The untouchable foreign databroker that is Google concerns me to a far greater degree than my heavily regulated and monitored ISP whose HQ is only a 30m bike-ride away here in the Netherlands.

Firefox doesn't have Google on their preinstalled DoH provider list. You can go out of your way to configure it.

what about cloudflare?

Yes, Cloudflare is the default in the US.

Super late edit to add: Mozilla signed a contract with CF to put users' data under Mozilla's privacy policy instead of the one on the normal Cloudflare DoH service.

What's the difference between those two?

Most of the world is not Netherlands, though.

Yes I understand that's a distinctive factor, which was the reason for me mentioning it.

Just wanted to point out that different threat models and actor evaluations exist.

Do you trust your ISP or cloudflare more? In the US, I'd probably pick cloudflare too, but I'm happier with our local ISPs who are subject to GDPR and the US has been proven to be problematic in the privacy regard since the snowden leaks.

DoH does not prevent your ISP from seeing the IP addresses of the websites you visit. It only encrypts the requested url. It is not too difficult to figure out which IP addresses are from which websites and block or manipulate them.

Learned first hand when trying to visit adguard.com with DoH enabled at a relative's. Comcast's router blocked the website by recognizing adguard's unencrypted website IP address.

DoH is not really hiding anything from ISP's.

Yes. This can also be done by SNI scanning[0], which is a pretty core function of the web these days.

[0]: https://www.cloudflare.com/learning/ssl/what-is-sni/

P.S. not sure why your comment got flagged. It seems perfectly reasonable to me.