Why some “private” cybersecurity offerings are not what they seem

With cyber attacks hitting the headlines with greater frequency recently, awareness about the value of cybersecurity has never been higher.

But while leveling up your cybersecurity game is always a worthy endeavour, you also need to be careful about how you do it.

Why? Because not all cybersecurity tools are created equal.

Protecting our privacy with cybersecurity

Cybersecurity is, at its root, about privacy. We want to keep information like our social insurance number, credit card information and birthday to ourselves and out of the hands of cyber criminals.

That’s why we take steps to protect ourselves. We create strong passwords for all our accounts. We enable multi-factor authentication for our devices. We are careful about what we choose to share on our social media accounts.

Here’s where it gets tricky, though. Not all cybersecurity tools are effective at protecting our privacy.

In fact, some are designed to further exploit it.

How “free” cybersecurity tools compromise our privacy

There are a lot of great tools out there that can help us combat cybercriminals.

Password managers. DNS resolvers. Virtual private networks.

The problem, though, is that these aren’t all what they seem.

For example: there are many DNS resolvers that offer their service for “free.” The reason why they are “free”, though, is because the companies that offer them are harvesting your data so they can then turn around and sell it.

So while you may have set out to protect your privacy, you’ve actually done the opposite.

Staying cybersecure while also protecting your privacy

What can you do to ensure attempts to protect your privacy aren’t in fact compromising it?

One option is to pay for cybersecurity tools.

A company that operates a password manager on a subscription model, for example, is far less likely to sell your data to other groups and organizations. This might not be as invasive as a cyberattack (although fraud in losing our data is certainly an issue), but many of us still would prefer not to have our information used to sell us products we didn’t ask for or serve us ads on our social media accounts.

But sometimes paying for cybersecurity isn’t always an available (or an affordable) option.

That’s why many continue to use free tools but become more discerning about which ones they choose.

For example: Canadian Shield, CIRA’s DNS resolver, is designed to be both free and private.

Your DNS query data is not associated to any personal data (other than your IP address). Your query is stored for up to 24 hours — in order for us to be able to detect abuse of the service by those who wish to exploit an open recursive DNS service in a way that would impact our legitimate end users. After that there was no association between the IP address and the query stored.  

As an independent Canadian not-for-profit with a mission to build a safer, trusted internet, CIRA does not commercialize any personal information for either our own purposes or to sell this information to third parties.

This is not to say that you necessarily need to choose Canadian Shield (though we would definitely recommend it!). But just to say that there are free tools out there that won’t compromise your privacy even as they claim to protect you from cyber criminals.

Keeping your privacy secure

Don’t be fooled into thinking that just because a tool claims to keep you protected from cybercrime that it’s also going to protect your privacy.

By doing a little research (or possibly spending a little money), you can help secure your devices against cybercriminals without compromising your privacy.

CIRA offers a free DNS resolver that, unlike many other offerings, does not use or sell user data in any way. Learn more about Canadian Shield.

DNS Firewall is the paid option for organizational protection.