We just talked about Personal Info being Private Unless the holder Decides to Sell It on SoylentNews. Today we were treated to yet another such a situation, and this time it hit close to home.
El Reg Reports that OpenDNS is in the process of being acquired by Cisco. And the OpenDNS founder's Blog confirms it.
Cisco will essentially take over total ownership, and the vague promises of continuance of OpenDNS. The blog to the contrary, no promises of terms of service after the acquisition can be believable.
OpenDNS managed to sneak in a Sales clause into their Privacy Policy somewhere along the way:
OpenDNS does not share, rent, trade or sell your Personal Information with third parties, except...
(4) it is necessary in connection with a sale of all or substantially all of the assets of OpenDNS or the merger of OpenDNS into another entity or any consolidation, share exchange, combination, reorganization, or like transaction in which OpenDNS is not the survivor; you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
That privacy policy has grown more permissive over the years, allowing OpenDNS to sell filter lists used by their customers, or just about anything else they might want to do.
Full Disclosure: In my day job we were a paying customer of OpenDNS. We had an ISP that ran unreliable DNS servers, injected ads in 404 pages, and generally was slow. We tried Google's DNS free service, and found it quite fast, but full of re-directs and other objectionable features. We switched to OpenDNS mostly for ad, and website filtering, phishing site blocking, and Speed. We were very happy with the fast service over the years. So reliable we never had to look at the web site.
But we were shocked at the extent of permissions creep in their Privacy Policy and Terms of Service. We thought we were avoiding Google's DNS mining service. Little did we know...
Original Submission
Related Stories
The New York Times published an article on Sunday confirming what we've all assumed — that internet privacy policies are so full of loopholes as to be meaningless. They found that of the 100 top alexa-ranked english-language websites, 85 had privacy policies that permitted them to disclose users' personal information in cases of mergers, bankruptcy, asset sales and other business transactions.
When sites and apps get acquired or go bankrupt, the consumer data they have amassed may be among the companies' most valuable assets. And that has created an incentive for some online services to collect vast databases on people without giving them the power to decide which companies, or industries, may end up with their information.
"In effect, there's a race to the bottom as companies make representations that are weak and provide little actual privacy protection to consumers," said Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a nonprofit research center in Washington.
Original Submission
(Score: 2, Interesting) by Anonymous Coward on Wednesday July 01 2015, @11:24AM
127.0.0.1 [unbound.net]
(Score: 0) by Anonymous Coward on Wednesday July 01 2015, @11:49AM
But a local DNS server still needs to get its data from somewhere (assuming you don't take the "look no further than 127.0.0.1 too literally; but then, a hosts file with a single entry for localhost would be sufficient anyway). So you're back to square one.
(Score: 1, Informative) by Anonymous Coward on Wednesday July 01 2015, @12:09PM
The thing that I linked to is a DNS server which can be used as a recursive resolver for your local host (or your network, if you want). It's lightweight, easy to configure and runs on many platforms, including Windows. It does not need another DNS server to which it can forward all requests, like stub resolvers do. It walks the DNS hierarchy, starting at the root servers. It's also a validating DNSSEC resolver, so you get some additional security over trusting a remote resolver to give you untampered data.
(Score: 0) by Anonymous Coward on Wednesday July 01 2015, @04:36PM
Unbound Installation and Configuration instructions [calomel.org] from the guys who make the best (only?) SSL validator for firefox. [calomel.org]
(Score: 2) by frojack on Wednesday July 01 2015, @05:09PM
The thing that I linked to is a DNS server
I don't see any link in your post. What are you talking about?
Or are you claiming to be the AC to which you replied? or are you claiming to be ALL ACs?
"Walking the DNS hierarchy starting at the root servers" has got to be the most abusive use of DNS I've ever heard of. Imagine if EVERY computer did that! A perfect recipe for crashing the internet. Its not supposed to work like that, and in fact it doesn't work like that.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday July 01 2015, @05:34PM
Find the link at the top, it's the first post. And yes, recursive resolvers start at the root, but there's some caching involved. There are literally hundreds of root servers all over the world [root-servers.org], and they only need to serve the root zone. It's their job.
