Cloudflare has confirmed, via an independent audit, that its 1.1.1.1 public DNS resolver operates in line with the privacy promises it made at the service’s launch.
The examination was carried out by the same unnamed Big Four accounting firm that reviewed the service again in 2020.
According to the internet giant, the review focused specifically on the privacy commitments tied to the 1.1.1.1 resolver, rather than the broader set of operational representations examined in the earlier assessment. Cloudflare said it began gathering evidence after the end of 2024, and that the audit process took several months and involved multiple internal teams providing documentation to the independent auditors.
The 1.1.1.1 resolver is Cloudflare’s public DNS service, launched eight years ago with the goal of offering both fast name resolution and strong privacy protections. DNS resolvers function as part of the Internet’s lookup system, translating domain names into IP addresses so devices can connect to websites and online services. Because DNS traffic can reveal what sites and services a user is trying to reach, privacy guarantees from resolver operators have become an important issue for both consumers and enterprises.
Cloudflare said the latest review was necessary because its infrastructure has changed significantly since the first audit. An entirely new platform that now powers 1.1.1.1 and other DNS systems has been built, increasing both the scale and complexity of the environment being assessed. In this context, Cloudflare sought another rigorous external review to verify that the privacy assurances it made at launch still hold in practice.
The audit confirmed three central promises:
- The company does not sell or share personal data from public resolver users with third parties, and does not use that data to target users with ads.
- Cloudflare retains or uses only the information needed to answer DNS requests, not data intended to identify the person making the request.
- Source IP addresses are anonymized and deleted within 25 hours.
Cloudflare also highlighted two caveats in its announcement. The first is that randomly sampled network packets representing up to 0.05% of all traffic, including querying IP addresses from 1.1.1.1 users, may be processed for network troubleshooting and attack mitigation. This is not new, and the company said it had already disclosed the practice during the 2020 review. The second is that the scope of the latest examination was limited to privacy commitments only. Cloudflare said that its handling of anonymized transaction and debug log data, referred to in the past as “Public Resolver Logs,” has evolved over time, including for uses such as powering Cloudflare Radar. The company assured that these changes do not affect personal information or personal privacy.
Cloudflare commented that, to its knowledge, no other major public DNS resolver has had its privacy practices independently examined in the same way. It also reiterated that it does not combine data from 1.1.1.1 DNS queries with other Cloudflare or third-party data in a way that could identify individual end users.
Leave a Reply