Why only 29

Is the author suggesting this represents the actual number of open resolvers on today's internet

How can any consideration of "privacy" or "security" of DNS not also consider SNI

SNI allows third parties to see when the user tries to connect to an address published for a domain name. It can allow third parties to interfere with such connections

DNS only allows third parties to see when a user looks up an address published for a domain name. To associate non-DNS traffic with these queries requires assumptions about the software that is sending them

Hence it is not surprising the advertising companies that control the popular web browsers want users to choose DoH _within the browser_ or corporate mobile OS, deceptively labeled as "private DNS"^1, so these third parties can more effectively link these queries to non-DNS traffic from browsers or software running on corporate mobile OS

1. Perhaps these companies will be sued for these deceptive claims. For example, users have successfully sued for deceptive claims about "private browsing"