Part II - Four levels of measures you can apply that doesn't make you sound like a paranoid
- Whenever practical, devices should just be kept offline (e.g. fridge).
- Using a self-hosted mail server can significantly reduce anonymity (all emails are tied to a single domain).
- All files stored in the cloud should be encrypted offline by third-party software before uploading. Yes, this even applies to Proton Drive and MEGA.
- Telegram is NOT PRIVATE and probably a WORSE choice than WhatsApp. Signal, Session, Matrix, XMPP, Briar, and a few more are all good choices, Signal being the easiest to adopt.
- Encrypted DNS offers zero privacy benefit. The domains you access are leaked in plain text to your ISP via SNI.
- Using a VPN as a blanket recommendation is very questionable; see the excellent guidance on Privacy Guides instead: https://www.privacyguides.org/vpn/
- The PinePhone and other Linux phones in their current state are significantly less secure than Android (and probably iOS too). GrapheneOS and DivestOS are much better recommendations to maximize privacy, security, and usability.