# NEWS: CIRA's Canadian Shield reaches 100,000 user milestone in only



## FM__ (Dec 11, 2020)

https://www.globenewswire.com/news-...-100-000-user-milestone-in-only-7-months.html



> After only seven months in market, the Canadian Internet Registration Authority (CIRA) is proud to announce that more than 100,000 Canadians have chosen CIRA Canadian Shield to protect themselves and their families from malware, phishing and other cyber-attacks.
> 
> As millions of Canadians have been forced to work, learn, teach and socialize online, CIRA Canadian Shield has surpassed its first-year goal of 100,000 users in a little over half a year. In that time, the service has blocked more than 20 million malicious domains for its users and serves more than 500 million queries each day.


----------



## FM__ (Dec 11, 2020)

CIRA's Canadian Shield is basically the free version of their "DNS firewall". As I have stated before, the term DNS firewall is a bit of a misnomer, as a firewall normally blocks malicious incoming and outgoing requests. In contrast, a DNS firewall prevents certain domain names from resolving and thus causes some outbound requests to fail. It does not prevent inbound requests.

One of my major concerns about this type of protection is that there is a potential for abuse once it is in place. The big problem here is who manages and operates the blocklist. Not that I don't trust CIRA to do this well, but for example, in the past, Quebec tried to force all local ISPs to block gambling sites that weren't operated by the province. Luckily enough, this didn't pass. Infrastructure like the Canadian Shield will make blocks like this easier the more people are using it.


----------



## rlm__ (Dec 11, 2020)

FM said:
			
		

> One of my major concerns about this type of protection is that there is a potential for abuse once it is in place. The big problem here is who manages and operates the blocklist.



Yes, and I'd like to know who decides what should be blocked?  Do website owners know they are being blocked?  How do they find out if they have been blocked?  How do they appeal being blocked?


----------



## DomainRecap (Dec 11, 2020)

FM said:
			
		

> CIRA's Canadian Shield is basically the free version of their "DNS firewall". As I have stated before, the term DNS firewall is a bit of a misnomer, as a firewall normally blocks malicious incoming and outgoing requests. In contrast, a DNS firewall prevents certain domain names from resolving and thus causes some outbound requests to fail. It does not prevent inbound requests.



And you can just bet that anti-consumer, censorship-overlords like Bell and Rogers were in there with both hands, "helping" the CIRA determine exactly which sites were "dangerous" and which were not.

They literally want the government to stop all Canadians using VPN links to non-Canadian streaming sites blocked and instead forward them to Crave and Ignite.


----------



## FM__ (Dec 11, 2020)

[notify]DomainRecap[/notify] provides another good example.

For CIRA's offering, as a paying customer, I think you can edit/override the list, but on the free product, you don't even know which lists feed into the product and who administrators those, as [notify]rlm[/notify] also says. One source is, for example https://safebrowsing.google.com/ (=part of Google)


----------



## rlm__ (Dec 11, 2020)

FM said:
			
		

> @DomainRecap provides another good example.
> 
> For CIRA's offering, as a paying customer, I think you can edit/override the list, but on the free product, you don't even know which lists feed into the product and who administrators those, as @rlm also says. One source is, for example https://safebrowsing.google.com/ (=part of Google)



Ugh, where's the dislike button when you need it??


----------



## FM__ (Dec 11, 2020)

https://www.cira.ca/cybersecurity-services/canadian-shield/faq-public


> How do I report a false positive or a previously infected domain that has been cleaned up?
> 
> Based on our experience running a commercial version of the service, CIRA Canadian Shield has a very low false positive rate having only lodged a handful of requests on over 1.8 million users. Most times, domains that are reported to us as a false positive are found to be hosting malicious content without the knowledge of the domain owner. If you believe that your domain is being blocked incorrectly by CIRA Canadian Shield then please visit our support page to lodge the request for review.
> 
> If your site has been hijacked or misused by hackers and as a result has been placed on block lists (including ours) then you are in a very difficult situation. Once the problem has been rectified on your end you can request a review using our support page. This can involve multiple global vendors and so we cannot provide a time-frame for when the review will be complete.


----------

