Cloudflare's 1.1.1.1 DNS Passes Privacy Audit, Some Issues Found

[Arequire]

But what are the alternatives? Google, OpenDNS, Quad9? As far as know, none of them are even trying to commit themselves with privacy

Quad9's a nonprofit, which may alleviate concerns about a profit motive. With that said, they do log some metadata and share statistics/"anonymized" query data with the companies that provide their threat intelligence.

As for an alternative with a focus on privacy, my choice would be CleanBrowsing.

 

[oldschool]

Any company that doesn't offer full transparency right from the start is doing themselves and their users a huge disservice. Look at the blowback that Zoom has had with the recent flurry of articles and class action lawsuit. Full transparency from the start can be a selling point.

I haven't noticed any difference in speed with Cloudfare, Adguard or CleanBrowsing, which I use now.

 

[Tiamati]

Quad9's a nonprofit, which may alleviate concerns about a profit motive. With that said, they do log some metadata and share statistics/"anonymized" query data with the companies that provide their threat intelligence.

As for an alternative with a focus on privacy, my choice would be CleanBrowsing.

Unfortunately, quad9 has less servers around the world, wich can be a problem for some users. Besides that, Quad9 have been audited ?

Any company that doesn't offer full transparency right from the start is doing themselves and their users a huge disservice. Look at the blowback that Zoom has had with the recent flurry of articles and class action lawsuit. Full transparency from the start can be a selling point.

I haven't noticed any difference in speed with Cloudfare, Adguard or CleanBrowsing, which I use now.

In my experience, Cloudflare is the fastest DNS service i've tested. But, it certainly depends on your location.

=========
Edit: btw, i didn't know about CleanBrowsing... i'll make some research about it, but feel free to introduce it to me if you want
Ty!

 

[blackice]

Unfortunately, quad9 has less servers around the world, wich can be a problem for some users. Besides that, Quad9 have been audited ?



In my experience, Cloudflare is the fastest DNS service i've tested. But, it certainly depends on your location.

=========
Edit: btw, i didn't know about CleanBrowsing... i'll make some research about it, but feel free to introduce it to me if you want
Ty!

Cleanbrowsing’s security filters have done well in testing in the past year. Their performance is pretty good as well, at least in my area in the US.

 

[Arequire]

Quad9 have been audited ?

Not that I'm aware of, but the executive director spoke about wanting to be audited back in 2018:

One of the things that we have been actively pursuing is certification and audit by third-party organizations who are well-known for being trusted and neutral evaluators of technology firms to prove what we say. We’re looking specifically for EU-based organizations who are willing to do a security and process audit on our systems to prove that we are doing what we say we’re doing. We specifically want EU-based, because our systems are designed with GDPR goals in mind and because European data privacy laws are well-documented. We’re trying to provide “lowest common denominator” audit-ability where “lowest” means “most strict.” We’ve asked a number of other organizations (for example, EFF) for that type of certification, but their policies typically try to avoid seeming to be behind any one effort. Their policies are totally reasonable and we understand but so far are disappointed in finding an audit partner.

We face a challenge with GDPR but not the challenge that most organizations face. We wish to be certified as GDPR compliant by the fact that we store and transmit no personal data at all within the specifications of the pending law. So trying to get someone to certify that GDPR doesn’t discuss non-storage of data has been a challenge. It’s a question none of the auditing organizations can quite understand as a requirement.

Even so, we’re trying to work with any of the certification agencies to see if we can obtain GDPR certification or documentation of compliance before the May deadline. Note that certification is different from compliance – we believe that we are compliant with GDPR requirements, but we would like to have the validated audit of our methods and official recognition of those methods...

Source: Quad9 and Your Data • Quad 9

 

[RejZoR]

At this moment CloudFlare is the best choice to go IMO. It is still better for your privacy to use it, instead of your own ISP's DNS.

NextDNS is imo better. It's really fast and offers additional features like traffic logging if you need it, selective anonymization where you can redact IP's or domains and also has tons of protection features like Google Safebrowsing where NextDNS is doing queries to Google instead of your computer, many anti-spoofing protections as well as bunch of block lists and option for user's own black and whitelist. Currently it's free in BETA and later they'll charge something like $2 per month. Which seems reasonable given the power it gives to user and if you pay something, there is a greater chance of them respecting privacy since their income won't strictly rely on 3rd party where they'd have to sell user data...

 

[oldschool]

i didn't know about CleanBrowsing... i'll make some research about it, but feel free to introduce it to me if you want

@TairikuOkami probably knows more about it than I do.

