[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Brad Knowles brad at stop.mail-abuse.org
Thu Jul 13 02:35:41 UTC 2006

At 10:23 AM -0700 2006-07-12, David Ulevitch wrote:

>  I want to point out what we're releasing today in a test form for
>  greater things to come:
>  http://www.opendns.com/prefs/
>  I hope this takes care of issues #1, #2, and #3.

Nope, Nope, and Nope.

>                                                    This should also
>  make clear that a Site Finder comparison is inappropriate.

I disagree.  The business model is such that you have a strong 
incentive to direct people to your typosquatting advertisement pages, 
as opposed to someone else's typosquatting advertising pages.  Today, 
you may be redirecting only those results which otherwise would have 
resulted in NXDOMAIN, but it is very telling to read your own 
discussions about what your own customers are asking you to do.

>>  4. because i don't want any central authority to see what Q's i'm
>>  asking.
>  Did you mention that to ATT and the NSA?  Drop your peering sessions
>  with them? ;-)

Paul can drop his peering with AT&T, if that suits him.  I don't peer 
with them, and I can't drop the peering with them that Road Runner 
has, and I don't have  a lot of options for alternative ISPs that do 
not likewise have a peering with them.

Nevertheless, I don't want AT&T or the NSA to be gathering this kind 
of information about me, and I don't want to tempt them to put in a 
sniffer (or a paid informant) in some place where someone else is in 
a position to gather this kind of information.

I worked at the Pentagon.  I had clearance.  I know how these guys think.

Any centralized collection of data *will* be abused by those in 
power, sooner or later -- more likely sooner.  Even if the data isn't 
being collected centrally, they'll pass a law or the President will 
sign an executive order and the FBI and NSA will send out their 
letters, and if the data is passing through your pipes and you 
haven't been collecting it so far, then they will come along and 
either collect that data themselves, or will force you to collect it 
for them.

>  We have a privacy policy here and I took my time in going over it and
>  editing it.  I also want to make it explicit what we do store and for
>  how long so you know what we have on file if the DHS comes knocking.

Your privacy policy ends where the intrusion of the federal 
government begins.  Moreover, you can change your privacy policy at 
any time.  Even if your privacy policy is violated and you take 
Extreme Measures against the person who is guilty of that crime, you 
still can't un-ring that bell.  The only way to make sure that bell 
cannot possibly be rung is to make sure that bell is not allowed to 
come into existence.

>  I truly appreciate the discussion here, hopefully those who know me
>  know this is going to be done right and those who don't will figure
>  out I do things right.  To those of you who have sent me notes and
>  bugs and ideas off-list, thanks so much.  We've fixed a bunch and are
>  working on the rest we know about.

I'm not worried about any of the technical issues.  I'm not worried 
about the people who are working there today.

I'm worried about where this precedent is going.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  Founding Individual Sponsor of LOPSA.  See <http://www.lopsa.org/>.

More information about the dns-operations mailing list