The free service 220.127.116.11 for Families from the American service provider Cloudflare is supposed to protect the entire home network from threats from the Internet. test.de explains how it works and why you shouldn’t expect too much from it.
Security and parental control for everyone
Cloudflare’s 18.104.22.168 for Families service promises free protection for your home Internet. It comes in two flavors: In one variant, it is supposed to block only accesses from the home network to dangerous websites. These could be sites used by cybercriminals to distribute malware or to steal valuable passwords in phishing attacks. In a second variant, the service is also designed to filter out “adult content”, i.e. content that is only suitable for adults. Cloudlfare does not explain exactly what is meant by this.
Protection for the home network via the router
The practical aspect of the technology used is that the protection function can be activated centrally via a setting in the router and then automatically extends to all devices connected to the router – whether PC or tablet, smartphone, game console or smart TV. To do this, users must set their Internet router to access special DNS servers from Cloudflare. DNS stands for “Domain Name System” – a kind of address book for the Internet. Background: Computers address each other on the Internet via numerical codes, the IP addresses. However, people can hardly remember these. That’s why there are also catchier names for web addresses. Every website can be accessed both via its IP address, which looks something like http://22.214.171.124, and via its domain name xyzdomain.com.
DNS server with filter function
DNS servers translate between these domain names and the IP addresses that can be used by computers. DNS queries from the home Internet connection usually go through the respective Internet service provider. This simple trick is used by Smartsdns companies to help their customers connect to blocked services, e.g. to watch their home TV from abroad. If the user instead sets special DNS servers with Cloudflare’s filter function in the router, these are supposed to automatically block such DNS queries that lead to malicious web addresses.
Security function extremely full of holes
According to Cloudflare, 1.1.1 for Families is supposed to protect the home network from malware. We checked this using 60 current websites that were contaminated with dangerous software. Shattering result: Not a single one of them was blocked! We also tested the protection against fraudulent phishing sites. The result is only slightly better: Out of 157 phishing sites, the Cloudflare service blocked just 31. Reliable protection looks different.
Child protection is limited to porn filters
We tested the variant of the service that is also supposed to block “adult content” to protect children with a total of 93 websites from the subject areas of pornography, weapons, alcohol, drugs and glorification of eating disorders. The result: only pornographic content was blocked – and even here, by no means all of it. Of 72 adult content websites, Cloudflare blocked 60. More prominent porn portals were blocked, lesser-known sites were not. Such sites that deal with weapons, alcohol or drugs, or glorify eating disorders, Cloudflare did not filter at all. Thus, the service does not offer comprehensive child protection. More effective child protection is provided by companies listed in this parental control app comparison.
One setting in the router is enough
If you still want to try it out: one setting in the router is enough. The preset DNS servers must be changed to those of Cloudflare. To do this, first call up the router’s settings menu in the Internet browser. With the very popular Fritzboxes from AVM, for example, this is done by entering “fritz.box” in the browser’s address bar.
Now you have to find and change the setting for the DNS servers in the router menu. For Fritzboxes, you can access them by clicking on “Internet” in the menu on the left and then on “Access data” and then opening the “DNS servers” tab. For the pure security function, enter the addresses 126.96.36.199 and 188.8.131.52. If you also want to block porn, the addresses are 184.108.40.206 and 220.127.116.11.
Conclusion: Interesting concept, but hardly any protective effect
The approach of blocking dangerous websites via a DNS service seems promising at first. However, Cloudflare does not live up to its full-bodied promises: The protective effect against malware and phishing is hardly effective in the test, and the parental control also seems rather spotty. Such a service could not replace good security software on the PC and a prudent use of the Internet even if it worked well. In view of the poor test results, however, you can do without this free service altogether.
You may also be interest in how to surf anonymously with your smartphone.