We are carrying out a major work on reg-track.com website. The system is still fully functional
and will be back to reg-track.com very soon.
ESP DP Privacy and DNS Protocols
On Nov. 29, ESP DP issued technical note on privacy, DNS protocol.
ESP DP issued privacy recommendations for name resolution system protocols (DNS).
Overview
Internet access from smartphones/desktops, uses services to gain access to websites.
DNS protocol, involve data processing by 3rd parties, to pages where access is sought.
This processing could reveal navigation habits, geolocation information, allowing for profile generation, be conserved in undefined way, and so involves risk to user privacy.
Despite increased awareness of internet privacy, DNS is somewhat forgotten process.
Thus, ESP DP note identifies privacy issues and implication of illegitimate data process.
Identifies guarantees to help manage the risks, for both users and service providers.
Mainly for software developers, network administrator, DNS and web access providers.
DNS Background and Challenges
When browse web, computers query via DNS to other servers to determine IP address.
Queries contain not only IP address, which identifies a user and can geolocate people.
Also name of page accessed, enables profiling as per browsing habits of device owner.
DNS was not originally defined with privacy in mind, so queries made are mostly not protected by e.g. encryption and some DNS servers may keep record of queries made.
On top of being sensitive information data could be filtered to third parties, and added problem is lack of security measures of DNS protocol could end on DNS impersonation.
User could browse sites not sought, with attached risks to privacy, data theft/ransom.
Technology Improvements
Although security extensions were incorporated into DNS protocol i.e. DNSSEC, they do not have encryption mechanisms that allow confidentiality of DNS communications.
New measures, of DNS over TLS (DoT) or DNS over HTTPS (DoH) are being developed.
Should they be intercepted, information becomes illegible, so improves confidentiality.
Firefox opted for the latter option, Chrome plans to incorporate it in upcoming version.
Recommendations
ESP DP considers incorporation of these solutions can advance communication privacy.
Only overcome limitations when technology matures and is widely put into operation.
Recommendations include promoting greater use of DNSSEC security extensions, and wider use of DNS encrypted queries, where providers inform of service terms of use.
Or internet firms using 3rd-party DNS servers choose GDPR-compliant providers, etc.
It reminded that data processed by DNS server are collected for specific treatment.
Therefore, any additional processing e.g. user profiling could have privacy implications.
In latter case, processing should identify its legal basis of information use, inform user it is occurring, guarantee exercise of user rights plus keep overall GDPR compliance.