Page MenuHomePhabricator

Create and document Wikidough's privacy policy
Open, Needs TriagePublic

Description

Wikidough currently does not have a documented public privacy policy for the DoH and DoT service it provides. We have discussed in the past what such a policy would look like and this task serves to document and brainstorm those ideas on how we can be as transparent as possible in what we can observe, what we collect, what we filter, exceptions we make, etc.

A template for such a policy can be found in "Recommendations for DNS Privacy Service Operators", RFC 8932#appendix D. Some of this is a lot easier for us since we have no mechanism for logging or sharing data, but nevertheless it is a good starting point for what a privacy policy should look like for Wikidough. (Quad9 also seems to be using the same RFC as a template for their privacy policy). If someone has other good ideas on what such a policy should look like for a DoH/DoT service, please do share here.

Once we have such a policy in place, we should make it available from / or /privacy from the DoH frontend. Additionally, maybe it's a good idea to try to ensure that the policy document is available under version control so that there is a history/diff of changes, if any.

Event Timeline

For reference, https://wiki.mozilla.org/Security/DOH-resolver-policy has links to the privacy policies of the Mozilla-approved resolvers.

Additionally, maybe it's a good idea to try to ensure that the policy document is available under version control so that there is a history/diff of changes, if any.

Or on a wiki page ;)

For reference, https://wiki.mozilla.org/Security/DOH-resolver-policy has links to the privacy policies of the Mozilla-approved resolvers.

Ah right, thanks, I forgot to add these. I think while it's a good idea to link to them for reference, I feel the RFC and its guidelines are more suited to our values than the ones Mozilla links to.

Additionally, maybe it's a good idea to try to ensure that the policy document is available under version control so that there is a history/diff of changes, if any.

Or on a wiki page ;)

Indeed, or that, if we were to link to it!