Re: Naive or Complicit?
ISPs have plenty of information on you without DNS. DNS is just a cherry on the top that puts a name to an IP (which isn't a PTR RR). They record every single data flow in and out of your home. They know the IP you're going to, how much data is transiting that flow, what AS you're communicating to and over what port and packet type (6 or 17 most likely) that flow is communicating over.
With that information, your ISP can infer the places your going based on the IP(s) that other ISP customers are getting from unprotected DNS queries.
And with a bit of inspection, it is trivial to know precisely where you're going with a little packet inspection of the TLS ClientHello packet and the bit of it called "SNI" (Server Name Indication). This is a critical piece of the TLS protocol that allows for more one secured FQDN to exist on the same IPv4 address and the website FQDN is listed in plaintext. I don't know if this is a thing for IPv6 hosted sites.
Fortunately, this glaring hole was sorted in TLS1.3 with the creation of ESNI (E=encrypted). But I'm sure all the firewall and security appliances manufacturers out there are looking for ways to re-filter corporate comms. Maybe they'll just block "_esni.FQDN" queries.
Hopefully TLS1.3 will be adapted faster than IPv6. But it does seem to have almost as many moving parts and fall-back processes to provide continuity.