Do I really need a VPN or does DNS over HTTPS does the trick?
Considering my threat model is just preventing my ISP to know which websites I am visiting and to prevent my government (India) from tracking me, do I need to use a VPN?
Currently, I am using a trusted VPN provider with a permanent kill switch and am never off of the VPN. Today, I was reading IVPN's homepage and it says, "A VPN can be effective at encrypting your DNS requests so your ISP or mobile network provider cannot monitor or log the domains you visit." But as far as I know, DNS over HTTPS does encrypt the DNS requests. Right?
I regularly clean my cookies, use hardened browsers, etc. So is a VPN really necessary for me? Or shall I just shift to using Quad9's DoH or something?
Edit - I am using the router provided by the ISP and I cannot change it because I am behind CGNAT. I can use a separate device and install PfSense or OpenWRT or something on it and use that as a firewall. Any suggestions there?
Just to add a counterpoint to all the comments, my personal policy is who do you trust more your ISP or your VPN provider, most VPNs say they don't track but they can easily lie about it and they could easily change their policy overnight. Also, since most require a client installed on your machine, they could easily install a shim and get access to your in-flight encrypted data. If this were a case where you're in a country where you know they're tracking you, absolutely use a VPN that you trust. In the US/EU I just don't see much use for a VPN unless you're trying to get access to Geo-blocked content.