As someone who actually works in a security conscious environment, there is no and never will be perfect security. All you can do is layers.

Think of it as two perpetually competing things: effort and motivaion. One is your security, the other is how valuable your data is for hackers, companies or an overmilitarized government (eg any developed nation).

If you’re dealing in highly illegal stuff, you will likely get all the attention, which you’d need to be paranoid about. In our current politics its fair to say being for human rights can come near that soon. In average circumstances, only data brokers and other capitalists will try to attach to your data which in turn leak it to the government without a warrant btw.

Security layers work like this: you build individual layers of independent security measures which might be breached but only reveal the next layer which slows down any attacker. Think front door, room door, safe. The important detail is that you don’t put all the keys under the front door mat.

Example: you should (obviously) not post your address, bank account, email, etc on the public web. Its not much but doing that you would absolutely not need to care because you’re already sharing it for free and will likely be ruined soon.

Then you might want to be selective of your tools. Messaging, data storage (ie cloud), AI, social media. Posting pictures of you and your family on vacation or at home for everyone to see is just asking for brokers to gobble it up.

In private messaging, the word private is very relative. On certain phones, the phone itself reads your screen and tries to suggest things based on the messages you write. On that base, you really dont need to bother about anything other than the script kiddie on the starbucks wifi. You can bet that the phone will share that info if you let it.

So if you need actual privacy because you might say something that isnt exactly legal but not highly illegal as to warrant busting down your door: you might want to switch OSs first on both your phone and computers. It’s not perfect but running mint and lineageos (or graphene) you at least dont have the monopolist on data collection directly embedded in your phone. Apples ios does read your screen last i checked so they’re out if you want privacy.

Then you can bother about a messaging app. Meta is out. Forget it. Signal is what most people with privacy needs use since it is easy, open source, provided by a nonprofit. The biggest issues are that it is centralized so technically they could be taken down or maybe implement a backdoored encryption. But at that point most efforts will be for naught so lets assume that is not the case for now.

People with technical interests use matrix, which is also used by the german military, decentralized and rather popular in some countries. It’s not perfect either since the metadata still leak afaik which means someone can try to identify you and guess your texts in some cases. But of course it is insanely different from whatsapp in terms of control and probability of a breach through meta.

You can use a variety of other messaging apps like simplex chat or even decentralized wireless communication like meshtastic. Its literally impossible to know all the different avenues you can take. So that at least makes it fucking complicated to get all your data, provided you dont back it up on icloud or google. You can even route your messages through hybrid networks of wireless and wired networks if you wish.

Then of course you can pack it all inside a vpn which will depend on your strategy and maybe vendor. Just vpning home helps to make your messages very hard to decrypt at the starbucks but if someone listens on your isp, they can still see who you might be communicating with.

Then there is the matter of google services and push notifications. If you want real privacy, you dont use google services at all and either a privacy concious provider or even nothing. That would mean no outside notifications and only regular or manual checks.