Using Cloudflare with PIA? Privacy/Security

[tippytipper]

Hi I recently switched to using Cloudflare for my DNS Resolver. I like the snappy response and the privacy from my ISP.

 

I understand Cloudflare is not a VPN, but what happens if I use PIA while Cloudflare is being used for my DNS?

 

Will Cloudflare see my address requests while PIA is active?

 

In the PIA program under Settings and Network, the DNS is always set to PIA DNS.
So will this override my Cloudflare setting in my OS's network options? I'm guessing it does?

 

And what if my router is set to use Cloudflare, how would PIA work, I'm guessing everything would still go through the PIA software?

I'm hoping someone may know?

p.s. I know I could user PIA all the time, but I find my overall internet is slower; I find Cloudflare is a handy layer for a bit more privacy without having to use PIA all the time.

[Levent]

2 minutes ago, tippytipper said:

but what happens if I use PIA while Cloudflare is being used for my DNS?

dnsleaktest.com check to see if your DNS requests are coming from cloudflare or not. If you are using unencrypted DNS, technically they can sniff them out but this is the case with every other unencrypted dns.

 

If you arent using DNS-over-TLS or DNS-over-HTTPS this is not the case.

3 minutes ago, tippytipper said:

I find Cloudflare is a handy layer for a bit more privacy without having to use PIA all the time.

[tippytipper]

Thanks @Levent 

 

I ran the dnstest with PIA switched off and the ISP listed as Cloudflare.

I then enabled PIA, refreshed the page and repeated the test, and the ISP was also listed as Cloudflare.

 

But then I remembered that I had also enabled DoH in Firefox.
So I disabled that, then I ran the dnstest again and the ISP was listed as Cogent Communications.

 

So as long as DoH is not enabled it looks like PIA handles DNS.

And I would guess this is the same with any other software that could override the DNS at a different level.

 

If I disable DoH in my browser it means I can just switch on PIA and know that my DNS queries run through PIA; otherwise they will use the DNS as configured in my OS.

But without DoH Encryption is using Cloudflare still an advantage? I'm guessing yes, but potentially those unencrypted requests could be intercepted by reading the raw data?

 

 

[Levent]

Just now, tippytipper said:

But without DoH Encryption is using Cloudflare still an advantage? I'm guessing yes, but potentially those unencrypted requests could be intercepted by reading the raw data?

Nope. Without DoH or DoT you are basically using any other DNS, be it google or adguard.

[tippytipper]

7 minutes ago, Levent said:

Nope. Without DoH or DoT you are basically using any other DNS, be it google or adguard.

Thanks again @Levent 
Even though the data is not encrypted, I suppose the only difference is the data would go to Cloudflare and not my ISP?
And as Cloudflare delete the data after 24 hours there is at least some extra privacy layer?

 

[Levent]

31 minutes ago, tippytipper said:

Thanks again @Levent 
Even though the data is not encrypted, I suppose the only difference is the data would go to Cloudflare and not my ISP?
And as Cloudflare delete the data after 24 hours there is at least some extra privacy layer?

 

Probably, however around my part of the woods ISPs are known to meddle with unencrypted DNS for government level blocks.

[tippytipper]

1 hour ago, Levent said:

Probably, however around my part of the woods ISPs are known to meddle with unencrypted DNS for government level blocks.

Aha, thanks again, good to know.
 

I suppose if I left DoH on in Firefox and happened to enable PIA the worst is that the DNS data would still go through Cloudflare, but then be deleted within 24hrs.