[stordoff]

It's fragmenting the data - CloudFlare _only_ gets your DNS data, whereas your ISP has DNS, content of non-HTTPS traffic (Cloudflare gets a non-zero percentage of this anyway), billing information, real identity etc. Your ISP can _immediately_ tie your DNS records to a real identity (or a member of your household at the very least), whereas CloudFlare can only make inferences from the data and the source IP location. It gives two companies an incomplete picture, rather than one knowing EVERYTHING. CloudFlare promise to not do so is also a non-zero consideration - it's clearly unenforceable/you would never know, but the mere promise is probably better than many ISPs.

I'd also say most users' ISPs are probably are global companies (or at least national) anyway.

> the best thing is to run your own DNS resolver that will query root servers and follow the chains directly

Only if the first step is also encrypted. If it is plain DNS, then your ISP can see the requests almost as easily as if going to their own servers (or transparently redirect the requests to their servers).