The reason we don’t mention “Big Cloud” is because it doesn’t really impact the threat model. If you don’t trust the Privacy Policy of NextDNS and their suppliers then you need to employ anonymization (Tor, VPN etc).
None of the encrypted DNS providers advertise themselves as being anonymous, simply that they do not log. This has been discussed elsewhere, but Privacy Guides doesn’t need to constantly keep an eye on every provider’s sub processors. The reason for this is there can be a variety of sub processors and it can be impossible for us to truly know depending on what they are used for. It can also change and we would have to constantly check every provider by essentially re-valuating every recommendation. Even then we only see the outside picture.
That being said we are attempting to encourage NextDNS to provide a little more detail in that regard. The data is still bound by NextDNS’s privacy policy, we’re up front that account usage has logging by default and you might need to disable it. They are very clear in their privacy policy that they don’t sell that data.
Mentioning if it was irrelevant to the conversation taking place regardless of if there is public evidence of it.
There were also some posts in the other thread about Cloudflare and the MiTM thing (when we don’t even use them as a CDN and only as nameservers). Then the goal posts moved to CF being able to change our DNS records, when that is not in our threat model. A lot of the posts you make have a authoritative tone ie: we should be doing this or that. Then there was the HPKP suggestion when it isn’t even a relevant security feature anymore.
Keep in mind as you’re flaired as RethinkDNS people might be willing to give your opinions more weighting in a debate, than some random forum user. The reason I did flair your account was because you do offer similar features to what NextDNS does with the RethinkDNS Android app and I think it’s important for people to know that. Also when people ask about RethinkDNS, you’re able to respond in some official capacity.
Even with Mullvad it’s still a “promise”. It’s also worth noting that Mullvad’s main business is a VPN and their intention is to provide anonymity. They purposefully collect no data so they cannot be asked for it.
Most of these DNS providers don’t purport to offer anonymity, which I think is the key difference. The DNS page doesn’t suggest that using an encrypted DNS promises any kind of anonymity, only confidentiality with regard to queries. This is further made obvious on the “Learn more about DNS” page which provides demonstrations of where internet usage can leak in other ways.
If you see the further comment there, it will likely result in further clarification of what logging is. I think it’s fair to say in most people’s minds that is going to be association of queries with resolver IP address (PII - Personally Identifiable Information) and not some rough global metrics that don’t identify anyone.
The dns0 privacy policy is quite clear at least in my opinion:
We do not log any Personally Identifiable Information (PII).
Our recursive DNS service, this website and other services we provide are fully compliant with the GDPR, and we welcome audits from reputable European entities.
While they don’t elaborate on what they do log, they are very careful to state they don’t log PII which has to be people’s IP addresses. A DNS query is quite a simple transaction. A query is made and an IP address is returned. There is no account based feature with dns0.eu so that simplified things somewhat.