Even if you distrust Cloudflare or think they're not secure against breaches, it's still a massive security and privacy upgrade over using your ISP's DNS servers, which will pretty much always leak sensitive information about your connection (potentially leading to deanonymization while using an anonymizing service) and send/receive everything in unauthenticated plaintext.
And in addition, your ISP likely is less trustworthy and less secure against breaches (even if you aren't using Comcast, Verizon, or AT&T) than Cloudflare. But again, even if you don't trust them, this would still be the best move for security.
Plus it's a big latency decrease and performance boost for most or all users.
Sure it has some advantages, but it has disadvantages too. It really erodes my trust in Mozilla that they did this without notification upon upgrade, and as opt-out instead of opt-in.
My ISP is trustworthy and is in my own city/country. Today I've discovered that all my DNS queries now go to a foreign company that I know nothing about, and did not consent to communicate with.
I'm all for encrypted DNS, but I'm not for my DNS server choice being silently overridden.
How do you feel that even with your isp your data still passes through servers in multiple countries before it gets to you? When you request to view a site it’s not a single hope from you to the server the site is hosted on.
Yes, but the parent comment you replied to was, I believe, referring to data leakage via DNS, not data leakage over HTTP requests. Two different things. What they were getting at is your ISP's DNS servers--and every DNS server hit along the path of resolution--know something about every request made by one of your devices when your devices route DNS through them. Assuming every request to domain.com is encrypted, your ISP may not know what you're sending to domain.com, but they do know you are sending data to domain.com because DNS is in the clear by default. This has led a number of ISPs to capture this information and use it for purposes a customer often does not know about, understand, or may object to--such as selling that information, using it for injecting advertising or hijacking requests, and other actions. What's worse is that many ISPs (in the US, at least) ensure this behavior can occur by requiring customers to use gateways/routers that are locked down to ISP DNS servers, and many of these devices prevent users from modifying the DNS servers used.
Encrypted DNS and devices like the Pi-hole provide end users a means of bypassing this behavior by avoiding ISP DNS servers entirely so even where you're trying to go isn't known by them.
Another big concern is privacy from the other side: if you're using Tor or an anonymizing VPN while visiting a website looking to deanonymize users, and the website owners see a DNS query to their nameserver from a Comcast DNS server somewhere in a midwestern state timed perfectly before your HTTP request coming from a Tor exit node or anonymizing VPN, they can potentially infer your broad location and ISP, and potentially narrow your identity down from there (especially if you ever visited that site, or an affiliated site or site that shares data with them, in the past without using an anonymizer), negating the purpose of the anonymizer.
If all they see is a query from 1.1.1.1 or 8.8.8.8, you could be anywhere in the world, using any ISP.
And your ISP can do this in an even more precise way. Customer makes DNS query for siteispsdontlike.com and then immediately sends a lot of traffic to a server registered to an anonymizing VPN company. That tells the ISP "this customer is visiting this 'suspicious' website, and also covering it up by using this specific anonymizer".
And the original GP was pointing out that they had carefully selected an ISP that they trust and wanted to use as their DNS provider and did not want the browser ignoring that...
We basically seem to both agree with the original GP. Things just got a little confused.
Who said the router on the network I'm connected to handed out a DNS server that was from my ISP? And why are you so sure my ISP is less secure & trustworthy than Cloudflare?
Although Joe Average won't know how to, most/all OSes let you pretty easily change your DNS server, you don't have to use your ISP's. But Firefox's UI to _not_ use Cloudflare is _way_ less straightforward.
Most/all routers let you change the DNS that's handed out, too, even the all-in-ones given out by the major ISPs still let you change the default DNS for the entire network.
But also somewhat common[1] is the router handing out itself as the DNS server, which is really important if you want local domains to resolve correctly. Firefox skipping straight to 1.1.1.1 means it won't be able to resolve my local network servers via name, which is stupid.
1: Maybe not common/used in home use sure, but definitely common in anything run by an IT staff.
- Removes all DNS leak privacy issues, for all Firefox users, automatically
- Removes all possibility for a MitM to view or corrupt DNS queries or responses, for all Firefox users, automatically
And Cloudflare claims to delete all DNS-related logs of Firefox users within 24 hours: https://developers.cloudflare.com/1.1.1.1/commitment-to-priv...
Even if you distrust Cloudflare or think they're not secure against breaches, it's still a massive security and privacy upgrade over using your ISP's DNS servers, which will pretty much always leak sensitive information about your connection (potentially leading to deanonymization while using an anonymizing service) and send/receive everything in unauthenticated plaintext.
And in addition, your ISP likely is less trustworthy and less secure against breaches (even if you aren't using Comcast, Verizon, or AT&T) than Cloudflare. But again, even if you don't trust them, this would still be the best move for security.
Plus it's a big latency decrease and performance boost for most or all users.