The EU now offers its own DNS resolution service (Resolver) and wants to help its citizens to become less dependent on offers from large US companies such as Cloudflare and Google. The service is called DNS4EU and pre-filters internet addresses at the user’s request: In addition to phishing and fraud sites, it blocks websites and advertising that are harmful to minors.
A DNS resolver is one of the almost invisible basic services for stable Internet access: it works in the background, usually at the provider, and ensures that Internet addresses such as
Dr. Christopher Kunzwww.heise.deare translated into IP addresses such as2a02:2e0:3fe:1001:7777:772e:2:85. However, in many countries – including Germany –, blocking orders by lobby associations or youth protection authorities are often implemented at DNS level. For this reason and for reasons of speed, users often make do with alternative providers such as Google, which not only uses one of the most beautiful IP addresses with the resolver 8.8.8.8, but also answers over a trillion queries a day. Cloudflare (1.1.1.1) and Quad9 (9.9.9.9) also operate open resolvers. The problem is that many of these servers are located in the USA, which is why the Quad9 consortium has already moved its headquarters to Zurich.
Good to see the European Union taking – albeit small – steps towards that elusive digital sovereignty and autonomy from US-based companies. While far from the flashy headlines about AI and quantum, DNS over HTTPS improves user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks.
The project offers five DNS resolver configurations with various degrees of protection against malware and content filtering of ads and child-inappropriate sites. I am personally most interested in the ad-blocking variant since this is the most straightforward solution for blocking ads on mobile devices. I used AdGuard’s public DNS before on Android, and it considerably improved my browsing experience, especially on Romanian news sites, which show a horrendous amount of ads, making the pages almost unusable on mobile. Being a system-level feature, a DNS resolver can prevent ads from loading inside apps as well, depending on the domain serving those ads – in-feed ads disguised as posts like you get on Twitter and Instagram are unaffected, since those come from the same domain as the non-ad content in these apps.
A small disadvantage compared to dedicated ad-blocking extensions is that in some cases the blocked ads leave behind their empty placeholders, taking up space on the page, whereas adblockers usually remove these elements altogether. Considering that Chrome is making it increasingly difficult for extensions to remove ads, replacing them with a DNS filter might not be a bad trade-off.
After I found out about this new alternative, I switched to it on my smartphone and enabled secure DNS in the browsers I use regularly. You could theoretically configure DNS at lower levels, as default resolver on Windows (on par with the corresponding Android setting) or in your router, but I didn’t want to go that far. On one hand I couldn’t find any DNS-related configuration on the modem I have – a standard issue by the Internet company, so likely not that advanced to support this.
On the other, setting up hard Internet filters can occasionally hinder your browsing: I stumbled upon cases where newsletter links would be inaccessible because of the DNS ad filtering – which makes sense, as these are essentially trackers put in place to count how many people click which links, but in this situation I would rather access the target link despite being tracked. Compared to an adblocking extension, it’s more complicated to disable the DNS-level filter, so I find it a good compromise to not enable the filter system-wide on the desktop; that way I can at least copy the link and open it in a secondary browser that doesn’t have the DNS adblocker on.
There are several alternatives, including some based in Europe. While doing some research for this post, I came across a good review of the current offers. I’m not particularly troubled about the supposed poorer privacy of DNS4EU because of its logging policy. I find the fact that control is supposed be transferred to a private company more concerning for the long term, as companies are always susceptible to bankruptcy or to being acquired by foreign parties that might not be interested in keeping this service going. Still, as I said, there are alternatives at least, and nothing preventing people from switching to a different DNS resolver later.
Post a Comment