That data still remains the intellectual property of NextDNS though. So I honestly don’t know where you’re going with this. Yes they use other services and those services have the data to offer NextDNS service.
I didn’t assume you’re lying, and in fact never said that. I said there is no real way for me to know if it is true as I can’t verify it. I didn’t think to ask you for the emails though. If you were under NDA that would be a breach.
Why even bother mentioning it if you weren’t going to provide proof? That’s the issue, arguments from from authority are generally a substitute to providing evidence people can see with their own eyes.
You’re right it probably shouldn’t. If you look at the more thorough document: https://quad9.net/privacy/policy/
It states:
When Quad9 receives the query, it is necessarily contained within an “envelope” (more precisely, an IP protocol header) that contains both of those addresses. Quad9 necessarily holds the Reply To Address in volatile random access memory (“RAM”) for the few microseconds to milliseconds necessary to service the user’s query. During this time, Quad9 uses the Reply To Address to increment a counter of the number of queries received from the enclosing BGP-advertised prefix of the Reply To Address and a counter of the number of queries received from a geographic region that is the smaller of a nation or a population of not less than 10,000 persons.
The Reply To Address is used for no other purposes, and is purged from RAM as soon as (in the case of a query the user delivers via User Datagram Protocol) we have transmitted the reply to the user’s Reply To Address, or (in the case of a query the user delivers via the Transmission Control Protocol) the sooner of the user or Quad9 closing the TCP connection. The Reply To Address (or any representation of, or proxy for, it) is not copied to permanent storage, nor is it transmitted across the network to any destination other than the user. It leaves the machine on which we received it only in the form of a reply to the user – to no other destination, in no other form, for no other purpose.
2.1 IP addresses
Quad9 does not collect or record IP addresses, nor does it collect or hold any proxy for or representation of IP addresses, nor does it collect or hold any other unique identifier of individuals in lieu of IP addresses.
Because Quad9 does not collect or hold IP addresses, they cannot be combined or correlated with other information, such as query labels or timestamps, to violate the privacy of Quad9’s users.
This data doesn’t seem specific and is about tracking quality of service in my opinion
2.2 Data collected
Quad9’s data collection is principally in the form of integer counters. At each Quad9 server, this is the full list of items we count:
- The number of queries for each Query Type, e.g., A, AAAA, NS, MX, TXT
- The number of each Response Type, e.g., SUCCESS, SERVFAIL, NXDOMAIN
- The number of queries that arrive over each transport protocol and encryption type, e.g., IPv4, IPv6, TCP, UDP, DoT, DoH, DNScrypt
- The number of queries originating in each geographic region
- The number of queries for each malicious domain originating in each geocoded region
- The number of queries originating in each BGP-advertised IP prefix
- The number of queries for each malicious domain originating in each BGP-advertised IP prefix
In addition, we record:
- The times of the first and most recent instances of queries for each query label
The data doesn’t even appear to be anonymized, it’s just some statistics of how much of a thing they are doing.
2.3 Sharing of data
Quad9 does not share, sell, or rent any information that could identify an individual.
We do not share this information because we do not have this information. We do not have this information because we do not need this information. Because we do not need this information, we have built no mechanism to collect, retain, analyze, or distribute it.
Quad9 shares very limited statistical counters with the threat intelligence analysts who provide the threat intelligence feeds that allow us to protect our users from malicious attacks. This feedback allows threat intelligence analysts to refine their analyses and provide us with more accurate information, which in turn allows us to provide our users with better security. This information does not include any personally identifiable information or anything that could be correlated with other data to identify an individual or their Internet use. Specifically, with each threat intelligence analyst, we share the following three pieces of information:
- Timestamp of each query of each malicious domain they have identified to us
- The number of queries for each malicious domain they have identified to us, originating in each geocoded region
- The number of queries for each malicious domain they have identified to us, originating in each BGP-advertised IP prefix
As a convenience to the threat intelligence analysts, we also supply the originating Autonomous System Number associated with the BGP-advertised IP prefix. This is not data derived from users’ queries but instead data derived independently from BGP routing tables. It does not contain PII, nor can it be combined with PII to characterize a user.
We do not share counters associated with malicious domains with threat intelligence analysts who have not identified that specific domain to us as malicious.
Quad9 provides data to a very few carefully vetted security researchers to help them better understand and better protect the public from cyber threats. This data may consist of a sparse statistical sampling of timestamped DNS responses from our cache or upstream authoritative servers, but no address, prefix, ASN, or other data related to the user or the query. It does not contain any PII or any data that we believe could be combined or correlated with PII to characterize a user or their behavior. When we provide such assistance, we do so only under a written agreement that the researcher use information we provide solely for the purpose of improving user security, and not for any other purposes. We require that researchers conduct their analysis on servers and infrastructure owned and operated by Quad9 and do not allow data to be exported from those systems in anything other than summary form.
Quad9 publishes general information, such as number of threats blocked and infrastructure uptime, to the public.
This is an exceptionally clear Privacy Policy though. I think in the past when Quad9 was added it was not that clear.
Personally I’d vote to make this a “No” in the logging section. They simply do not log queries from customers or information that can identify customers.