Re: [Doh] GDPR and DoH

Brian Dickson <> Sat, 06 April 2019 19:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A3A7F120321 for <>; Sat, 6 Apr 2019 12:41:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0Dotk9GCen-2 for <>; Sat, 6 Apr 2019 12:41:00 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 53228120353 for <>; Sat, 6 Apr 2019 12:41:00 -0700 (PDT)
Received: by with SMTP id e6so4906517pgc.4 for <>; Sat, 06 Apr 2019 12:41:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=U2C7FOuzn94rJGNtp+ozDwhCZLNHR/5i1I6WoPLNHWU=; b=s7GS3KNJBZz1yF4qD0vHZ2ZQlfKejQZICP8qh7hAEDM59egSQfDEvOO+c7WR5qzIZD GHGg3H0rcFY4IRc5Rf7econS3jvbJCZZUOAPUt9w/VXiNqLBp7gzYftJ8D4ghrebBGLp Wwnl2/2z3ZVw4Q6gv2ROb08Bo3BzTFh7x9BheEe4OH76EBUJdhcOeZN0HVMpHHjnoS3w PU6/LuDOCHrXPQTijhKeSjIVCeujQh8nndT4UQcwh9CrEROfA4xsROrBhF0ks3KJx4Tt 5Obloo/euM8ngucigXib0qrhYG6taCbWTvksUMlhYQukH4zFnlBu+afqNu1Ra1xyDkYO N/fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=U2C7FOuzn94rJGNtp+ozDwhCZLNHR/5i1I6WoPLNHWU=; b=FVJc3uxwMMr8yoRcPO8vOCtWnudPAgMevCRf8OqqrTxpMCgyw87sawwK5ZB63PHGrU +IYrNbgC2Q7U8vRo/psU9rKVpq/ehLeYTWI0vWGO2t0s/MUO42iLnubD4lffsh8/Dyq+ lVO1Tl/IUo7ON6tvFkCOqhctjd/RfNj/sb6DKMlFzRNbjgD+f3Y/QxELgRctMbmzcMD2 S3ZJ/d1Ln55k5bSYm4XS/SERDovQiu+cOLt0GGABfn3mPybj5ChFzQXmlkQk/NgDLIGm N0XY6WNfE//pFj+Wa7IP24vQw0g2SdLU9c7swUuk8hEj84tbX1O1bBsnv+NvVm+E1SeD 9oZg==
X-Gm-Message-State: APjAAAWXnCj3xawvMlv9fRaIpTx5j7y0YyQM34Hjt3DdlsYYF7BuMXuX wlIA07X5VbFxr2jJLN2OakQ=
X-Google-Smtp-Source: APXvYqzmvXECzZImvU/2wUpmY31smsiOnCBdX7XMZdq2EJ6VXq/831h0iA0LwVrJeKN/34qRrNMRBQ==
X-Received: by 2002:a63:2a8f:: with SMTP id q137mr18937894pgq.31.1554579659778; Sat, 06 Apr 2019 12:40:59 -0700 (PDT)
Received: from ?IPv6:2601:646:8881:1fb4:a916:414e:bbe:b7b0? ([2601:646:8881:1fb4:a916:414e:bbe:b7b0]) by with ESMTPSA id f63sm37002337pfc.180.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 06 Apr 2019 12:40:58 -0700 (PDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-582ABB09-5A67-4565-A341-3B7BA9A2B31D
Mime-Version: 1.0 (1.0)
From: Brian Dickson <>
X-Mailer: iPhone Mail (16E227)
In-Reply-To: <>
Date: Sat, 6 Apr 2019 12:40:58 -0700
Cc: Jim Reid <>, Watson Ladd <>, DoH WG <>
Content-Transfer-Encoding: 7bit
Message-Id: <>
References: <> <> <> <> <> <> <> <> <>
To: Stephen Farrell <>
Archived-At: <>
Subject: Re: [Doh] GDPR and DoH
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 06 Apr 2019 19:41:03 -0000

Sent from my iPhone

> On Apr 6, 2019, at 11:53 AM, Stephen Farrell <> wrote:
> Hi Jim,
>> On 06/04/2019 19:30, Jim Reid wrote:
>>> On 6 Apr 2019, at 19:04, Watson Ladd <>
>>> wrote:
>>> You know you can just turn it off the same way you configure your 
>>> devices on your network. I also don't understand the GDRP issue
>>> you raise: surely all DNS services have the same problems.
>> Read this: 
> Too much text there for me sorry:-)
> FWIW, I also don't get the GDPR angle here. If it's meant as
> an issue of consent related to selection of DNS server, ISTM
> more or less the same - if by picking an ISP I'm supposed to
> have consented to the ISP's choice of recursive that same
> argument seems to apply for a browser-chosen recursive since
> the user chose the browser. (And I'd actually argue there is
> no valid consent as to choice of recursive in either case,
> since IMO a person cannot consent to use of something they
> don't know exists, and people in general do not know that
> DNS recursives exist.)
> So can you explain the specific GDPR-related issue that you
> think is relevant?


It didn’t take me more than about 30 seconds of reading the linked article to get to the heart of the issue.

It has to do with whether something that requires consent is a necessary part of the service or transaction.

It has been clearly demonstrated that browsers do not have to provide DNS resolution (since they have not done so for about 25 years).

This means that requiring the user to use the browser’s selection of DNS resolver, and implementing a DNS forwarder in the browser, would not be covered by the general acceptance of the browser’s terms. In other words, an extra level of informed user consent would be required for GDPR, and not accepting that second set of terms should not prevent the use of the browser. Tying the two together would be a violation, at least as I understand it as explained by the link Jim provided.

>> If you need further advice on GDPR, consult a Data Protection
>> Authority or a lawyer who specialises in this field.