I had it on my list to switch to NextDNS, but following this topic, I’m not sure anymore.
What’s wrong with Cloudflare 1.1.1.1 DNS resolver? I just read their privacy policy and it seems fine to me, but it’s never recommended here. Why is that?
Central point of failure located within the US jurisdiction (just a guess).
So, the risk of backdoor access is the concern?
Cloudlfare is recommended on the website. I use Quad9 though.
2 Likes
I don’t think anything is wrong with it, I just wouldn’t make it my first recommendation. DNScrypt is the best because you can utilize the anonymized DNS feature. But Cloudfare would be a much better option than Google DNS.
2 Likes
Whats wrong with cf as a whole isn’t much from privacy perspective, although they do track stats ie radar.cloudflare.com
But its more from the perspective that they’re too big, sort of becoming a monopolistic now. Not thats they’re forcing anyone to use their dns, but they’re the default goto for anyone looking to host anything on the internet because they’re very generous on their free tier, undercutting every competitor.
They’re the gargantuan of low level internet similar as google are the gargantuan of front facing internet. Anyone looking to expose their local service and to port forward will use cf zerotier, anyone looking to host public facing services without being bombarded with bots will use cf for their free cdn and free waf.
Their waf used to be super annoying to tor and vpn users, endless looping traffic lights and fire hydrants and giraffes and whatnot when they still use hcapcha back then. Its now more toned down and manageable with their current in-house solution, that click to proceed tick box thingy. Although for tor users, the looping is still there even with the current solution. Its problematic since cf are everywhere.
From privacy perspective, cf as a domain registrar aren’t fully private since whois for domain registered with them will just be redacted, not replaced. Redaction are default from registry since the eu gdpr and cf just show them as it is, and its still not sufficient to be 100% private from the public. Depends on tld, region and city of domain registrant would be shown. Since icann required registrant to give accurate details, its almost guaranteed those shown info are correct unless registrant lied and risk losing their domain when cf finally do their kyc as part of icann requirements to them as registrar. I rather not someone pinpoint my exact city and region from my domain whois records.
I may be nitpicky, but i don’t really adore cf.
3 Likes
If you register a domain in your own name, it should be less of an issue, especially if you pay it with a credit card also in your own name.
While the rest of what you say is true with regards with CF being too big, for big tech, they seem to be competent at what they do, hence the huge market share. And they seem to do “more good” rather than “less harm” is the impression I get from them.
2 Likes