[protocolture]

Mostly because a lot of ISP's serve the ONT as an NTU (IE your network gateway or border) and others use it as CPE.

Here in Aus the (horrifying, terrible) national broadband network uses the ONT as an NTU from which it can split the service out to IIRC 4 ethernet hand offs and 2 RJ11 voip services. And because of this most private fibre providers do much the same. (Although NBN does it in part because their authentication method involves inserting DHCP option 82 into DISCOVER and REQUEST messages) In fact, I am aware of one that has moved to a single port ONT but still provides the customer another router beyond the ONT and keeps the ONT for NTU purposes.

NTU's are good actually, having a device to troubleshoot from inside or very near to the customers premises can keep support costs extremely low. If you have something that can also perform an ethernet cable test so much the better.

That said, there's another possibility. I have seen quite a few ONT's and man the majority of them in the usual price range of a residential ISP SUCK. The interface sucks, the hardware sucks, the software sucks and some of them have a lifespan comparable to a fruitfly. I wouldnt want my customer getting too familiar with devices that look like garbage and can fall over at the drop of a hat. So we just hold on to the password of those and let the customer do whatever they want past the demarc.