Comment by bornfreddy
21 hours ago
I guess it depends on the situation then. My ISP doesn't pull such stunts and if they did, I would switch them in a moment. Fortunately others around here don't suck either. Cloudflare (or Google, or whoever) OTOH gets waaaay too much data from everybody. For my taste at least.
I'm glad your ISP doesn't do that, but there are a lot of people not as lucky as you, and we shouldn't deny them all a major increase in privacy just to avoid having you to change one browser setting.
Very true... I used to be with Sky here in the UK, and at the time they were running a transparent proxy on port 53. Changing DNS providers made no difference to the dnsleaktest results. Don't know if they still do that now.
I'm now with a different ISP, and anyway have PiHole handling DNS queries on most devices in our house. It forwards DNS requests to dnscrypt-proxy running on the same Pi, which uses Quad9 over DoH.
To me, that seems awfully trusting of Cloudflare.
Instead of sending all my DNS traffic to sketchy multinational corporation A, we'll send all my traffic to sketchy multinational corporation B?
Doesn't seem like much of an increase in privacy to me.
If you're using insecure DNS, then you have no choice but to let your ISP see all your queries. But if you're using DoH, you can choose from plenty (see https://github.com/curl/curl/wiki/DNS-over-HTTPS) of other DoH providers instead if you don't trust Cloudflare.
Frankly, the article is doing a lot of disservice (and should be removed in HN because of its grossly outdated information). As josephcsible pointed out, there are many, many options for DoH.
I change it to mullivad of course.
My ISP does, because the government tells them to. Yes western nation so it's not government censorship.