1. 3

  2. 2

    I still feel that this is an American issue and isn’t such a big issue in Europe where in ‘most’ countries you can trust your ISP to do the right thing. Another issue I have with forcing DoH is that the system DNS is no longer respected and now all your DNS requests are going to be collected by Cloudflare.

    1. 1

      collected by Cloudflare.

      Instead of speculating, see: https://developers.cloudflare.com/

      • Cloudflare will not retain any personal data / personally identifiable information, including information about the client IP and client port.
      • Cloudflare will retain only limited transaction data for legitimate operational and research purposes, but in no case will such transaction data be retained by Cloudflare for more than 24 hours.

      And this is audited:

      And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our practices annually and publish a public report confirming we’re doing what we said we would.

      1. 3

        Turning “trust us” into “we paid consultants a lot of money, so trust us” doesn’t change anything fundamental about the proposition. Even if Cloudflare want to do the right thing, they are set to be a single point of snoopage in terms of the network. Even if Cloudflare are doing the right thing, it may not matter – the NSA didn’t exactly tell Google or Yahoo when they tapped their infrastructure.

        Of course, your DNS requests always go somewhere, so there is always a trust relationship. You have to make an informed decision here about whether Cloudflare is a bigger risk than wherever you would normally get your DNS service from.