DNS TTL Limits at Public DNS Resolvers

In my post about the basics of DNS TTLs and caching I mentioned that DNS resolvers use the TTL of the record to determine how long to cache any particular record for. While this is /normally/ true, there are exceptions. Namely, certain public DNS resolvers have a upper limit of the TTL that they will cache. That is, if you set a TTL longer than their limit, the resolver will bring the TTL down to their limit and cache it using their TTL.

Continue reading “DNS TTL Limits at Public DNS Resolvers”

On Telemetry in Software

This post about telemetry in Go’s tools recently appeared in my feeds. I don’t specifically care about Go or its tools. I just wanted to mention something about the use of telemetry in software. It is considered common practice to implement some sort of telemetry package into one’s software nowadays. I am not here to debate whether this is a good idea or if it is effective.

All I care about in this specific topic nowadays is consent.

I’m even at the point where I say that I as a normal developer using Go want the Go team have that kind of data. But now to the one thing about this proposal that I don’t like: It’s opt-out.

Horst Gutmann, Telemetry in the Go tools

Telemetry in software should always be opt-in by default and not opt-out. Furthermore, the opt-in process should provide details on what exactly is being collected and a summary of how the data will be used. This is so that the user can make an informed choice as whether they want to opt in or not.

No, I don’t care if developers and/or other stake holders think that if they ask for telemetry instead of simply turning it on and making the user opt out means that most of them wouldn’t provide any telemetry. Tough shit, that’s how consent works. You are not entitled to telemetry.

Anti-tracking tools on iOS devices

Reading this Ars Technica article about DuckDuckGo’s anti-tracking tool:

DuckDuckGo is positioning App Tracking Protection as something like Apple’s App Tracking Transparency for iOS devices, but “even more powerful.” Enabling the service in the DuckDuckGo app for Android (under the “More from DuckDuckGo” section) installs a local VPN service on your phone, which can then start automatically blocking trackers on DDG’s public blocklist. DuckDuckGo says this happens “without sending app data to DuckDuckGo or other remote servers.”

While comparing this tool to iOS’ App Tracking Transparency is a easy and free marketing win for DuckDuckGo, I would like to point out that equivalent tools do exist on iOS.

The closest equivalent to this on iOS would be the 1Blocker app which has a “firewall” functionality that blocks trackers within apps using DNS based blackholing. It does this by using iOS VPN APIs to set itself as a VPN that just provides a local DNS server. 1Blocker also provides browser ad-blocking using Safari’s content block APIs.

I don’t use 1Blocker’s DNS blackholing functionality as running a VPN can cause a significant/noticeable drain on my phone’s battery life. But otherwise it gets the job done. I am not 100% sure as I don’t use Android and cannot test this but the DuckDuckGo tool is also using Android’s VPN functionality and theoretically will see similar battery drain.

On my home wifi network, I rely on my local pi-hole setup to do DNS blackholing of trackers. When on cellular data or on other wifi networks I rely on NextDNS and its iOS app which uses iOS’ native DoH (DNS-over-HTTPS) functionality to send my DNS traffic to NextDNS. The app can be configured to turn itself off on certain wifi networks which is what I’ve done so I don’t end up inefficiently sending DNS traffic to NextDNS when I have a caching resolver on my LAN.

The above NextDNS method of blackholing has no discernible battery drain issues. The only downside here is sending your DNS query traffic to NextDNS which I’m fine with as I trust them to not be shady with said data.

It truly is depressing just how much data a lot of apps hoover up in the name of “analytics” or “telemetry”. I have long lost any trust on providing this kind of data to developers so I simply just block all of it. Sorry to the decent developers who do use telemetry in a privacy sensitive way.