Comments on: Dynamic IP and OpenDNS? Watch out.

By: Anonymous

Anonymous — Fri, 28 Aug 2009 04:51:30 +0000

BTW I’ve also had this “rare occurrence” happen to me on my university network, which does have a fixed number of assigned dynamic IPs available. True, in the scheme of the world, 2 people having the same IP and “contacting” each other thru OpenDNS is pretty slim, but in a tiny group such as an office or university with fixed numbers of rotating IP addresses, this can be a serious problem.

By: Anonymous

Anonymous — Fri, 28 Aug 2009 04:48:09 +0000

I believe the most minimally intrusive method of solving this would be to implement what you suggest: dns serving groups. OpenDNS group A is for people that have an account and use all the crap they offer (crap in the good way). group B is for people like me, that don’t care about all the crap they offer and just want better DNS support. group B would be zero tracking whatsoever and any ip’s that show up in both group A and group B will automatically flushed from group A.

Easy. No need to install software or do anything different than anybody does now, except have to worry about 4 dns addresses instead of 2.

By: Robert W. Anderson

Robert W. Anderson — Wed, 12 Aug 2009 21:52:04 +0000

I suggested a way around this in my post, actually. It doesn’t solve the technical problem, but does resolve the dubious user contract.

By: Michael

Michael — Fri, 10 Jul 2009 04:36:35 +0000

I really don’t think they have any way around it. They can’t tell if someone has a dynamic IP period. They just have to hope that the people with dynamic IPs download their software that monitors it. Sure they can make it default to dynamic IP and send everyone to download the software, but the problem is still there. Perhaps if they require the software to be installed before their service can be used, that would mostly solve it. There still could be little gaps between when the user’s IP changes and when the monitoring software catches it and sends the info back to OpenDNS. That’s a tough one.

By: Robert W. Anderson

Robert W. Anderson — Mon, 01 Sep 2008 03:18:01 +0000

Van, thanks for the comment. Last I checked, OpenDNS has done nothing to improve this situation. And of course, the more successful they are the more this problem does happen. Pretty disingenuous.

The “gift of safe”? More like the “gift of pseudo-random”.

By: Van Glass

Van Glass — Sun, 31 Aug 2008 23:13:53 +0000

Hi Robert,

I’m glad that I’m not the only person who is concerned about this. I first looked to OpenDNS as a way to use a more reliable DNS service since my ISP DNS servers are always going down. When I tried to register my IP address I got the message “Network already registered” which means that someone already registered this dynamic IP address even though I am the one that owns it now. It immediately got me thinking “So someone is possibly tracking me?”.

My concern is over privacy in that if someone else tracks the stats, they can easily begin to see what sites I am visiting and build a profile on my IP address and identity. For example, they can see what bank I use, what company I work for (while checking my email) etc. etc and start to build a profile on an IP address.

By: Robert W. Anderson

Robert W. Anderson — Wed, 27 Feb 2008 21:19:56 +0000

John,

Thanks for your comment.

I do wonder when you say “not happened very often”. Is this statement based on user complaints (which we would expect to be minimal) or internal data that show that different accounts have rarely shared IP addresses? Either way, this doesn’t begin to deal with the issue of the user who just uses your servers nor how visible you make this issue to prospective users.

Knowing when IPs are dynamic can mitigate this issue, but without a warning like the one I proposed, I don’t think you are being clear enough to your users. Even with a warning, the user who just uses your servers is counting on your extended services users to update IPs correctly. This is why I suggested the two server pairs.

Statistics being off by default is neither here nor there, it only reduces the likelyhood that it doesn’t happen. That doesn’t make the service more secure or “private”.

Regarding stonewalling, it was not just your response in the forums, but also my collective experience at the OpenDNS that makes me feel this is being swept under the rug. For example, why doesn’t your privacy policy point out the vulnerability?

Robert

By: John Roberts

John Roberts — Wed, 27 Feb 2008 20:43:20 +0000

Robert, sorry you felt like I was stonewalling.

Here’s the situation:
1. It can happen as you describe.
2. It has not happened very often.
3. As OpenDNS grows, we can expect it to happen more often IF we don’t do anything. So… we’re doing several things.

I don’t like to talk about stuff we haven’t delivered yet (anti-vaporware), but here’s an example of one of those steps.

Many of the dynamic IP pools have been flagged as such in various ways. When you add a dynamic IP as an OpenDNS network, we’ll recognize that and give you next steps accordingly (checking the box for dynamic by default, lead you to the software downloads required, etc.).

You’re talking about a rare problem now, which we’re aware of, and which we’ll address before it becomes a real issue instead of a “what if” situation.

I’m glad you’re using our service, and I hope you’ll continue. And the feedback is helpful, even if we disagree about the scope of the problem.

Regarding privacy, I’d point out the OpenDNS privacy policy at http://www.opendns.com/privacy/ and underline that network statistics are OFF by default for anyone with an account and network.

John Roberts
OpenDNS