“OpenDNS enables tens of millions of people around the world to connect to the Internet with confidence. Anywhere. Anytime.” Sounds good doesn’t it? A few other statements that sound good are “We’re changing the face of Internet security.”, “OpenDNS has built the world’s most loved and trusted DNS service” and “we’ve done it with a fixed focus on making the Internet a better, safer place. In short, we’re the good guys.” OpenDNS takes a standard DNS system and adds features like parental controls, phishing protection and more. When using OpenDNS you can browse the web more securely, often a bit faster too and it’s completely free. So what’s the catch?

I have been trying to find that out for a few months now. Reading through their privacy policy I came up with a few questions and sent these by email to OpenDNS. This was June 27th, 2013. I received an email on July 1st from a senior support manager saying the support department was not able to answer these questions but my email was forwarded to privacy@opendns.com. For more information regarding privacy related matters I was also instructed “submit my requests in writing” (as in snail-mail letter), sure like that’s going to happen.

I followed up on July 12th and was told the senior support manager reached out to the ‘exec team’ and I would receive an update as soon as he heard back. I did not hear back so I followed up again on July 21st. This time a senior technical support engineer told me the manager was out due to a family emergency and he had to reach out to the exec team as he, in technical support, was not able to answer my questions. This I already knew and at this point I had not heard from the privacy team or the exec team. Another email went out on July 31st, this time the response read “We have just completed a big code push as of last week so they have been extremely busy. I will ask again.” Great, I’ll wait some more. Today I figured I waited long enough as it has been almost two months. I sent out my last email pointing out how ridiculous this is, thanking them for their replies and saying they could close this ticket.

Reading this, you’d think the questions I asked were extremely difficult but they were not. Here are a few sections from their privacy policy (highlights by me) and some of the questions this policy raised for me:

Use and Disclosure of Personal Information

OpenDNS does not share, rent, trade or sell your Personal Information with third parties, except as described in this Policy. If you do provide us with Personal Information, we will only use it for the purposes described where it is collected or to deliver the Services you requested, and we will not sell, license, transmit or disclose this information outside of OpenDNS unless (1) you expressly authorize us to do so, (2) it is necessary to allow our trusted service providers or agents (such as address list hosting companies, advertising and analytic companies, billing service providers, email service providers, search providers, security providers, and other similar service providers) to provide products or services for us or you, (3) it is disclosed to entities that perform marketing services on our behalf or to other entities with whom we have joint marketing agreements, (4) it is necessary in connection with a sale of all or substantially all of the assets of OpenDNS or the merger of OpenDNS into another entity or any consolidation, share exchange, combination, reorganization, or like transaction in which OpenDNS is not the survivor, or (5) otherwise as we are required or permitted by law. Also, we reserve the right to fully use and disclose any information that is not Personal Information (such as statistics, most frequented domains, phishing attempts blocked by our Services).

This piece resulted in simple questions like “who are your trusted service providers and/or agents?”, “who are the entities that perform marketing services on your behalf?” and “who are the entities with whom you have joint marketing agreements?”. Not too hard, are they? There was also a piece about data security which I wanted a bit more information on:

Data Security

We restrict access to Personal Information collected about you at our Websites to our employees, our affiliates’ employees, those who are otherwise specified in this Policy, or others who need to know that information to provide the Services to you or in the course of conducting our business operations or activities. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). While no website can guarantee security, we maintain appropriate physical, electronic, and procedural safeguards to protect your Personal Information collected via the website. We protect our databases with various physical, technical and procedural measures and we restrict access to your information by unauthorized persons. We also advise all OpenDNS employees about their responsibility to protect customer data and we provide them with appropriate guidelines for adhering to our company’s business ethics standards and confidentiality policies. Inside OpenDNS, data is stored in password-controlled servers with limited access.

Some of the questions this resulted in were “Who are your affiliates?”, “who are ‘others who need to know’ my personal information?” and “What is meant by ‘authorized persons’? Does that mean actual humans (persons) or automated processes, programs and connections from outside of OpenDNS as well?” Again, nothing earth shattering. The full privacy policy can be found here.

Nearly two months later, these simple questions have not been answered, not even one. Their privacy policy leaves a lot open to interpretation and leaves plenty of unanswered questions.

OpenDNS works, I’ve seen it work and if they can just answer a few simple questions I’d be happy to recommend their services to my readers. Unfortunately right now this is not something I am willing to do and I urge those that do use or plan to use OpenDNS to read the policy and terms carefully. To me there is only one reason questions like these go unanswered and that’s because the answers are not pretty.

Like this: Like Loading...