da_667I mean, any DNS provider can provide you with platitudes promising to not log your IP address or DNS queries, but you'll never actually know if they are or they aren't unless you see the server configs yourself. So there's that.
Cloudflare claims that they don't log PII, but then immediately say that the may hold on to personally identifiable query data for up to 25 hours.
https://www.cloudflare.com/privacypolicy/
They claim to do a lot of redaction in their dns-specific policies, but there is a lot of deliberate word usage. They don't story anything in non-volatile memory. The only capture ".05% of all traffic sent to Cloudflare’s network infrastructure" (but don't specifically mention their DNS infrastructure).
What I'm getting at is that if you didn't learn about how much companies value your privacy by the cascade of breaches over the past decade or the intelligence community leaks, then you weren't paying attention.
Also, several malware authors, and a number of new and aspiring frameworks use DoH as a C2 method. There's no clear communication from major DoH providers on how they plan on handling abuse of infrastructure. I brought concerns to cloudflare executives of known malware campaigns using their DoH infra, and they didn't give a shit.
All GNU social JP content and data are available under the