←back to thread

1.1.1.1: Fast, privacy-first consumer DNS service

(blog.cloudflare.com)
1895 points _l4jh | 5 comments | 01 Apr 18 12:14 UTC | HN request time: 0.81s | source
Show context
rdsubhas ◴[01 Apr 18 13:30 UTC] No.16728163[source]
> We will never sell your data or use it to target ads. Period.

Won't sell != Won't collect

> We will never log your IP address (the way other companies identify you)

Never log IP != Never log anything

Bonus: The way other companies identify you ~= There are other ways

Edit: Looks like many people assume I'm nitpicking. So here are more specific questions:

* Is logging a hashcode of the IP considered as "not logging the IP"?

* Can combination of timestamp, packet info other than end IP (latency, hops, etc), geoIP and other factors be used for deep intelligence?

replies(6): >>16728183 #>>16728191 #>>16728195 #>>16728266 #>>16729111 #>>16729896 #
1. fwgwgwgch ◴[01 Apr 18 13:36 UTC] No.16728183[source]
AFAIK the only data is domain name, record and the incoming ip. I don't care if they store the first two.

Do you have any actual points against or are you just trying to nitpick? And do you have anything better?

replies(3): >>16728206 #>>16728218 #>>16728395 #
2. nathanaldensr ◴[01 Apr 18 13:42 UTC] No.16728206[source]
Unfortunately, nitpicking is quite necessary. Haven't we seen enough instances of corporations lying through omission? Where is the trend that indicates we should give a more favorable, trustworthy reading to terms and promises like these? I don't see it.

Cloudflare is a for-profit corporation--you know, "duty to shareholders" and all that. We must assume, almost by definition, that they actually have their own self-interests at heart.

3. rdsubhas ◴[01 Apr 18 13:46 UTC] No.16728218[source]
Fair point and (maybe) you are right, I am nitpicking but not ashamed to do so. Could have been stronger to say "We won't store your data" rather than "We won't sell your data". And frankly, "we will never log your IP address (the way other companies identify you)", like really? Talking very naively, what if they just store a hashcode or some other derivative of the IP instead, is that counted as logging the IP? And what about the timestamp, geoIP, reverse hostname and other factors, can deep intelligence be used to associate with other behavior?
4. pdkl95 ◴[01 Apr 18 14:18 UTC] No.16728395[source]
> the only data is domain name, record and the incoming ip

Other data that can be logged:

- timestamp - this can be very revealing when correlated with other datasets.j

- ASN - can sometimes act like fingerprint on it's own, and assists in correlating other data (e.g. the timestamp)

- any identifiable variation in the structure or behavior between different DNS resolver implementations. See nmap's "-O" option that detects the OS from the TCP/IP protocol implementation.

replies(1): >>16735237 #
5. fwgwgwgch ◴[02 Apr 18 15:18 UTC] No.16735237[source]
Good answer. Thanks.