Most distros are somewhat equal when it comes to privacy, anonymity and security; with the likes of Fedora and openSUSE known for taking it more seriously out of the box than the other 'big bois', while some smaller distros like Kicksecure are known for their best-in-class^[1]^ hardening that they offer by default.

As for NixOS, it's really its own thing (together with Guix), and thus very different from any other distros. If you conquer it, you would be delightfully met by a system that enables you to do things unheard of in other distros. However, the learning curve is very steep. And perhaps even hardening it to the level that Fedora or openSUSE provide by default might not be trivial.

1. Qubes OS is technically not a Linux distro. But it's worth mentioning as one generally tends to run Linux within a qube (read: VM), and in regards to security and privacy; Qubes OS is simply unmatched, period.

to use as a media centre and multiplayer gaming system in my living room

Based on this, you're basically looking for the 'game console experience on your couch'. If that's the case, honestly you shouldn't look beyond^[1]^ Bazzite.

If, instead, you actually wanted to play retro games primarily, then please let us know.

1. While ChimeraOS and HoloISO also offer the 'game console experience', they don't support Nvidia GPUs. So you would be on your own at best; which would be a horrible experience for a new user. If you feel particularly adventurous, then Jovian-NixOS is actually another option. But arguably less newbie-friendly compared to Bazzite.

Basically, you want to not disable kernel.unprivileged_userns_clone.

For a temporary solution that has to be redone after reboot, there is sysctl kernel.unprivileged_userns_clone=1.

For a lasting solution, consider echo kernel.unprivileged_userns_clone=1 | sudo tee /etc/sysctl.d/99-enable-unpriv-userns.conf.

In either case you're foregoing security for the sake of convenience/functionality, so I understand why you would rather not act upon either of them.

I don't know what the solution is that would be analogous to installing bubblewrap-suid. Perhaps, it's worth exploring the projects found within the github page of Awesome Fedora Security for some pointers.

Not OP. But for me, atomic updates, reproducibility, (to some degree) declarative system configuration, increased security, built-in rollback functionality and their consequences; rock solid system even with relatively up to date packages, possibility to enable automatic updates in background without fearing breakage, (quasi) factory reset feature, setting up a new system in just a fraction of the time required otherwise are the primary reasons why I absolutely adore atomic^[1]^ distros.

1. I prefer referring to the so-called 'immutable' distros as atomic distros instead. It's more descriptive, because the distros aren't actually 'immutable' but instead they're atomic.

is there any reason why I should even care about the freedom of init system?

Freedom of choice! It's troublesome if distros and/or DEs rely so heavily on systemd to do their bidding. So much so, that some combinations of distro + DE don't allow any differentiation in init or make it very cumbersome and unwieldy at best. I'm not interested in making systemd a necessary part of Linux. Therefore other inits not only have to exist, but should be 'competitive' as well. Which, to be frank, is currently not the case.

Another concern is that systemd is by no means a minimalist approach. Which beyond bloat, also has security implications. More information can be found in this (infamous) guide by Madaidan; security researcher on multiple distros known for taking security and privacy very seriously like e.g. Kicksecure and Whonix. Interestingly, while Madaidan discourages the use of systemd in that guide, it's still heavily relied on in Kicksecure; one of the distros he works on. I think this is a perfect illustration of how systemd has become so good that even opponents can't deny its merits and continue to make use of it for the time being out of necessity.

Couple of things that might have tampered your experience:

• Nvidia. This should come to no one as a surprise, but unfortunately the experience still leaves a lot to desire. Unfortunately, even changing to Nobara didn't help you out there. If you're still dead set on Fedora, I would recommend the Nvidia Images of uBlue which are also mentioned in the Troubleshooting part of Fedora's documentation.
• Using Fedora as a new user. Before people start shitting on me, I'm a proud Fedora user and it has been my daily driver ever since the day I've switched to Linux. But -like Debian- Fedora's strict stance on FOSS requires one to take additional steps during initial setup/configuration after installation. The aforementioned images from uBlue (once again) help to solve that.
• I assume you just did the thing on Windows and straight up downloaded VLC off the internet and thought it would work out like that. I wonder if you do the same on your Android/iOS/macOS device. If I'm mistaken, then please feel free to skip the rest of this paragraph. If not, then please consider to read on. So, while it is possible to download software directly off the internet through your browser, this is in 99% of the cases simply inferior to grabbing your software the intended way; through the installed package manager(s). On Fedora, that would have been dnf and/or flatpak. As VLC isn't even found in Fedora's repos (though it is found in RPM Fusion's repos), your best bet would have been installing it as a flatpak. Which in this case, could have been through the built-in 'storefront' with a GUI (it's called Software on GNOME) or through the terminal with the flatpak install org.videolan.VLC -y command.
• Regarding Media Server, I simply have no experience setting that up. Therefore I hope that others could chime in to offer their support.

