Not offering symmetric bandwidth has technical reasons. You only have a limited amount of bandwidth with most technologies and the vast majority of consumers is much better off having higher download than upload speeds.
I'm actually glad that ISPs default to only giving one IP address per household. Not having most devices directly reachable from the internet is an extra layer of security. It should never be the only one but can be an extra step to make it harder for atttackers to introduce malware.
This is not true. With fiber, if you want to go full-duplex, you need to specify which frequencies you want to use per direction. Because 99.9% of users use much, much more downlink thank uplink, it does not make sense to reserve an equal amount of bandwidth for up and downlink, because that would reduce the uplink bandwidth per fibre. Symmetric bandwidth is wasteful for everyone but the content providers (who might even want asymmetric bandwidth but with more up than downlink).
I think you are thinking of coax (cable) and not FTTH. Fiber has a much wider frequency range and one tends to think in wavelength terms and not frequency.
And rarely is more than two wavelengths used for connecting customers (leaving most capacity of the fiber unused).
With FTTH there are two common deployment strategies: dedicated fiber per customer (then there is no reason at all why it wouldn't be symmetric) or (G)PON.
With GPON the issue is that multiple customers share the downlink and uplink. And while it's easy to make the downstream burstable (meaning you can use more than 1Gbit/N - with N being the number of customers sharing the upstream GPON port), since only the ISP transmits in that direction for the upstream each customer gets assigned a timeslot to transmit (since GPON only uses a single wavelength for transmit and another one for receive).
This means that even if the connection is symmetric at the ISP end (1G down and 1G up) one customer only gets 1G/N uplink bandwidth while they might briefly be able to completely saturate the downstream.
There is no reason, except if you don't invest to have enough bandwidth for your users, which you shouldn't have a problem with, given the available technology. So again, it's not a technical issue. No need to be a cheapskate and excuse it with "wastefulness". Available bandwidth is growing faster than what you can use.
Yes, there is also no reason why I don’t have a personal road built from my house to my workplace reserved solely for me, it’s only a matter of investment. Almost nobody needs that investment, and if you’re going to lay more fibre, you’re better off providing even more downlink capacity.
Available bandwidth still grows faster than what you can use. So there is no reason not to provide symmetrical bandwidth. And price of that bandwidth is also only going down.
Many fiber to the home deployments are running shared medium (PON/GPON) which has physical limitations on upstream bandwidth because of TDMA and the optical properties. Typical GPON data rates are 2.4 gbps down / 1.2 gbps up, which is at least better than common ratios on DSL and DOCSIS.
You could run a separate strand to each house, or use fancier optics for DWDM, but both of those add significant expense.
I don't know what "the choice of what they want to do with their network" means. Is there something that you are able to do with a dynamic IP address that you are somehow unable to do behind NAT+PCP? (I mostly hear people complain about stuff that makes no sense, like "I can't do peer to peer connections", when the core problem there was already 100% solved by PCP.)
Instead of NAT there exist a "best practices" firewall setup that mimics what people expect from NAT, available in various home routers in the last 5 years.
The privacy features of NAT are due to the NAT part (mixing your traffic together with all the other traffic so you look like a single entity rather than multiple), not a firewall (which is merely a side effect of a NAT and has nothing to do with privacy).
I'm actually glad that ISPs default to only giving one IP address per household. Not having most devices directly reachable from the internet is an extra layer of security. It should never be the only one but can be an extra step to make it harder for atttackers to introduce malware.