I use a random pass generator.

Avoid all password managers at all costs. I put it down manually.

I am going be getting a subscription to a non Google email. Not sure which one yet. I think it's called fast mail.

Avoid everything Apple.

Avoid everything social media. I still use them for lurking but every single service has its own email and generated pass.

Avoid posting anything anywhere forever. (As little as I possibly can)

Getting my info and my associates info completely wiped from all data brokers and all links from all search engines purged.

Use a custom ROM and a rootable phone. I'm not a fan of how big Google is. I'm not a fan of how little support they offer for their services (let's be honest it doesn't exist). But at the same time Google really does make great software at the cost of zero actionable support. It works for now. There are open source alternatives in the works to replace the core of Google services I just haven't checked if I can use it as a daily driver just yet (without many bugs).

I use chrome with privacy badger extension by the EFF

Another extension which is called uMatrix (have been using it since Beta, HTTPS-Everywhere). It will break your internet experience if you don't know how to use it. Simply put the only firewall you will ever need. Doesn't use many resources and is extremely straight forward.

I also use the signal app for communication. As much as I possibly can. (It took me a year or two but I've converted over 50+ people into using it)

Stating the obvious. But I haven't gotten a single virus from torrents since the Napster days. You'll get them from software most of the time anyways (crack generators, old software etc...).

Aside from the things you mentioned, I have started moving to self-hosting everything on a VM with an encrypted disk and https for all app interactions.

For code I use gitea/gogs + self hosted drone. I have OpenVPN running their as well and use it even at home since Comcast is my ISP.

Backups are done via Borg and shipped to another VM also with disk encryption. I use pass for password management and push it to my gitea repo.

The one area I haven't solved 100% is email. I tried self-hosted but the majority of my outgoing email was being flagged as spam, even after doing all the suggested things to prevent that. I am using proton mail now and just have to trust they are legit.

For texting I am using signal and have managed to get most of my frequent contacts to start using it as well.

For online communities I use different handles and email aliases. Not sure if that helps or not though.

> I'm getting pretty nervous

Don't let leaks make you nervous. It's worth presuming your account info will be leaked at some later date, and there are precautions you can take to dampen the blow it has on you. For example, use prepaid credit cards instead of bank-issued ones. That way if your CC ends up on some underground carder forum, it has $0.00 in the balance (and the card can't have a negative balance). Services like privacy.com offer these.

Use burner phones, disposable email addresses. Always poison the well with fake names. Never give out your real name to any service, even if the service demands it. Religiously use Tor for any sensitive topics (Like politics, health). Religiously use DuckDuckGo.

Do not put anything on the internet you want read back in a court room. Keep it local.

Use a different passphrase for each service. Never reuse it.

Use Tor? Use applications that offer end to end encryption?