Not the person you're replying to, but most ISPs and cellular providers log DNS queries and use that to profile you or resell to data brokers.
If you want to have some fun understanding this better, call up (for example) Verizon and have them send you the data they have on you. It's surprisingly detailed, including timestamped logs of every DNS query (in addition to specific profiling data, like "how likely you are to buy a new phone" or "household income", etc).
Comcast started attacking it's customers via MITM about ~2013 or so. Initially it was ads, https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=co... . This would break things like, say, the Steam browser and prevent it from working. I literally had this happen to me. Eventually Comcast changed it's terms of service and violated it's contracts with existing customers and started limiting total data transfer to about 1 TB/mo. When it started doing this it also started MITM injecting JS about your usage into HTTP connections: https://rietta.com/blog/comcast-insecure-injection/
Comcast is the only non-56k ISP available in my area still in 2024. So I use them... but I also have to make sure to protect myself from their attacks. If I did what they're doing I'd go to prison. But some types of legal persons have more rights than human persons.
Comcast intercepts and rewrites your DNS queries to their own servers. I spent hours figuring out why I wasn't getting NXDOMAIN back from 8.8.8.8 until I realized Comcast was MITMing me.
WireGuard is a lot heavier than shadowsocks-libev. shadowsocks-libev is literally under 5MB of ram used and very little CPU. Also very quick to compile and config. WireGuard is a full fledged heavy VPN. Shadowsocks can be used as a simple socks proxy if you want; and that's plenty for stopping Comcast from injecting malicious javascript into my HTTP connections.