Note: This setup is both for my android and pc Edit: For those recommending paid services and selfhosting, I don't have the money nor resources for either. Also it seams some people are confusing my android setup with my PC setup so I'll write it down. Android: Brave(movies) + Ironfox, Search: Brave + DDG, VPN: Proton ( not always on), GPay = Cash, Auth= Aegis Auth, Pass: KeepassDX, PC: Firefox= Librewolf, VPN = No VPN (VERY slow internet), Search: Searxng + DDG, Pass: KeepassXC,
Your ISP can see what websites you visit. But even if you change DNS server it can still see that if you don't use either a VPN or DoH/DoT.
So it's a good idea to use DoH or DoT. It's an improvement but it's far from perfect because the DNS server you'll pick will see what site you visit, you have to trust them. And your ISP still has other ways to see which site you visit.
They can still see what sites you visit even with Secure DNS though. That only blocks your ISP from seeing what domain names you're connecting to, but they can still see the IP addresses. It's useless, unless you're using a VPN in which case it is worse for your privacy as it makes you more identifiable than just using your VPN's DNS.
Yes, that's why I ended with:
Even with secure DNS they can still see the domain name with the SNI, which is probably more reliable than an IP address. Last I checked very few websites used ECH. I would still argue that it's better to have encrypted DNS requests than non-encrypted ones.