Secure Services Within the EU: DNS4EU
In light of the recent fun and games over the pond in the USA, digital resilience for the EU has become a hot topic. The USA has increasingly become hostile to foreign visitors, along with Trump's ongoing and unhinged rhetoric about the EU. Moving away from reliance on US Big Tech, especially given their continued breaches of EU law, seems like a good idea.
When building any resilient system, the first place to start is with how we locate and access services. On the Internet, this is managed by the Domain Name System (DNS). DNS converts friendly names (like www.tomkranz.com) to the actual address of the website (or service).
Most people rely on the default DNS servers (resolvers) provided by their ISP. However, it's possible to configure any device to use a different DNS resolver, and there are a couple of reasons why we'd want to do that.
Because DNS converts names to addresses, we can also use DNS to filter out unwanted requests sent from our browser. These include the myriad of tracking that Facebook and Google embed in all websites, adverts, content inappropriate for kids — even malware sites or platforms that are exploited by criminals.
There are a bunch of existing organisations that offer this already. The problem is that they are mostly offered by the same Big Tech firms that are already trying to harvest and exploit our personal data: Google, Cloudflare, and others. Cloudflare delivers over 16% of all web traffic, and has a long history of hosting and protecting malicious websites, botnets, and forums that promote physical harm against minority groups. An article from ArsTechnica last year dug into the details: https://arstechnica.com/security/2024/07/cloudflare-once-again-comes-under-pressure-for-enabling-abusive-sites/
DNS4EU has been funded by the European Union to provide a protective, privacy-compliant, and resilient DNS service. It was developed with the support of the European Union Agency for Cybersecurity (ENISA).
DNS4EU offers automated blocking of tracking and privacy-breaking requests, as well as filtering out adverts, known malicious sites, and websites that are unsuitable for children.
The full list of available DNS resolvers, as well as what they currently filter, is:
Protective Resolution: 86.54.11.1
Protective + Child Protection: 86.54.11.12
Protective + Ad blocking: 86.54.11.13
Protective + Child Protection + Ad blocking: 86.54.11.11
Unfiltered Resolution: 86.54.11.100
You don't have to be in the EU to use these services: there are no geographic limitations. So you can configure your devices to use DNS4EU even if you're in a repressive third-world dictatorship (like Texas).
The DNS4EU website has a full range of setup guides, showing you how to configure DNS for all of your devices, available at https://www.joindns4.eu/dns-guidelines
DNS4EU isn't the only privacy-respecting service out there: there are a number to choose from that have been reviewed on the Privacy Guides website at https://www.privacyguides.org/en/dns/#recommended-providers
Having options on how we configure and secure our own devices is important, especially when it comes to protecting our privacy and reducing our reliance on businesses that try to exploit our data. DNS4EU is the first step in building privacy-compliant Internet services in Europe, and it's going to be interesting to see how these develop over time.