This will probably sound like a pain, but this is more or less my setup:

• Use an open-source Linux distribution with a “libre” kernel (e.g. Debian)
• Use Tor (Tor Browser for general use) for all traffic you really want to be anonymized (e.g. Lemmygrad). Use a VPN only where Tor isn’t feasible and privacy is less important (e.g. streaming high-resolution videos)
• Don’t create accounts for anything unless it’s absolutely necessary – you need a Fediverse account to participate on Lemmygrad, but you don’t need a YouTube account to watch/download YouTube videos
• Don’t use Tor or a VPN when you need to log in to an account that contains personal information, including if you created it or have ever accessed it without using Tor or a VPN
• Always use HTTPS instead of HTTP, even when using Tor
• Never log in to any account created through Tor without using Tor
• Configure your firewall to only allow Tor traffic (and traffic to/from your VPN servers if you’re not just using Tor), ideally with some additional restriction like groups (e.g. only allow traffic through the root user, the Tor group and a custom “Internet” group, so no user-launched process has network access unless specified or the system is compromised)
• Only install open-source software (if you really need something that’s closed-source, make sure it doesn’t have Internet access)
• For private communication, use something with end-to-end encryption (i.e. you encrypt it locally and only the intended recipient can decrypt it) and that isn’t tied to any personal information, like Matrix. Email can be encrypted, but it’s a hassle

I’ve probably missed some things but those are the basics