Spark Net Shield service

Forums › Spark New Zealand (including Skinny and BigPipe) › Spark Net Shield service

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41034

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#233505 18-Apr-2018 18:48

Spark is launching a new DNS-based protection service called Net Shield.

This is available to Spark broadband users and can be managed from their account.

As this is DNS-based your network won't be protected if using a third-party DNS (OpenDNS, Google DNS, 1.1.1.1, etc) or a VPN.

A free service provide basic protection - websites with harmful content and SafeSearch. A paid option expands this to include blocking sites by categories, scheduling and whitelist access only.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

1 | 2 | 3 | 4

932 posts

Ultimate Geek
+1 received by user: 304

#1998884 18-Apr-2018 19:08

Once someone is connected to your home WiFi network, the Net Shield rules apply regardless of how they set up their own device

Even if they set the DNS on their device to 8.8.8.8 ..?

Also, I'm assuming that Net Shield retains local caching/CDN goodness?

Edit: can't seem to activate this, either by Spark app (Android), or myspark website. Click on the 'Get Net Shield' link, which just takes me to my 'Broadband details' page, with no obvious option to activate.

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#1998902 18-Apr-2018 19:19

It's certainly possible, DNS traffic is trivial to intercept and redirect.

Curiously, Google Chrome often sends its own DNS traffic despite how your network is configured. ([randomcharacters]@yourdomain queries aside ...)

DNSSEC will break all this https://developers.google.com/speed/public-dns/docs/dns-over-https

You're not on Atlantis anymore, Duncan Idaho.

GregV

932 posts

Ultimate Geek
+1 received by user: 304

#1998907 18-Apr-2018 19:25

The bit I quoted above seems to conflict with this bit:

Net Shield does not cover you, if:
Your internet connection accesses the Internet with a non-Spark DNS (like Open DNS)

Hopefully I can figure out how to activate this, so I can confirm

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41034

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1998910 18-Apr-2018 19:32

@GregV: The bit I quoted above seems to conflict with this bit:
Net Shield does not cover you, if:
Your internet connection accesses the Internet with a non-Spark DNS (like Open DNS)

Hopefully I can figure out how to activate this, so I can confirm

It's a DNS service. You will probably have to use the default Spark DNS servers for this to be effective on your network. If you want one device to use a specific DNS (e.g. for accessing a streaming service available in other region) then you can set the DNS on that device only - which is what I do at home by using 1.1.1.1 on router and setting a specific different DNS service on my Amazon Fire TV box.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1998912 18-Apr-2018 19:34

GregV:
Once someone is connected to your home WiFi network, the Net Shield rules apply regardless of how they set up their own device

Even if they set the DNS on their device to 8.8.8.8 ..?

Also, I'm assuming that Net Shield retains local caching/CDN goodness?

Edit: can't seem to activate this, either by Spark app (Android), or myspark website. Click on the 'Get Net Shield' link, which just takes me to my 'Broadband details' page, with no obvious option to activate.

Yes still uses our dns.

I'll have to confirm about 8.8.8.8 but it's my understanding we aren't forcefully dissecting dns.

As to your issues enabled netshield, Are you on the Purple interface or the standard grey one..

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

GregV

932 posts

Ultimate Geek
+1 received by user: 304

#1998913 18-Apr-2018 19:35

(in reply to MF)Yup, I understand that, which is why I was querying their statement of 'this just works no matter how your kids set up their device'.

Also, the Net Shield option does not appear on mobile site. I had to request desktop site to see it.

Purple interface hio

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1998920 18-Apr-2018 19:36

GregV: Also, the Net Shield option does not appear on mobile site. I had to request desktop site to see it.

Will see about passing that along.

It's my understanding the App does not have functionality for this implemented yet.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41034

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1998921 18-Apr-2018 19:36

GregV: Yup, I understand that, which is why I was querying their statement of 'this just works no matter how your kids set up their device'.

Also, the Net Shield option does not appear on mobile site. I had to request desktop site to see it.

Oh, in this case they seem to intercept all DNS queries, regardless of the server being queried.

@hio77 can you confirm?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1998925 18-Apr-2018 19:41

freitasm:

GregV: Yup, I understand that, which is why I was querying their statement of 'this just works no matter how your kids set up their device'.

Also, the Net Shield option does not appear on mobile site. I had to request desktop site to see it.

Oh, in this case they seem to intercept all DNS queries, regardless of the server being queried.

@hio77 can you confirm?

Isn't a project i was directly across so excuse my lack of a highly detailed answer.

The net shield product, is dependent on customers Not changing their DNS; that reads to me as... we don't intercept all.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1998926 18-Apr-2018 19:43

GregV:

Purple interface hio

Click return to old interface, see if the option doesn't pop up in the products and services dropdown... i suspect it may be related to the A:B interface..

Worked perfectly for me, i couldn't find it without switching though (I work with the old interface currently so the new I'm by no means used to)

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.