I want to make it clear. I am not an expert. What I recommend here is based on my threat model and my own needs. I try to not give bad advice, but I am not perfect.
I've broken this into two primary sections. The first, a series of links for doing your own research and second, at the bottom, some of my direct recommendations.
Privacytools.io is an open source site full of useful, privacy respecting tools that you can use to protect your privacy online. It talks about many of the issues that face privacy today and gives you actionable ways to address them. I absolutely love this resource, and if you are interested in learning about privacy, this is a great place to start.
That one privacy site, authored by 'that one privacy guy', has a great breakdown of VPN services if you are interested in a more detailed breakdown than what is available on Privacytools.io. He does not give a direct recommendation, but his site contains an incredibly detailed chart of all of the features and privacy concerns of nearly every VPN you can buy.
Have I been Pwned collects the databases of some of the largest user account breaches and allows people to discover if their email can be found inside it. It lists what was leaked, allowing you to know what is now available to the public such as your address, billing history, password hashes, and the like. If your email shows up on this site, change your password on all sites that used that password.
The Electronic Freedom Foundation fights for internet rights, freedoms, and privacy. They have released a self defense guide for staying private and preventing surveilance.
If you are interested in a weekly news podcast on security, TWiT offers Security Now. I have been listening to it for a while now and it has taught me a lot and given me a sense of the state of security and privacy across the internet. Its been a great and entertaining resource.
Again. I am not an expert. Do your own research with the links above. Your threat model will likely be different than my own.
Below are a series of tools that I use to protect my privacy day to day. I've tried to limit my recommendations to things that won't require you to change your habits.
uBlock is a very lightweight, but powerful ad blocker. By default it will block ads and trackers, but can be configured to block even more if you really want to lock things down. It works much faster and with a lower memory footprint than AdBlock and AdBlock Plus.
This is an extension created by the EFF that automatically attempts to make all sites use HTTPS to encrypt your traffic to the destination. More details of this extension are available on its homepage at the EFF, here.
Available for Chrome and Firefox.
Privacy Badger is a browser extension that will block or replace trackers such as Google Analytics, or the Facebook Like Button that report back to third parties with your web traffic. Think of it as a secondary ad blocker that blocks trackers.
"Protects you against tracking through "free", centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers." -- Decentralize
This is a new one for me personally, and I have run into some issues using it alongside my other extensions, but it seems very interesting and I am a fan of what it is trying to achieve.
A lot of people have asked me what VPN I use. Right now I use PIA, a US based VPN provider that has a strict no logging policy. I have had good luck with them so far, but they ARE a US based company. So if that concerns you, then use the links above, especially "That One Privacy Site", to choose your own VPN that fits your needs. No matter what you do though, GET A VPN.
Signal is an secure messaging app for Android and iPhone. Unlike Facebook Messenger or other chat apps, Signal securely encrypts your messages so that not even Signal's servers can read your messages. I can be found on Signal using my phone number.
This isn't as much of a privacy suggestion as much as a security one, but often they are tied together. Lastpass is a password manager that lets you have unique, complicated passwords that are different for every single site you visit. I currently use LastPass and it works well for me, but if you are concerned that it is a cloud based service (despite your passwords being encrypted locally before being uploaded), you can look for other options here.
I like to aggressively block ads on my network, so I have been using this tool for a long time. It may not be the best option for everyone, but it works for me, and it prevents ads from loading, even on my phone. To get it up you need a Debian based computer that can always be on and accessible, like a Raspberry Pi.