Google DNS Service Warrants a Watchful Yawn
There has been a kerfuffle in the tech policy world in the past few days about Google’s new DNS service offering. The Domain Name System is the lookup directory system that seamlessly converts human-readable Internet addresses (like "www.cdt.org") into the actual numeric "Internet Protocol" addresses that are used to reach the computers designated by particular domain names (72.32.6.120 in the case of www.cdt.org). Most people never think about the Domain Name System or what DNS server they are using – they simply point their computers to the DNS servers provided by their broadband ISP.
But there has never been a requirement that Internet users must use the DNS server of their ISP, and public DNS servers have been around for years. OpenDNS and Level 3 provide the most prominent U.S.-based public DNS servers. Until Google decided to play in the DNS pond. Google announced last week that it was rolling out a network of public DNS servers that anyone could use for free. Google argues (correctly) that the DNS system can introduce sluggishness in the online experience, and Google asserts that its new system will be significantly faster than the DNS system offered by many ISPs. Google claims that it just wants to help speed up Internet communications for all (and Google says that is has some clever techniques to speed up the DND process).
Google’s announcement has led to a flurry of concern from some privacy advocates and others who are just generally suspicious of all things Google. Some ISPs might be miffed because the Google offering could reduce advertising revenue that the ISPs get from "redirecting" web site requests when the user types in an invalid address (such as "www.cdt.ogr"). But those redirections violate the accepted standards for DNS lookups (sometimes causing technical problems), and Google asserts that its DNS service will be fully standards-compliant. And anyway, the vast majority of an ISP’s users will never change their DNS settings no matter what Google, OpenDNS or others offer, so the ISPs that redirect typos to a page of advertising will still get plenty of hits.
The privacy concerns are at least theoretically greater – Google has a habit of aggregating as much data as it can get about you to better target advertisements. A DNS lookup system could provide an extraordinary detailed window into any given user, because it could be used to capture info on every website the user visits. But Google squarely and emphatically disclaims any intention of gathering and retaining personally identifiable data about user’s browsing habits. The privacy policy is pretty direct:
"We built Google Public DNS to make the web faster and to retain as little information about usage as we could, while still being able to detect and fix problems. Google Public DNS does not permanently store personally identifiable information."
This language and the rest of the policy strike me as pretty reasonable.
Bait and Switch?
But Google could always pull a bait-and-switch by promising to provide DNS by the book, and then a year from now quietly add advertising or even worse, behavioral tracking of users’ browsing habits. But I think there are two pretty strong factors that suggest that this might not happen. First, Google’s initial rollout so strongly claims that it is going to act as a model citizen that if Google goes back on its word, it would take a huge credibility hit. Second, and even more critically, if Google changes course in mid-stream, then the savvy users who decided to switch their DNS to point to Google would en mass switch away from Google. So at the end of the day, this new offering is interesting but not terribly worrisome. Of course, we will keep a watchful eye to be sure that Google sticks to its word.
Perhaps the bigger question is whether the Google Public DNS service will in fact be faster than other offerings. Folks have already started testing and the jury is still out on the new service.
A final note is that the new Google offering – just like OpenDNS and other similar services – can be used to circumvent DNS manipulation by an ISP or a repressive country. One simple way to make an unwanted website seem to disappear would be to tinker with entries in a DNS server. For users who fear that such manipulation might be happening, pointing their computers to an alternate public DNS service could help to avoid the unwanted filtering. So Google’s new service may well highlight the potential for censorship in the DNS process, and human rights advocates and others may end up pointing their computers to Google (or OpenDNS or other providers) to avoid a local repressive situation.