One point to support this is that any "privacy" offered by DoH is generally defeated by the TLS SNI extension exposing cleartext domain names on the wire. (Exception being use of ECH-enabled browsers^1 to access Cloudflare-hosted websites that support ECH. But even then, there is no privacy from Cloudflare. HN commenters have historically acknowledged Cloudflare is itself a "MITM".)

1. Test: https://defo.ie