> In some places it sounds like the ONT is integrated with the router (like with DOCSIS), and being forced to use the ISP’s router is a problem.
I agree, and that is a problem. The rules and regulations are different in different countries. In Austria for instance the ISP can force you to use a specific DOCSIS modem or ONT but they have to provide you with a transparent way to connect to it (bridge mode etc.). Which from where I'm standing is a good tradeoff because it gives the ISP the flexibility to do mass migrations without having to consider very old deployed infrastructure.
With PON I think it doesn't matter all _that_ much but for instance people running ancient DOCSIS modems and limited frequency availability has been a massive pain for people stuck with DOCSIS infrastructure that want more upstream and can't.
> But in cases where the ONT just looks like a media converter and you have a separate router
That's how it works in New Zealand, but we take it a step further. The GPON/XGS-PON fibre network is run by a separate company[0] from the ISPs (and the company running the fibre network is prohibited from providing internet services[1]). So the ONT just functions as a media converter[2], and all our ISPs deliver internet over the same fibre network. This decoupling between the fibre network provider and ISP means you can change ISPs without any swapping of ONTs or repatching of fibre[3][4] (in fact, the process can be entirely automated, switching to some ISPs can take effect within an hour or two of placing the order). That and most ISPs allow bringing your own router (as there's no monopoly in the ISP space).
[0]: The NZ Government contracted four companies to build, own, and run fibre networks (three being new companies co-owned by local lines companies and the government to serving their local area, with the rest of the country being served by Chorus, the company that owns the country's copper network). These fibre companies are heavily regulated (including how much they can charge ISPs).
[1]: In fact, this requirement resulted in Telecom (the company that owned our copper network and who was one of the companies that provided phone and internet service to consumers) being split up, with Chorus being spun off, owning the copper network and owning the fibre network for the majority of the country.
[2]: Chorus did start deploying ONTs with a built-in router/AP a while back. They did offer this to ISPs to use, but uptake was very low, so it's since been discontinued.
[3]: I don't know how it works over in European countries where ISPs run their own fibre networks when switching ISPs, I assume they have to either install their own fibre line into the premises or the existing fibre is repatched to their network?
[4]: The fibre companies are required to offer use of their fibre network directly to ISPs, with the ISPs PON network running in parallel to the fibre company's, with the ISP providing their own fibre splitters and ONTs (which would be run on a second fibre line that each premises already has) and running their own OLTs. I believe this requirement still exists, but no-one ever took them up on it.
I am curious about this model. How well is this working in practice? How many ISPs do you have to choose from, and how do they differentiate? How close to wholesale are the retail prices?
In theory the ONT can act like a listening device. They're also often Linux or BSD devices that can get hacked.
If you're paranoid, you may want to run an ONT that you control, just in case. I doubt it's something that matters to a lot of people, but even if it only matters to some, it shouldn't be made impossible for those that want to.
RE: misbehaving hardware: the same is very much true for cable internet and there are plenty of countries where people hook up their own modem without any trouble. If someone wanted to mess with the fiber network they could just disconnect the ONT and shine a laser pointer down there. All off-the-shelf devices are built to just work and follow the necessary standards, because there's nothing to be gained by messing with the PON network like that.
> In theory the ONT can act like a listening device
Sure, but so can the other endpoint. Even many AON installations these days are just hidden XPS-PON and similar, you just never see the ONT. (See a lot of ISPs in Switzerland)