And why would you trust your own ISP more than reputable VPNs?
Sure, this statement is very valid for (free) VPNs which are not reputable, and act as data mines instead of providing true privacy; but your statement reads very much like we do not need VPNs at all.
ISPs know what sites you are visiting and when, and they are ready to comply with the government. Also, we have acts like Online Safety Act (UK), which incentivizes more data collection. Combine that with age verification on every site, and you are basically giving away your browsing history.
I agree that a VPN alone is not going to protect you, and you need to authenticate less into websites, and clear your cookies after every browser session (basically good OpSec). However, I also think that reputable providers like Mullvad and Proton are a must.
I came to GrapheneOS for privacy and security, but stayed for the features.
Per application network toggle: I found this incredibly useful in cases where the application is fully functional without internet, yet still asks for internet permission, and I do not want it to phone home (e.g. Google Photos). It is helpful for when you are using a VPN, and do not want the slot to be taken by an application like NetGuard. Although, I believe you can replicate this functionality with (Split Tunneling) + (Block connections without VPN).
Storage Scopes: This is a another highly useful feature. Say you took a bunch of pictures on a trip, and want to show the pictures to a friend. Normally, you’d fear them snooping around pictures that you don’t want to show them. However, with GrapheneOS, you can just download a separate Gallery application, only expose the photos (or the photo directory) that you want to show via Storage Scopes, pin the application, and safely hand the phone over to them.
I found this feature very helpful when shortlisting ~10 photos from a gallery of 500 photos. I downloaded PhotoSwooper (which lets you keep/delete photos by swiping right/left) from F-Droid, exposed the 500 photos directory to it, and started swiping. I iterated this a couple of times, and got my perfect 10.
Contact Scopes: This is for the cases when you don’t want to expose your contacts to the application for whatever reason (e.g. you don’t want them to graph your connections or you just want to protect the privacy of your friends). You can just selectively share contact(s) instead of handing your entire phonebook to the application.
Sandboxed Google Play: Some applications require the extremely invasive Google Play Services (because it operates with elevated system-level privileges). However, with GrapheneOS, you can just install the sandboxed play services, which acts as a regular user level application. You can then revoke network access within Sandboxed Google Play Services, and use your play services dependant application as usual.
So, basically, if you can afford it, go for GrapheneOS. I wanted privacy and security; but now that I tried GrapheneOS’s features, a lot of these are now nonnegotiable to me.