> Sure, but "CloudFlare can see my data but my ISP can't" is strictly better from a privacy perspective than "CloudFlare and my ISP can both see my data".
But that's not really the trade-off here, it's about sharing data with Cloudflare that would not necessarily end up there if you were using services from your local ISP. Whether this is a good idea is more complicated. It depends on how ISPs are regulated and what they actually do with user data. Cloudflare's services, being optional in nature (the website operator or the end user chooses to use them, but not necessarily both at the same time), are likely to be less constrained by law, particularly if you are not a resident of California.
Or put differently, it's far easier to say “you shouldn't have used Cloudflare if you don't agree with their business practices” than “you shouldn't have browsed the public Internet if you don't agree with your ISP's business practices”.
This gets into my third category now. There are a ton of choices for DoH servers, and I doubt there's anyone who would consider all of them to have unacceptable privacy policies/practices, while also considering it okay from a privacy standpoint to use their ISP's DNS servers.
But that's not really the trade-off here, it's about sharing data with Cloudflare that would not necessarily end up there if you were using services from your local ISP. Whether this is a good idea is more complicated. It depends on how ISPs are regulated and what they actually do with user data. Cloudflare's services, being optional in nature (the website operator or the end user chooses to use them, but not necessarily both at the same time), are likely to be less constrained by law, particularly if you are not a resident of California.
Or put differently, it's far easier to say “you shouldn't have used Cloudflare if you don't agree with their business practices” than “you shouldn't have browsed the public Internet if you don't agree with your ISP's business practices”.