It seems bizarre that the free version is potentially more private than the paid version because no account is associated with the searches. I do use some of the features of the paid version of ControlD, but after reading the privacy policy, I’m worried about whatever potential information that ControlD may have gathered about me and then pass it to the authorities if it’s served with a subpoena. ControlD is pretty clear that they will comply if served with a valid subpoena. So I guess the question is what kind of data does ControlD collect? I’m using DoH and I’m under the impression that all my DNS queries are encrypted, but I’m paranoid now. Unfortunately, I also made the mistake of using my real information and credit card to sign up and pay for a ControlD subscription. I don’t know if changing the email login will help. I’m wondering if I should even cancel my subscription and sign up again in the future. What would you guys do if you were in my situation? Is there any way at this point to further secure and make my account even more private? I wish ControlD weren’t based in Canada, but somewhere else like Iceland or Switzerland. Canada is a Five Eyes country.
Speaking only about the tool, rather than your particular situation and/or threat model, here are a couple things you can do to make your Control D account as private as possible.
- Turn off analytics for all endpoints. This makes troubleshooting harder but queries will not be logged, just like the free resolvers.
- Use only encrypted DNS protocols, specifically DoH or DoH/3. DoT and DoQ give away the resolver ID due to how they are structured.
Well put it this way, ControlD is no different than any company that would receive warrant/court order. They will have a lawyer look it over (hopefully) and if everything is proper they are going to comply. This is no different than any company. If their lawyer finds something that could potentially prevent them from complying then maybe they would fight that in court but they aren’t going to do anything illegal and they are under the assumption that their customers aren’t doing anything illegal also and if they are then that’s on them. I would say that you have nothing to worry about. If your worried about it then cancel your subscription and then request that all of your data be deleted as soon as possible. Some information will be deleted quickly and other stuff there could be a period of time before they can remove it. If your not doing anything illegal then don’t worry about it. If your dabbling in the grey area or even further then you should be going about that a totally different way and that’s on you.
I don’t see any way to disable analytics. I only see an option to delete all of the logged queries and the location where the log is stored, which is currently set to the Netherlands.
I don’t see DoH, but I do see DoH/3, which is what I’m using.
I keep reading that DoH is probably the most private and secure protocol out there, but does this protect me from ControlD itself?
Your ISP can still see them regardless since so few websites support ECH.
If you’re that concerned it is trivial to self host Pi-Hole and make it securely globally available via Wireguard managed via eg. wg-easy.
You can even set the upstream DNS for Pi-Hole to either your own or existing recursive resolver and even route those DNS requests over Tor if you want.
No. They can still see all requests in plaintext.
Who’s they?