(Score: 3, Informative) by frojack on Wednesday July 01 2015, @05:38PM
and they only need to serve the root zone. It's their job.
Do the math. Assume one hit to the root zone per hour for every pc and smartphone on earth.
No end user should EVER be hitting a root server. NEVER.
No, you are mistaken. I've always had this sig.
(Score: 2, Informative) by Anonymous Coward on Wednesday July 01 2015, @05:59PM
Good thing the root servers aren't as lazy as you are. On the page about the root servers that I linked to is a link to a traffic analysis [ripe.net] of an event with heightened request rates on one root server. The operators decided not to block the erroneous traffic because it didn't cause problems, but they still increased capacity. Even before they upgraded though, that traffic analysis shows that just the additional requests, which almost exclusively went to a single K-root server, arrived at a rate of up to 40 thousand per second. Again, this is the additional load on top of the normal requests, on a single server, and it caused no problems, and they increased capacity nevertheless. 40 thousand requests per second per server is roughly 30 billion requests per hour on 200 servers. Still convinced that a recursive resolver on every device would crash the internets?
(Score: 2, Flamebait) by frojack on Wednesday July 01 2015, @07:13PM
single K-root server, arrived at a rate of up to 40 thousand per second.
Again, do the math you lazy bastard.
On server imposed a load of 40k per second.
Cisco estimates [cisco.com] there are 16 billion things connected to the internet. If ALL of them did as you recommend, and send their DNS requests directly to the root servers there simply isn't enough bandwidth to handle it all.
This is why the internet, and DNS servers are designed by experts rather than taking the advice of some random AC on a website.
No, you are mistaken. I've always had this sig.
(Score: 2, Informative) by Anonymous Coward on Wednesday July 01 2015, @07:52PM
One server handled an additional load of 40k requests per second, without a problem. The normal request rate is more like 4k requests per second, so there's ample headroom. If 16 billion devices needed to make one request to the root servers per hour, it would raise the request rate (let's say averaged over 200 servers) by 16000000000/(200*3600)=20k/sec, less than the event described in the linked analysis. That's right, everyone on the whole internet using unshared recursive resolvers is less stress on the root servers than a single misconfigured software in hardly more than one ASN in China.
(Score: 4, Insightful) by Ezber Bozmak on Wednesday July 01 2015, @10:08PM
This is why the internet, and DNS servers are designed by experts rather than taking the advice of some random AC on a website.
Experts like Verisign and Nominet who contributed enough to Unbound to put their logos on the project's website? Those experts? Or someone calling themselves 'frojack' who is effectively anonymous?
(Score: 2) by captain normal on Wednesday July 01 2015, @05:03PM
Let's see now...an AC wants us to go to a supposedly open DNS server. But the site wants you to download something. Why, if it's an open DNS server, can't we just point our network connection straight to it like to google DNS server or OpenDNS?
When life isn't going right, go left.
(Score: 2) by Ezber Bozmak on Wednesday July 01 2015, @10:12PM
> Why, if it's an open DNS server,
Because it isn't an open DNS server.
Unbound is a standard package in Debian, FreeBSD, OpenBSD, Fedora, CentOS and probably others.
(Score: 2, Interesting) by Anonymous Coward on Wednesday July 01 2015, @12:18PM
the OpenDns is dead then... It was in the stars. They gotten more and more "enterprisey" over the time, which is a synonym for shit. And now its official. Time to set up a local dns server, i suppose.
(Score: 1, Informative) by Anonymous Coward on Wednesday July 01 2015, @01:09PM
OpenDNS is dumb.
Most of the people lamenting its demise have never used it--nor do they even really know what it is. Read this, for starters:
https://en.wikipedia.org/wiki/OpenDNS [wikipedia.org]
So it's a DNS service for which you must pay, or else see ads. It provides anti-phishing mechanisms.
OpenDNS is dumb.
