Ask yourself why all these companies are fighting each other to be your default DNS provider. Why do their "privacy" solutions always give them your data instead? It's valuable data and it's easy to control it yourself. #privacy https://www.linuxjournal.com/content/own-your-dns-data
@kyle Is it valuable data? Neither Mozilla nor Cloudflare seem to have an economic incentive to monetize this data. Also, Cloudflare’s privacy policy states:
@jeremiahlee it's your entire browsing history. Every site you visit. Very valuable data and their privacy policy is vague about which data they keep indefinitely, so you focus on the "24hrs" part.
@kyle I understand your general concern, but in this case, Cloudflare seems aligned with Mozilla's stance against surveillance capitalism.
Cloudflare explicitly states the data collected in the link and which are deleted after 24 hours and the 3 pieces that are retained: https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/
Cloudflare also explicitly states in the other link that the data is not sold or used to target ads: https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/
@kyle Most people are not going to run their own DNS servers, but Mozilla isn't stopping them from using them if they do, so the immediate benefit is an increase in default privacy. “Better is good.”
@kyle I agree the data is sensitive. There has to be a buyer to make it valuable. Outside of ad targeting, I am not sure who would be interested in buying Cloudflare's DNS access data if the information necessary to target an individual is removed.
@jeremiahlee Cloudflare says they don't sell it for ads, but to answer your question in general, the value is the association of a series of websites with an individual, even if you don't know *who* the individual is.
Advertisers find a lot of value in "someone who likes X also likes Y but doesn't like Z" so that when they do have a target in mind that likes X, they know to market Y to them but not Z. This is why social graphs are valuable--friends/colleagues often share preferences.
@irl The goal is to have control over the DNS logs instead of giving them to Google or other big data firms. If you do not trust your ISP and think they sniff and capture all DNS traffic that goes over their wires, then the solution is to use a trusted VPN as they would probably also sniff all initial SNI requests too.
Why is it that the best minds in our industry seem unable to improve security without creating products that coincidentally give their employer more control over people and their data? Vendor lock-in is preventing real innovation in infosec.