SNI is majority clear-text today, so your ISP can collect the sites you are visiting and not just their IPs even with TLS. Hopefully that changes soon.
Your point about cloudflare having even more access to your browsing details than the list of sites you have visited that your ISP can collect is a good point. It is kinda crazy how so many companies are OK with a 3rd party terminating TLS for them. And, back on the first point, most sites that do support ESNI today are behind Cloudflare (makes your point even stronger).
But, still, Cloudflare would have to be snooping on content to correlate identity (at Cloudflare scale, that means they would have to already be targeting you), while your ISP already has it.
For me personally (stuck with Verizon which is known to snoop and sell data), I prefer "trusting" Cloudflare until they are shown to be a bad actor like Verizon too.
Your point about cloudflare having even more access to your browsing details than the list of sites you have visited that your ISP can collect is a good point. It is kinda crazy how so many companies are OK with a 3rd party terminating TLS for them. And, back on the first point, most sites that do support ESNI today are behind Cloudflare (makes your point even stronger).
But, still, Cloudflare would have to be snooping on content to correlate identity (at Cloudflare scale, that means they would have to already be targeting you), while your ISP already has it.
For me personally (stuck with Verizon which is known to snoop and sell data), I prefer "trusting" Cloudflare until they are shown to be a bad actor like Verizon too.