NextDNS logging is opt-out, not opt-in as stated on PG's DNS Resolvers recommendations page

archerallstars · March 4, 2024, 11:29pm

PG stated in the DNS Resolvers page that:

NextDNS can provide insights and logging features on an opt-in basis.

Which is not true, as shown in my screen recording:

When using the service with a registered user account:

When using the service without signing up for a user account:

lepras · March 5, 2024, 3:33am

I can’t access the media

archerallstars · March 5, 2024, 3:37am

It says file rate limit, just 7 clicks??? Does someone spam my link?

I will upload the file on ~~Google Photos~~ and I will edit the post with a new link. No, that would reveal too much of my personal info. Do you have a good place to upload video?

This is what the old link tells me :

@lepras I updated the post with a new link.

lepras · March 5, 2024, 3:49am

rollsicecream · March 6, 2024, 8:13pm

I’ve made a PR, as always.

github.com/privacyguides/privacyguides.org

NextDNS logging is opt-out, not opt-in.

privacyguides:main ← rollsicecream:nextdns

opened 08:12PM - 06 Mar 24 UTC

rollsicecream

+1 -1

Changes proposed in this PR: - https://discuss.privacyguides.net/t/nextdns-lo…gging-is-opt-out-not-opt-in-as-stated-on-pgs-dns-resolvers-recommendations-page/17206  - [x] I have disclosed any relevant conflicts of interest in my post. - [x] I agree to grant Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform, relicense, and distribute my contribution as part of this project. - [x] I am the sole author of this work. - [x] I agree to the [Community Code of Conduct](https://www.privacyguides.org/en/code_of_conduct/).

archerallstars · March 6, 2024, 8:48pm

Thanks!

I see the commit, but I am still feeling that just changing the logging behavior/policy from opt-in to opt-out basis is still not enough. Considering that this behavior contradicts with the service policy #3, which is also still being described and linked on the page:

If it’s not specifically requested, no data is logged. https://nextdns.io/privacy

rollsicecream · March 6, 2024, 8:59pm

Good catch! Will modify that ASAP.

@archerallstars So, we should say : “if it’s specifically requested by the user, no data is logged”, right? Or I’ve just misunderstood what you wanted to say?

anonymous159 · March 6, 2024, 9:25pm

“If it’s not specifically requested, no data is logged. Privacy Policy - NextDNS”

thats interesting… are u sure its not some bug and is normal behavior that logging is enabled by default?

archerallstars · March 6, 2024, 9:30pm

I create a new account, then create a new profile, without further action the logging is turn on by default, as shown in the OP’s screen recording.

It has always been like this for a long time. This is not the first time I talk about this issue in the community:

xe3 · March 6, 2024, 9:43pm

While the recommendation could use some clarification, I don’t think that your PR is more accurate than the current footnote.

NextDNS like Adguard DNS operates both public and private DNS services.

To the best of my knowledge:

NextDNS Public DNS service keep no logs:

When the service comes into contact with user data that shall not be logged, it is discarded as quickly as possible. When answering a DNS query, the server discards all request and response data immediately after sending back the response to you.

NextDNS Personal DNS service have logs (as a feature) enabled by default, users would need to opt out if they don’t want logging enabled:

If not specifically requested by the user, no data is logged. Some features require some sort of data retention; in that case, our users are given the option, control, and full access to what is logged and for how long.

You can fine-tune what is logged, for how long and in which jurisdiction — the analytics and logs will gracefully adapt. We also follow a strict policy of “What You See Is What We Have” (WYSIWWH), letting you see, export or delete every bit of your data at any time.

The public DNS (which does not require an account) is what is used for example if you choose NextDNS from the drop down menu in Brave or Firefox, or you use the NextDNS mobile apps.

So it would not be correct to call NextDNS opt-out (unless you specifically qualify the statement as applying to the personal (account based) service.

Probably the clearest explanation would separately address the public and personal services. Or would not explicitly refer to opt-in or out but just quote the language of the privacy policy.

archerallstars · March 6, 2024, 9:54pm

No, the public one is also logging by default, as shown in the screen recording below:

At this point, quoting any policy from NextDNS page could be pointless, as all of that could be bogus as well. You SHOULD try for yourself if the logging is on by default.

rollsicecream · March 6, 2024, 9:57pm

That isn’t the public one, it’s just the demo account to try it out, which is based in a ““personal”” config (because it uses a string of letters + numbers like a12345, a25642, etc). @xe3 is talking about the public DNS service from NextDNS which isn’t based in any personal config (https://dns.nextdns.io/). It is integrated in Firefox like he mentioned.

