1.1.1.1: Fast, privacy-first consumer DNS service

> We will never sell your data or use it to target ads. Period.

Won't sell != Won't collect

> We will never log your IP address (the way other companies identify you)

Never log IP != Never log anything

Bonus: The way other companies identify you ~= There are other ways

Edit: Looks like many people assume I'm nitpicking. So here are more specific questions:

* Is logging a hashcode of the IP considered as "not logging the IP"?

* Can combination of timestamp, packet info other than end IP (latency, hops, etc), geoIP and other factors be used for deep intelligence?

AFAIK the only data is domain name, record and the incoming ip. I don't care if they store the first two.

Do you have any actual points against or are you just trying to nitpick? And do you have anything better?

And since it's cloudflare if some site's politics don't align with the owner's politics they'll just block it arbitrarily.

"I can't be arsed to pay $3/mo for a VPS that I can tunnel my DNS requests through, so I'm gonna nitpick on hackernews about a company trying their best to offer it to /everyone/ for free"

Unfortunately, nitpicking is quite necessary. Haven't we seen enough instances of corporations lying through omission? Where is the trend that indicates we should give a more favorable, trustworthy reading to terms and promises like these? I don't see it.

Cloudflare is a for-profit corporation--you know, "duty to shareholders" and all that. We must assume, almost by definition, that they actually have their own self-interests at heart.

Fair point and (maybe) you are right, I am nitpicking but not ashamed to do so. Could have been stronger to say "We won't store your data" rather than "We won't sell your data". And frankly, "we will never log your IP address (the way other companies identify you)", like really? Talking very naively, what if they just store a hashcode or some other derivative of the IP instead, is that counted as logging the IP? And what about the timestamp, geoIP, reverse hostname and other factors, can deep intelligence be used to associate with other behavior?

No that's not fair. Everything is open to criticism.

Any examples of this besides the KKK?

But not every criticism is as high quality as every other criticism. The above for example is just low quality nitpicking.

Well, the post sort of implies that they log everything for 24 hours, but instead of raw IP addresses they log hashed ones, as they still need to identify everyone. Which, sadly, doesn't affect tracking practices at all.

So what's your take on hashcode of the IP considered as "not logging the IP" (and other stuff edited in comment)?

> the only data is domain name, record and the incoming ip

Other data that can be logged:

- timestamp - this can be very revealing when correlated with other datasets.j

- ASN - can sometimes act like fingerprint on it's own, and assists in correlating other data (e.g. the timestamp)

- any identifiable variation in the structure or behavior between different DNS resolver implementations. See nmap's "-O" option that detects the OS from the TCP/IP protocol implementation.

So, you're implying things here that I'll address with an H. L. Mencken quote,

>"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all."

"A witty saying proves nothing." - Voltaire

Universal free speech is not laudable, it's suicidal. If your free speech doesn't protect you from those who want to take it away, they will win, on a long enough time horizon. They only need to win once.

It's a private organization with no monopoly and lots of competition. Free speech doesn't apply here.

Also Cloudflare gets vastly more negative opinions that they don't check enough and serve too many unsavory sites so it seems there's no way to win with the HN crowd.

Some more details can be found here: https://developers.cloudflare.com/1.1.1.1/commitment-to-priv...

That wasn't cited so I'm not sure it has a basis.

I'm fine with nitpicking. Let me try and be clear: We're not logging IPs. We inherently receive them when they connect to the service, but we don't write them to disk and flush them quickly (i.e., seconds or minutes). We're not logging hashes of IPs. We're not logging ASNs of the IPs connecting to the service. We do log the other parts of a DNS query in order to help prevent abuse and debug issues. However, we've committed to wiping these logs within 24 hours. We have no interest in doing anything to deanonymize users. We have a great business based in large part around making the Internet more private and secure. Logically: we would never sacrifice that great business to get into a crappy data sharing service.

Thank you for the clarification.

Wow. I can't tell if you're trying to be funny by being meta or you just don't realize what you just said applies to your very argument. Lets break it down.

You want to protect free speech by taking it away because if you don't then someone might use free speech to take away free speech.

First, speech is not an action that can violate your rights. Sticks and stones, etc. And no, just because communication can help organize your political opposition does not mean the speech itself is violating your rights. Actions and legislation do that.

Second, deciding that some things are allowed and some aren't and then enforcing those arbitrary decisions through violence by the state certainly can violate those rights. And and gets easier and more every time.

I suppose you think that limited free speech is a thing that can persist. I strongly disagree. The idea of universe free speech is because any attempt to regulate leads to the loss of all of it fairly quickly if not instantly; they only need to win once. It exists to protect opinions that are disliked by most if not all.

I see your argument is basically that if free speech allows for speech that supports the idea of not allowing free speech then it will fail. And that may be true. That's why constant villigance is required even, especially, when they try to use people who's opinion almost everyone hates to justify it. There is no final solution.

It set the precedent that they do filtering. It is now being used in legal cases against Cloudflare by companies suing them to force them to filter other things.

Any censorship immediately leads to massive censorship even if they don't want to expand it. That's why it has to be stopped at the start; not done at all. Dumb pipe or censorship pipe.

No business is completely a dumb pipe, the DMCA provisions are very specific and are increasingly overruled once enough (copyrighted) content is in place.

Cloudflare also specifically removed that site for a stated reason that they claimed CF was helping them. That is outside the bounds of the site content itself and is a perfectly fine argument to stop doing business based on libel and misrepresentation.

"... a crappy data sharing service."

Do you mean OpenDNS?

No. I mean most businesses that are based on sharing data. They are low margin and not very interesting. I was thinking about businesses like Axicom when I wrote the comment.

Have a ton of respect for David Ulevitch and the whole OpenDNS team. While OpenDNS started with an ad-supported business model, they've completely pivoted away from that. Now that they're part of Cisco, I believe their nearly exclusive revenue stream today is their Umbrella product which is a network security product aimed at businesses. While I don't know for sure, I'd be highly surprised if OpenDNS were selling browsing data.

Good answer. Thanks.

What I meant was sharing not browsing data but DNS lookup data.

As always, too easy to be misunderstood in comments like these.

One edit: team corrected me that we do log ASNs in some cases in order to debug issues with networks that may have trouble connecting or have been blocked.