Ahh, another cultured person. The only thing you’ll get out of having a pfSense or Open sense box is a better firewall. If you want to properly segment your network with vlans and what can talk to what. My setup sounds like the same as yours. ISP box in bridge mode > Asus RT-AX86 (stock firmware cause I’ve been lazy) > pi-hole > network. I have a little Asus travel router in the garage in mesh mode.
I have two avenues to travel for an upgrade. I could grab on of those N100 boxes that they have on Amazon with the dual NIC and throw pfSense on it and AP mode the Asus router or I can spend money, cause I like nice things and grab a Ubiquity UDMpro and one of there PoE switches, cause I like PoE, and then throw the Asus stuff in AP mode.
I personally like Ubiquity cause it isn’t Chineseium or Cisco with their shitty patching. Both options also give me experience messing around with industry standard firewalls (for the job experience). It really comes down to if you wanna stick with open source or not.
Sorry, I don’t understand your Ethernet cable from the fiber box to router question.
I also have one of those USB NICs, never tried it like that though. I’d assume it’ll work. Only one way to fins out.
I haven’t meshed with many straight APs that aren’t Ubiquity. The have a network controller app that has a webpage that let’s you set them all up. I’m surprised your WiFi router doesn’t have an AP mode.
Buying used is good, just factory reset everything you get. Keep that stuff out of the landfill.
Like everyone else said. You’re pretty much fighting against tracking cookies at this point. My 2 cents. “Hardened” Firefox running containers for personal, shopping and that stiff. uBlock origin, Privacy Badger by the EFF and look up user-agent spoofing. Set your user-agent to something like Windows 11 chrome. If you’re feeling adventurous look into a pi-hole as well.