I’ve read Proton is about move from Switzerland to Germany because the numeric laws changed there, Switzerland is goingg to do mass surveillance now.
I wonder if we should use an alternative to Quad9 which is Swiss for our DNS,
here an article in French about proton moving to Germany:
PS;I wanted to create this subject here: Topics tagged dns but I don’t know how to do it.
Have they really commited themself to move now?
Or are they just threatening to move if those laws are goig to pass in Switzerland?
Lumo represents one of many investments Proton will be making before the end of the decade to ensure that Europe stays strong, independent, and technologically sovereign. Because of legal uncertainty around Swiss government proposals to introduce mass surveillance — proposals that have been outlawed in the EU — Proton is moving most of its physical infrastructure out of Switzerland. Lumo will be the first product to move.
This shift represents an investment of over €100 million into the EU proper. While we do not give up the fight for privacy in Switzerland (and will continue to fight proposals that we believe will be extremely damaging to the Swiss economy), Proton is also embracing Europe and helping to develop a sovereign EuroStack for the future of our home continent. Lumo is European, and proudly so, and here to serve everybody who cares about privacy and security worldwide.
I don’t know why you marked this thread as solved, but my question was about the safety of having Quad9 as DNS server, and nobody answered about it.
If a Swiss user could help us about it.
edit, oops I’m dumb, the thread isn’t solved, it’s only that I am shown I can mark posts as solution.
I thought that I would try out Lumo as I already use protonmail on my phone, and therefore have an account. but, I get a message saying "check that Google Play is enabled on your device.Has anyone else tried this app?
Although, I know that the thread was not about this. Sorry - I should probably start a new one.
As far as I know Switzerland was doing mass surveillance for a long time and therefore Swiss providers were never a good solution in terms of privacy and security. Here is a great article on that subject in German:
So if Proton is moving to Germany that is actually an improvement. Quad9 underlies Swiss law so using an alternative would be reasonable. There is DNS4EU, a new DNS resolver from the European Union or if you consider German data protection laws to be the most trustworthy there are several noncommercial DNS resolvers with or without adblocking you can use. I am from Germany and I am using dismail for years now without any problems. I tried other resolvers with adblocking before and sometimes there was trouble with blocked websites but not with this one.
Second that, exept that DNS4EU is not recommendable.
Mike Kuketz who you quoted did refrain from recommending it, out of caution.
Turns out he was right, as former MEP and privacy freedom fighter Patrick Breyer pointed out here:
(Also in German, and on BlueSky)
German Newspaper Golem also dug a bit into it, in a reply DNS4EU confirmed that they work with Hubspot for Webhosting, but they couldnt say if cloudflare was involved. Hower they also closely work with a company from the UK(although this company is exclusively owned by entities from the EU).
The DNS list you shared is also something I would recommend looking at when picking a DNS provider.
I would also not entirely recommend DNS4EU because there are plenty of alternatives, but the advantage over Swiss resolvers (or American ones like google or cloudflare) is that the European one is bound by the GDPR and probably other European data protection laws. Also it is probably pretty efficient while the independent ones are maybe not able to handle too much traffic, I don’t know. Last but not least maybe there are people who are not confident with putting so much data processing into private hands (I mean really private, like one guy who runs a DNS resolver). So as always it is a matter of weighing things up.
Circumvent these problems by running pi-hole as a recursive dns resolver. It’s still worth using a reputable VPN hosted outside your own government’s jurisdiction. But for DNS, your own can’t be beat.
Vaughan, please excuse my ignorance on this. I managed to set up a pihole, and it has been running for quite a while, my intention being to block ads rather than improve privacy / security. But, I have long suspected that I could make better use of it, if I understood more than the basics about it’s configuration. Your post indicated that you might be a good person to ask about this. Living in the UK is becoming a privacy nightmare and I would like to do more than I am currently doing, by having my FP5 / murena Pixel tablet, using a VPN and the pihole.
This explains what it is and how to do it.
https://docs.pi-hole.net/guides/dns/unbound/
I totally agree about living in the UK.
what amount of queries (in a percentage) do you think happen with transport encryption from your recursive towards authorative?
I have no idea. It isn’t something I’ve thought about.
I don’t think there’s yet significant uptake of the ietf draft on opportunistic encryption to the authorative dns.
If you use any dns transport encryption (forwarding) to a pooled, even non-logging dns outside your jurisdiction it gives better privacy than running a recursive that for most or half its queries does so in plaintext and is directly attributable with wire access.
Edit: but I don’t want to discourage from running a recursive resolver, it will improve (tracks as rfc9539) and there are other benefits (decentralization). Wire access isn’t relevant for most.
ads = trackers
i.e. collectors of data generated by your digital actions
I don’t want to hijack this particular thread, but:
You can install a tracker blocking app on your devices and grant it “always on” status in the VPN settings. Load one or more of the same hosts files that Pi-hole uses. This will protect you on the mobile network or public wifi, not just on your home network. But…
Since the above takes up your VPN slot, you’ll have to disable it if you want to use a regular VPN provider instead, or if you sometimes want to switch between them. In that case, choose a VPN provider that also filters trackers.
On your home network, if you’ve set all your devices to use Pi-hole, then your tablet and phone should already be protected from tracking… while you’re on your home wifi.
But I always use a VPN and Pi-hole at home. (It’s possible to remotely link to Pi-hole while on the go, but I don’t do that.)
Yes, I have a vpn gateway and the guest Wifi network, on a separate subnet, is routed through it. My own devices also connect to this AP unless I’m doing network management tasks.
I always use a vpn too - mullvad. Just on default settings and ad blocking but, have been wondering if I should use some of the other settings such as Daita and Multihop. I was worried that Proton Services that I use might be withdrawn from the UK (because of the UK trying to eradicate encryption) and started using french servers for most of our access, including email. I hoped that we might retain our access if they thought we were in France. But, now the UK mainstream media are shouting about VPN’s giving young people access to the dark net and other unsuitable parts of the internet - they don’t understand the difference between other vpn services and Tor. I am worried that vpn services might be banned here, completely. So, I think I need to take more measures and find ways of better hiding that I am doing it. I feel a bit out of my depth with all of this. Thanks Vaughan, for the pi-hole link. I will check it out
Have they really commited themself to move now?
Or are they just threatening to move if those laws are goig to pass in Switzerland?
yes, it’s just a threat. And it’s not the first time that the founder makes waves around this.
So … wait & see.
[personal opinion: if the founder does that, there will be multiple users moving to other solutions because all the reputation of Proton has been built (until now) on the fact that it’s based in Switzerland (being just a “myth” or not, is another topic). And changing the marketing “storytelling” offered until now is not as easy as that. You can’t build all your trust and advertising with such argument and then say that it was … a lie. For me it’s just “gesticulations”.]
This topic was automatically closed after 15 days. New replies are no longer allowed.