Comment by danudey
1 day ago
I took a look at their privacy policy and agree that it doesn't specifically list that it logs which domains are being queried. It does list a bunch of things it does log as counters, all of which seems reasonable, but they don't explicitly say "we count which domains are being queried".
That said, I think it's entirely reasonable for them to log domains alone if they're completely disconnected from any user activity, i.e. a simple "increment the counter for foo.com" is reasonable since that's unrelated to user privacy.
Unless say, an adversary can link an obscure domain to a specific user/use case. Get that counter log and you can track a certain behavior (only pings this domain when about to do something or when on vacation, their house is empty, etc.)
One way around that is to set up a cron job that queries the most common domains one visits hourly. When requested by workstations and cell phones they will be served up by cache. At least that is what I have been doing for a few decades and works fine. I block all the DoH/DoT resolvers which is easier to do than some might think. One can do the individual A records or just the apex A/NS records to get infrastructure cache and then configure Unbound to prefetch records about to expire.
Just for fun I have added some of these into my cron job.
The average burglar probably isn’t cross-referencing DNS statistics.
Yes but I don't think the average Quad9 user is worried about being tracked by average burglars.. more like advanced syndicates and nation states.
3 replies →