perfect for targeted
> marketing campaigns. Based on your IP address an authoritative name server
> can direct your query to specific resources.
>
> The new protocol will allow geo-targeted responses based on the users
> network address location. The rationalization seems to be that a user will
> be better served by a nearby server therefore improving speed, latency, and
> network utilization.
>
> I'm sure the protocol will be used for this purpose in some cases but not in
> all. I predict the use of the protocol by big business will have less to do
> with improving the user experience and more to do with target marketing
> efforts. After all if they know where you live they can better target their
> products and services to you.
>
> Those concerned about privacy have good reason to red flag this protocol.
> The user will have less privacy in the DNS then they do now. Thats a given.
> Even with the recommended anonymization procedure privacy issues are a
> concern.
>
> But let's not forget that every time you visit a web site your IP address is
> known. Is it a big deal that now the DNS servers know your network address?
> If the protocol becomes a reality I have no doubt that with the state of the
> DNS and security issues these days that abuses will happen.
>
> There will be provacy issues when it comes to anonymous proxy services.
> Anonymous proxies are used to hide users IP addresses from websites. It
> seems to me the new Google DNSEXT protocol may defeat the purpose behind
> anonymous proxy services.
>
> regards
> joe baptista
>
> On Wed, Jan 27, 2010 at 10:22 PM, Lauren Weinstein <lauren () vortex com>wrote:
>
> > Several people have already asked me about the privacy implications
> > associated with http://bit.ly/cAS0rO (Google Code Blog).
> >
> > For now, I recommend reading the full Draft:
> >
> > http://bit.ly/bf7wa7  (IETF)
> >
> > for details, but the executive summary is that the default
> > recommendation is anonymization of the low order octet of IP
> > addresses, and includes a mechanism for full address opt-out
> > from the extension (see section 8.1).
> >
> > I welcome discussion here in NNSquad of the perceived implications of
> > this proposal, both positive and/or negative.
> >
> > --Lauren--
> > NNSquad Moderator

----- End forwarded message -----




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com