We strive to minimize data collection and logging at the technical level to avoid having much sensitive data in the first place. The fewer sensitive data we have the fewer effort it will take us to make unauthorized access to the data we have, hard.
Since you can use our services anonymously (without registration) we do not have to store any personal information persistently by design.
DNS Privacy Services
We do NOT log your IP address or DNS queries during normal operations.
We do NOT share query data with third parties that are not directly involved with resolving the query (i.e. sending queries to authoritative nameservers for resolution).
We aggregate and store the following metrics for one year for capacity planning and error detection:
- how many queries per second we get on each server (via DNS-over-TLS and DNS-over-HTTPS)
- how fast we answer queries (in ranges: 0-66ms, 66-131ms, 131-262ms, 262-524ms, ...)
- how many queries we answer directly from the cache (cache hits)
- how many queries we get via IPv6
- amount of queries by DNS flag (DNSSEC OK, EDNS OPT present, recursion desired, auth. answer, ...)
- amount of queries by type (A, AAAA, PTR, ...)
- amount of DNS answers by return code (NOERROR, FORMERR, SERVFAIL, NXDOMAIN, REFUSED, ...)
- amount of concurrently open HTTP connections (DoH)
- HTTP requests per second (DoH)
When you make use of our DNS-over-HTTPS service we log the following information on the webserver-level and store it for 14 days:
- HTTP response code (200, 404, ...)
- country from which the query is coming according to geoIP data (AT, DE, ...)
- The IP-version ("4" or "6") used to connect to us.
In rare cases, when trying to understand software errors we might log DoH HTTP requests (HTTP GET and POST parameters) that trigger errors on the server (i.e. HTTP 4xx/5xx response codes) but even in these cases we do NOT log source IP addresses. This type of logging is not enabled permanently (enabled on demand only). These error logs are retained for 24 hours only.
When you visit this website we log the following information and store it for 30 days:
- HTTP request and response code
- HTTP Referer
- User Agent
- TLS protocol version/cipher
(We do NOT log your IP address.)
An aggregated version of that data (amount of HTTP requests per TLS protocol/cipher per user agent string per month) is stored for one year.
We collect that data to make informed decisions on when we can disable specific TLS versions.
The frequency of HTTP requests are stored for one year.
In the unlikely case, when your browser detects a security problem on our website, it will submit details about this security event to us via a third party service (report-uri.com). This allows us to detect and to respond to security issues.
3rd Party Content
Your browser will send requests to 3rd party service providers when you visit the following sub-domains:
- status.applied-privacy.net (uptimerobot.com)
- donate.applied-privacy.net / spenden.applied-privacy.net (Donorbox, Stripe, Google, Amazon)
We have no control over their logging and privacy practices.
- 2019-05-31: added: DoH error logging to understand and solve software bugs
- 2019-12-23: Update DNS domains from appliedprivacy.net -> applied-privacy.net
- 2020-02-11: added: IP-version logging to better understand the impact of IPv6 issues.