Thanks

Hide your traffic from isp. Actually android can be independent from google in various ways like grapheneOS installation. As you said there is no point in using vpn in a phone that bundled everything google. But if you did the things to protect your privacy like switching to privacy focused services (youtube app to newpipe) then vpn worth it. Anyway vpn alone not a full proof.

Why no for isp and web server ?

Mullvad’s leta (google) is my default search engine. Also am a big fan of duckduckgo for more advanced search and its duck.ai is amazing.

Sure i will give a try vanadium browser if am able to install it.

Thank you for taking time to answer my questions.

Am enabled block connections without vpn always. In my case orbot is very slow and constant captcha pops up which is very irritating to use the web. Even tho some privacy respecting search engines like brave and startpage too showing me captchas.

Am finded about dnsotls-ds.metric.gstatic.com from my dns provider log which directly connected from my real isp ip address (personal adguard dns free). From my search i finded that adguard or any other dns servers establish dnsotls-ds.metric.gstatic.com this connection in order to check the status of the private dns enabled or not. To block this i have to use a no-google blocklist which leads to inconvinience.

I don’t have enough money to pay for paid services (which means i don’t have a job as am a final year student).

No gecko based android browsers provide option to change dns provider. But blink does but i hate them. Blink based browsers are annoying and no addons like ublock origin never get supports. Brave is making too much background connections which is annoying. Other browsers like cromite, vivaldi have nothing to say unique just hardened like i always do in every browser. Edge supports exrensions but you know whats the point of using a spyware inorder to protect privacy ?

Not using a custom or private dns leads to,

1. no logs of my traffic
2. no trackers blocked
3. no threats blocked (hagezi tif)
4. no use of parental control for blocking myself from various services like instagram, whatsapp as my relatives actively use it. But i don’t want to.
5. i use the logs to report ad/tracker domains to the corresponding blocklist provider like easylist, adguard, hagezi.

I always know my phone bypass and sent most of the connection to my dns or the device parent company. Because of that also i don’t store much info on my phone. Never take photos. Stored contacts as no other apps can see (using fossify contacts). Keep important docs on proton drive.

I believe the situation is little more understandable now. Providing my logs directly to my untrustable isp feels stupid.

Also it would be nice to know leaking my location to dnsotls-ds.metric.gstatic.com leads to any consequences. Or is it just a private dns current status checking url ?

Thank you for reply.