Third, Google claims that this service is better because it has no ads or redirection. But you have to remember they are also the largest advertising and redirection company on the Internet. To think that Google’s DNS service is for the benefit of the Internet would be naive.
In other words: Google's DNS service has no ads or redirections. Ours does. But that doesn't make our service worse, because Google is an ad company.
They just do it at a different layer. They do it in the toolbar or chrome. It's no different, plus users can turn it off if they want with us. It's all in users hands.
Actually, it is. Google's DNS has no ads. Yours, by default, does.
Also, FYI, Chrome and the Google toolbar have no ads. It sounds like you have your head in the sand, or are deliberately spreading FUD. I hope it's the former.
It just occurred to me that by using DNS without any filters Google is going to take people to domain squatters when someone mistypes a domain name. To get around this users are going to continue to type the domain (or company name) into Google and click on the first link and some of them will click on the advertising link. An "improved" form of DNS is a direct threat to Google's profit.
That "improved" form of DNS breaks the DNS. Read what the IAB wrote about it. Think about what it does to things like email. It's just a bad, bad idea.
DNS like IPv4 is just a protocol. Creating a new protocol that returns the same IP address as DNS along with a safety score and text description, and a list of alternative domain names with their IP's and safety scores is not a crime against humanity. And hacking the existing DNS protocol to do much the same thing can also be a reasonable thing to do.
I think that you mean access to cookies. I doubt that Comcast is stealing your Bank of America cookies, but it's troubling that they have access to them. [Not necessarily my cookies, as I'm not on Comcast, and I don't use ISP-provided DNS anyways]
I think that he felt you were celebrating the practice of disabling NXDOMAIN and returning a valid IP for every request with the non-existent ones resolving to the DNS-provider's advertisement page. This very much does break DNS.
OK, to clarify I still think you should rely on the application to handle invalid domain names so you don't break email ect. The problem is when someone creates a Malware site called microsof.com and it immediately compromises the browser of anyone who mistypes the domain name. Granted, the browser could keep a copy of bad domain names and worn the user, but Norton DNS could also do that same job. After all if you are going to query a system to find the IP address it might as well tell you as much as it can when it's responding. It's a packet based network and there is close to zero overhead to doing so.
Now I would hate it if my ISP where to institute such a practice but an independent DNS that let's me avoid most malware, spoofing, and parked domain names. Count me in as long as I can opt out at any time.
As far as I know, Google doesn't have ads in toolbar or in Chrome (beyond those which would be displayed by the internet ordinarily). I have to say that these comments of yours are diminishing the standing of OpenDNS in my mind. There's nothing wrong with using ads to pay the bills or make a profit from your service, but being dishonest about your competitor is unacceptable.
From your article, at least a few points seem very iffy to me:
1. "You get the experience they prescribe": I haven't used Google DNS, but am I wrong in thinking that that is the exact same experience as standard DNS? If so, what's the point of this sentence except to inspire unfounded fear in the people reading your blog post?
2. "But you have to remember they are also the largest advertising and redirection company on the Internet": Misdirection to make your readers fear Google without rational basis. Presumably you are doing this to limit attrition due to this announcement, but perhaps you are just deluded. This comment was completely inappropriate in the context of Google's announcement.
3. "It’s not clear that Internet users really want Google to keep control over so much more of their Internet experience": So long as the DNS Google provides continues behaving exactly the same as the DNS an ISP or your company provides, I don't think many rational people will have an issue with Google providing (not controlling) this portion of their experience.
A tiny, tiny sliver of Internet users use any third party DNS service, so it's funny to think that users are worse off with Google's server than they are with AT&T's or Verizon's.
How are the toolbar and chrome NOT in the user's hands? Your belief that Google monetizes all their services directly is naiive - they have repeatedly made very open attempts to improve the internet with no direct benefit to them.
Attempts to improve the internet as a whole may not directly benefit Google, but as an internet company, they will almost certainly indirectly benefit them. A rising tide lifts all boats.
Oh I agree - that's what I meant by "no direct benefit" to them. They explicitly have stated that they want to improve the internet because a better internet is good for them. I'm just saying it's inaccurate to assume they're starting a service for direct monetization and information collection.
