Clarification of NextDNS logging policy #2434
Conversation
✅ Deploy Preview for privacyguides ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
I was looking at that and felt that it didn't really make things clearer.
I think we could make this sound less negative. The privacy policy relates to logging they would do for potentially other purposes like external reporting. Obviously if you enable a logging feature because you want insight on your activity that has to be stored somewhere. I think it's unfair to say this is "contrary to privacy policy". |
|
This PR opens the footnote with:
I think it's worth mentioning that on https://nextdns.io, the "Try it now" buttons at both the top and the bottom of the page are described with "No signup required." With this, the users might assume that their account has not been created/used, since they didn't sign up for the service. Moreover, there's no public DNS address (
I doubt using the service without a user account is intended by the team at NextDNS at all. My point is, the service's main website doesn't tell the user how to use the service without a user account at all.
The problem with NextDNS privacy policy is not about the purpose of the log or the way the log is used, but the default behavior of the logging that's supposed to be opt-in, not opt-out. This is even more problematic considering that the logging is optional, regardless of whether the user has an account. IMO, using the word "seemingly" is almost misleading, as the log can only be requested with the user account. To me, without any doubt, the service has violated its privacy policy. |
I don't particularly like that word either, it makes it sound as if this is the fault of Next DNS. To me it just seems to be whether or not the user wants to make use of a feature that requires the logging to operate. I don't think this is the same as a opaque privacy policy where it might not be clear for whatever purpose. For example with something like GDPR wouldn't this come under "legal basis" being that the feature needs it to work? |
Fair enough. Is there something specific that you feel is not clear? If it's just the note about the privacy policy, I would be willing to remove that. The primary point I wanted to clarify was that:
I agree. I struggled to find language that was both accurate, and neutral. I couldn't find a way to accomplish both so I chose accuracy. But I don't want to mislead readers into thinking logs are inherently bad, in the context of NextDNS logging is a feature not a flaw (but still a risk for some threat models) How would you rephrase it? Or is your preference that the note on conflicting with the privacy policy be removed?
On this point, I agree with @archerallstars:
I suppose it isn't strictly necessary to explicitly note that conflict. As long as we make it clear that when you signup for an account logs are enabled by default (and I believe this PR does that, with or without the note on the privacy policy). |
docs/dns.md
Outdated
| @@ -24,7 +24,7 @@ Encrypted DNS with third-party servers should only be used to get around basic [ | |||
| [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | |||
| [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) | |||
| [^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) | |||
| [^5]: NextDNS can provide insights and logging features on an opt-out basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) | |||
| [^5]: When used with a user account, NextDNS will enable insights and logging features by default (note: this seemingly conflicts with their privacy policy). You can choose retention time and log storage location for any logs you choose to keep, or disable logs altogether. If used without a user account, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) | |||
There was a problem hiding this comment.
| [^5]: When used with a user account, NextDNS will enable insights and logging features by default (note: this seemingly conflicts with their privacy policy). You can choose retention time and log storage location for any logs you choose to keep, or disable logs altogether. If used without a user account, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) | |
| [^5]: When used with a user account, NextDNS will enable insights and logging features by default as the feature requires it. You can choose retention time and log storage location for any logs you choose to keep, or disable logs altogether. If used without a user account, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) |
There was a problem hiding this comment.
I'm thinking something like this, that clearly states the "logging/insights" feature require some "logging". Note: I have not used this specific feature so I am only guessing that's how it is.
There was a problem hiding this comment.
@dngray I'm onboard with your amendment. I'm editing it now.
There was a problem hiding this comment.
Okay, the PR has been updated. New language:
When used with a user account, NextDNS will enable insights and logging features by default (as some features require it). You can choose retention time and log storage location for any logs you choose to keep, or disable logs altogether. If used without a user account, no data is logged. https://nextdns.io/privacy
Even if the service needs the logging to work, I believe that the privacy policy should state it clearly. But currently, it's stated in the opposite direction. Moreover, as a DNS resolver service, usage insight is not a hard requirement, e.g. resolving DNS queries. The logging is optional at best. |
Even without the user consent to sign up for an account, the logs are also enabled by default. Here is the button on the website:
It says: "No signup required." |
|
This pull request has been mentioned on Privacy Guides. There might be relevant details there: |
|
The button in your screenshot is a ~1 week trial account (if you click the button, you'll see a big blue banner across the top that indicates that, and tells you you'll need to signup once trial period is over). As to "no signup required" I agree with you. I may have accidentally used the term 'signup' in these comments somewhere, but I intentionally phrased the PR to avoid the term "signup" so as not to cause confusion. The language I've used is:
|
|
I think whats there now is good though. Perhaps someone should raise with NextDNS the issue about the privacy policy not being entirely clear? |
I've inquired about the privacy policy. I haven't heard back from them yet. When I do hear back, I'll post an update on the forum about it. |
Co-authored-by: Jonah Aragon <jonah@triplebit.net> Signed-off-by: Daniel Gray <dngray@privacyguides.org>
|
This pull request has been mentioned on Privacy Guides. There might be relevant details there: |
Changes proposed in this PR:
CONTEXT: This PR revises footnote 5 in the DNS section (NextDNS' logging policy) it builds upon and further clarifies 67614c3 and is an alternative to the proposed
PR 2427.PROBLEM: The current description needs clarification and seemingly contradicts itself (it begins by stating logging is opt-out and ends by saying no logs are kept without the user 'specifically requesting it'). It also does not differentiate NextDNS's public DNS servers
dns.nextdns.iofrom the personalmy.nextdns.io/<ID>.There is a pending PR (2427) that proposes to amend that footnote, but the proposed changes in that PR leave out important information that can help readers make an informed choice. My assessment is that PR 2427 helpfully clarifies one inaccuracy but introduces its own inaccuracy by omission. The author of that PR has so far been unwilling to amend or modify it. So I am creating this PR as an alternative.
GOAL: The goal of this PR is to provide readers clearer and fuller information than the current footnote provides, and provide fuller information than the other proposed pull request (2427) and use neutral language.
SPECIFIC CHANGES: This PR is an improvement in three specific ways, (1) it clarifies the seemingly contradictory statements about logging (2) it explains to readers how the the logging policy will apply to NextDNS's public and personal DNS services, and (3) it alerts readers to the apparent contradiction between the NextDNS privacy policy, and the default account settings.
The proposed language is: