Home » bitcoin updates » Quad9: Privacy-friendly alternative to Google DNS

Quad9: Privacy-friendly alternative to Google DNS

Friday, November 17th, 2017 | bitcoin updates

          
    
    
    
             If you do not want to entrust Google with essential parts of your surfing behavior, you can now switch to an alternative DNS service: 9.9.9.9 instead of 8.8.8.8. But there are also special features there.
            

        

        
A consortium, formed by the Packet Clearing House (PCH), the Global Cyber ​​Alliance (GCA), IBM and other partners, today launches a global network of DNS resolvers. The new DNS service is not designed to gather data about users while providing all the benefits of a well-managed resolver network armed against phishing and malware attacks. The IBM-supplied address 9.9.9.9 for Quad9 sounds like a challenge to the top dog 8.8.8.8, Google's public DNS resolver.
Virtually every activity in the network is preceded by a request for the IP addresses of a domain, regardless of whether users visit a website, send an e-mail or install a program. These requests to the Domain Name System (DNS) are a coveted asset for all sorts of marketing and profiling activities. In recent years, Google has attracted more and more with its public DNS network. This allows Internet providers to save on their own infrastructure; Sometimes it helps their clients to skip a censorship hurdle. But the data of the users land on Google.
In the beginning, one hundred Quad9 servers spread all over the world should provide a privacy-friendly alternative. The service is funded by public donations and contributions, including the London and New York Police. People will not collect personal information or market their clickstream data, says Bill Woodcock, Managing Director of PCH.

  

          
          The public DNS service Quad9 launches in November 2017 with 100 servers, which are distributed on almost all continents.
        
    Built-in privacyQuad9 is the first major resolver network ever to allow users to encrypt their DNS requests over TLS. This prevents tapping by third parties on the way to the new resolvers. Because Quad9 has access to PCH's DNS anycast network, the road to authoritative response is short. This reduces the attack surface and provides faster responses than when traffic is hunted across the world.
Another security feature of the new resolver network is the validation of DNSSEC-signed domains. This ensures the authenticity of DNS responses, prevents phishing and can make state DNA blockages visible. More security for domain users is one of the main concerns of the Quad9 initiator GCA. GCA was founded in 2015 by the Attorney's Office in Manhattan, the London Police Department and the Center for Internet Security.
GCA has ensured that Quad9 integrates not only the DNS filter of the IBM X-Force security service but also the security alerts and lists of 18 other filter providers. Filtering DNS traffic to protect against attacks is now standard practice for large corporations, said Phil Reitinger, GCA president and CEO. By contrast, small or medium-sized enterprises or consumers fell by the wayside. With Quad9 offer a solution, and for free.
Good filters … Could public partners such as US and British law enforcement not be tempted to enforce their own filter ideas on Quad9? For the launch of the resolver network, the partners have jointly formulated: "Quad9 provides security, not censorship, we block connections for criminal attacks on users, not because of the content on the pages."
Woodcock declares that the broad base of donors is arming against an attack. No single Quad9 financier could seriously threaten the project by retreating. But he does acknowledge that the worldwide rampant blocking requirements are perhaps the most difficult subject Quad9 is headed for.
… bad filter Sooner or later Quad9 must expect corresponding inquiries and one will follow those for which court decisions are submitted. In the end, where one is convinced that local law can not or would not be implemented, only withdrawal remains. "As long as we stay local, we will abide by national laws," says Woodcock. But then only be filtered locally.
Moreover, as soon as possible, a feature should follow that makes the filtering transparent. Instead of a simple nxdomain answer (domain does not exist), users get to see a website with details on the filter reason, promises John Todd, CEO of Quad9.

  

          
          In addition to the filtered and DNSSEC-secured name service on 9.9.9.9 (2620: fe :: fe) and the unfiltered one without DNSSEC (9.9.9.10, 2620: fe :: 10), Quad9 later wants two more with different features for Content Delivery Networks and Provide IoT applications.
        
    Filterless untested and IoT-friendly Hartgesottene get by the way a way around the standard in the Quad9-Version filters: Who instead of 9.9.9.9 (or the IPv6 counterpart 2620: fe :: Fe) the address 9.9.9.10 ( 2620: fe :: 10), receives unfiltered, but not DNSSEC-verified answers. It makes sense to do the DNSSEC check a local resolver anyway.
Two more profiles in the making are for IoT devices and Content Delivery Networks (CDNs). IoT devices that benefit from heavy filtering generally receive nxdomain messages. Why something is blocked, they would not "read" anyway. For the IoT users there are other plans: White Listing supported, even more aggressive filtering and a special firewall. The CDNs you want to send, for privacy reasons with certain restrictions, notifications to the site.
 (Monika Ermert) /

(Ea)

      

Related

Floods in South Asia: Mor

The number of death victims in the monsoon season in South Asia has

Process for the Duisburg

The hope for justice can be cruel, especially if it seems so natural

Twitter promises new rule

                         (Picture: FirmBee)                                            The company is also reacting to

Reprocessing of the SED d

Socialism in its course neither ochs' nor donkeys stop. What Erich Honecker once