Critics immediately voice privacy concerns when Google launches a new service. This time, PC World comments on Google’s announcement of their own DNS service, declaring it safe because “it’s in their privacy statement”. But this completely misses the point. Privacy statements can change and the availability of data may arouse new interests… In order to really understand the consequences (and possible threats) of Google Public DNS (and any other service) one has to ask two questions:

1. Why? (What is their motivation for offering the service?)
2. What’s not on the table (yet)? (What are some possible additional uses of the service (or the data it produces) which are not obvious today or even explicitly denied by the provider?)

Both questions often don’t have definite answers because one is usually acting out of imperfect knowledge. That’s why I’m asking you, dear readers, to be creative and come up with some answers to them in the comments. I’ll start with some ideas of my own…

Why?

• As Google earns its money on the web, what’s good for the web is also good for Google. Faster loading of web pages is obviously in Google’s interest. Asynchronous HTTP calls (AJAX) used by many web pages (and especially by Google’s services) affect responsiveness of web applications and as such directly influence the user experience. (I’m not sure how big the number of DNS requests initiated by AJAX calls is, as they usually refer to a small number of known addresses).

What’s not on the table (yet)?

• Google has an interest in controlling the application layer part of how the web works (the introduction of SPDY points in a similar direction). This enables them to influence the technology used in the web and to push forward technology that most fits their needs. One should be aware that this behavior could lead to Google gaining a dominant role in deciding on how web protocols work.
• What can you actually do with DNS request data? You have the requesting IP address and the host name requested. You cannot use cookies for identification as in the web. NAT prevents clear identification of the source of some requests (IPv6 will eventually get rid of NAT and solve this “problem”). But hey, this is Google! They also know a good part of what goes on in the web after the DNS request has been made. If there’s a DNS requests for domain A by client address X and an HTTP request for the IP address of domain A by the same client X (which Google may now be able to identify using cookies; using Google Analytics, Google may be able to correlate requests for a web page and the corresponding request for the Google Analytics), you can actually identify clients using DNS. What does Google gain by that? I’m actually not sure. Google can relate activities going on outside the web (mail, news, etc.) and extend their profiling abilities. Monitoring behavior outside the web might be remotely useful for Google, but after all, they’re a web company.

Intermediate conclusion

I think making the web more usable by increasing responsiveness and gaining a little influence on the web architecture might be good enough reasons for Google to offer a DNS service. But there’s probably so much more to Google’s rationale. What might the data Google gathers be useful for? They are all about data, there has to be something in there for them. What are your ideas?

Der Beitrag wurde am Friday, den 4. December 2009 um 11:52 Uhr veröffentlicht und wurde unter english, privacy abgelegt. Du kannst die Kommentare zu diesen Eintrag durch den RSS 2.0 Feed verfolgen. Du kannst einen Kommentar schreiben, oder einen Trackback auf deiner Seite einrichten.