If you are in the docker ecosystem, this is fantastic https://github.com/haugene/docker-transmission-openvpn

You can configure sonarr and radarr around this so that when the torrents are completed, they are renamed and placed in the nas as well as send a webhook to jellyfin to let it know it has been added (instead of it having to to do a manual search)

It is a business risk for Apple to mine data on data they have explicitly confirmed in this ToS to be e2e encrypted and private.

If we’re going that far, none of the Broadcom/Qualcomm/Exynos/Snapdragon chips have open source firmware. Additionally google services are all closed source and proprietary.

Backdoors exist but all phones have backdoors in them and should be assumed they are exploited by state actors.

From a privacy standpoint, on stock mobile OS, Apple is the lead. I certainly won’t disagree that there are custom roms without google services that are superior though.

Generally Apple apps e2e encrypt your data and can not be read/mined by them. There are caveats such as Siri (anonymized voice clips uploaded for example) or (iirc) Apple News. Things like notes, fitness/health, or iMessage are your data.