I've just happened to be giving Devuan a run lately.

systemd does have a huge problem, aside from being complicated and not very transparent: you can't reliably turn things off and updates will turn them back on.

People complain init scripts are too inconsistent, but systemd configs are done in very inconsistent ways, causing many things to be buried many layers deep. Some give the impression of doing so purposely to hide or discourage stopping them.

Those things you can't turn off seem to always be security or privacy leaking bullshit turned on by default. It has let Debian and Ubuntu slip to become more and more like Windows, as they come out of the box being as privacy leaking as a smart phone.

Devuan, without systemd, still has all this leaking, telemetry collection, and attack surface on by default, but you don't have so much trouble finding stuff to turn it off.

Things like excessive NTP pool connections. You do not need your computer to connect to 50+ remote IPs every 5 minutes to keep your date and time up to date. Your local router should be the only NTP your local computers connect to, ever. Your router can deal with the periodic remote polling and it probably only needs done like twice a week, tops.

AVAHI. if I could only turn it off and keep it off, even uninstall it all the way. Who turns this garbage on by default, wtf!

cups/sane. Why do I want my computer to spew network packets, looking for printers, by default? Why do I have to turn off 3 things and manually nuke 2 config files to get it to stop doing so?

motd-news,apt updating. The Windows world normalized a way to spy on the world by accident: the auto update. Software providers learned that excessive auto updates and update checks leave a log of your IP, software version, and system info, in their update servers. This log becomes very valuable telemetry data collection. Telemetry pings are a huge privacy leak, which becomes a huge security weakness. I no longer use stock Mozilla FireFox because of their massive baked in telemetry; If you close a browser tab, a network packet is sent to Mozilla telling them.

Debian/Ubuntu telemetry pings Canonical's UK web servers like 15 times a day through the many auto-updates. When I set my package sources to US mirrors, I expect my system to NEVER connect to a foreign country by default. Network connections across country boarders are a security, legal, and privacy risk and should be a user decision.

All those telemetry pings can not only be collected by the greedy data usurping software providers, but can also be collected by side observers. This type of side-channel attack allows users to be mapped and tracked by many parties. Google, Amazon, and Cloud-flair already have a monopoly on tracking everyone's every Internet step via this method. An Ubuntu mystery application connects to a Google server at every startup, smuggled through a system process, anyways.

Plenty more, but I'll end my rant here.