I use Cloudflare's resolver, but I actually agree with this. I don't want every device in my local network ignoring my Pi hole or my custom DNS entries, I don't want the device of everyone in my country being subject to surveillance requests from the NSA (and Cloudflare is legally (if you call warrantless wiretaps legal) required to comply), and I don't like the centralization this brings.
If I recall correctly, this also breaks geographical-based DNS resolution?
> I don't want the device of everyone in my country being subject to surveillance requests from the NSA (and Cloudflare is legally (if you call warrantless wiretaps legal) required to comply), and I don't like the centralization this brings.
Agreed that this introduces additional centralization. Maybe Mozilla could work to with other third parties in different jurisdictions to see if there's interest to spin up additional DOH servers. That said, if your threat model includes the NSA then this would probably be far from sufficient.
As always, it's not "the NSA is targeting me specifically", it's "they're doing dragnet surveillance for potentially 'interesting' data and who knows how they'll choose to harass me".
There is literally no single country in the world I would like my data sent to than the US. Even China is preferable.
That depends. Cloudflare probably (did not check) uses anycast and thus their DNS servers are actually in the specfic region. This however does not change the problem of the legal authority still being in the US, as you pointed out.
If I recall correctly, this also breaks geographical-based DNS resolution?