Another privacy threat: DNS logging and how to avoid it

With AT&T now turning your DNS logs into a money-making proposition, it's time to look at alternatives

As if you didn't already have enough privacy problems to worry about, a recent expose by Stacey Higginbotham at GigaOm explains how AT&T is dredging DNS records and selling the results to would-be advertisers -- unless AT&T customers pay for it to stop.

DNS logging is widespread, even in places where you might not expect it. Even if you use a VPN, there's at least one weak point in the chain where VPN server DNS hits are logged, and could potentially be tracked back, rerouted, or blocked entirely. A new service from Golden Frog offers zero DNS logging -- for a price.

Most people get their DNS service -- the lookup table that converts domain names like InfoWorld.com into IP addresses like 70.42.185.121 -- from their Internet service provider. Some people override their ISP's DNS by using Google's DNS servers (8.8.8.8 and 4.4.4.4) or OpenDNS' servers (206.67.222.222 and 208.67.220.220), both of which are free.  Free, at least, in the sense that they don't charge you for using their servers; but if you're not paying for the service, you are the product, of course.

Every time you use a DNS, it records your IP address (and thus your approximate location), the domain name you looked up, the current time, and the name of your ISP. Many organizations that run DNS servers are beginning to learn that there's money to be had in those logs. Google, of course, has known that since the beginning of time.

The AT&T logging is linked to AT&T's new GigaPower fiber service in Austin. According to GigaOm, the 300Mbps service without logging costs $99 a month, but the same service with snooping costs only $70 a month. The situation gets more complicated if you add video service. All told, per GigaOm, "Keeping your web history out of Ma Bell's hands would have cost almost $800 the first year you signed up at the high-end and $531 at the low-end of ordering only internet." At AT&T, DNS privacy comes at a steep price.

OpenDNS makes no bones about the fact that it collects and saves DNS logs -- you're able to access your own logs as a feature of setting up a (paid) account. While OpenDNS has an extensive privacy policy, I don't see anything that says explicitly, "we don't sell your DNS logs."

Golden Frog, on the other hand, just launched an encrypted, zero-logging DNS.  The company says on its site, "We developed our zero-logging VyprDNS service to increase user privacy and defeat censorship across the world." VyperDNS is built into Golden Frog's VyprVPN service -- when you connect with VyprVPN, all DNS activity is handled on Vypr/Golden Frog servers. VyprVPN has 700 servers, located in more than 40 cities around the world.

For those of you who are sufficiently paranoid, VyprVPN and VyprDNS may help. For example, if you or your company is concerned about eavesdropping on Skype conversations -- tell me again, how do you spell "NSA"? -- running through VyprVPN eliminates several potential points of access. If you find yourself logging on from countries with governments that may want to block certain kinds of access, snoop, or insert themselves into the middle of your conversations, VyprDNS certainly makes their job considerably more difficult.

VyprVPN for Business starts at $300 per year for three users.

This story, "Another privacy threat: DNS logging and how to avoid it," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies