Worked...mostly.....in Egypt, too.

Build your own recursive resolver in the (non-AWS) public cloud. Tunnel to it with your PiHole. Better yet, set a group of your friends and family up with PiHoles to do the same. This way, your DNS traffic is mixed in with many others and can't be easily tied to you. I've even considered setting up a second nameserver in a different cloud and tunneling the traffic between the two using DNS over HTTPS so that compromising one machine won't be enough to pin a particular lookup to a particular home IP.

I used to use this but the cert-renewing process was hopelessly broken and I would end up with broken DNS every few months and have to figure out why it failed. DoH is being standardized and is easy and secure enough.

No idea, but if they use a discrete hostname to serve their ads (versus multiplexing them with their regular content like FB, Twitter), it will work.

You will be amazed at how many things the PiHole blocks, especially when it comes to ads in phone apps that are extremely difficult block by any other means.

So set one up. It's not too hard. Also, ditch Ghostery and all the other ad-blocking plugins and go with uBlock Origin. It's an open source project and the author, Ray Gorhill, is a hardcore privacy advocate. Do some research on him. I trust him more than any commercial entity pushing adblock extensions.

Nah. I don't think a black box is a good way to do this. PiHole does what I want and can be audited and runs on an actual server here in my house with RAID, regular updates, etc.

EDIT: I see in your other comment that AdGuard is on Github. That's good. This is probably fine for non-technical users. For me, however, I want more control and better hardware.

The PiHole will also take care of many ads and trackers that are incorporated into smartphone apps and smart hardware that you have in your home. Mine blocks thousands of requests every day from Samsung TVs and other garbage that lives on my home network. Everything that uses your home internet connection will benefit from the PiHole.

Yes, do the PiHole, but you need to tunnel your DNS off-site. I prefer not to use Cloudflare DNS like u/impeach_pelosi suggests. Instead, I set up a copy of unbound running on my PiHole (*), listening for queries on localhost:5353 and forwarding all them onwards over TLS to a server that I maintain in the public cloud. This public cloud server does the full recursive lookup, going straight to the root servers. This server does not log any queries.

I configured the PiHole to send queries to localhost:5353. This way, my queries never traverse my ISP unencrypted and Cloudflare/Google/etc never see any of them. The only people that can see them is my cloud ISP (not AWS) and I highly doubt they care enough to monitor that traffic.

If you want example configs, PM me.

(*) I don't actually run the PiHole on a Raspberry Pi because they're a little too unreliable for me. Arch Linux has a nice packaged version of it and that's what I use, running it on an actual server at home.