@xe3 Thanks for your suggestion, I will check that out tomorrow because it is currently late night in my country and I have to sleep after all.

xe3 · March 6, 2024, 10:04pm

I have,

If used like any other public DNS (quad9, mullvad, cloudflare) no account is required and per their privacy policy (and other statements they have made) no logs are kept (you don’t even have the ability to opt-in to logging without an account on the public service)
IF you choose to sign up for an account (or use the demo account), logs are enabled by default.

This doesn’t contradict what their privacy policy says (if you simply download and use the app, or point your browser to NextDNS’s default DNS servers, no logging is enabled by default. While it is not technically inaccurate, I feel that their privacy policy (and the PG guidance) could be made much more clear and explicit.

archerallstars · March 6, 2024, 10:35pm

The privacy policy #3 stated clearly that: if not specifically requested by the user, no data is logged. According to this statement, even when you use Personal DNS, whether with a temp account, or any kind of DNS from them, the log should not be turned on by default, since the user (with the acc. or not) is not specifically requested for the logging, especially, when it’s the only channel for the users to request the logging.

On the other hand, when you use it in the browser DNS settings, it’s impossible to request the service for logging. Therefore, I believe that privacy policy #3 has nothing to do with this usage channel, thus should revert to privacy policy #2. In other word, privacy policy #3 is only applicable when it’s possible to request the logging, i.e. when you use the feature that requires the logging to be enabled in your user account.

For the app, it seems to be available on iOS only. So, I have no way to test it (I only own Android).

Which is still contradicted to privacy policy #3 as explained above.

wojciechxtx · March 6, 2024, 11:08pm

yes I have: its called Proton Drive

archerallstars · March 6, 2024, 11:23pm

Thanks! Totally forget about it.

I will update all the links with Proton Drive.

xe3 · March 6, 2024, 11:32pm

For the app, it seems to be available on iOS only. So, I have no way to test it (I only own Android).

For the iOS app, nothing is enabled by default (and it uses the public resolver (so no logging) unless you go out of your way to setup an account through the website). So in the context of the app if no user action is taken, there is no logging.

I agree that the language should be changed (or better yet, instead of enabling logs by default, present users with an explicit choice during signup/first-start)

All this could be cleared up by just changing the privacy policy to reflect that:

Public resolver = no logs
Personal/custom profile = logs are optional but enabled by default, configurable in user settings.

archerallstars · March 7, 2024, 7:05pm

I’ve unsolved this thread because I think the latest PR still doesn’t reflect the behavior of the opt-out basis accurately.

I make a new PR here:

github.com/privacyguides/privacyguides.org

Update NextDNS footnote message in dns.md

privacyguides:main ← archerallstars:main

opened 07:01PM - 07 Mar 24 UTC

archerallstars

+1 -1

Changes proposed in this PR: - Update NextDNS footnote message in dns.md rega…rding the service's logging behavior to reflect the _**opt-out**_ basis that's recently change in 67614c3e174739abbd96c6dccee1b6d3657c6ba4, as it's _only possible_ to specifically requested the logging when the logging is done on an **_opt-in_** basis. Since we had already reflected the reality of service regarding the logging on an opt-out basis, this change is necessary. ## The screenshot showing that **clients IPs and domains** will be logged by default on an opt-out basis: ![ss](https://github.com/privacyguides/privacyguides.org/assets/1403194/b4e42111-c8d2-4351-a345-3ddcbc868258) ## The screen recordings to prove that, with or without signing up for an account, the logging is on by default on an opt-out basis: ### With an account: https://github.com/privacyguides/privacyguides.org/assets/1403194/1aedae4a-ec93-4e35-9bd6-a286dbe539c0 ### Without an account: https://github.com/privacyguides/privacyguides.org/assets/1403194/523d2aff-91cb-4a1b-817c-cd799743e353 The discussion about this issue can be found here: https://discuss.privacyguides.net/t/nextdns-logging-is-opt-out-not-opt-in-as-stated-on-pgs-dns-resolvers-recommendations-page/17206.  - [x] I have disclosed any relevant conflicts of interest in my post. - [x] I agree to grant Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform, relicense, and distribute my contribution as part of this project. - [x] I am the sole author of this work. - [x] I agree to the [Community Code of Conduct](https://www.privacyguides.org/en/code_of_conduct/).

anonymous159 · March 7, 2024, 7:25pm

your pr doesn’t make complete grammatical sense. maybe it would be better expressed as a yellow/red warning banner instead also

i wonder what @dngray’s thoughts would be on if this is big enough to warrant a banner like that

archerallstars · March 7, 2024, 7:27pm

I allow the maintainer to make changes as necessary.