That is why you trust VPN’s with proper audits and open-source codes. The people who are monitoring your network traffic is your ISP. That is why people are using VPNs. Unless you live in a 3rd world country, downloading pirated stuff will get you a hefty fine, also even in the 1st world countries speaking against specific kinds of people on social platforms can get you a nice jail time.
That is why privacy and VPNs are important.
You can trust whoever you want 
But if someone here asks me why I decidet what I did I must reply. And this is the answer to it (for now).
Some day it might change, or maby not. The decisions I make are not static… Anyway;
And still:
But, encouraging anyone who wants to open a discussion on that topic/those links.
Maby it will be controversial 
Stay safe ladys and gents
If ad blocking on a network is your goal, I just recently did some tests with free adblocking DNS, both of which are recommended with PG.
Personally, I use both paid and free Control D DNS.
Control D Free DNS
AdGuard DNS
This ^ is a good approach to life and learning.
IF I were not using a VPN (I do), and IF I didn’t trust my ISP (I don’t), I’d be looking for other ways to solve some of the same problems a VPN solves with respect to privacy & security.
That still leaves at least two remaining areas of vulnerability:
Maby of relevance:
Never know who fundet it though, just a cautious reminder to be cautious 
Partially? It fully closes it.
Well running a test with Control D free 30 day trial.
After that I can go with “some control”.
I will see…what I find interesting is this:
It will also block domains that resolve to known harmful IP Addresses
Not as I understand it. Are we on the same page that the goal and problem we are trying to solve is preventing MitM such as an ISP or untrusted network from being able to see the websites/domains you visit?
If so, consider that, even once you’ve enabled:
You still have to account for the facts that:
This is why I call it only partial protection. As I understand it, the absolute best case scenario is that ECH can close the loophole for all websites that share an IP with other websites (such as those behind a reverse proxy service or CDN, but fundamentally can’t solve the whole problem for websites with their own dedicated IP). ECH addresses the immediate problem it is intended to solve, but it is fundamentally limited by factors outside its control. I’m still learning so If you think I’ve misunderstood or overlooked something, let me know.
After ECH, there isn’t much in the TLS standard to mitigate, as far as encryption goes. To my knowledge, ECH fully closes the last remnants of the most sensitive metadata (the ClientHello) sent in plain text. Overall, TLS + HTTP can do better but any changes to it are hamstrung by non-compliant middleboxes (protocol ossification). QUIC + HTTP is a necessary and important attempt at overcoming ossification.
As to your other valid and correct points (reverse IP lookups, hiding IP address), those aren’t the concerns for QUIC + HTTP or TLS + HTTP. As in, these protocols can never ever fill the deficiencies you point out, and so, they can only ever “partially close” loopholes within that broad framework.
Back on the VPN, different provider though. Got some figuring out to do.
Comes time comes ideas.
On the DNS Resolver Topic, here is a suggestion that hasnt been considered by me and that I wanted to put out there.
Adguard.
Free DNS and paid Plan exist.
Free DNS is strong, as per test …
https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
I am unclear as to Apple’s use of DoH ? In the article it says Big Sur onwards is natively supported. Am I correct in assuming that the setting needs to be enabled ? which is different than default use. ( probably not a correct term, am not in the computer field )
I am using Monterey 12.7.4, does that qualify ?
Nice to hear of docs.quad9.net and through it official mobileconfig profiles.
I haven’t used recent enough macOS, but if it’s anything like iOS (which it should be), you open the page in Safari (not any other browser), click the configuration profile link you want and it should warn you about wanting to download a configuration profile which you accept. Alternatively it will just download it and it’s double clicked Windows style?
Anyway next it should appear in Settings or Control panel as a banner of new configuration profile, where it should be acceptable again after which it’s either used or there will be something akin to Settings - > General - > VPN & DNS where under DNS you should see which profile you downloaded.
And it can be confirmed on https://on.quad9.net which was another thing I didn’t know of.
I believe it’s in Settings → Privacy & Security → Profiles.
Yeah, this works fine with any browser on macOS, not sure why they want you to use Safari specifically. Actually—at least with Lockdown Mode enabled—Safari just downloads the file as if it were a regular download too, so it literally makes no difference what browser you use.
Lately (it feels like the whole weekend) I have been contemplating DNS Resolvers again, particularly ECS, no ECS or anonymized ECS, which in the context of PrivacyGuides would be AdGuard, Cloudflare, DNS0, Mullvad and Quad9 (especially Quad9 with it’s multiple options of secure, insecure, secure+ecs, insecure + ecs, although secure fits my thinking of layered defence).
So far I think I have my thoughts on the matter on my website’s unlisted notes section, but this morning I have been constantly adding things there (regardless of being supposed to be studying) and I would appreciate feedback as there are arguments for all three, even if in the end it comes down to personal choice and personal values.
It lives on GitHub pages so there is a changelog.
Have settled on Control D, not the easiest to setup but once there I am pleased so far …
Certainly lots of freedom for configurations which should be topmost I am thinking.
With a Malware filter that seems extensive, this is my aim for use by less tech users that demand great malware protection.
Am using with Firefox, custom setup.