I've made it work on arch, debian and fedora, on a T420s, T480s, T14 AMD, MBPr 2012, each on luks2 + btrfs with systemd-boot, and it works flawlessly on all of them. the setup is super-involved and cumbersome though but it's easily accomplished once you get the hang of it.
the links posted here along with the arch wiki is what I used. it helps if it's not your primary and only device, so you have time to retry until you get it right.
well yeah, just a simple private/public key solution for encrypting chat and cloud. transfer your private key to a forked desktop app and access your encrypted chat history from there as well.
just basic stuff, not something for people running from nation-state actors, but to prevent LLM ingestion and mass surveilance. but OP says that's against Telegram's ToS, so no dice here.
because Telegram's UI/UX is second to none; possibly iMessage or whatever it's called is close, albeit with way limited functionality. Signal and friends look like a PoC from 2015 in comparison. also the apps, on mobile and on desktop, have a low memory footprint with no bloated electron crap, the cross-device sync is phenomenal and there's the virtually unlimited cloud storage. if an addon could piggyback off of that, that would be spectacular.
however, OP's insight as to this being against ToS is obviously a deal breaker. seeing as how they're adamant about leaving all your shit unencrypted in the cloud I'm looking for other havens, begrudgingly; I've been a user from the early days.
do any of these forks support E2EE? I don't mean the OG "private chat" thingy that Telegram supports.
I mean like an add-on, the way pidgin had an OTR plugin that enabled private comms over Google's unencrypted XMPP servers.
as a consequence, that would also encrypt everything in the cloud and prevent your chat history being ingested for LLM training and whatnot.
I feel the 50 years support claims, whether in hardware or software, should be of little concern; you'll grow tired of it, no one is going to rock the same phone for 10 years, replacing components as they fail and whatever Fairphone's delusion is.
as to concrete recommendations, take a look at Xiaomi phones (Mi/Redmi/Poco/etc.). they ship with a bloated spyware called MIUI which is such a horrific mess on so many levels I can't begin to count the ways it sucks. even moderately competent phones have trouble keeping up with the bloat, they glitch out, drop frames, freeze, etc. so people just get rid of them and upgrade to something snappier. as a consequence, they can be had for cheap on the used market.
the good news is, they have snapdragon models with super competent hardware and a good portion of them have lineageOS support (and by extension, many other derivative OS) - Poco F1 is one of the rare semi-modern phones that also has postmarketOS support.
the bad news is, the bootloader unlock process takes a week, just because; do yourself a favor and don't connect this monstrosity to your LAN while you wait for the timer to expire. also, they're chaotic (to say the least) with their model naming, with zero consistency what each suffix means (T, Pro, etc.) and it's not rare that they do a model "refresh" where they replace snapdragon with mediatek in the "updated" version.
I don't think any Thinkpads have AMI firmware, which is the source of this fuckup.
that's radically different. although the serviceability is still nonexistent, that's a very useable machine. just be prepared to toss the thing if anything breaks.
for me, that would be a deal breaker but I understand the itch to try it out. just make sure it's not icloud locked.
the whole apple-bad thing aside, you're getting a non-expandable 8 GB laptop, of which a significant portion goes to graphics. that's pretty low today, and it's gonna be worse down the road. speaking of graphics, although Asahi has basic functionality, the driver isn't 100% yet.
I hope you don't plan on torrenting a buncha stuff, as the SSD is small and non-replaceable and after years of use has an insane TBW number.
the battery longevity is a solid argument but you are buying a 4 year old battery that will show signs of aging.
I am all for repurpose/reuse/recycle, but unless you get it for free, or close to it, this thing s a bad idea. get a similarly aged business-class laptop (thinkpad, ~~yoga~~, latitude, elitebook, etc.) that you can cram full of RAM and storage and replace practically every component if it fails.
got me a fake PS3 controller. looks the part and what's more important - the PS button is detected!
however, I can't get to load the update from the USB. possibly because I'm missing the BD...? I got the noBD CFW but how can I get it to load? after pressing the start+select combo it's supposed to load the update from the USB but that's not happening, it just says "Checking... Please wait.". the USB drive shows no activity (it's got a LED for r/w activity).
edit: after like a year and a half of just sitting there, it finally prompted me to press start+select for five seconds to format. upon complying, another decade or so passed before it began to install the OFW. fingers crossed!
edit 2: musta crossed those finger wrong, it's now stuck in an update loop... starts installing and at 41% it stops with error 8002F114E. upon restart, it begins again.
~~final~~ edit: you can't install the CFW without the OFW. and you can't install the OFW without a present and functioning BD. so, this thing goes back to the dumpster as it's useless as is. at least I have a fake dualshock controller that doesn't work with my BT adapter...
last edit so far: I got me a defunct PS3 that the same generation and transferred the BD over and... it worked, flash completed and latest OFW 4.91 works! now I'm off to install the CFW!
CZ and dd and other "it's 1998" tools copy the entire disk. like, you clone a 500 GB SSD with 50 GB used to another disk, guess how much data gets copied? correctomundo, the entire 500 gigs. that's not super-healthy for the new drive and it recreates the same volume UUIDs on the target disk as the source drive, so you're left with a mess if you keep both drives in a system.
you have a modern tool at your disposal, the mentioned btrfs send subvol | btrfs receive subvol that copies only what's used. GRUB (you can use this opportunity to switch to systemd-boot) won't pick up shit, you need to install it to the new drive (and remove it from the old one).
eons ago, macOS had the SuperDuper! tool, a free utility that clones the entire disk, resizing the partition in the process and copies only the data and it does that from within the OS, no booting off USB installers and such. sad to say, nothing close exists over here, you'll just have to get good at doing things manually.
look up btrfs send and receive. you'll be copying data from the old disk to the new. prior to that you create the same layout on the new disk (efi, boot, btrfs with LUKS, subvolumes root and home). sadly, there aren't any readymade solutions that do this for you. big time NO on clonezilla and friends.
a combination; some have swap as a btrfs subvolume, some as a swapfile in root and those are encrypted, when the system boots it requests the encryption passphrase, regardless if it coldboots or restores. restores from swap are way faster than coldboot plus all your stuff is how you left it.
on some systems I have a separate swap partition outside of luks2/btrfs and that one's unencrypted. when it restores from there, it doesn't request the passphrase and the boot is even faster. that's obviously less secure but my threat model is a lost/stolen laptop, I seriously doubt someone's gonna forensic the shit out of my swap, it's more likeky it's gonna get wiped and sold.
to fully utilise this tech, it's essential to set up suspend-then-hibernate, another awesome feature that's way too cumbersome to set up. the laptop suspends for like 60 minutes and if it's not woken up, it hibernates to disk.