Part of the Furniture
Without access to my DNS queries they only know the IP I'm connecting to.
IP is enough. I worked on a project to reverse DNS queries based on other information. The accuracy is remarkable. If someone wants to do it, they can. I also use Unbound, it's the default DNS server in pfSense. My point is - there is no perfect solution. There are pros and cons in every approach.
Our common ISP (iirc) has been pretty clear
True. One of the reasons I pay them a bit more for 2x residential lines. Still, there is a crook company protecting intellectual rights in Toronto. They are seeding torrents and wait for someone to bite. They have forced our ISP to send copyright infringement letters. One step closer to requesting the logs.