Comment by bastard_op

The article is not wrong, it's exactly what they're doing, but so does Google with their 8.8.8.8 servers, and you thought Google was doing it out of the goodness of their hearts (after they removed the do not be evil clause).

At least Cloudflare offers their 1.1.1.2 and 1.1.1.3 resolvers with built-in content filtering or full adult content filtering as as unfiltered 1.1.1.1, which is better than others. Normally folks pay Cisco OpenDNS or other enterprise-y products for this, and I applaud them doing it in general, for free. I'd set my mother to use it if something I had to do still. Cloudflare is probably one of the less-evil companies today, and is a good engineering company if you follow their blogs.

Apple is actually worse in that they forced an entire DNS AND Web Proxy solution to get ALL traffic every apple users do in the name of "privacy", but in the end it's really more for their marketing and analytics they can sell at will. Funny Google tried to offer a VPN service and everyone shunned it, but Apple people just drank the kool-aid as something nice Apple did just because they're a lovely company like that.

As the security guy that runs enterprise firewalls, I tend to block the Apple's VPN/proxy stuff as proxy-avoidance by default, which creates a ton of noise in terms of denied apple proxy and doh drops, but it keeps them using my internal dns and internet that I can see when l-users happen to get themselves infected and start exfiltrating data to China. Otherwise with Apple's VPN/Proxy privacy bs, I have no ability to see or stop it, and neither do their users. Thanks for the fish Apple.

I just assume all VPN companies do this now as their real revenue stream.

I also happen to do work for Firefox's primary advertising partner, and I can tell you it brings me no comfort as a Firefox user myself.