Pi-hole is great, but it's not going to help if the designed purpose of the device is to send data to external servers, or if the device bypasses the network's DNS server, especially with the advent of DoH.

The right way to do this is set up a VLAN that can't get out to the Internet and is segregated from your own devices except via inbound connections from a Firewall. I've done this with cheap Chinese IP Cams and much other IOT garbage that has either been reverse engineered and/or presents some form of local network access.

Sounds great -- Any recommended how-to guides for those of us new to VLANs?

I use a pi-hole at my house and I love it.

But I also realize that the 99% of the other people out there that have never heard of it deserve some privacy too.

That won’t things like smart TVs sending pictures of what you watch back to HQ

It depends on the device and whether they use your network's DNS server or their own. In my experience Roku devices are easily blocked with a pi hole, for example.

In my experience with Roku TVs and the Pi Hole, this only works when the Pi Hole is set as the DHCP server. Otherwise, the TVs will only show up on the admin panel sporadically (meaning that blocking the requests that TVs make is not happening). Once I used the Pi Hole as the DHCP server, every request that the TVs make show up.