Cloudflare obtained the 1.1.1.1 IP address from APNIC under a research agreement in which Cloudflare shares DNS query data -- including query names, query types, resolver location, and other metadata -- with APNIC Labs for "non-profit operational research." The agreement has an initial five-year term with renewal. APNIC may publish aggregated analysis at any time and share research data 12 months after receipt. Cloudflare strips client IPs before sharing, but the foundation of the "privacy-first" DNS service is a data-sharing arrangement. The address itself was the price for the data.

Google has never submitted its DNS privacy claims to an independent third-party audit. Cloudflare uses KPMG. Quad9 operates under Swiss privacy law with published transparency reports. Google asks users to trust its self-reported data separation within a company that earned $350 billion in 2024 (77% from advertising) and was sued by 50 US states for deceptive location tracking practices (settled for $391.5 million in 2022). Google paid $5 billion to settle the Chrome Incognito Mode class action in 2024, in which plaintiffs proved Google tracked browsing activity it promised not to track. The claim that DNS data is siloed from ad data rests entirely on Google's word.

Privacy Guides confirmed that when a user creates a NextDNS account, logging is enabled by default with a 3-month retention period on US-based servers. Users must discover this setting and manually disable it. The privacy policy's claim that no data is logged "if not specifically requested" is misleading -- creating an account is treated as the request. The default configuration of a service marketed for privacy collects and stores 3 months of complete DNS query history, including every domain every device on your network contacts, before a user takes any action to change it.

In June 2021, the Hamburg District Court in Germany issued an injunction against Quad9, ordering it to block DNS resolution of a domain. The Leipzig Regional Court extended this to global blocking in March 2023. While Quad9 won on appeal in December 2023, the Hamburg court issued a EUR 10,000 fine for alleged non-compliance during the proceedings. France ordered DNS blocking of pirate sports streaming sites in May 2024, extending demands to Quad9. Italy filed similar demands. Swiss privacy law protects the data Quad9 holds (which is minimal by design). It does not prevent EU courts from ordering Quad9 to stop resolving specific domains on servers located in EU countries.