Just the usual case of survivorship bias. The long term subscriber base of "we need to go elsewhere" gathering points is mostly comprised of people that either don't vibe with the majority destination for whatever reason, disagree that there was ever a reason to leave in the first place, or don't actually want to leave but just want to complain about the current place.
chameleon
I don't think it really makes a lot of sense to look for FOSS alternatives based on country of maintainer origin when it's something popular enough to be shipped by a lot of independent Linux distros and supported by local IT consultants in more or less any country. That said, to my knowledge, lighttpd is mostly German in origin and is actively maintained. It definitively lost to nginx in the great popularity contest but I don't think it's really any worse.
Github: https://github.com/suitenumerique/docs
Self-hostable, but it seems like an absolute behemoth of an application if their "non-production-use-only" docker-compose file is to be believed, and I couldn't find any production-ready deployment instructions on a quick skim. No obvious signs of federation and I didn't see anything on their roadmap, not sure it would make a lot of sense for this though.
Borg or the like with 'hardcoded' plaintext/regularly full-disk-encrypted key is acceptable. Someone that has your unencrypted private key sitting on your server has almost certainly already obtained access to the entire set of data you're backing up, with the backup key itself only meaningfully guarding access to older backups.
The more important thing is to securely keep extra copies in case the server fails. I keep mine in a group in my password manager, one per repo.
I'm particularly worried about all the historical records. Summoning Salt & similar channels are gonna have problems after this, especially after the policy has been in place for several years and stuff made in this very era expires.
I wouldn't be surprised if Archive Team tries their best at archiving the current situation (difficult as it is) but nobody is going to bother doing it on-going and a WR obsoleted for months is interesting material only when edited into a documentary.
There's no 100% indicator, but presence/non-presence of a contributor license agreement that gives them the rights to distribute under any license is the best one I've found. Corporate backed FOSS where they want the option to turn into non-FOSS "just in case" means that will inevitably happen after people are locked in. Best place to look for one is the project's documentation on how to contribute/how to send pull requests.
Stuff licensed under BSD/MIT style permissive licenses don't need a CLA to go proprietary, but the ones that do tend to have a CLA anyway.
"CLAs" that are just an sign-off (developer certificate of origin like used by the kernel) are fine and are also treated as a CLA every so often, but the moment you see anything about giving one specific company a "perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license" or the like, run for the hills.
Windows prefers to deactivate or minimize the write cache on removable devices, most of the common Linux distros generally don't make such changes. Microsoft has a very good reason for that default: not a lot of people actually use the "safely remove hardware" option and if the cache is enabled, using and waiting for that is a hard requirement for the data to have actually made its way onto the drive.