Re: [Doh] GDPR and DoH

Brian Dickson <> Sat, 06 April 2019 20:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AE69A120073 for <>; Sat, 6 Apr 2019 13:13:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 755NJAYn6qw6 for <>; Sat, 6 Apr 2019 13:13:13 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AF2F5120046 for <>; Sat, 6 Apr 2019 13:13:13 -0700 (PDT)
Received: by with SMTP id n8so355175plp.10 for <>; Sat, 06 Apr 2019 13:13:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=revWTMDRhcspzSkoiNSowz0I1FWHT5Yyw/M/VmXv8XU=; b=LYL9W8fvxe1w10tU9ww1rakVk2L4yEMrFQXScpSQEb1Nh9OVVMZizQRzuwVZw3XbBH ZvpiD+oFJpdahKVGnIvBxDiKV+q41cjyphiQlG8T0X0u/IGhCb7exip4Lx4dIXmphUPf 6XBdrS0k7paMWdDUCRbFQQMkC3lnmX2exO4ffp2ZNLZZrD/X5oIbBvAzNcbQuweGgBai xI67ZnpzSzaxwNwxSLHA1GVDr8OsvP21znoKHGaRlwBE61D5LewwYDeNjSdo1VfZWyLi 418RHbZ5DiXxQsPJRS7iozDYgLn0ERakUixSo74VUxlu0kKtKcItIspQPf1QEhFs08dK i6bA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=revWTMDRhcspzSkoiNSowz0I1FWHT5Yyw/M/VmXv8XU=; b=bhbsjJ0qjlNwL57JCmmmU2JSicwrJ96r/Srlxx1y72017tV8jotxlhvxaLAIv1PGq+ JrbihKe2C0FsMITA2KKom8pG+rseu7EM2GqJt5LcQX7WZErCWy9noibvilICsqqY2gGE q5RvkYHh8CAxo3vkk8DzcTEPJUgK7KvNIIKmYIKHcLnNiU0MU+eLgOn0IZuA49uGPfA1 pwfJqipVvTjqWUgwHAVsBVk+zFSb4yVDgXJB55+vWwNwNk74ZrqDbRUARBnXVVFy88tj PooRqeNzbmPY23VS7yZcYHg/7B9w2IgElHAAPiExRp81Q6qOvRSY8CkUULhM1kdqmL1E 797Q==
X-Gm-Message-State: APjAAAViTT5xABwHyNjyc/Pm2u6VxGcDHtqZVpNUMRAt8wKK3M3Zq+cy mzAcpeTiEw6W6by8S+dxrXU=
X-Google-Smtp-Source: APXvYqw4Oiq7H0O/WS07GNoH5QkXla7oayrCDTinQfzOU+HY68X8mKwY8Ew/1TaQJJOK10Rgl/f41w==
X-Received: by 2002:a17:902:2ac3:: with SMTP id j61mr21086419plb.112.1554581593189; Sat, 06 Apr 2019 13:13:13 -0700 (PDT)
Received: from ?IPv6:2601:646:8881:1fb4:a916:414e:bbe:b7b0? ([2601:646:8881:1fb4:a916:414e:bbe:b7b0]) by with ESMTPSA id 143sm47527013pge.50.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 06 Apr 2019 13:13:12 -0700 (PDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-BB96B046-F386-4569-8D65-81F1FD893C4C
Mime-Version: 1.0 (1.0)
From: Brian Dickson <>
X-Mailer: iPhone Mail (16E227)
In-Reply-To: <>
Date: Sat, 6 Apr 2019 13:13:11 -0700
Cc: DoH WG <>
Content-Transfer-Encoding: 7bit
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <> <>
To: Stephen Farrell <>
Archived-At: <>
Subject: Re: [Doh] GDPR and DoH
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 06 Apr 2019 20:13:16 -0000

Sent from my iPhone

> On Apr 6, 2019, at 12:58 PM, Stephen Farrell <> wrote:
> Second, I've no idea what T&C's have to do with this - if there
> is a GDPR issue, then T&C's that nobody reads can't avoid that.

I believe that is what the GDPR issue is.

You keep making this point for everyone else, not sure you realize that. šŸ˜€

In order for T&Cs to be applicable: they have to be read; the user has to understand them; and has to agree to them. (Those are themselves nontrivial UI issues.)

So, unless it is possible to explain DNS resolver choice so that an ordinary user can understand it, the user canā€™t give informed choice.  

This implies that any app bypassing the system choice of resolver (notwithstanding your concern over ā€œchoiceā€), at a minimum would need to attempt to do so, or clearly run afoul of GDPR. Whether that attempt clears the bar would likely be an issue for lawyers and courts.

The ISP issue isnā€™t relevant. Two wrongs donā€™t make a right, and bringing ISP DNS choice into this is deliberately conflating the issue, IMNSHO.