[vavrusa]

Cloudflare publishes transparency reports https://www.cloudflare.com/transparency/

It also promises not to store your IP associated with the DNS requests https://developers.cloudflare.com/1.1.1.1/commitment-to-priv... so the law enforcement would have to ask Cloudflare to install a wiretap device.

If you're this worried about being traced, it's probably best not to disclose your IP address at all https://blog.cloudflare.com/welcome-hidden-resolver/

[jopsen]

And they would have to hide such a wiretap device from auditors.

Moreover, cloudflare would be in a legal minefield since Mozilla would likely have standing to sue, if cloudflare violates its own terms of service.

[nickpsecurity]

Let me be more specific: they might be fined out of existence and/or executives do prison time if they don't comply. They'll also be told to lie to preserve both the collection method and their businesses' success. Read the Lavabit case records to see FBI doing that. So, they'd be forced to comply and lie to you about it in that scenario. In such a scenario, faking transparency reports would support the lie and/or do some good showing they're stopping other threats. It's not all or nothing despite forced backdoors.

So, you basically have to believe the US-based company you trust won't take 8-9 digit bribe, will accept bankruptcy, and/or has people who will do time for your privacy. I don't trust anybody running for-profit companies to do that except for maybe Levison. Even he might change after weighing damage he received vs probably no benefit of principled stand. Maybe he'll stay in the fight, too. Who knows. I do know Cloudfare has financial incentives to take massive investments and/or avoid massive losses. Might work against users at some point.

To be clear, Im a big fan of Cloudfare. They're awesome. There's just upper limit of trust since they're profit-motivated operating in a quasi-police state (ie a Dual State).