How Quad9 Handles Your Data | 2025
Quad9 and Your Data
Updated February 2025 — I’m John Todd, the General Manager of Quad9, and I want to address a few points about who we are and why we exist for the purpose of giving some background about what we do with your personal data. TL;DR: We don’t even collect your personal data, let alone do anything with it.
Quad9 does recursive DNS, and we integrate a blocklist on our secure IP addresses that prevents end users from reaching hosts that our partners have told us are malicious, or are phishing sites, or which are implicated in botnet services or other harmful activities. Our mission is to keep as many people on the Internet as safe as possible against these threats while providing good DNS performance and high privacy — and we take that job seriously.
We often hear the question “How do you make money?” Quite simply, we do not.
Quad9 is sponsored by a variety of organizations and individual donors who have the same goals of security, privacy, and performance. They directly or indirectly see the benefits of keeping millions of people from being defrauded, hacked, or worse —– and they provide us with funding and support to further those same benefits.
Many other free DNS services (or ISPs) are doing things with your data that might surprise you, such as building demographic profiles on users, selling household browsing habits, or even tracking private information such as your political or health related site visits. Quad9 is different — we’re not a business, and we don’t sell or collect data that can be associated with individuals. We’re not even a business — we’re a nonprofit and have no motive to sell personal data (remember, we don’t collect personal data at all) and no way to hide it because we’re a public entity. We do one thing — provide free DNS. We agree that anything that seems too good to be true should be examined closely, and it’s clear that Quad9 needs to better illustrate why your data is safe with us. So let us go into that in a bit more detail.
The key component that we want to ensure is stated up front is one of our core tenets: “Quad9 does not store client IP information to disk, nor is client IP data ever transmitted out of the POP in which it is received.(*)” This is the most critical component of our service: we can’t associate queries with individual people.
We don’t have the concept of an “account,” and there is no sign-up or requirement for users to give us their email addresses or identity in any way. We cannot associate queries with end users with an account, and we additionally cannot even associate queries with individual IP addresses.
Additionally, we treat IP addresses from where data originates as “personal data”, or at a minimum it is only a single lookup in an ISP or network provider database to transition from an IP address to a household or individual. We recognize that dangerous association. In some regions IP addresses may be legally defined as personal data; in other areas it may not, but we believe in using the most strict interpretation for our entire service platform, and we do not collect IP addresses in association with queries.
(*) Yes, there is a very limited exception to this. If we observe client behavior that we believe is intentionally or unintentionally causing harm or attempting to cause harm to our services, we reserve the right to transmit origin IP address data and abusive queries to a central system to be redistributed to other field systems for the specific purpose of creating filters or other protective regimens and allowing our team to identify origins of attack or degradation. We define “client IP address” as PII in association with DNS QNAME data. This would only take place as a means for Quad9 to defend itself from an attack that jeopardizes our ability to serve users.
How Does Quad9 Protect Your Data?
Quad9 supports encryption (three different kinds of encryption, in fact) so users have the option of keeping their queries from being observed by third parties. We strongly encourage everyone to use encrypted DNS transports - DOT, DOH, and DNSCrypt - with more on the way. Keeping casual interception and observation is a first step to privacy.
Quad9 naturally protects user data because we don’t even know who our users are. We urge all users to check out our transparency report for an in-depth view of how seriously we take user privacy and security.
This lack of insight into our end user community is a double-edged sword: it makes it impossible for us to understand the specific ways in which users utilize our services because we do not have a catalog of users or any way to associate actions with a specific user, company, household, or device. However, the benefits of this method outweigh the detractions. There is no information we keep on users, so many of the complex and expensive methods to protect user data are simply not applicable to our systems, as we do not store or transmit that data. This greatly simplifies our compliance overhead and reduces our costs for managing such a large infrastructure.
What Data Does Quad9 Collect?
Again: Quad9 does not collect any personal data. The keyword is collect - if we do not collect data on queries, all of the subsequent issues around storage, use, transmission, and third parties are negated. When your query reaches Quad9, we know the IP address from which your query is made - we need that to give you a response to your system’s DNS question. We drop that information at the edge of our network for all queries and log rough geographic information about queries. See our privacy policy for more detail on this. In addition, if you live in an area with less than 10,000 people, we resolve to the center of the closest city above the minimum population. Typically, this does not move outside a nation or country. We do this so we can understand where we need to deploy services and how our user community is spread out across nations and regions, and to ensure traffic is reaching the best-performing location (or correct the issue if it isn’t.) So there is some aggregate data that Quad9 collects for performance purposes, but this is not associated with specific queries.
The Data That Quad9 Collects
1. Information about blocked domains: This data we share with our threat intelligence (TI) providers is stripped DNS telemetry data that relates directly to the malicious domains provided to us via our TI partners. “Stripped” means no user IP address is associated with the collected data. In terms of collected telemetry data, this includes a timestamp, the query and type, and the approximate geography of the originating device. Quad9 details its collected telemetry in an open-source GitHub repository, which gives an example of each field collected for blocked domains. To be clear: we do not store or transmit a hash, or a translated IP, or any of the other methods that are commonly used for “anonymization” - we send no form of the IP address at all, to be compliant with the rest of our privacy rules.
