Just a FYI for Cloudflare fanboys, Cloudflare does break TLS to decrypt it, it's explained over here. I'm well aware that this is a serious accusation. Cloudflare is used in some products like Mozilla Firefox (for DOH as default provider, DOH itself is still in FF beta) among other critical apps. I already explained that the next crypto war is about TLS 1.3+ because some organizations trying to intercept into it, e.g. Avast, Cisco etc. Full security would (in this case) mean no encryption at all to see who really takes control or intercept into the traffic. However, there are things to mention before the drama starts: Cloudflare logs and deletes it after 24/48 hours. They call it not directly logging it's to "secure" stuff e.g. for DOS attacks etc. But you can't provide protection without logging because how else you know what is legitimate traffic and what not?! Cloudflare already documented it back in 2018. The problem here is that TOR, HTTPS itself are problematic and suffering some "design flaws". You can change the default DOH provider (if you use DOH) in Firefox. Other products are very similar you (in most cases) can manually change the DNS/provider. Self-hosting is not always better because this might leaves you open to attacks, because you forget to update your configuration, need to spend a lot of time for updates and migration related changes and in general can be problematic to build a strong configuration if you have no clue what you're doing. My advice is that you should review your provider from time to time, if your knowledgeable build your own infrastructure but make sure you are up-2-date. LibreDNS is a more trustworthy alternative.