I argue that to get any tangible benefit you have to use the big providers, which places trust into entities that are behaving less trustworthy by the hour.
I don't know if it is worth adding but there is one small piece that can be kept at home rather than depending on Cloudflare or Google though by itself is rather moot but I will mention it anyway.
If using Unbound DNS [0] at home as a DNS resolver one can enable DoH if Unbound was compiled using --with-libnghttp2 thus allowing an HTTPS listener and enabling ECH tested / verified on [1]. I realize its just one tiny piece of the puzzle but we can take away the logging of DNS queries away from the big providers. If people do not trust their home ISP they can put Unbound on a VM or physical server somewhere else. I only mention this because I know some people run PiHole and other security distros on their WiFi or Firewall hardware at home.
Documentation [2][3]
I am half tempted to put a DoH listener out there for anyone to experiment with and see what kind of abuse it gets.
[0] - https://nlnetlabs.nl/projects/unbound/about/
[1] - https://tls-ech.dev/
[2] - https://unbound.docs.nlnetlabs.nl/en/latest/topics/privacy/d...
[3] - https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound...