Most of the time I have seen fiber set up as a dedicate bridge device GPON to ethernet, the Optical Network Terminator(ONT). And honestly, I am fine with this. copper ethernet is much easer to deal. This makes a nice clear demarcation point, the copper past the ONT is yours, everything upstream of that is theirs.
Having said that It would be nice to have control over the ONT as well. there are PON sfp optics, that may be the easiest way to set up your own fiber capable router. I have heard it is tricky to to talk the isp into allowing your modules, you probably need to know a guy that works there.
There are stores like fs.com where you can buy affordable tranceivers for use in anything that'll take SFP+. The biggest hurdle is extracting the specifications you need from your ISP and configuring your own router for their weird quirks, and probably probably convince them to accept your serial number (or spoof a device of theirs if you can find the S/N).
There are also ONT/media converter boxes that'll spit out ethernet if you plug in a fiber and set the appropriate DIP switches. I found one hanging in my apartment when I moved in. I've also seen people sell them on second hand marketplaces (probably not realizing that they're technically property of the ISP). Buying newer ones that spit out more than 1gbps as a consumer can be a challenge, though.
There's a nice variety of small Linux router boxes available online that are relatively low power but still offer good connectivity through SFP(+) ports. Getting Linux running on those is easy, the challenge is in figuring out how to active the connection.
The bridge mode for AT&T's fiber plans is notoriously shitty at just being a dumb bridge... but it does at least pass the IP through so you can port forward like a normal person would (the built in port forward is so ass backwards). My connection became significantly better (marginally better in max throughput, significantly better in connections/s, QoS, and jitter) when I went from "bridge" mode to replacing the ONT with an unofficial device with a "real" bridge config.
The other thing you can run into is, even in bridge mode, there is a relatively low session limit. The exact number depends on the model you get but some were as low as 4,000 (which sounds like a lot until you start loading background apps on devices and connecting to webpages which are actually dozens of connections per in many cases). The newer boxes aren't as bad... but it was still worthwhile for the effort.
Terms of service, probably. Never bothered to read it, I'm sure I break their terms of service 6 ways to Sunday. At the same time I've been doing this type of bypass with AT&T for years and never heard of anyone getting blocked for it either. I'm sure someone somewhere has though but I suspect they are much more interested in those abusing their connection or causing legal troubles than someone paying but silently using a different modem.
I just got AT&T fiber installed and the gateway has 8192 conntrack slots. Two steam clients scanning for Counter-Strike 2 servers at the same time can chew through that many connections.
I joined the 8311 discord and will be doing a full bypass as soon as feasible.