CleanBrowsing | DNS Filtering Platform

Affordable DNS Filtering for schools, municipalities, libraries, transportation and parents.

cleanbrowsing.org

 

[ForgottenSeer 85179]

It would be even more helpful to explain how to setup this kind of stuff or sharing links....

Why should I explain if enough tutorial exist already? Even the PiHole guys made one.

I guess that using search engine isn't hard. Same for own research about stuff - like my post above but that's the problem nowadays.
Anyway we're a forum so that's kind of normal.

Redirecting...

Also @ cloudflare and other external DNS services: test it with my DNS privacy & security thread and you guys will see that these servers aren't so good you think.

 

[Azure]

One word: SNI

Isn't that the thing that cloudflare themselves are promoting should be encrypted?

 

[SeriousHoax]

Firefox has ESNI support since October, 2018

 

[ForgottenSeer 85179]

Isn't that the thing that cloudflare themselves are promoting should be encrypted?

Yes but every server need that activated if it should work

 

[plat]

Well, Sordum issued a new version of DNS Jumper v. 2.2 as of March 17, 2020 if anyone likes. It's pretty handy.

Linked to the home page, not the .exe itself. Cloudflare is now ranked #5 for IPv4, as opposed to #30 on the previous version. I also use the Cloudflare for the IPV6--by the way, does anyone recommend disabling IPv6?

 

[blackice]

Well, Sordum issued a new version of DNS Jumper v. 2.2 as of March 17, 2020 if anyone likes. It's pretty handy.

Linked to the home page, not the .exe itself. Cloudflare is now ranked #5 for IPv4, as opposed to #30 on the previous version. I also use the Cloudflare for the IPV6--by the way, does anyone recommend disabling IPv6?

I was just about to redownload DNSbench from GRC. May give this a try instead.

 

[Stopspying]

Well, Sordum issued a new version of DNS Jumper v. 2.2 as of March 17, 2020 if anyone likes. It's pretty handy.

Linked to the home page, not the .exe itself. Cloudflare is now ranked #5 for IPv4, as opposed to #30 on the previous version. I also use the Cloudflare for the IPV6--by the way, does anyone recommend disabling IPv6?

I've been using DNSJumper regularly for the last few months and like it too. Cloudflare has just been ranked 9th using DNSJumper for me in the UK, immeadiately before AdGuard, of others mentioned in this thread Quad9 is quite along way down the list. The time differences between most of the well-rated ones is not that much, a millisecond here and there really isn't something I notice in any way, especially now when I can't go out for a meal, to the cinema or to catch some live music, or even visit a pub. Not saying that I've got all the time in the world, but.....

 

[Stopspying]

I was just about to redownload DNSbench from GRC. May give this a try instead.

Good old GRC, thanks for the reminder about their tool, I might give that a spin later, thanks for that too.

 

[Stopspying]

Well, Sordum issued a new version of DNS Jumper v. 2.2 as of March 17, 2020 if anyone likes. It's pretty handy.

Linked to the home page, not the .exe itself. Cloudflare is now ranked #5 for IPv4, as opposed to #30 on the previous version. I also use the Cloudflare for the IPV6--by the way, does anyone recommend disabling IPv6?

 

[Stopspying]

@plat1098 Not so much a recommendation than to say that I've been disabling IPv6 for maybe 18 months, it became a habit and I can't say that I've really noticed any real issues. I'm not into lots of VOIP or Multicasting which were among the reasons used to promote it, nor do we have a home full of IOT stuff. I know that IPv6 advocates highlighted securiy as a reason to use it, I bought the counter-argument that IPv4 was less likely to lead to security issues for us. Maybe its all swings and roundabouts.

 

[SeriousHoax]

Well, Sordum issued a new version of DNS Jumper v. 2.2 as of March 17, 2020 if anyone likes. It's pretty handy.

Linked to the home page, not the .exe itself. Cloudflare is now ranked #5 for IPv4, as opposed to #30 on the previous version. I also use the Cloudflare for the IPV6--by the way, does anyone recommend disabling IPv6?

Isn't it the same as doing this manually?

 

[plat]

Isn't it the same as doing this manually?

Yes, it should- and better be the same as manually. I had to double-check under Network and Sharing Center, yes, it's the same inputs. I find DNS Jumper to be so much more convenient with fewer chances of mistakes, esp. if you want to test various DNSs one after the other. If one likes to manually input the numbers... um OK.

Spoiler

 

[blackice]

Is the certificate that Sodrum uses a self signed certificate? I got the right download right? Getting a UAC prompt.