I ask because unless you have a particular threat model in mind, (which most people don't), you can't even know whether any countermeasures are effective. It leads to pointless discussion between tech illiterates such as "which the most secure browser".
1. Run opensource local software whenever possible.
2. Next chose web software because of the strict sand-box.
a. Firefox with ublock origin or uMatrix
b. Set cookies to at least clear after session
c. You'll need a current list of privacy harding flags. Understand what they do and the consequences before blindly pasting them into about:config
3. If burger, you may just want to use a VPN all the time. ISPs sell data and there's no privacy laws to effectively prevent that.
4. Phones users are absolutely fucked. No exceptions. All apps are spyware. Zoomers don't even know the word spyware anymore because everything is spyware.
5. You can't use "social media" in a privacy conscious way. It exists to spy on you, so opting out is the only way.
6. Corporations buy/sell/share data between each other, so once a data event is recorded it will be in multiple databases forever. Best is to make sure that data event never happens.