Encrypted DNS doesn’t solve everything. Handshake for TLS sessions is still in clear, you can usually see the SNI, and since we are talking about Wireless, usually this data is available to anybody who is in the vicinity, not just the network owner. This already means that you can see what sites someone is visiting, more or less. TLS 1.3 can mitigate some of this (for those who implement ESNI, but you don’t know that beforehand). Also TLS works until the user is not accepting invalid certificates prompts (HSTS doesn’t work for everything) and there are still tons of HTTP-based redirect (check mailing newsletters and see how many first send you to an HTTP site, for example) that can be used for MiTM attacks.

A VPN moves the trust to a single provider that you can choose, which is much better than trusting every single WiFi network you can attach to and the people connected to it, I would say.

Also if you pay for the VPN (I pay Proton), it’s not true that the company business is based on user data, they are based on subscriptions.