If you want a minimalist privacy setup, here is the order of priority (low-hanging fruit with the highest impact) to fix first:
DNS: Switch your ISP DNS to an encrypted, privacy-respecting DNS resolver (like Quad9, Mullvad DNS, or NextDNS) using DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT). This blocks ISPs from harvesting your raw browsing logs.
Browser: Move away from Chrome. Use Firefox (manually hardened or with Arkenfox user.js) or Brave. Install uBlock Origin and run it in Medium Mode to block third-party scripts and ads.
Passkeys/Password Manager: Start using a self-custodial manager like Bitwarden or KeepassXC. Creating complex, unique passwords for every single account is a massive upgrade to both security and privacy.
Email Aliasing: Mask your real email using simple services like SimpleLogin or Proton Pass when signing up for websites. This prevents data breaches from linking back to your real identity.
Operating System: If switching to Linux isn't viable yet, use a tool to disable Windows telemetry, or set up a secure mobile environment using GrapheneOS on a Google Pixel device.
If you want a minimalist privacy setup, here is the order of priority (low-hanging fruit with the highest impact) to fix first: