On 9/27/2019 12:23 PM, Florian Weimer wrote: [...]>> So currently DoH is strictly worse. > > Furthermore, you don't have a paid contract with Cloudflare, but you > usually have one with the ISP that runs the recursive DNS resolver. > > If you look at > > <https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/> > > you will see that the data is shared with APNIC for “research”: > > | Under the terms of a cooperative agreement, APNIC will have limited > | access to query the transaction data for the purpose of conducting > | research related to the operation of the DNS system. > > And: > > | Specifically, APNIC will be permitted to access query names, query > | types, resolver location > > <https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/> > > Typically, APNIC will only see a subset of the queries if you use your > ISP's DNS resolver (or run your own recursive resolver). > > Cloudflare only promises to “never sell your data”. That doesn't > exclude sharing it for free with interested parties. It is probably worth pointing out that Firefox's use of Cloudflare's DoH endpoint is governed by a different policy outlined here:
https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/ Per that policy, other third parties can only get the data with Mozilla's written permissions. And APNIC (or any other third party) is not mentioned. Kind regards Philipp Kern