And what is wrong with that? Google is doing something that will benefit everyone, not just them? They are going about this the correct way (ahm, no ad redirects). This is akin us blaming Red Hat for releasing more patches to the Linux kernel because it helps them sell their product: they will eventually benefit from this in some way but so do we. The only loser in this case is OpenDNS, who just got the rug pulled from under them.
How do redirections/advertisements in Google Toolbar or Google Chrome relate to Google DNS? Weren't they already there before they announced Google DNS? How does their Google DNS service affect these?
You are trying to compare Google DNS with your OpenDNS service, but then when someone points out a difference that isn't beneficial to your point (that your service is better) you change the subject to something else. How exactly does this bolster your point?
If you're trying to say: "Google monetizes their DNS service with adverts/redirections in other business units. I can't do this because I only have one business unit (OpenDNS)." then just come out and say it rather than beating around the bush and redirecting the conversation.
To think that Google’s DNS service is for the benefit of the Internet would be naive.
I'm not so sure, it is starting to seem like Google has worked out essentially that Revenue = User-Time on Internet. The Chrome project is one example, a better faster internet is in Google's best interest.
And, like many of their other projects, they seem to be content to throw their hat in the ring just to keep everyone else honest.
Broken DNS is a threat. But they don't need to answer all DNS requests to protect against it. They just need a non-broken service as a credible threat to keep the other providers from sliding in that direction.
Yes, I was told that explicitly at a presentation by Google recently. Anything that makes the internet better or makes people use it more makes Google more money.
Agreed. The first point is the only legitimate technical point.
Everything else is just vague fear mongering about how google might misuse their dominant position and frankly DNS doesn't scare me any more than Google owning my email, documents and search history.
Either way, OpenDNS is awesome and I'm excited to see how they'll proceed fighting Google's entry (on technical merit).
It's a tactic politicians have successfully used for ages. If it works, you can't blame a company for doing it. They're not in it for the ethics, but for the money.
Putting aside Dave's obvious bias and the question of ads, frankly, I'm shocked he misses the obvious: Google DNS is intended to work with Chrome's DNS prefetch, which is arguably the key technique that makes Chrome so fast.
I don't want "Dashboard controls to manage your experience the way you want for you, your family or your organization". I just want a DNS server that obeys the goddamn protocol.
That's your choice of course. If you work in a small school it's easy to block unsuitable sites this way.Another alternative would be the level 3 dns servers, easy to remember, pretty fast and no alteration of records.
David's 5th point is the most important, at least in my opinion. By Google running DNS, they can potentially collect your complete browsing behavior (since you'll go through their server all the time, not only when you search with them).
The funny part about this claim is that 90+% of Internet users use DNS solely to get to Google. It's really a choice between having one big company tracking your habits, or two, one of which is small, under intense pressure, and hungry.
That isn't how DNS works. It is true that 90% of users go directly to google, but once there they click on Search results, news results, etc... The browser takes the link and the OS does a DNS lookup to get the ip address of the server hosting that url. Then the browser connects to that server, google is no longer in the picture.
Exactly. A lot of people don't remember domain names anymore, they remember the words they need to type into Google in order to bring that site up as the top link.
E.g., if they want to get to Dell's website, rather than typing "dell.com" into the URL field, they type "dell" or "dell computer" into the search box and then click on the first result.
Oddly enough this relates to all the domain squatters out there. If you misstype something into the search bar you don't know what you get, but by clicking on the first link in Google you are taken the to the "reputable" site.
So a reputable DNS service that did this automatically would be a direct threat to Google.
You're also thinking too web-centric. DNS is not only used by web-surfers to construct URLs in their browsers. Things that make sense from a 'how to I find this webpage' sense do not make sense from a 'how does my non-web client contact the non-http server' sense.
It's not how DNS works, but it is how the Internet works. Google's ability to track users is already in many cases page-granular.
The point I'm making is, it doesn't matter if people use Google for DNS, because they're already handing Google more valuable information. But it does matter if they're handing it to OpenDNS.
