i2Coalition Member Spotlight: Quad9

Quad9 is a free public DNS service for computers and Internet-of-Things (IoT) devices that blocks lookups of malicious host names from an up-to-the-minute list of threats—preventing over 670 million bad-news connections every day. We caught up with John Todd, General Manager of Quad9, to discuss cybersecurity, regulation, and the role of the DNS in a healthy Internet.

i2Coalition: Can you give us the elevator pitch for Quad9?
John Todd: Quad9 is a global non-profit foundation providing a free, privacy-preserving DNS service that protects users from cyber threats without collecting personal data. Headquartered in Switzerland, Quad9 operates in the public interest ensuring security, privacy, and performance for users worldwide. Unlike commercial DNS resolvers, Quad9 does not collect or monetize user data, making it a trusted alternative for individuals, businesses, governments, and philanthropic organizations.

i2Coalition: You have a rather unusual company structure for this industry—can you tell us a bit about how that came about?
JT: We are unique in that we are one of the largest recursive providers in the world and the only non-profit foundation providing this type of service on a global basis. It was important to us to build this service and organization with a privacy- and security-first mindset and a strong public interest mission. Another aspect that makes Quad9 unique is that we will go where other providers do not traditionally go—meaning those parts of the world where it is not necessarily commercially beneficial to operate, but beneficial to users who might otherwise not have access to a free, secure DNS service. 

i2Coalition: How have you seen DNS abuse—and DNS blocking—trends change over the past few years?
JT: Quad9 first and foremost resolves DNS in the public interest. We block malicious events that threaten the security and privacy of users. We see a deeply worrying trend of DNS abuse and blocking, particularly relating to regulatory or legal blocking of sites. We also see observation, interception and re-writing of queries—the latter of which has become more widespread and has grave consequences. This “quiet manipulation” happens without the users knowing or seeing what caused the failure to resolve the lookup.

i2Coalition: In general, what impact do you think recent geopolitical events have had on your more recent activities?
JT: Quad9 has been impacted the last several years by legal cases being brought to block user access to certain sites that are claimed to be violating copyright laws in various countries. We successfully fought one such case in Germany, and we are now battling similar cases in France. We suspect others will follow. We see these cases as an attack not only on Quad9, but on the DNS itself. Seeing recursive resolvers such as Quad9—which do not deliver content or provide hosting services, have no relationship of any kind to any of the infringing parties— targeted in this way makes it clear that the aim is to alter “the map” of the Internet so to speak, not simply take alleged copyright violators to court. The DNS is open, with limitations of course. It needs standards and commitments that secure trust, equality and reliability universally for all connected to the Internet.

i2Coalition: Overall, it seems that for such a fundamental element of the Internet, the DNS is surprisingly vulnerable. What role do Internet infrastructure providers operating in different silos play in defending and strengthening it?
JT: Those who operate within critical infrastructure have great power, and with that great power comes great responsibility—just as Uncle Ben told the young Peter Parker as he gained the powers of Spider-Man. What we mean by that classic comic-book quote is this: as infrastructure providers of a critical layer such as the DNS we must develop and adopt security standards that adhere to principles of public interest, we must ensure that the DNS is trusted across the globe by ensuring it is unmodified, consistent, open and clear and for the benefit of its users. Lastly, we must secure its reliability through standards and speed making it a utility to serve the global community of users.

i2Coalition: Why did your team find it important to join the i2Coalition?
JT: As the only global-scale non-profit foundation using the DNS as a security tool, we have always found ways of bringing together like-minded organisations to drive our mission. In the past several years, the DNS has seen developments that have directly impacted tens of millions of users’ ability to connect to secure privacy-enhancing DNS lookups. At this crucial time, the i2Coalition’s work on restoring and enhancing these rights as well as its known and vast membership network made Quad9 joining a critical step towards fighting for the DNS. 

 

i2Coalition: Which i2Coalition initiatives connect most deeply with your team’s ethos?

JT: The initiatives for working groups, particularly the DNS issues as well as the one for cybersecurity and privacy are crucial to our team on many levels. Further, we are, in essence, what can best be described as a group of nerds trying to do a good thing for the world. We love what we do and are not necessarily the best at conveying and communicating that broadly to the public. The i2Coalition networking initiatives help us gain further exposure and strengthen new and existing partnerships with like-minded stakeholders.

i2Coalition: Where does government policy interface with your work on a daily basis?
JT: We see a rise in government policy intersecting with our work in all regions of the world, even those where there is no current or historical interference with access to data. The desire to protect rightsholders is a significant policy driver, though we strongly believe that recursive DNS is an inappropriate and ineffective place to address this issue. Cases such as we saw in Germany against Sony Entertainment Germany show that there is a need for policymakers and courts to better understand how the DNS can and cannot address these issues. We also believe that there will be more dangerous applications of filtering and blocking applied to recursive resolver platforms for political or social suppression, and our intent is to try to counter these efforts by proving that an open, free, and trustworthy DNS is more valuable than the short-term results obtained by such censorship.