"They hate you and they want you dead, but they will settle for your submission." Hence this post.
Security and privacy differ. Think of security as locking your doors and privacy as not disclosing your address. An attacker cannot kick in your door if he doesn't know where you live. You should take what measures you can to improve both security and privacy.
A lot of content is available on the Internet regarding these two topics, so it can be overwhelming. This post will not overwhelm you. Following these suggestions will improve your protection against those who wish to destroy you.
1. Use a password manager. A password manager memorizes all of your passwords and fills them in for you when you want to log in to a web site. If you don't use a password manager, you will either use the same password everywhere, or you will use dumb passwords that are easy to memorize, varying them slightly from one website to another. Either choice is trivial for an evildoer to overcome. (Don't believe me? Search for "you need a password manager.")
Your browser probably includes a password manager and offers to remember your passwords. That's pretty good, but you need to allow it to also generate strong passwords like h:N:$@Xlx'Hi9Y instead of something you think up like "Fluffy2021."
Go through all of your logins and change them to strong passwords, different for every site, memorized in your password manager. This requires time. I had to visit over 100 sites and change my login credentials, which usually included confirming the new credentials via email or text.
Back up your passwords by whatever method you prefer. You might use the "sync" function of your browser or you could export the data to a USB flash drive or an online storage site. (You absolutely must back up your passwords. If you're saving them elsewhere, you can encrypt the file by first exporting it into a word processor and saving it with a password. Just write that password down where you can't lose it!)
Once you have done this, you have addressed the most important vulnerability of today's Internet. There are definitely better password managers and better ways to use them, but the most important thing is to get started now, not to delay while trying to find and understand a manager that would defeat the NSA. You can always move your passwords to a new manager if you decide to upgrade.
2. Install uBlock Origin. Your browser probably offers this as a plugin.
3. Stop searching with Google. The problems with Google are many and deep. Just leave. I prefer Duck Duck Go, despite the fact that they have plenty of problems of their own. Your browser gives you a choice for a default search engine, so choose something other than Google.
4. Use a VPN. A virtual private network service allows you to route your internet traffic through their servers so that the sites you contact cannot see your IP address. There are bad VPN services out there, so choose carefully. A couple of highly rated ones are Mullvad and Windscribe. Your browser may offer various VPNs as plugins; choose wisely.
5. Avoid Faceberg. Everybody knows by now that Facebook is Orwell on steroids, right? Say very little of a personal nature on Facebook. If you say of a politician "This guy needs to go!" and he gets assassinated the next day, you can bet that Big Data has your number and the FBI will get that info immediately. In this case. I allow, you're in no ultimate danger, but do you really want to be explaining yourself to men with badges? Avoid Faceberg.
Meanwhile, when you do have to use Faceberg, note that Firefox has a feature called "containers" which can isolate something from the rest of the browser. Give FB its own container to minimize its spying.
Other tips. It's a struggle to stop talking/writing about security :-)
Proper security measures are gauged according to your risk profile. For instance, you lock your doors before going to bed, but you don't hire a security guard to patrol your property while you sleep. But a Prime Minister or a boss of organized crime (did I repeat myself?) does have security guards while he sleeps; he has a higher risk profile.
In the above paragraphs, I have given simple and easy things to do, but there are other valuable things to consider.
What would happen if you lost your phone and some bum found it and sold it (wholesale) to a technician? What could he find before he resells your phone? If your phone is encrypted, he finds nothing.
If you lose your laptop, or a burglar steals your desktop, what could a technician find? Search for "full disk encryption" as protection in such a case.
Consider having your browser clear your cookies at the end of each session. I do that and it causes very little inconvenience.
Encrypted email services are probably overkill. (1) Your correspondent has to be using the same encryption, which means that 99% of your email traffic will remain unencrypted. (2) The email headers have to remain unencrypted so that all of the computers that transport the message can see where it came from and where it's going; that means snoops can at least see who's talking to whom.
For those rare cases when you need encryption, you and your correspondents might decide to use Tox, Telegram, Signal, or Session. (Facebook also offers Whatsapp; it's encrypted and it's totally free! Hahahahahahahahahahah!)
In sum, there are sick twisted freaks out there who have (1) deep understanding of Internet sleuthing and (2) a fierce hatred of Trump, nationalism, biblical authority, and the continued existence of the white race (10% of the world's population). These sickos spend countless hours scanning the Internet, identifying people they'd like to destroy, and working to slander and doxx them into oblivion.
To respond properly: (1) avoid doing or encouraging anything illegal; (2) assume that anything you write on the Internet (including email) is read by people who hate you and want you dead; (3) assume that you will be identified, despite any false identity you use to delay it; and (4) minimize your exposure by using good security and privacy measures.