I have not any prior experience with installing custom ROMs, but after trying it out (and getting stuck, and googling and finding answers) I successfully did it. Below is my home screen if anybody is curious:
I use OpenBoard for my keyboard. Unfortunately I am still dependent on Play Store since some of the apps I need can only be found there. Sometimes it feels meaningless committing to this whole thing because I'm not perfectly private; then I think this is better than using a regular iPhone or Android phone.
So far I'm liking it. I am naturally inclined to feel hesitant about using this as my main phone and plugging in a SIM since it's custom, but I'm slowly making the transition.
Feel free to share any beginners advice or your own experience using GOS for the first time. Cheers!
You aren't always home, therefore when you aren't home it's useful.
I have not yet looked into the DNS topic. What are the risks if I use the provider's default DNS? Or what are the advantages of using a different DNS?
ISP DNS servers often lies, depending on your country, a lot do DNS blocking so it's a way to evade basic censorship. Also some alternative DNS can lie in useful ways, for adblocking or malware protection. You can also check mullvad DNS.
NextDNS even let’s you customize your DNS filter. You can choose which blocklists you want to use, and you can manually whitelist/blacklist individual domains. It also has other cool features like parental controls and malware protection.
You can still use PiHole as your DNS when not home if you setup a VPN. For me that was the route I went.
or you can allow public authenticated access to dns over https... (just don't expose the raw udp dns server, it's a really bad idea)
(not sure if DoT can also support auth, but if it does that's great because android supports dot natively)
I know I don't want to open up any more ports than I have to, but you're right, that does sound like another alternative to setting up VPN.
Since I access more than just my pihole when connected to my home network. And because I want access to my home services, and don't want to open up access to the public, opening one port and connecting to VPN is the way to do it. I have one port opened up for my VPN, and in order to connect you have to have my IP or my domain pointed at the IP, and you have to have a Wireguard profile setup, and know what port is open. So that does help a tad bit with my security concerns.
Edit: how would I go about that if I felt so inclined? Any tips?
You might be underestimating the OP