(Score: 2) by cmn32480 on Wednesday July 01 2015, @02:21PM
Not exactly correct. The article you linked to clearly states:
So as long as you don't use them for your searches, you don't see ads. I've been using them for years at work for simple (free) DNS filtering with no ads, but it is questionable if it will remain so now that Cisco is buying them.
I suppose it is time to look into my own DNS server and filtration.
"It's a dog eat dog world, and I'm wearing Milkbone underwear" - Norm Peterson
(Score: 3, Interesting) by Techwolf on Wednesday July 01 2015, @02:55PM
What re-directs and other stuff? I've used that for years with no questionable activities noticed.
(Score: 3, Insightful) by zocalo on Wednesday July 01 2015, @03:21PM
dig results, or it didn't happen!
UNIX? They're not even circumcised! Savages!
(Score: 2) by isostatic on Wednesday July 01 2015, @09:25PM
Could be his ISP is breaking DNS. Best to route your DNS traffic through a local VPN
(Score: 1) by gtomorrow on Wednesday July 01 2015, @03:30PM
For me, OpenDNS was a no-brainer but now i'm having my doubts. So what alternatives are there besides Google's DNS service (might as well stay with OpenDNS) or running my own DNS (me to stoopid)? Yes, i could "just google it" but i thought i'd throw it out to all here for an informed opinion, all in the name of repartee and contribution to discussion.
Be nice.
(Score: 0) by Anonymous Coward on Wednesday July 01 2015, @04:12PM
I use 4.2.2.2 (and neighbors). [tummy.com]
(Score: 2) by captain normal on Wednesday July 01 2015, @05:27PM
4.2.2.2 = https://en.wikipedia.org/wiki/Level_3_Communications [wikipedia.org]
If they don't boot you off, why not?
When life isn't going right, go left.
(Score: 2) by cmn32480 on Wednesday July 01 2015, @04:52PM
My questions is what is the alternative that has the filtering (at least by category) like OpenDNS. That was the real hook that got me to start using it for work.
"It's a dog eat dog world, and I'm wearing Milkbone underwear" - Norm Peterson
(Score: 3, Funny) by captain normal on Wednesday July 01 2015, @05:14PM
How about just take a wait-and-see attitude on this. If there is a scale of corporate evilness then Cisco is way down on the list from the likes of Oracle, Apple, MS, ATT etc. I think Cisco is serious about an open and secure internet.
When life isn't going right, go left.
(Score: 2, Interesting) by Anonymous Coward on Wednesday July 01 2015, @07:45PM
you can run "T0R" [client -or- relay mode] on a computer and activate the tor-resolver functionality.
now just point your 1an clients that need to resolve a ip for a domain name to the ip of the tor running computer.
you don't even need to know a single working ip address of a dns server for this to work.
maybe you want to add a caching server before the tor-resolver ...
-
in short: aliens from outerspace (duh) can land, connect the laptop to some solarpanel, connect to some wifi (easy), run tor and then resolve any domain name without having to "google search" (which won't work because they cannot resolve "www.google.com") a working ip number of a dns server : ]
(Score: 0) by Anonymous Coward on Wednesday July 01 2015, @05:26PM
took a while for me to notice but when building a functional web search engine then it HAS TO be paired with a free dns resolver.
the dns lookup logs provide a very valuable source for the actual search engine database, that is you want to provide a dns server, then use the web-spider/crawler to index these pages ...
this might be why all the other search engines haven't been able to compete with google? bing et al. don't have dns servers ...
let's see if cisco builds a search engine or ...
(Score: 3, Insightful) by MichaelDavidCrawford on Wednesday July 01 2015, @05:46PM
I dont yet have a profitable company but I am working on some ideas.
I dont always tell others the ideas I have, I only do so when I regard it as helpful.
Just Because You Can It Doesnt Mean You Should should be tattooed onto everyone's foreheads to serve as a reminder.
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Insightful) by frojack on Wednesday July 01 2015, @07:43PM
That's the last place they would ever see it, unless you tattoo it in reverse.
Besides, they are too busy looking at the tattoos on the back of their hands.
On the left hand it says "Take the Money".
On the right hand it says "And Run".
No, you are mistaken. I've always had this sig.