Canadians’ Internet Security Gets Leveled Up
“Built by Canadians for Canadians” CIRA’s Canadian Shield effort is a massive enterprise-grade security upgrade for all Canadians’ Internet Security that adds another layer to our collective tool-kit. Implemented with help from the Canadian Security Establishment (CSE), the initial “go live” was 23Apr2020 and presumably this roll-out was fast-tracked due to #Coronavirus #COVID19 elevated threat levels.
How to Turn It On
To enable, users will need to manually update their systems to get the benefit. As explained here, for every system but mobile (explained below), users just need to update their home router DNS settings. This means that users will not have to install and maintain software to get the security benefit.
Note: Some users may have to additionally modify computer DNS settings if they use a manual IP (advanced).
How Canadian Shield Works
Canadian Centre for Cyber Security (CSE) has a nice diagram that shows how it uses DNS to protect users from malicious content.
What is DNS? It’s the thing that translates human readable URLs like “Textor.ca” to an internet protocol (IP) “22.214.171.124”. You can read more about what DNS is here.
Canadian Shield has three levels of service based on the level of protection the user chooses. The level of protection is determined by which IP addresses the user chooses to configure their DNS with. The three levels are:
- Private: DNS resolution service that keeps your DNS data private from third-parties.
- Protected: Includes Private features and adds malware and phishing blocking.
- Family: Includes Protected and Private features and blocks pornographic content.
What I like about Canadians’ Internet Security newest addition is that it’s a non-ISP based Canadian DNS service. Currently the DNS servers are located in Montreal, Toronto and Vancouver and Alberta may need to route via Seattle to get to these services. This makes me skeptical that it will remain fast so I’ll keep this entry posted with updates. The devil is in the details.
OpenMedia.org believes the service is better because “…Canadian Shield … is entirely hosted in Canada, so unlike most free and paid alternatives your Internet data will not travel internationally and become subject to foreign surveillance practices. We also appreciate CIRA’s promise that any information related to your Internet activity is deleted after 24 hours, in contrast to many home ISPs who otherwise handle our web traffic which retain that data longer, or may not guarantee to delete it at all.”
At home, mobile users will pickup DNS settings from their home router. The challenge is when they are away from home.
For mobile users away from home, my understanding from reddit.com is that users install a CIRA app that enables a VPN. This may be fine for light users but likely will create a bit of havoc for advanced users and their configurations. A reddit users says “Tested the VPN app (iOS) today. First thing I always check is performance. Downstream speed took a hit, upstream was 10% of normal. I’ll skip it for now.” On the Google Play store app a user’s feedback is that it “Blocked access to safe programs” and CIRA asked the user to follow-up by emailing them at [email protected].
I’m recommending all users avoid the mobile software for a couple of months to let users that are ok with beta testing work out the bugs.