First sentence of the second paragraph: "As it was mentioned in the original blog post, our policy is to never, ever write client IP addresses to disk and wipe all logs within 24 hours. "

So, yes.

Thanks for confirming, suspicion is a must when it comes to onions. I'm already testing it, works like a charm.

socat TCP4-LISTEN:853,bind=localhost,reuseaddr,fork SOCKS4A:localhost:dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion:853,socksport=9050

openssl s_client -showcerts -crlf -connect localhost:853

getdns_query 1dot1dot1dot1.cloudflare-dns.com 127.0.0.1@853

forward-addr: 127.0.0.1@853#tor.cloudflare-dns.com

for the love of god. if you care about privacy...dont use this you are crippling the stream decoupling of the tor browser...how can you not get this? Its so obviously a stupid idea.

I'm well aware of what this does, and I have zero intentions to set it inside the tor browser.

CloudFlare is only ONE OF THE MANY upstream recursive resolvers I use to protect the queries for my CLEARNET traffic.