Discuss mailing list

[Amunak <amunak AT amunak.net>]

Before proposing or commenting on any ideas about changing whether logging servers are accepted I'd like to point out that GDPR doesn't actually really affect us (logging-wise). Basically if you are logging for purposes of detecting (and defending against) potential attacks, logging IP addresses and query counts and other metadata is just fine (and in some cases you may actually be required by law to do that; as in, defend against such attacks,  which is not easy or even possible without logging).

However you'd be right if we are talking about query logging - that must be anonymized without explicit consent to be GDPR-compliant (but anonymizing just the last octet or two of the IP address should be enough). I'd also like to point out that anonymized query logs are useful at least for statistical purposes. As for obtaining consent for non-anonymized logging, as long as a warning is presented before showing the IP address of the logging DNS server consent is, essentially, given (though even that should probably be behind a login page and audited).

What I'd propose would be actually distinguishing between different logging types better; that is making the distinction between collecting counts, metadata and queries and separately whether any of these logging categories are anonymized (and ideally we could also show for how long is each of those categories stored).

I agree though that logging-enabled servers - that is, those that gather anything more than just the "counts" for attack mitigation - should not be filtered by default from the server list.

All in all my biggest issue with all this is that we actually have to trust the server operators that they are disclaiming what they log truthfully and that they haven't misconfigured anything, even by accident. Which is also a reason why I wouldn't ban any logging servers outright, as it would make people more likely to lie about whether they do logging. We should incentivize that as little as possible.

Amunak

On 24.05.2018 20:53, Jonah Aragon wrote:

This hasn’t really been brought up here, but I’ve been looking into GDPR compliance and how it fits in to our Matomo website tracking, and I think it’s relevant to a lot more aspects of this community. 

So I wanted to get some thoughts from the community, especially concerning DNS server logging. At this point in time, we don’t seem to have an official stance on DNS logging, but it seems to me that any logging involving IP addresses, but especially query logging, is directly impacted by GDPR.

As far as I can tell, the onus of GDPR compliance falls on the individual operators, as they are both the data processor and controller of the information collected.

Even if that is the case, I think OpenNIC should finally take a stricter no-logging stance in regard to the DNS servers regardless. I’m proposing the following ideas:

- Immediately, OpenNIC should adopt a no/anon logging policy for all new servers.

- Immediately, any servers that don’t have the no/anon logging flag enabled should be filtered out from the server list. We could implement some sort of checkbox along the lines of “show servers that log queries” (this would act as opt-in consent).

- Eventually (TBD), we should begin the removal of any remaining logging servers.

Regarding website tracking (Matomo), I currently believe we are fully GDPR compliant. We do not collect any data that could be used to identify an individual (no PII), as all of the data we collect is adequately anonymized (negating the need for opt-in consent). Additionally, the data we collect is publicly available and we have a simple tracking opt-out system.

As an aside, my Tier 2 servers are currently disabled pending GDPR compliance. All logs regardless of content are being deleted. Please don’t use them in the meantime.

Jonah

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org