Key Takeaways
- Cloudflare launched 1.1.1.1 on April 1, 2018—exactly eight years ago
- Latest independent Big 4 audit confirms privacy protections work as promised
- Core commitments: no selling data, no ads, IP anonymization within 25 hours
- As of 2026, no other major public resolver has had privacy practices independently examined
On April 1, 2018, Cloudflare announced something unusual: a public DNS resolver designed to be both the world’s fastest and the world’s most private. Eight years later, the company has released the results of its most recent independent privacy examination—a voluntary audit that no other major DNS provider has undertaken.
What the Audit Actually Checked
Cloudflare engaged a Big 4 accounting firm to conduct a comprehensive examination of 1.1.1.1’s privacy controls. Unlike typical compliance audits that tick boxes against established standards, this examination sought to answer a specific question: does Cloudflare do what they say they do?
The examination covered several months and required contributions from multiple Cloudflare teams. Evidence demonstrated that:
- Source IP addresses are anonymized and deleted within 25 hours
- No personal data is sold to third parties or used for advertising
- The system only retains what’s being asked (the domain), not who asked it
The full examination report is available on Cloudflare’s compliance resources page.
The Transparency Gap
Cloudflare called on other DNS providers to undergo similar examinations in 2020. As of April 2026, no other major public resolver has done so. This is noteworthy given that billions of DNS queries flow through public resolvers daily, and users typically have no way to verify providers’ privacy claims.
The 2024-2025 examination comes at a time when Cloudflare’s technology stack has grown significantly. The company migrated 1.1.1.1 to Big Pineapple, an entirely new platform that powers their DNS infrastructure. The examination verified that privacy commitments held up through this architectural transition.
What the Audit Does (and Doesn’t) Cover
Important distinction: this examination focused exclusively on privacy commitments, not on all aspects of how Cloudflare processes DNS data. Cloudflare transparently acknowledges that uses have evolved—including powering Radar, the company’s internet observatory—which changes how anonymized transaction logs are handled.
As noted in the original 2020 examination announcement: randomly sampled network packets (at most 0.05% of traffic) are used for network troubleshooting and attack mitigation. These samples include query IP addresses for operational security purposes.
Cloudflare also clarifies that its Privacy Policy commitment stands: information collected from DNS queries will not be combined with any other Cloudflare or third-party data in ways that identify individual users.
For Users and Operators
What does this mean in practice? If you’re currently using 1.1.1.1, the audit confirms the privacy protections work as described. If you’re evaluating DNS providers for your organization, this examination represents a level of transparency that competitors haven’t matched.
Configuration remains simple. Use 1.1.1.1 and 1.0.0.1 (IPv4) or 2606:4700:4700::1111 (IPv6). Cloudflare also offers 1.1.1.2 for malware blocking and 1.1.1.3 for malware and adult content filtering.
The Broader Context
DNS privacy matters because your DNS queries reveal what websites you visit, even when HTTPS encrypts the actual content. A DNS provider that logs and monetizes these queries creates a comprehensive browsing history that can be monetized, subpoenaed, or breached.
Cloudflare’s approach—technical measures to limit data collection combined with independent verification of those measures—serves as a benchmark. The question remains whether other providers will follow suit.
As Cloudflare notes: “We believe every user, whether they are browsing the web directly or deploying an AI agent on their behalf, deserves an Internet that doesn’t track their movement.”
Sources
Our ongoing commitment to privacy for the 1.1.1.1 public DNS resolver — Cloudflare Blog
Compliance Resources — Cloudflare
1.1.1.1 Documentation — Cloudflare Developers
— The Stack Observer