This list will include some general privacy settings to manually apply in commonly used apps.
It is likely not complete, and privacy is a gradient.
On the OS level, use a privacy and security optimized OS. Without security there is no privacy.
There are very different use cases for systems.
Mobile: Use GrapheneOS, there is nothing better. See my Android Repo for tips.
Extreme Security: QubesOS with certified hardware, running every "task group" in a dedicated virtualized environment. Use Coreboot with the HEADS payload for measured boot, and anti-evil-maid attack prevention. Use USBGuard to protect against malicious USB devices. Use a Nitrokey to store measured boot information.
Temporary system, possibly untrusted hardware: Tails, using the Tor network, with or without persistant storage. Note that this is not optimized for containerization of apps, malware prevention, or bypassing a malicious firmware.
Regular OS for daily usage: Something like Secureblue, using Flatpak apps (See my list of recommendations), (restricted) Podman containers or virtual machines.
Use hardware with updated firmware that is free of backdoors like the Intel ME and is as free as possible. There is no performant, affordable hardware with 100% free firmware, keep that in mind! Recommended Hardware:
- Novacustom Laptops or PCs with Dasharo Coreboot (Code)
- System76 PCs or Laptops with coreboot support
- Corebooted Chromebooks using Mrchromebox' and Chrultrabook's work
- Libreboot and Coreboot Hardware (mostly outdated and vulnerable to Spectre & Meltdown!)
- Google Pixel phones, foldable phones and tablets for GrapheneOS (see their hardware requirements for future devices)