They allegedly don't know their user's search queries. That's how it's allegedly private.

You don't cut the middle man, you create the middle man with Unbound. And Unbound needs to ask other DNS servers on the internet to resolve DNS queries. Your local DNS server can't just magically know which IP is behind a domain like for example google.com. It needs to ask other DNS servers that know the answer. So unless you're not using hyperlocal you will always need a DNS server on the internet to browse the web.

Here's an explanation by Cloudflare.

My thoughts exactly. Next is: "OMG did you know there's the all seeing eye on the dollar notes! That means you're being spied on wherever there is cash!!!!"
Stuff like this just makes me wanna roll my eyes.

Depends on what is secure enough to you. For me that is secure enough but I know a ton of people out there who would say it's not secure enough for them. So in the end it's up to you. Think about the risks and make a decision.

I second mailbox.org. Great email provider that I use too.

More like to avoid them even better. :D

Wasn't Ghostery bought by some Chinese company? China and privacy don't fit together.

TrackerControl can do this? Afaik it just blocks trackers and/or ads in apps.

True. That's why I use Aegis on my tablet which only generates tokens for my Bitwarden vault. All other tokens are generated inside my Bitwarden vault.

Wish I could switch to Linux but there are several issues in my use case that make it (currently) impossible. :(

You're safe from MITM attacks, yes, but in terms of privacy it won't help much.

Right. Second sentence on this site says this:

But it can also be used in a manner similar to NoScript (to block scripts) and/or RequestPolicy (to block all 3rd-party servers by default), using a point-and-click user interface.