Expert Texture Home Contact me About Subscribe Digipede Connect on LinkedIn rwandering on Twitter rwandering on FriendFeed

The blogged wandering of Robert W. Anderson

Dynamic IP and OpenDNS? Watch out.

OpenDNS is a cool service.  I use it.  It basically provides two kinds of services:

  • Better DNS Servers: to get this service, you just switch your DNS settings to their servers.
  • Extended services:  various typo-correction features, domain shortcuts, domain blocking and anti-phishing, and domain usage tracking.  To get these services, you create an OpenDNS account.

I use their servers, and while I do have an OpenDNS account, I don’t use any of the extended services. 

At least, I don’t intentionally use them.

The problem is that the services are applied based on the IP source address used in DNS queries.  IP addresses change.  IP addresses are not secure.  For most people they are dynamic.

This impacts the reliability of the service . . . 

  • For example, User A defines OpenDNS extended services associated with their IP address.
  • IP address changes.
  • User A either doesn’t have the services they are relying on, or gets services they never signed up for. 

. . . and has privacy implications . . .

  • User A changes their DNS settings, signs up for the additional services, and starts tracking domain queries.
  • User B never signs up, but just changes their DNS settings to the OpenDNS servers.
  • At some point (before or after A signs up), B gets A’s old IP address.
  • A is tracking B’s queries.

Unlikely?  Maybe.  Possible to exploit?  Definitely.  Expected by users?  I doubt it.  In fact, User B probably didn’t think this was possible. 

This is such an obvious issue that I went looking on the OpenDNS site for answers.  I expected a big warning like this:

Warning: Using OpenDNS with dynamic IPs is an advanced use case.  To use OpenDNS with dynamic IPs, you must sign up for an OpenDNS account and reliably update us with your IP address when it changes.  If you do not, other users may track your DNS queries and extended services may get applied even though you did not sign up for them. 

Expecting I must just be missing something, I posted on the community, and got an unconvincing . . .

not a major issue…and we won’t let it become one

Sounds like stonewalling to me.

So, why do I care?  User contracts 101 says if you don’t like the service, don’t use it.  OK.  I might just quit the sevice.  That is fine.

But, the user contract of “just use our DNS servers and everything is better” does not include these major caveats.  I think it is misleading.

What do I think they should do about this?  I dunno, but here is an idea:

  1. Split their DNS servers into 2 (Primary / Secondary) pairs.  This eliminates the problem for the users who use the OpenDNS servers without signing up for an account.
    • First pair doesn’t enable any extended services (except for the OpenDNS Guide).
    • Second pair is required for the extended services.  This pair is provided to users only after sign-up. 
  2. Promote a warning like the one I give above. 

These solutions don’t make the problem go away, but they make sure users are informed about what is actually going on.  And they make for a sensible user contract.


Tags: , , , ,

Google Reader Misappropriated Our Shared Items

image_thumb[1]Earlier in the week I stopped using Google Reader for a few days.  Every time I started it, I would be reminded of their new sharing features (see the dialog on the left).  Then I would close the browser tab. Why?

Google changed the Reader user-contract with no notice.  This rankles me.  I’ve lost control of my shared items.  This is a dramatic change with only the weakest of opt-outs.  What’s more, any opt-out is too late.  My items have already been shared.  What kind of opt-out is that?

Oh, but there are more options.  They give us the ability to manage who gets to see our shared items.  But only after others have a chance to read them.  For example, I can hide my items from my “friends” who are on Google Reader.  Other “friends” that start using Google Reader will get to read my shared items immediately.  The onus is on me to make sure I actively manage the list. 

And the icing on the cake?  “Friends” wasn’t a word in use by Google Reader before.  Now it has been defined to mean my Google Talk contacts.  No fair.  This is not analogous to Facebook “friends”.  In Facebook, I accepted people as “friends” based on the Facebook definition.  Now my Google Talk contacts are my “friends” based on Google’s new definition.  This is clearly backwards. 

Is Google breaking their terms of service?  Almost definitely not, but they are changing a basic part of the user-contract: that user data won’t become more public without user consent. This is a perfect example of the “User-Beware contract“, summed up as: “we’ll change the user contract whenever we feel like it.”

What’s next? 

Your email contacts have been shared with your friends

Your emails have been shared with our advertisers

You calendar entries have been shared with your . . .

You get the idea.  This may seem like a joke, but frankly I don’t know what is in store for the user contract.

Steve Gillmor suggests this is arrogance on Google’s part, and he’s probably right.  Yet mostly people are ignoring this or don’t get it (e.g., Scoble doesn’t seem to get why anyone would care). 

Why is the blogosphere giving Google a free pass on this one? 

Tags: , , , , , ,

With Beacon, Facebook is not the problem

Unless you live under a rock (or don’t follow the social space) you know that there has been a big uproar of Facebook’s Beacon.  This is the feature that enables 3rd party web sites to transmit your actions (or “stories” in Facebook lingo) to Facebook. 

If you want to know more about how it works, Jay Goldman wrote the excellent post: Deconstructing Facebook Beacon JavaScript.  The title belies the fact that the article gives a good overview too (it isn’t just for developers).

An innovative idea — one that reminds me much of the GestureBank work conceived by Steve Gillmor and myself.  Given that, it should be no surprise that I don’t think Facebook did anything “evil” here. 

Now, they could have done a better job with it.  From the get-go, I would have preferred if they had

  • been more public about how it works; and
  • required that users “opt-in” to the whole program.

Not surprisingly, there was a backlash and Facebook made some changes (Official- Facebook Flips On Beacon).  Great.  I don’t think what they did violated their user contract, but the changes are more user-friendly.  I would prefer my User Aware contract, though this is a User Beware contract (User Contracts – Part II- User Beware). 

But, the problem isn’t with Facebook or their user contract.  If you don’t like the service (in total), don’t use it.

What I don’t understand is all the focus on Facebook here.  Like all silos they are capturing data, data, data.  That is what Facebook is all about.  

Why isn’t the focus on the 3rd parties who submit your stories?  They are the ones pouring user stories into Facebook. There have been reports of users not having approved their stories.  This is a bad thing, and maybe a technical flaw in Beacon, but ultimately it is the responsibility of the 3rd party to protect your data.

They should give the users control over their Beacon settings:

  1. Never send stories to Facebook
  2. Approve each story before it is sent to Facebook.
  3. Always send stories to Facebook.

If anything, Facebook should require this of its Beacon partners.

So, why aren’t people up in arms over the eBays, TripAdvisors, Yelps, Fandangos, Epicureans, etc.?

But, hey, if you don’t like the way these sites are spraying your data over the Internet, then stop using them.  

Tags: , , , , , ,