2. Information about the DNS: We have other types of data that we collect and summarize, but that information does not comprise individual queries. For instance, we track in an estimated model how many times a particular domain name has been queried or how many times we get certain types of failure codes, or what the volume of traffic is from various ISPs, but these aggregated counters are not in any way associated with information that could be in any reasonable way tied back to an individual user or a specific query.
Funding of Quad9
Understanding funding is also a key to understanding motivations for privacy. Quad9 is a nonprofit foundation based in Switzerland that is not managed or governed by anyone other than itself. Our founding sponsors (Packet Clearing House (PCH), IBM, and the Global Cyber Alliance (GCA)) were the original donors and sponsors to get Quad9 “off the ground” and all three are still active participants in Quad9’s ongoing operations and/or advisement. However, Quad9 is funded by many other organizations and participants, and it continues to pursue other grants and partnerships to cement our ability to continue with sustainable expansion and delivery of services.
Quad9 has received grants or engages in active partnerships with the European Union, Craig Newmark Philanthropies, the Swiss FDFA, ISOC, the Open Technology Fund, Switch.ch, and many others, as well as a huge number of individual sponsors who have generously donated to us over the years, or who have given us their time to help in our efforts in the ways that they can. Our return to these organizations is typically in the form of reports on how we have spent their funds or specific goals in turning up new locations, protecting new communities, developing new resources for researchers, or providing summary data on the DNS as we see it. None of these organizations receive any personally identifiable data and, in fact, all of them are quite enthusiastic about our privacy model and treat that as a fundamental basis for supporting our mission in the first place.
In addition to sponsors for capital resources to pay for equipment, staffing, legal, and other needs, Quad9 also has many partners who provide us with “in-kind” donations, which are what keeps the platform operating. PCH, EdgeUno, i3D, Path Network, Equinix, and many others have given Quad9 space, power, Internet transit, and in some cases equipment which have helped power our global network.
None of these in-kind partners receive any data or information from Quad9 as part of their agreements. They believe strongly in Quad9’s mission and have the understanding that a trusted, safe Internet is to the benefit of their users and their own commercial activities.
The TI providers we work with do receive notifications about when their blocklist items are being hit, but that “ping” they receive contains no PII. This stripped-down data we send to the TI providers is instrumental in their ability to improve and understand the threat data they send to us, and this, in turn, makes our protective abilities even more useful.
We do share other aggregated data (again, no personal data) with some partners or researchers for the express purposes of improving security and performance of the DNS. This aggregated data is highly summarized, and we see no way that it would be possible to reverse-engineer that data to obtain any useful user-specific data. As Quad9 grows, we are finding that there is an interest in some of our aggregated data to help threat-hunters and researchers. as well as a need for our ability to complete grants or sponsorships which have outcomes that rely on our contribution of summary data like::
-
BGP data: Quad9 has views of the global BGP tables at hundreds of locations; this is a topic of interest for anyone who is trying to find BGP hijacks, detect instabilities, or discover routing inefficiencies.
-
Newly Observed Domains: A significant portion of the new domains that are registered every day are used for phishing, ransomware, or other malicious purposes. Quad9 answers queries for these new domains, and threat hunters and researchers can utilize that to create protective results that can in turn be fed back into Quad9’s blocking filters.
-
Authoritative nameserver performance: Quad9 is well-positioned to know the speed of replies from authoritative nameservers that answer for the world’s domain names. This permits us to help improve the overall speed and stability of the DNS in general.
-
Error sets: The DNS is exceptionally robust, but still errors happen across the many trillions of messages transmitted every day. Quad9 can provide researchers or operators insights into those errors at scale, to understand and resolve issues faster.
All of these data sets are on the “public” side of the DNS - they are summaries or results of our network and our performing queries for millions of end users, but they are in no way attributable to specific users.
The Takeaway
As a result of using our DNS services: your personal data is not being collected or resold, and your overall security is being improved. In fact, by using Quad9, users are contributing to increased Internet safety by helping cybersecurity researchers improve the overall security of not just Quad9 but other networks, people, and devices. Ultimately, our interests are aligned with end users and not with commercial outcomes. We hope that we can keep your trust and make the DNS better for everyone.
About Quad9
Quad9 is a nonprofit foundation based in Switzerland that provides free cybersecurity services to the emerging world via secure and private DNS lookup. Quad9 operates over 245 locations across more than 115 nations, blocking hundreds of millions of malware, phishing, and spyware events daily for an estimated 100+ million end users. Quad9 reduces harm in vulnerable regions, increases privacy globally against criminal or institutionalised interception of Internet data, and improves performance in under-served areas.
