They are however exposed to vast amounts of malicious content and, in my opinion, any mass-market resolver that does not block access to such content by default is not fit for purpose.
The issue is probably the definition of “malicious content”. While I suspect most people would agree that redirecting (“lying”) about phishing, botnet c&c, and malware distribution domain names would be fine, where does the line get drawn and by whom? What other content would result in the DNS filtering hammer being brought down? CSAM domains? Hate speech domains? Intellectual property violations domains? Embarrassing-to-those-in-power domains? Etc. Without more detail in how filtering would be implemented, it is natural for folks to raise eyebrows.
In addition, for citizens of countries covered by GDPR, accessing a resolver located in the same jurisdiction is beneficial as it doesn't then export personal data elsewhere - US-based resolvers have the disadvantage of falling under the US CLOUD Act and FISA 702.
True, however it may be worth noting that “legal intercept” applies in the EU even with GDPR and I’ve been told it is in some ways easier for local law enforcement to gain access in the EU jurisdictions than it is in the US.
As far as protection of intellectual property is concerned, it seems reasonable to me that Internet companies comply with court orders in the same way that other companies have to do so: despite the assertions of cyberlibertarians, the Internet is not a separate place beyond the reach of national legislation.
Trotting out “cyberlibertarians” seems like a strawman to me. Intellectual property disputes can be very complicated (e.g., definitions of jurisdiction, applicability, and actor location) and DNS-based redirection tends to be a very large (and frequently easily avoided) hammer.
This is just as well, otherwise we'd still be prey to the whims of surveillance capitalists and not protected by GDPR etc.
I know that one of the drivers of the DNS4EU project was to improve the resilience of Internet infrastructure given the way that increased centralisation has weakened this over the last few years.
Last I heard, there are over 3 million open resolvers in the IPv4 address space. Harder to scan the IPv6 address space of course. Has there been consolidation of use of open resolvers? Sure. However, the “stickiness” of DNS resolvers is very low and the options if you don’t like what a particular resolver operator is doing are so numerous, I find it a bit difficult to get worked up about it.
Just as with the CIRA and TWNIC national resolver efforts, personally, I’m in the “meh, sure, why not?” camp as long as use of a particular resolver is not mandated. More is better and depending on implementation, I figure there can even be benefits to the general health of the DNS. It will be interesting to see how DNS4EU evolves.