Quad9 collects:
- Aggregate count of IPv4 queries per site
.....
- Aggregate count of queries matching each blocked domain per site, for queries which are directed to the malware-filtering addresses.
In the future, Quad9 may also count aggregate number of queries matching blocked domains by origin AS, but there’s no active project to implement that.
As any other centralised service, a DNS resolver will implicitly collect and pass on any traffic that goes through it.
DNS has no protections against that, and I believe it was never the point of the protocol that it does. Integrity is a bigger issue and there are many examples where it is actively being violated - this is at least partially addressed by DNSSEC.
The question is what happens with the data. Deleting it right away would be a good start, and I'm pretty certain Google isn't doing that. Quad9, as you explained, is at least saying they don't keep any individual records, but collect aggregate information.
While you’re right, that has no bearing, since the labels aren’t being collected.
In the end, this is a question of who you trust and who you don't.
I'm not sure if switching from one centralised service to another is a good idea, but my initial complaint was more directed at the fact that an ISP is delivering data about a customer's habits to the one of the biggest service providers on the planet on a silver platter, and without their customer's consent to boot. That's not ok.