Now, the PR has been merged, unfortunately, with this commit:
When used with an account, NextDNS will enable insights and logging features by default (as some features require it). You can choose retention time and log storage location for any logs you choose to keep, or disable logs altogether. If used without an account, no data is logged. https://nextdns.io/privacy
It’s a total disaster, IMO. This really shows there’s a favorite kid that would be protected by the teacher no matter what.
I have at lease 2 issues with the above statement that got merged to the PG repo:
- It conflicts with NextDNS privacy policy #3 regarding the logging policy when using the service with an account, which stated that:
If not specifically requested by the user, no data is logged. Some features require some sort of data retention; in that case, our users are given the option, control, and full access to what is logged and for how long.
Can anyone see the bold text in the statement above? It’s saying that the logging is NOT turned on by default, unless the user specifically requested it.
So, with the merged PR’s statement:
When used with an account, NextDNS will enable insights and logging features by default (as some features require it). You can choose retention time and log storage location for any logs you choose to keep, or disable logs altogether.
Where the hell in the policy which stated that NextDNS will enable insights and logging features by default when the user uses the service with an account???
The policy stated it clearly that the user NEEDS to request the logging, in which can only be done with a user account. It means that, with or without a user account, the logging shall not be enabled without the user consent.
This is completely different from Control D’s case that its policy #3 stated it clearly what is going to be logged, and what is not.
- PG is covering for a service that clearly violated its policy. Instead of contracting to NextDNS regarding the policy that’s conflicting with the service’s logging behavior, it covered the service ass even though there’s none of the service’s policy to back it up.
Just to make myself clear. I HAVE NO PROBLEM WITH THE SERVICE LOGGING. I have a problem because the service violated its policy and PG still defends it despite my concerns in the PR.
I asked @jonah one last time in the PR, as I see his commit suggestion could be the final version that could be merged into the repo:
Are you sure NextDNS privacy policy number 3 refer to the usage without an account (as the logging can only be requested on a user account)?
We are not trying to cover something, are we? The service clearly violated its policy, why do we still act like nothing happened? And the last question, if this was not NextDNS, do we still recommend the service/app that violated its policy?
However, there’s no answer in sight…
I will mark this comment as a solution, as I don’t care anymore. In the end, it’s a kid game. Wishing everyone good luck, everyone.