Internet privacy is a topic many people are curious about. It's one with a lot of questions and misconceptions. As such, people often ask for recommendations on how to stay private online.
If you value your privacy, I advise using Free Software where possible. While the license alone doesn't make software inherently more private, the problem with proprietary software is the fact you can't prove the software doesn't spy on you. For the most part, you just have to trust the claims the developer makes about privacy.
Not only can you detect if Free Software is spying on you, you can mitigate it. Hence why Firefox forks (e.g., LibreWolf, GNU Icecat) and custom user.js files exist.
Every influencer and their dog pushes the idea that you need (generic VPN sponsor) to protect you from your ISP and protect you from hackers on public Wi-Fi. But how true is this?
For starters, most modern websites have an SSL certificate and are therefore already encrypted. For these sites, your ISP cannot see the exact web address, only the domain. As for public Wi-Fi? VPNs act as a bridge between the ISP and the website you're visiting. So a VPN will not protect you against cyber attacks on a local network. A VPN will not prevent you from downloading a dodgy email attachment, nor will it save you from social engineering techniques like shoulder surfing.
If you actually need a VPN, I'd suggest hosting it yourself on a remote VPS or using something like MullvadVPN because your account is just a randomly generated number (no name/email/phone number needed for registration) and you can pay in crypto (including Monero) or cash.
And before you ask... no, you don't need a VPN for Tor.
Another problem with the discourse around privacy is that it's simplified to service choices (e.g., what's the best password manager/email provider?). In reality, privacy is a lifestyle, not just a suite of applications and services.
The problem with services is much like with proprietary software, third-party services rely on a system of trust. You're dependent on a company having good OPSEC and sticking to their own privacy policy. For this reason, I prefer to use client software instead (e.g., using KeepassXC instead of something like LastPass or Bitwarden).
Yes, this is less convenient, but it bypasses KYC requirements for creating an account and you have full control. If your KeePass database is leaked, you can only blame yourself.
That said, if you're looking for recommendations. Here are some good options: