Google says that they don't use Google DNS for tracking.
From the Google DNS privacy page: "We built Google Public DNS to make the web faster and to retain as little information about usage as we could, while still being able to detect and fix problems. Google Public DNS does not permanently store personally identifiable information."
They go on in some detail to say how and what they log.
But you can bet that at least the NSA and 3-letter-agencies around the world do monitor anything going to or coming from these two IPs. It's just a too convenient target.
More distributed resolvers (like with Cloudflare/Amazon datacenters directly linked to ISPs) would make this type of spying orders of magnitude harder (they must actively infiltrate the ISPs network instead of just tapping the DECIX/exchange switches, which e.g. German BND is ALLOWED to do!).
Shit, I'd pay for Cloudflare or any other service to build robust, interception-secured DNS servers. Or my provider, but providers have a shameful track record of building fast and reliable DNS servers.
We support DNSCrypt which will encrypt your DNS traffic between you and us. That's the last mile, at least. We support DNSCurve for the other hops, but almost nobody else does.
That's probably enough for most uses, as the unencrypted queries entering the cache are mixed with millions of other people's.
Myself, I'm still wary of providing data to any third party. Maybe it isn't the case any more, but at least recently, OpenDNS stored identifiable logs forever and potentially resold that data.
DNSCrypt meets this need and is based on the same crypto from DJB. If you're running a full-blown resolver, I'm not sure if DNSCurve works if you forward to us... I'd have to find out.
> More distributed resolvers (like with Cloudflare/Amazon datacenters directly linked to ISPs)
Cloudflare has 24 datacenters[0]. Google Public DNS is deployed in 45 peering points over at least 16 metros[1]. I would be very surprised if Cloudflare/Amazon were more distributed than Google in this regard.
Google is by far the largest public one, next to OpenDNS. The rest are provider DNS servers, which can't be tracked that easily (NSLs and other "pseudolegal" stuff aside).
It is a shame that the Internet has descended from a place where everyone could implicitly trust everyone into a hellhole of spammers, hackers, spooks and other retards. One cannot even trust that private two-way communication STAYS private because our own fucking governments have done everything to erode that trust.
It is bad times that one can trust Google to keep your data half-way safe, but your government not. It should be just the other way around!
It's not "our own" government, for any "our own" that purports to include me. It is a junta with enough guns to have their way with people across a continent. Pretending otherwise may sound "non extremist" and "responsible", but it's still ridiculously naive and bound to lead to nothing but disappointment. In ever increasing doses.
Practically, a good start is to recognize that not all valuable communication mechanisms benefit all that much from minimizing latency of packet delivery. IOW, not all, in fact not even most, means of communication really need the kind of "apparently real time" performance that telephony requires.
Moving services that don't, to a protocol where the focus is on making mixing and anonymizing simple, reliable and robust; rather than simply max throughput and min latency, would make end user security and anonymity guarantees much easier to make. And, for many types of channels, this can be done without much at all in the way of negative side effects, given how fast the underlying switching infrastructure has gotten.
Current protocols were necessary for any kind of usability when hardware was slow and expensive. And good enough privacy and security vise, when even the NSA didn't really have the means to do much wide net spying at the network level. But neither of those realities of the original internet is true anymore. Instead, sorry for the pompousness, the new environment is so different as to require, or at least recommend, something almost akin to a "new internet." Built with the "new" threats to communication in mind.
I'm not working anywhere, at a startup nor anywhere else, that could conceivably "profit" from any of the above ramble. If what I'm saying makes no sense, it's because I'm a moron (or at least misinformed), not because I'm a scumbag.
> It's not "our own" government, for any "our own" that purports to include me. It is a junta with enough guns to have their way with people across a continent.
Virtually all governments spy on their and other countries' citizens these days, not just the US. We Germans spy, the Brits and the rest of Five Eyes spy, the Russians spy, the Chinese spy, the Iranians spy and I bet that even North Korea has quite some good hackers.
And for the rest of your comments: indeed, a "new internet" would be required. But as you can see on the adoption rate of IPv6, we're stuck with this mess unless quantum computing forces us to switch.
IPv6 doesn't fundamentally offer end users anything far beyond the current standards.
I'm imagining a protocol for less tightly coupled endpoints could be written to, while the "switches" merely translate traffic to route it on current infrastructure. A more application agnostic version of mixmaster or TOR, so to speak. The important part, is really to get enough of a variety of end user apps written to it, to prevent anyone from knowing much about the traffic simply due to the protocol spoken. Then, over time, to optimize away more and more crud, until we've got dedicated hardware. It may still be a bit utopian, but the current mess isn't really serving people all that well anymore, either.
Which is a pretty good indication that all meaningful solutions to the spying problems, need to work at a level more fundamental than government. Routing around them, or rendering them impotent, by design, if you wish.
There's no one I know in between, except of course the DNS servers set up by providers like AT&T, Comcast etc., which are locked to their customers only.
Google says that they don't use Google DNS for tracking.
From the Google DNS privacy page: "We built Google Public DNS to make the web faster and to retain as little information about usage as we could, while still being able to detect and fix problems. Google Public DNS does not permanently store personally identifiable information."
They go on in some detail to say how and what they log.
https://developers.google.com/speed/public-dns/privacy