but y’all are dirty liars. Linux is still bullshit and has been since I first installed it over 20 years ago. What the hell has the community even accomplished if it still sucks this much dick to use?

This doesn't help your cause. Please refrain from saying such things in the future.

Edit: I just noticed this thread. It might simply be the case that Fedora 39 isn't playing nice (yet). Consider installing Fedora 38 for the time being instead.

Lots of great answers here already so I will only address a couple of things that haven't been mentioned:

Regarding Fedora Silverblue:

• Currently, Fedora Atomic Desktops are in a major shift to accept OCI container images for delivery of packages. This means that the built image becomes one compliant to OCI and that we boot into an OCI container as our system. As OCI images are relatively declarative (not to the extent that NixOS does (yet)), it becomes possible to have a set of config files (most importantly, the so-called Containerfile) in which your system is 'declared'/'configd'. In case you're interested into how this looks/works, consider taking a look at uBlue's startingpoint or if you're more interested in the scope of configuration into Bazzite and/or Bluefin.
• apx is available as a COPR on Fedora Atomic Desktops.
• Nix can be installed on Fedora Atomic Desktops using Determinate Systems' installer.

Regarding Vanilla OS:

• They're also moving to a model that's very close to where Fedora Atomic Desktops is heading towards. So, expect a similar way to config/'declare' your system.

What are your thoughts on the ~~three~~ four distros mentioned above?

It's a question of polish if you'd ask me. With Fedora Atomic Desktops and NixOS being advantageous due to being more established and better funded. I wouldn't write off Vanilla OS yet as they seem to know what they're doing. Though, I wouldn't keep my hopes up for blendOS as its main developer was unaware of which MAC was configured by default on blendOS (spoiler alert: none, at least at the time).

Furthermore, NixOS is literally its own thing and unfortunately infamous for its steep learning curve. If you can afford to learn and conquer NixOS, then NixOS should be the recommendation; unless (like me) you seek SELinux on your systems.

Between Fedora Atomic Desktops and Vanilla OS; Vanilla OS is still in its major rewrite/revamp. The alpha builds are there, but I wouldn't recommend using those on production machines. Fedora Atomic Desktops, on the other hand, has been going strong for a while now and the uBlue-team has even succeeded in making the OCI-stuff accessible for the general (Linux) public. So if you want to switch now and NixOS is/seems too hard; then Fedora Atomic Desktops it is. On that note, I recommend to check out the uBlue project.

Which ones are the most interesting, and for what reasons?

Honestly, all of them are really interesting, but NixOS does the most unique stuff; with only Guix doing something similar within the Linux landscape. To give you a taste of some of the wild stuff found on NixOS; there's the so-called Impermanence module which -to my knowledge- happens to be the closest thing to a usable stateless system we've got; period. Consider reading this excellent blog post in case you're interested to know what this entails.

I don't know if it even works, but have you considered relying on their Stealth protocol? While its absence on Linux ~(and~ ~Windows)~ means that you might not even be able to make use of it in the first place, I'm still interested to know if it makes any difference.

I'm saddened by how the once great Elementary OS has fallen from grace. I hope they will be able to bounce back to former glory and beyond, but I'm skeptical at best...

I don't understand how people break it.

It's probably related to installing packages through the AUR, even though it's known to be unsupported on Manjaro specifically due to their policy of holding back packages.

I cannot wait to get home and try it out!

Please consider reporting back after you've tried it; I'd love to read your experiences.

You basically already know the drill; buy it from a Linux-first vendor that offers devices that you can afford. A list of vendors can be found here. Personally, I'm quite fond of NovaCustom and Star Labs. Fortunately, both have 'cheaper' offerings with their NJ50 Series and StarLite respectively.