Static DNS Servers?

Please provide a link to this article.
Thanks @scorp508 and @joshuacperkins for bringing this up. This discussion is likely to make many users more aware of potential privacy issues from any device on their network, not just Sense.

@samwooly1

The closest KB arcticle I could find was the one linked here:

I linked the post and not the article to show the changes coming to the article.

To be fair here, the list they give is a pretty decent one. I am with you on google selling the ads tracking my traffic but I don’t see much difference in blocking google’s DNS and setting my own DNS settings. I’d say there are other features I’d want to see them spending time coding way before this option.

I am not sure I understand what the objection to “hard-coded DNS serves” is, but it sounds like it is not very good for our privacy and could expose us to some bad people. I don’t even know what the DNS server is!
It is nice that you offer to reset a config for a specific monitor, but what about the rest of the community. I don’t know about others, but I don’t understand the ins and outs of the network. What I do know is that now I am concerned that my data may be available to people that could cause harm. This makes me uncomfortable.

@jkish
I’ll give you a answer since Sense employees are off for the day.
I wouldn’t be concerned with “bad people” doing some type of “harm” really. If your using google to search or using any of their products like chrome or Android, you are already exposing yourself to privacy issues.
For most people, this boils down to getting everything you do tracked and it’s mostly used for advertising. Have you ever gone to a website and the ads on the page were about things you recently searched for or were interested in?
While there is potential for bad things that go much, much deeper, for most of us it’s not as bad as your picturing it.
Think of it like this. Sense is asking a question to a server. “ What’s the address for this name?”. Server answers with numerical address. Server remembers exactly which sense monitor asked the question on which day and what time identifying itself.
Here is the problem:
Server has this information about where the question came from and this information is used by and sold to companies to target things like advertising. By the things being asked these companies can build a profile with buys and pieces of information. It’s like a puzzle and with a big enough piece, they can learn a lot.

I should add that Sense does not share or sell this information themselves.
Hope that helps

1 Like

For me this started 04/27/2019 at 03:07:52. I opened ticket 128258. I am extremely unhappy with this undocumented change. My firewall has been flipping out about “possible DNS hijack detected on the network.” I’ve had to allow access to 8.8.8.8 to remedy another device doing the same thing. But I’m not about to start setting static IP on devices just to allow non-standard DNS services. I’m sure if i dug around the web enough I can find a RFC that is violation.
Also, by using “cloud” DNS you are not get proper geographical DNS. In my experience, I found you end up connecting to services, like amazon, in the wrong location.
For example, in an office I manage, we were using 8.8.8.8 and were routed to an Amazon data center in Virginia, but using the location ISP DNS, we were routed to the NY data center. and the slowness issues cleared up.

2 Likes

@samwooly1 got the privacy half correct, for security DNS Hijacking is a real thing.

While I’m less worried about the big names (1.1.1.1 and 8.8.8.8) on the security front.
If there was a known active attack the only mitigation we would have would be to unplug Sense.
Before this change the remedy to such an attack (if we knew it was happening) would just be a simple change to a setting on a router.

A DNS attack could let someone pretend to be Sense.com (or any other site) and our devices would happily send all data to that entity. While I’m generally not worried about such a large scale targeted attack against Sense specifically. The more devices hardcoded against a single IP like this the more effective attacks could be. So I’ll fight against this practice for everything in my home.
See also Chromecast

Hi @ed1, and welcome to the Sense community forum.

The DNS change was made to work around users who do not have correctly functioning DNS servers on their network. The intention was that the sense monitor would try the public DNS servers first, and if they were blocked by the router, to try the DHCP-provided DNS server. Turns out that this change didn’t work correctly; I’ll be rolling out a fix to make this fallback behavior work properly soon.

We are trying to balance the (IMO minor[1]) privacy implications of using public DNS servers against the significant number of users who spend hundreds of dollars for a Sense monitor which appears to not work at all. This compromise is where we have landed.

As I mentioned above, I would be happy to reconfigure your monitor to not use the public DNS if you like — please reply to your support ticket saying that you’d like this change.

2 Likes

Hello — You are incorrect. Sense authenticates all traffic with bidirectional TLS certs. Even with a DNS hijack attack, Sense would send zero user data to an unauthorized server. We designed specifically against this case, because we are very focused on keeping your data safe.

Best,
Jonah

2 Likes

@JonahAtSense, I’m sitting here attending the Global Privacy Summit 2019 in Washington DC as I read this statement. I’m sorry, but a user being unable to have direct control over their data privacy and a company not disclosing they are automatically and directly sending your personal information, regardless how trivial it may seem, to a third party company is not a minor thing.

As a fellow technologist I get it, we want our tech to work more than anything else, and ill-configured systems we have no control over make us pull our hair out. Little name query packets? Eh… no big deal generally. The reality is we’re in a whole new era of thinking about data privacy and transparency. This change in behavior even though entirely done with the best technology intentions flies in the face of this privacy revolution. I’ve had similar smallish changes I’ve wanted to make at my company, but regulations, privacy reviews, etc. have forced us to find another path even though it may not provide us exactly with what we wanted.

I urge Sense as a company to take a hard look at this kind of behavior. Your customers are trusting you with a large amount of personal information and it only takes a few accidental and unintentional missteps to lose that trust.

2 Likes

Hey guys. Thanks for chiming in on this, and so thoroughly and passionately. And thanks @JonahAtSense for weighing in from the trenches. All of your opinions matter. We take data security and privacy very seriously (and most of here actually use Sense as well, so it’s deeply personal). I’m going to temporarily lock this thread. Let me bring this to team so we can re-assess.

UPDATE: Response here: Regarding Sense DNS settings

1 Like