CosmicGiraffe

The xz compromise having demonstrated that FOSS projects are totally immune to interference from state actors...

You're right, my bad. (Source: https://help.kagi.com/kagi/search-details/search-sources.html)

They pay Microsoft for access to the bing index

The x390/x280 are the same era as these but smaller, so might be a better fit here. The X390 has soldered RAM though, so I'd look for the 16GB version if you can find it (there's not much of a price difference used)

I wouldn't wait that long in the hope that Google release another Pixel tablet and that it then fixes the issues you have with the current one. IMO there's too much risk that either they don't release it, or they don't release it at the time you're expecting, or it doesn't change things you care about, or they change the price/features.

I'd say buy the best (/least worst) thing you can actually get now.

Changing DNS isn't the same thing as a VPN. Your traffic isn't "tunneled" over DNS, it just changes which server your devices use to look up IP addresses. Your ISP can still see quite a lot, particularly if you're using plain DNS rather than DNS over HTTPS or DNS over TLS.

I've always got them from eBay.

The T and X series are the high-end ones. Between those it mostly depends on what size of laptop you're looking for. Its worth checking a guide for how you replace the SSD/RAM/battery - some of the newer ones have these soldered in place, which means you're stuck with whatever it originally came with.

Personally, I think the sweet spot is around 4 years old. By that point they're pretty cheap (maybe 10% of the original RRP), and going for older ones doesn't save you much more money. I recently got an X390 and it's doing everything I need from a laptop

DNS = Domain Name System. This is used to lookup an IP address (e.g. 123.234.54.32) from a domain name (e.g. lemmy.ml). A DNS query is one of the first things your computer does when you visit a site.

Plain DNS is unencrypted, which means that anyone with the ability to read your requests (e.g. your ISP) can see the names of sites that you're visiting.

TLS = Transport Layer Security. This is a protocol that's used to create an encrypted connection between your device and another one, in this case the DNS server. When this is used, the content of your DNS requests is hidden. Your ISP can still see that you're talking to the DNS server, but not what you're saying to it.

TLS also allows your device to cryptographically verify the identity of the DNS server. Without it, someone with the ability to modify your connection could change the responses from the DNS server. That would allow them to send you back the IP address of a server they control, rather than the real servers IP.

I wouldn't bother with the concept of de-federation in a beginners guide. One of the most confusing bits of the fediverse to new users is picking a server. For most users, the one they pick doesn't really matter, but talking about defederation makes it sound like a really important choice.