What kind of contracts and understandings do we have with Cloudflare? What do we know about them aside from the fact that they protect scammers and spammers?
> What do we know about them aside from the fact that they protect scammers and spammers?
We know their DNS services have very transparently stated sound privacy policies that have been regularly audited by 3rd parties to verify compliance to promises made to users as well as Mozilla and APNIC which they partnered with for this. The worst finding to date from multiple years of service was Cloudflare did not initially mention 0.05% of all network packets in their network are temporarily logged to disk via sFlow sampling to help detect/manage DDoS and that would mean some DoH packets source IPs would be stored on disks during the time not just completely in RAM. I work at a network VAR, I've never seen a DNS resolver with an equally good privacy policy that is actually backed up by 3rd party verification. I have seen endless ISPs sell user data or abuse DNS for additional income and clearly state this in the very service contracts that specify you as the paying customer.
I mean it's your prerogative to dislike Cloudflare and not use them but when they have blogposts directly responding to "We knew there would be skeptics. Many consumers believe that if they aren’t paying for a product, then they are the product." https://blog.cloudflare.com/announcing-the-results-of-the-1-... the questions in your comment speak more to what you'd like to believe than what we actually know.
For example: Their contact information is in WHOIS for countless domains. If you send an abuse complaint to the address in WHOIS, you get a form response telling you to fill out a form on a web site, which is clumsy, slow, has tons of errors, and basically makes the whole process time consuming and arduous.
The form response implies but does not state that they ignore abuse complaints unless abuse is reported in their shitty web form. I asked repeatedly for clarification. They answered with bullshit and sidespeak and WOULD NOT ANSWER DIRECTLY for months.
In a nutshell: they don't want you to report abuse, and they make it hard on purpose, and they're assholes about answering simple, direct questions. Why? Because they make money from spammers and scammers.
They've told me that phishing sites they host that claim to be Adobe ("Flash Updaters") or Bank of America are exercising "free speech". They just don't want to be bothered.
And the whole "We don't host" bullshit: if you provide services on the Internet that contribute to stuff on the Internet working, and if you stopped providing those services, that stuff would stop working, YOU'RE HOSTING. It doesn't matter if it's just DNS, or if it's a caching proxy - you're still facilitating services on the Internet. But just listen to their absolute bullshit about how they "don't host", and you know they're shitty people.
That doesn't even touch on how they're intentionally stratifying the Internet by putting CAPTCHAs on everything and blocking the poor half of the world, and how, if they had their way, they'd be a monopoly that would re-centralize and completely stratify the whole planet...
If you're in the US, whatever you think your contracts and financial relationships say, your ISP is highly likely to be monetizing your DNS lookups already. It's hard to do worse than ISP DNS (and ISP DNS passive monitoring).
Is it known that the partner service provider is Cloudflare? At least that's a recognized organization, instead of a mysterious unnamed one as the Mozilla announcement made it sound. When that happens we have to assume the worst.
While I disagree, I support you having the right and ability to disable DoH on your own devices anyway. I just don't want middlebox operators to be able to forcibly prevent other people from using DoH from their own computers.
What kind of contracts and understandings do we have with Cloudflare? What do we know about them aside from the fact that they protect scammers and spammers?
Sorry, but that's not an improvement at all.