Massive Upgrade to Canadians’ Internet Security – CIRA Canadian Shield

Canadians’ Internet Security Gets Leveled Up

“Built by Canadians for Canadians” CIRA’s Canadian Shield effort is a massive enterprise-grade security upgrade for all Canadians’ Internet Security that adds another layer to our collective tool-kit. Implemented with help from the Canadian Security Establishment (CSE), the initial “go live” was 23Apr2020 and presumably this roll-out was fast-tracked due to #Coronavirus #COVID19 elevated threat levels.

How to Turn It On

To enable, users will need to manually update their systems to get the benefit. As explained here, for every system but mobile (explained below), users just need to update their home router DNS settings. This means that users will not have to install and maintain software to get the security benefit.

Note: Some users may have to additionally modify computer DNS settings if they use a manual IP (advanced).

How Canadian Shield Works

Canadian Centre for Cyber Security (CSE) has a nice diagram that shows how it uses DNS to protect users from malicious content.

What is DNS? It’s the thing that translates human readable URLs like “Textor.ca” to an internet protocol (IP) “64.90.34.49”. You can read more about what DNS is here.

Canadian Shield has three levels of service based on the level of protection the user chooses.  The level of protection is determined by which IP addresses the user chooses to configure their DNS with. The three levels are:

  1. Private: DNS resolution service that keeps your DNS data private from third-parties.
  2. Protected: Includes Private features and adds malware and phishing blocking.
  3. Family: Includes Protected and Private features and blocks pornographic content.

Benefits

What I like about Canadians’ Internet Security newest addition is that it’s a non-ISP based Canadian DNS service. Currently the DNS servers are located in Montreal, Toronto and Vancouver and Alberta may need to route via Seattle to get to these services. This makes me skeptical that it will remain fast so I’ll keep this entry posted with updates. The devil is in the details.

OpenMedia.org believes the service is better because “…Canadian Shield … is entirely hosted in Canada, so unlike most free and paid alternatives your Internet data will not travel internationally and become subject to foreign surveillance practices. We also appreciate CIRA’s promise that any information related to your Internet activity is deleted after 24 hours, in contrast to many home ISPs who otherwise handle our web traffic which retain that data longer, or may not guarantee to delete it at all.”

Mobile Users

At home, mobile users will pickup DNS settings from their home router. The challenge is when they are away from home.

For mobile users away from home, my understanding from reddit.com is that users install a CIRA app that enables a VPN. This may be fine for light users but likely will create a bit of havoc for advanced users and their configurations. A reddit users says “Tested the VPN app (iOS) today. First thing I always check is performance. Downstream speed took a hit, upstream was 10% of normal. I’ll skip it for now.” On the Google Play store app a user’s feedback is that it “Blocked access to safe programs” and CIRA asked the user to follow-up by emailing them at CanadianShield@cira.ca.

I’m recommending all users avoid the mobile software for a couple of months to let users that are ok with beta testing work out the bugs.

Update June 17, 2020

Back on April 27, 2020 I implemented the DNS changes to my household router and two workstations that have static IP setups. So far, no issues; as expected.

About the Author

An avid writer, Trevor Textor has been quoted by Reader’s Digest, NBC News, Reviews.com and MarketWatch.com among others. As a freelancer Trevor has a “swiss army skillset” and has proven able to successfully assist many small, medium and large businesses in most areas of their business. Ask Trevor if he can help: https://www.textor.ca/contactme/.

CategoriesIT

6 Replies to “Massive Upgrade to Canadians’ Internet Security – CIRA Canadian Shield”

  1. Hi Trevor, a couple questions for you. What level of the Canadian Shield service did you implement on your home router and workstations? Any updates on your impressions since you last posted six months ago?

    Wayne

    1. Hi Wayne,

      We implemented “Protected” that “…keeps your DNS data private from third-parties …and… adds malware and phishing blocking.” I haven’t noticed anything amiss and forgot about it so it must be doing what it’s supposed to. I haven’t touched the VPN app. I checked it recently. Very low installs and hasn’t been updated since last summer. Seeing as Android OS has had a major update since then, still makes me feel very uncomfortable even trying it out. Hope that helps!

      Trevor

    1. Hi Spencer,

      I currently use NetGuard (https://play.google.com/store/apps/details?id=eu.faircode.netguard) to block apps from using data inappropriately. NetGuard keeps my data usage below 350 MB/month without affecting usage of maps although reduces ability to browse a lot on cell networks or ever stream video… but this is small price to pay for inexpensive data. It also uses a VPN. I’m pretty sure I’ll have to uninstall this VPN to test the Canadian Shield app. This makes it a bit of a pain to test CIRA app since I have to open up my apps and possibly blow my data cap. If it was a perfect world, the CIRA app would do both. Maybe a partnership?

      I’d also like to see more reviews post Android 11.

      Cheers,

      Trevor

Leave a Reply

Your email address will not be published.