Aug 5, 2012

OpenDNS: Don't buy into the hype.

Recently I was listening to a talk-radio show dedicated to solving common computer issues, and of course the focus is nearly 100% about PC-based systems since they're the ones normally flush with viruses, spyware and registry issues.  (not that Mac's are trouble-free but certainly OS X users don't suffer the same daily headaches PC users do, not by a long-shot - and I use BOTH platforms daily and can speak from decades of experience.)

In this "talk-show for PC geeks" it was suggested that everyone on the planet, both home and business users alike, should be using "OpenDNS" to control the DNS IP addresses that your browser uses to surf the 'net.  The claims were that using OpenDNS servers would both speed up the browser and, create extra security.

On the surface it sounded like a good idea and there is *some* logic to the arguement that having control over DNS server names/IP's would in theory create a more secure browsing environment.

OpenDNS has several levels of service offerings, ranging from free to expensive monthly fees specific to large business server platforms.  I tested the home/free version both on the Mac and PC side.

OpenDNS is a collaboration of two things:  Manually inserting the OpenDNS server addresses in your router or directly in your browser if you don't use a router of any sort and, their "updater" software which runs in the background and supposedly makes changes to DNS settings shoud the OpenDNS people decide that for security reasons they need to change something.

Without getting too technical about exactly how OpenDNS works let me explain it in laymens english and use a simply analogy:

The internet is very similar to the highways and roadways across the country. If you want to get from point A (your computer) to another website anywhere in the world (point B) you (your data connection) has to use these roadways to travel to where that website lives so it can share that information with you.

But getting TO that website isn't as straight-forward as you might think and here's an example:

Let's say you live in LA and want to drive to say, Denver CO.  How you get there is totally up to you.  If you're in a hurry you'd take the straightest, most direct route and use the highway system and it might take you 2 or 3 days to get there.  Or, if you're in a sightseeing mood you could take the backroads and literally take weeks instead.

When you type in any web addresss or click on any link on a website your browser sends out a signal (a data packet in techno-speak) through your computer's internet connection which starts "driving" through the internet on it's way to the destination website.  As your packet is traveling along it reads various roadmaps that tell it how to get it's intended destination - and here's where the trouble can happen:  There's more than one roadmap, in fact there are millions, and it the information is incorrect or worse, if it's *intentionally* wrong, as in a hacker trying to re-direct you to another website, then your packet gets re-routed to the wrong place or worse, it gets fed information to report back to anonymous hackers YOUR computers information.

It's all incredibly complicated and convoluted, but the premise behind OpenDNS is that THEY are supplying a huge databank of "clean" internet servers that don't intentionally re-direct your packet to the wrong place and, are supposedly sweeping for the work of hackers who are trying to find ways into your computer.

That's all well and good, but what's really going on behind the scenes at OpenDNS is that by purposely installing their background software AND, by purposely using their DNS server database guess what... they now have TOTAL control over where your data packets go and furthermore, have a complete list of every browsing session you create, what servers your packet goes to, how long and even how much data you extract back and forth.

Not too long ago companies like Google and Apple were fined by the Feds for purposely putting tracing software in cell phones to track your usage, your location and other information and then using it for their own purposes - mostly to feed you advertisements along tracking your location.  And they did this all on the sly, using software very cleverly hiden deep inside the operating system code of the cell phone itself, not external software.

With OpenDNS the same thing is going on; you're totally opening up your system to a big corporation and hoping and trusting that they're NOT going to use all this information that you're freely sharing with them for purposes other than "keeping your computer safe.".

In practical use I did indeed find that while using OpenDNS my web-page browsing was being purposely re-directed to other servers (you can see this activity in the address bar of your browser when you clink a link or hit "enter" on a manually entered web address).  But instead of speeding up the browser it actually slowed things down - and by quite a bit - while all these "safe" re-directs were going on.

These obvious re-directs made me quite suspicious especially since one of their big selling points is that they're supposedly going to make browsing the 'net faster.

Then my next big red flag was when I decided it was time to get off the OpenDNS service, there was NO LINK to cancel or deactivate my OpenDNS account.  Huh?  They make it easy to sign up and share my information, but when I decide I DON'T want to be part of their world there's no method for saying "no thank you, cancel me." ?

The only way you can cancel your OpenDNS account is to send in a request to their tech support and request it.  There's no explanation as to why this is the method however it's been my experience that internet-based companies who are doing something on the down-low don't make it easy to get off of their service.

In fact, that's how spyware works on PC's: you install some program that promises to "help" your computer, and then when you figure out it's not and try to uninstall it... it won't LET you uninstall!

OpenDNS has a plethora of positive testimonials supposedly ranging from home users all the way to Fortune 100 companies who swear the service is the best thing since sliced bread.  And while I have no proof that OpenDNS is doing anything outright malicious, I was able to quickly debunk their claims of higher security and faster browsing.

As far as I can tell, OpenDNS is nothing but a very high-gloss method for allowing a big company to oversee your browsing activity and keep records on what you're doing.  For what ultimate purpose I can't say, but when I consider the false claims of speed and security coupled with a not-so-direct method for cancelling an account I have absolutely no reason to trust them.

And neither should you.

3 comments:

  1. if you remove the supportive app, and manually reset your DNS on the router and netwrok adapter, then OPENDNS cannot track you or divert you, regardless of whter your account is active with them or not. Closing your account removes your details from their database (hopefully). I agree that this service is hyped up and unnecessary, especially if you live outside if Europe or the US..

    ReplyDelete
  2. Thanks you for your article and all the info you gave in such simple terms that help non-computer people like me. You were the only review I could find that seemed kinda unbiased while explaining the workings of the program. I was a little leary because of all the happy reviews... if it's to good to be true and all that. Thanks again!

    ReplyDelete
  3. I have used OpenDNS for about 3 years and I love it. If you want to limit what family members or kids are seeing it's a great service that lets the Parent be in charge of what is or isn't permitted. Since I use DD-WRT on my WIFI router I have it updating my IP and with the DD-WRT tutorial it's hard to bypass and use other DNS Servers. I haven't noticed any redirection of websites or a slowdown in speed or page loading.

    ReplyDelete