If Google deletes all of its personally-identifiable data within 48 hours, then the risk to current users of any future privacy policy change is small. The real problem is when a service collects -- and never purges -- data under the guise of one privacy policy, but leaves the door open to adopting a different privacy policy which could be retroactively applied to the data already collected. I'm no lawyer, but the OpenDNS privacy policy does appear to fall into that category: "Your continued use of our sites and services after any change in this Privacy Policy will constitute your acceptance of such change." Right, and if I stop using the service when the policy changes, will my old data be automatically flagged so that it still falls under the old policy?
Privacy Policy Changes
OpenDNS may change its Privacy Policy from time to time, and
in OpenDNS' sole discretion. OpenDNS encourages visitors to
frequently check this page for any changes to its Privacy Policy.
If changes are made, notice will be given in the OpenDNS sites
and the OpenDNS blog at http://blog.opendns.com/ and we *may* send
an email to registered using to notify them of the change. Your
continued use of our sites and services after any change in this
Privacy Policy will constitute your acceptance of such change.
So you may have a notice pushed out to you, but you may not. If you use OpenDNS to make the DNS request to to view their blog to read the new privacy policy, technically you have already made use of their service under the new terms. Oops.
I'm not sure how much of a concern that is for most users, who use Google to get to all the content on the Internet anyway. Having DNS records wouldn't buy Google much that they don't already have from search queries and results.
It's getting to be a very rare (non-technical) user who actually types URLs directly into their browser; most people go through Google, even to get to sites where the domain name and site name are exactly the same. They're hitting Google for every single site they visit already.
I honestly don't think they would be that evil (and the privacy policy as currently stated would forbid that), but they can collect aggregate data and infer what sites are popular at what times and from what geographic/network locations. That's useful data. I bet you could use it to create web stats that are at least as good as Alexa (admittedly a low bar).
Well, First, it’s not the same as OpenDNS. When you use Google DNS, you are getting the experience they prescribe.--turns out they did not prescribe that, the standards perscribe that. OpenDNS breaks the protocol.
Second, it means that Google realizes that DNS is a critical piece of our Internet’s infrastructure and that it’s of strategic importance to help people safely and reliably navigate the Internet. -- This is not very astonishing, as it is pretty much the definition of what DNS is.
Third, Google claims that this service is better because it has no ads or redirection. -- And that is because ads and redirection are nonstandard, broken behavior.
Fourth, it means that Google is bringing awareness to a wide audience that there is a choice when it comes to DNS and that users don’t have to settle for what their ISP provides. -- And they don't have to settle for broken behavior that other services provide.
Fifth, it’s not clear that Internet users really want Google to keep control over so much more of their Internet experience than they do already -- If more control means correct behavior, then they might think so.
Using their DNS server shouldn't require much user input. Nonetheless, most people use their ISP's DNS servers, and let me tell you that Comcast support will always tell you that your computer is at fault if there is a DNS issue. Google is entering a domain where poor customer service is the norm.
Edit: just realized the pun... totally unintended, but funny to see an 'Easter Egg' of sorts hidden from you in your own post.
I think what makes me nervous about it is that I can't even control my own sites any more if I use Google's DNS, and get the "mysterious Google lockout with no recourse".
That makes no sense at all. How would using Google DNS remove your control of your own domain? Google DNS is just a resolver, it's not an authoritative DNS. If you were "locked out" for some reason you could just go back to using your ISP dns servers. Where's the problem?
Why bother trying to acquire them when there is nothing technically difficult about what opendns is doing and when google has more resources and technical expertise to bring to bear on the problem? What exactly would you expect opendns to bring to the table other than a trademark and a somewhat controversial reputation?
To be honest I am somewhat surprised that opendns has lasted as long as they have, but I expected the attack to come from the akamai/cdn direction rather than directly from google.
Take the FUD point of view if you want. I don't see it. When a giant enters your market, this is a great way to react. No dismissal of their impact, validation that you created a market, desire to keep on competing, and ultimately, positioning positioning positioning of your competitive differentiators... I applaud David for his post and I think we can all learn.
In other words: Google's DNS service has no ads or redirections. Ours does. But that doesn't make our service worse, because Google is an ad company.