What is it about the OS specifically that makes it insecure?

Haven't tried flatpak but will it save linux from the abortion called Xserver?

I am confirming here that blank IMEI works on very very certain telecomms.

No, that's what Wayland is for.

The Wayland devs did make a bunch of seemingly retarded design decisions, but that's because they wanted to make Wayland as secure as possible. So yes, programs now can't read other program's input or what they're drawing on the screen, but that also means that simple stuff such as taking screenshots, screen recording and global keyboard shortcuts are impossible unless you use PipeWire.

When talking about security, most of the time it's security through obscurity. "I use Linux because nobody writes viruses for it" indeed becomes true when a mass-scale attack is performed. And you hope it's "mass" scale for Windows PC users, not Debian servers. Let's say you target users of a hidden service website for normie druggies, it' a website that heavily relies on javascript and in "Security" board users exchange tips on how to disable telemetry on Windows 10. You already know what your target user base will be and find a 0-day js exploit for said Windows 10. Voila, 80% of users busted. Now compare it to a more tech-savvy hidden service website, like Holla Forums for example. Most visitors use unknown configurations of GNU/Linux, probably with application firewalls/mac or even Qubes/Virtual machines. They disable javascripts with noscript addon and probably don't click on links without sending them through archive.is proxy. Now you have a much narrower attack surface, you'd rather find a bug in noscript that lets scripts pass, own archive.is, hope that someone clicks link directly, and do an extremely targeted attack, like clickbait some archfaggot from desktop thread and try poking at his default torrent client web interface which is indeed a hard task for a board that neither has desktop threads, nether archfags posting not from Tor.

How could that be? Do Androids literally have kernels phoning home? Care to share some info and how to fix it? This is the first time I see this sort of claim and since I've never owned an Android device, I am interested in it for my future encounters.

Those numbers are counted by trackers placed in webpages. What group do you think is going to have the largest population of people blocking tracking scripts?

It really depends on your threat model

Android doesn't phone home by default, it's google play services that does.

I think he was clearly talking about some kernel features present in chinese crapphones that bypass all VPN and firewall settings. Of course Google services phone home, but they are not in kernel.

It is possible to track those who block scripts too. Through CSS and cookies.

Even without CSS and cookies tracking is possible. For example the "etag" header that every browser uses to tell when the cache needs to be updated.

Why did they do this?
This is off the top of my head in 3 minutes.