alt Hacker News> 'Run by one individual in Denmark.' is an interesting statement of bus factor
I find it more interesting as a statement about organizational oversight. If there are multiple people involved in operations, they can keep an eye on each other and speak up if they see anything weird going on (e.g. a DNS resolver implementing selective logging or interfering with results). If there's only one person running the show, there's no one to call them out.
(And if you're thinking, "but so-and-so is a principled person, they would never do anything like that" - pressure from law enforcement can be a powerful thing.)
It isn't really primarily about organization oversight, though. The weird goings on are in practice usually at the behest of the people paying the salaries of all of the people involved (which includes law enforcement, which goes through corporate channels). There's no real independent oversight for that common case. Everyone is on the payroll. (-:
As a concrete thought experiment, consider if (say) a WWW/DNS hosting company providing such free proxy DNS service decided to covertly record the domain name lookups from the general public that fail in order to compile a list of domain names for the company to prospectively squat on. Having multiple employees handling the public service doesn't stop this if it is the company's actual business decision to sneakily do this.
It really is a statement of bus factor, not about oversight. To make a statement about oversight one has to take into account something else not covered by this list: which of the list entries has attempted to show some level of independent auditing or oversight of its data protection.
* https://blog.cloudflare.com/announcing-the-results-of-the-1-...
CloudFlare has had some independent auditing done, by an accountancy firm. DNS4EU holds itself subject to GDPR rules on Personal Data with respect to query data, and so is auditable by the Czech ÚOOÚ. AdGuard likewise, except that it holds Personal Data in Frankfurt. CZ.NIC likewise, except that it hasn't actually updated its legal doco since 2018 and it's only by implication that the Czech ÚOOÚ can audit the Personal Data handling under the GDPR. DNS.SB simply disclaims the existence of any Personal Data whatsoever, which as with AdGuard is overseen by the German BfDI and relevant Land authorities (HBDI for Frankfurt).
* https://legal-documents-dns4eu.s3.fr-par.scw.cloud/DNS4EU-Pu...
* https://uoou.gov.cz
* https://adguard-dns.io/en/privacy.html
* https://nic.cz/files/documents/20180525_Zasady_zpracovani_os...
* https://dns.sb/privacy/
* https://bfdi.bund.de/EN/Home/home_node.html
* https://datenschutz.hessen.de
Even Thomas Steen Rasmussen, who also claims zero Personal Data, would be subject to oversight by the Datatilsynet.
* https://datatilsynet.dk