[tempz]

I cannot begin to understand how is it better to reveal your DNS access patterns to the global company like Cloudflare, as opposed to revealing them to your local ISP?

Who do you think can smoother monetize your data - your local ISP or Cloudflare? Or maybe Cloudflare solemnly promised never to do it?

If an effort is to be taken, the best thing is to run your own DNS resolver that will query root servers and follow the chains directly.

[stordoff]

It's fragmenting the data - CloudFlare _only_ gets your DNS data, whereas your ISP has DNS, content of non-HTTPS traffic (Cloudflare gets a non-zero percentage of this anyway), billing information, real identity etc. Your ISP can _immediately_ tie your DNS records to a real identity (or a member of your household at the very least), whereas CloudFlare can only make inferences from the data and the source IP location. It gives two companies an incomplete picture, rather than one knowing EVERYTHING. CloudFlare promise to not do so is also a non-zero consideration - it's clearly unenforceable/you would never know, but the mere promise is probably better than many ISPs.

I'd also say most users' ISPs are probably are global companies (or at least national) anyway.

> the best thing is to run your own DNS resolver that will query root servers and follow the chains directly

Only if the first step is also encrypted. If it is plain DNS, then your ISP can see the requests almost as easily as if going to their own servers (or transparently redirect the requests to their servers).

[bo1024]

I assume it has something to do with how easy it is to connect your data with other aspects of your identity. Presumably with an ISP it is associated with the name of the subscriber, whereas there is some chance with other DNS servers that this is untrue.