A few days ago, the Government of Kazakhstan passed a law allowing it to apply with the help of SSL certificates signed by the government all https traffic from all (or almost) Internet Service Providers. For example, when you visit https://google.com, your browser warns you that the certificate is not approved and that you must trust these certificates or install them manually.
In short, you use government-issued certificates to encrypt your traffic, which is then decrypted again at the ISP level to be encrypted again by the service provider. original certificates (valid) before being sent to the websites you access. Which basically means that ISPs can do what they want with your data as if you were using HTTP from the beginning.
As far as I know, one solution would be to use a trusted VPN service. However, this greatly aggravates the experience of use and essentially requires you to trust the VPN provider (that the majority does not care to check).
So my question is: if I had to change my DNS to say,
Cloudflare, will it prevent my ISP from acting as an intermediary?
Edit: if that does not help, what can I do to protect my privacy?