Jeez, just run your own resolver instead of dumping all your internet access data on $AntiPrivacyCo.'s reception desk.

They anticipated this reaction and have made some significant privacy promises about the data they receive via Google Public DNS:

"We delete [the] temporary logs [which include your full IP address to identify things like DDoS attacks and debug problems] within 24 to 48 hours."

"In the permanent logs, we don't keep personally identifiable information or IP information. After keeping [the data we do keep] for two weeks, we randomly sample a small subset for permanent storage."

And importantly:

"We don't correlate or combine information from our temporary or permanent logs with any personal information that you have provided Google for other services."

Source: https://developers.google.com/speed/public-dns/privacy

Unless you think they're lying or unable to enforce this policy, this addresses most of the common privacy concerns I've heard in this context.

(I have worked for Google in the past, but I have never been involved at all with Google Public DNS or its privacy promises.)

The key point in all the beautiful promises Google makes is that you need to extend then with "for now". That summarises the healthy skeptical stance, especially when it is about a company that should have given you plenty of examples about why we shouldn't trust them.

Having seen how Google operates on the inside, I trust them to be fully able and willing to comply with the promises they do make, better than most companies. The typical tech startup overpromises and underdelivers with respect to data deletion and security, or simply does a really weak job at those things without making any promises either way.

Adhering to these promises is a separate question from changes of policy in the future, of course, and just as separate from failures in the areas of product design or ethics. Many parts of the conglomerate that calls itself Google have gotten worse in all of those areas over the last several years, though I am still a big fan of how GCP is progressing.

But none of this makes me think that they're retaining more Google Public DNS data than they claim. Given how little of that data they retain for the long haul, the risk of bad retroactive impact from a change in policy in this area is quite low. The risk is admittedly higher for other consumer services which do retain identifiable data over a long period of time.

Conversely, the risk is lower for G Suite and GCP offerings and for European residents, given the concerns and compliance obligations of business customers and the obligations imposed by the GDPR.

In the past, I would agree with you, but with the recent legislative push for privacy around the world, especially in the EU, I doubt very much that any company as big as Google will be able to have much wiggle room to make privacy policies weaker in the future.

That explains why I kept having these errors.. switched back to Quad9 and I'm good.