I am a Linux user. I have changed the Wi-Fi connection settings in the operating system to set up Cloudflare’s DNS servers in order to bypass the blocks imposed by my internet service provider. Could this affect my privacy when browsing with the Tor Browser?
I doubt it very much. From everything I read in these forums, DNS is done at the exit node to avoid the situation you just described. If I am wrong, can somebody post here.
Yes, BobbyB has it right: Tor Browser should send the DNS lookup through the Tor circuit, so your Linux Wi-Fi DNS setting should not decide which resolver sees the sites you open in Tor Browser. The important bit is to keep Tor Browser’s proxy/DNS settings at their defaults and not add extensions or system proxy tweaks around it. Cloudflare DNS can still see DNS from your normal non-Tor apps, so if that is only for bypassing ISP blocks it is a tradeoff rather than a privacy improvement.
Always remembering that normal DNS is unencrypted UDP so your service provider “knows” if it sniffs. There is a way to make Linux to use DoH (DNS over https) as a default but that has to be set up. Search for “make system use https for dns in linux”. Same for Windows.
So you select Cloudflare. Now Cloudflare knows what domains you search for. Do you trust them with that info? You could use Google’s 8.8.8.8 or IBM’s 9.9.9.9.
No matter who you select it’s the same question. Do you trust them with that info?
One small distinction: DoH is worth thinking about for your normal Linux apps, but I would not try to “improve” Tor Browser by changing its DNS/DoH settings. With the default Tor Browser setup, name resolution for websites is part of the Tor circuit; changing browser internals or adding extensions is more likely to make the setup unusual than to add privacy. So: Cloudflare DNS affects your non-Tor traffic; Tor Browser should stay default.
Tor Browser doesn’t use system DNS server in any way. When you access a clearnet website in Tor browser, Tor sends DNS request from an exit node instead of directly query your system DNS server.
The only concern that’s remotely relevant is that, if you try to download Tor browser with clearnet browser, you tell your DNS provider that you’re downloading Tor browser. Also any other apps not using Tor would tell your DNS provider what you’re accessing.
Encrypted DNS (DNSCrypt/DoT/DoH/DoQ/ODoH/etc.) hides DNS queries from on-path passive adversaries (eavesdroppers) but won’t hide it from Cloudflare. Though Tor browser doesn’t have (removed) DoH configuration in the settings, so you can’t mess that up and accidentally leak your DNS queries to any DoH server.