Hello everyone, since there are very few topics on this subject, I will try to explain how this service works to the best of my ability so that you don't pay for something that doesn't function as expected. Unfortunately, TP-Link doesn't provide any official documentation on how this service works or how each consumer can test if it's functioning properly.

First of all, for this service to work correctly, it's important to keep a few key points in mind:

1. DNS Settings in Deco App:
   In the Deco app, under the IPv4 (and/or IPv6 if active) section, the DNS settings should be left on Auto (using your ISP's DNS). Next, in the advanced settings, go to DHCP settings, and ensure the DNS field is left empty. This is essential for the proper functioning of the service.

2. Disable Privacy Features on Devices:
   For devices like iPhones, Android phones, etc., that use privacy features (such as Apple Limit IP Address Tracking and iCloud Private Relay), you must disable these privacy features for the Security+ web protection to work effectively. With these features enabled, the Security+ service becomes largely ineffective and fails to block malicious sites, likely due to iCloud Private Relay and IP address tracking limitations. This applies to other operating systems that employ privacy mechanisms as well.

3. Best Use Case for Security+:
   The most effective way to use Security+ is likely for IoT devices and similar, which typically do not have advanced privacy features. These devices benefit the most from the web protection service, as they are less likely to circumvent it.

4. DNS Filtering:
   The Homeshield service filters content based on DNS. Therefore, ensuring that DNS settings are correctly configured is essential for proper filtering and protection.

Key Considerations:

• Privacy Features Impact: Privacy features like those on Apple devices (e.g., iCloud Private Relay) can interfere with the web protection feature of Security+. These features anonymize or obscure traffic, preventing the Security+ service from effectively filtering malicious sites.

• Security+ for IoT Devices: IoT devices, which typically don’t have advanced privacy protections, are ideal candidates for Security+. These devices benefit from DNS-based filtering, blocking access to harmful sites.

• No Official Documentation: It’s unfortunate that TP-Link does not provide clear documentation on how Security+ works or how users can verify its effectiveness. This lack of transparency can make it difficult for consumers to know whether the service is operating as promised.

Testing Security+ with Test Sites:

To verify that the Security+ service is working properly and blocking malicious sites, you can use test websites such as WiCar.

• WiCar .  org: This is a widely used test site that allows you to check if your security system can effectively block dangerous or malicious websites. You can access WiCar and visit the test pages to see if the Security+ service correctly identifies and blocks harmful content. When visiting these test sites, if Security+ is working, you should be redirected to a warning page or portal provided by TP-Link, which will inform you that the site you are trying to visit is unsafe or blocked for security reasons.

• Portal Appearance: If the service is working, the portal should display a clear warning message, such as: "This website has been blocked due to a security threat" or "Warning: This site may harm your device." This page is generated by TP-Link's Security+ service and indicates that it is actively filtering malicious websites.

In conclusion, while the Security+ service is designed to protect users from malicious websites via DNS filtering, its effectiveness can be compromised by certain privacy features on modern devices. Disabling these features is key to ensuring that the service works properly, especially for IoT devices. Testing with sites like WiCar can help verify that Security+ is functioning correctly, and when blocking malicious content, the user should be redirected to a security warning page or portal.