> using anything but your ISP's DNS decrease privacy
Using your ISP's DNS decreases privacy. I assume you mean that because UDP/53 DNS is unencrypted, if you switch to another DNS provider, then both the ISP and the new DNS can see your requests? In which case I present to you DNS over HTTPS
How can your ISP route the traffic if according to you it doesn't know where it goes? You need a VPN if you want to hide your traffic destinations from your ISP... not encrypted DNS
The DNS lookup would be encrypted. The IP would of course not be. This means the ISP would be able to see the IP but not domain [1] of your destination.
Basically every single site hosted on any CDN or other cloud host. What's the percentage of people that host their site on dedicated links? Probably a decent percentage, and probably the big 10 sites, but maybe not as many of the others..?
Though as mentioned this is moot due to SNI, in most cases :(
> Also, I remember reading something like HTTPS was leaking URLs...
My ISP's (spectrum) DNS is trash. Not only is it slow, it hijacks misses and redirects to their garbage landing page. And I'm sure they snoop in me and sell data all the same.
Not all users. ISPs around my part of the world do not behave as badly as US ISPs seem to. Most (although I actually believe it is all) ISPs in my home country do not do anything special to DNS lookups. This means there is literally no benefit to using an off-shore DNS resolver such as those provided by Google, Cloudflare, et al. It just makes DNS lookups slower for us.
It would not increase unless you are switching away from a third party DNS. Whether you use Comcast's DNS or not, they know the sites that you visit... If you use Google as your DNS, then Google also knows.
