CIRA Launches the Canadian Shield to Protect the Privacy and Security of Canadians Online for Free
A normal day in Canada … Photo by CIRA / .CA
The organization that oversees .CA domains, among other important Internet functions, deploys a free pan-Canadian DNS over HTTPS service to protect people's privacy.
The Canadian Internet VPNOnlineFree Authority (CIRA) today announced their new Canadian Shield Service will allow individuals and businesses to encrypt their DNS queries in transit between their devices and CIRA's servers, providing an additional layer of security at a time when millions of people across the country are going to work from home since the pandemic of mid-coronavirus.
This means that ISPs and spyware, for example, cannot easily see which websites and services these individual households and businesses access, give or take. Anyone who tries to follow the sites you are browsing will have to work harder or be totally upset, depending on the circumstances. It should also help protect DNS queries against tampering along the way.
The DNS service over HTTPS can be configured to simply encrypt DNS queries; encrypt DNS requests and block access to known malicious botnet and phishing websites; or encrypt DNS queries and block access to adult content as well as malware, botnets, and phishing pages. Access is blocked by refusing to search for requests.
“As a not-for-profit organization with no interest in monetizing user data, we were able to bring together a group of excellent partners who are committed to protecting Canadians online, including the first-ever national deployment of DNS on HTTPS globally, “said CIRA's Vice President. Dave Chiswell.
“This will provide all Canadians and their families with the type of online protection typically found in large institutions.”
The Cloudflare family DNS service defeats the first filtering incursion: Vital LGBTQ, sexually blocked sites “by mistake”
As the name suggests, DNS over HTTPS encapsulates DNS queries – which translate friendly domain names like VPNOnlineFree.co.uk into friendly IP addresses like 220.127.116.11 – into encrypted HTTPS connections. This means that your broadband provider, for example, cannot see your browser searching on www.register.com, and all it sees is that you are connecting to 18.104.22.168, which the ISP will have to search for itself. If it is an IP address shared by many sites on a content delivery network, such as Cloudflare or Akamai, the ISP will not know with certainty which site you are really visiting, if you are using HTTPS.
Some ruthless Internet providers like to monitor the DNS queries circulating on their networks to market the online habits of their subscribers: sell anonymized and aggregated statistics to advertisers, or use the data to target Internet users with advertisements tailored to their interests according to their travels on the web. DNS over HTTPS therefore offers great confidentiality to this type of spying, depending on what you are browsing and how.
Canadians using the encrypted shield service will send their DNS queries through a secure channel to CIRA's servers, which will search on behalf of Internet users. CIRA, as a not-for-profit Internet registry, promises not to monetize these DNS queries.
CIRA noted that its service, which also offers DNS over TLS, will be particularly important as the COVID-19 pandemic has pushed so many Canadians out of their more secure office networks and into work at home facilities.
“While Canadians have turned to work and learning from home in droves because of COVID-19, their personal devices and home networks are vulnerable to cyber attacks,” noted Canuck's registry. “Unfortunately, most do not have access to the protection that large companies and institutions apply to their data and devices.”
That said, DNS over HTTPS is not without its critics. Cops, feds and ISPs have been vocal opponents of technology, claiming it prevents service providers from easily seeing what is going on in their networks and makes it harder to find out the activities of those who engage in criminal activity online. CIRA argued that the police are not necessarily completely blocked by encrypted DNS queries.
“Law enforcement has a number of tools and tactics to track criminal activity on an ISP network, so the presence of DNS over HTTPS does not preclude investigations,” we said today. Today a spokesperson for CIRA. “For example, ISPs have access to real network traffic, which includes application information and IP address.” ®
Webcast: Build the Next Generation of Your Business in the Public Cloud