This is largely speculation that GCP is logging everything regardless of a downstream privacy policy. One could make a similar argument that colocation isn’t even good enough because a datacenter might track incoming IPs on their firewall.
I do agree though they should be clearer about their sub processors though. Their Privacy policy is likely brief for brevity reasons (and maybe too much so).
Hopefully we hear back from them soon.
That may be so, and due to scaling and provisioning. They would still have to have some competency as a service. This isn’t really evidence that the services are run in a vastly different way.
All of this really can’t be verified, so lets drop that. I do find it odd you’d sign an NDA with a company before you even know what the meeting will be about/without contacting a lawyer though.
Their privacy policy does state though:
We do not log any Personally Identifiable Information (PII).
Our recursive DNS service, this website and other services we provide are fully compliant with the GDPR, and we welcome audits from reputable European entities.
The zero service seems to be information that isn’t specific to dns0. I don’t think you can really argue that Newly Registered Domains or Newly Active Domains are logging. Is it really logging if they look at whois records of requests going through their system? When people think of DNS logging they think of logging the client’s IP, ie who is requesting what domains. I don’t think their service is doing that. We don’t have any evidence that indicates that they do.
If you really can’t trust a privacy policy then you will have to depend on technical means for anonymity.