NextDNS logging is opt-out, not opt-in as stated on PG's DNS Resolvers recommendations page

PG stated in the DNS Resolvers page that:

NextDNS can provide insights and logging features on an opt-in basis.

Which is not true, as shown in my screen recording:

When using the service with a registered user account:

When using the service without signing up for a user account:

2 Likes

I can’t access the media

It says file rate limit, just 7 clicks??? Does someone spam my link? :joy:

I will upload the file on Google Photos and I will edit the post with a new link. No, that would reveal too much of my personal info. Do you have a good place to upload video?

This is what the old link tells me :joy::

@lepras I updated the post with a new link.

https://twitter.com/feross/status/1384320519202250753

1 Like

I’ve made a PR, as always.

4 Likes

Thanks!

I see the commit, but I am still feeling that just changing the logging behavior/policy from opt-in to opt-out basis is still not enough. Considering that this behavior contradicts with the service policy #3, which is also still being described and linked on the page:

If it’s not specifically requested, no data is logged. https://nextdns.io/privacy

1 Like

Good catch! Will modify that ASAP.

@archerallstars So, we should say : “if it’s specifically requested by the user, no data is logged”, right? Or I’ve just misunderstood what you wanted to say?

1 Like

“If it’s not specifically requested, no data is logged. Privacy Policy - NextDNS

thats interesting… are u sure its not some bug and is normal behavior that logging is enabled by default?

I create a new account, then create a new profile, without further action the logging is turn on by default, as shown in the OP’s screen recording.

It has always been like this for a long time. This is not the first time I talk about this issue in the community:

While the recommendation could use some clarification, I don’t think that your PR is more accurate than the current footnote.

NextDNS like Adguard DNS operates both public and private DNS services.

To the best of my knowledge:

  1. NextDNS Public DNS service keep no logs:

When the service comes into contact with user data that shall not be logged, it is discarded as quickly as possible. When answering a DNS query, the server discards all request and response data immediately after sending back the response to you.

  1. NextDNS Personal DNS service have logs (as a feature) enabled by default, users would need to opt out if they don’t want logging enabled:

If not specifically requested by the user, no data is logged. Some features require some sort of data retention; in that case, our users are given the option, control, and full access to what is logged and for how long.

You can fine-tune what is logged, for how long and in which jurisdiction — the analytics and logs will gracefully adapt. We also follow a strict policy of “What You See Is What We Have” (WYSIWWH), letting you see, export or delete every bit of your data at any time.

The public DNS (which does not require an account) is what is used for example if you choose NextDNS from the drop down menu in Brave or Firefox, or you use the NextDNS mobile apps.

So it would not be correct to call NextDNS opt-out (unless you specifically qualify the statement as applying to the personal (account based) service.

Probably the clearest explanation would separately address the public and personal services. Or would not explicitly refer to opt-in or out but just quote the language of the privacy policy.

No, the public one is also logging by default, as shown in the screen recording below:

At this point, quoting any policy from NextDNS page could be pointless, as all of that could be bogus as well. You SHOULD try for yourself if the logging is on by default.

That isn’t the public one, it’s just the demo account to try it out, which is based in a ““personal”” config (because it uses a string of letters + numbers like a12345, a25642, etc). @xe3 is talking about the public DNS service from NextDNS which isn’t based in any personal config (https://dns.nextdns.io/). It is integrated in Firefox like he mentioned.

@xe3 Thanks for your suggestion, I will check that out tomorrow because it is currently late night in my country and I have to sleep after all.

1 Like

I have,

  1. If used like any other public DNS (quad9, mullvad, cloudflare) no account is required and per their privacy policy (and other statements they have made) no logs are kept (you don’t even have the ability to opt-in to logging without an account on the public service)
  2. IF you choose to sign up for an account (or use the demo account), logs are enabled by default.

This doesn’t contradict what their privacy policy says (if you simply download and use the app, or point your browser to NextDNS’s default DNS servers, no logging is enabled by default. While it is not technically inaccurate, I feel that their privacy policy (and the PG guidance) could be made much more clear and explicit.

The privacy policy #3 stated clearly that: if not specifically requested by the user, no data is logged. According to this statement, even when you use Personal DNS, whether with a temp account, or any kind of DNS from them, the log should not be turned on by default, since the user (with the acc. or not) is not specifically requested for the logging, especially, when it’s the only channel for the users to request the logging.

On the other hand, when you use it in the browser DNS settings, it’s impossible to request the service for logging. Therefore, I believe that privacy policy #3 has nothing to do with this usage channel, thus should revert to privacy policy #2. In other word, privacy policy #3 is only applicable when it’s possible to request the logging, i.e. when you use the feature that requires the logging to be enabled in your user account.

For the app, it seems to be available on iOS only. So, I have no way to test it (I only own Android).

Which is still contradicted to privacy policy #3 as explained above.

1 Like

yes I have: its called Proton Drive

1 Like

Thanks! Totally forget about it.

I will update all the links with Proton Drive.

1 Like

For the app, it seems to be available on iOS only. So, I have no way to test it (I only own Android).

For the iOS app, nothing is enabled by default (and it uses the public resolver (so no logging) unless you go out of your way to setup an account through the website). So in the context of the app if no user action is taken, there is no logging.

I agree that the language should be changed (or better yet, instead of enabling logs by default, present users with an explicit choice during signup/first-start)

All this could be cleared up by just changing the privacy policy to reflect that:

  1. Public resolver = no logs
  2. Personal/custom profile = logs are optional but enabled by default, configurable in user settings.
3 Likes

I’ve unsolved this thread because I think the latest PR still doesn’t reflect the behavior of the opt-out basis accurately.

I make a new PR here:

1 Like

your pr doesn’t make complete grammatical sense. maybe it would be better expressed as a yellow/red warning banner instead also

i wonder what @dngray’s thoughts would be on if this is big enough to warrant a banner like that

I allow the maintainer to make changes as necessary.