A few recommendations for your privacy:
1. If you don't trust your ISP, you can use any commercial VPN provider you find more trustworthy. But there's probably no need for that unless you live in a country with political censorship or mass surveillance (which is more common in developing or authoritarian states).
2. If you're an Apple user, you use Safari, and you decide you don't need a traditional commercial VPN, I recommend enabling
iCloud Private Relay. This feature replaces your IP address with generic ones from Cloudflare. It's like a VPN, but without changing your location. Also, there's a similar service for other platforms called
Cloudflare WARP. Unlike Private Relay, it explicitly mentions that it collects some information about you to improve its services, but maybe you will find it more trustworthy than your ISP.
3. Consider automatically connecting to a VPN when you use public Wi-Fi networks (it's really easy to do on iOS because it natively supports such triggers, and many apps like
WireGuard or
Passepartout support them; also, there are third-party workarounds available for Android), or don't use them at all. Even though they generally don't know what's inside your traffic because of HTTPS, they can still collect some basic info about your online behavior.
4. What I would definitely recommend is using an encrypted DNS provider like
NextDNS or a similar self-hosted solution like
AdGuard Home. Enable a moderately aggressive tracking blocking list like
Hagezi Multi PRO++. Configure it on a router level and on your mobile devices, so you're protected when you use your cellular network as well. Also, use a good ad blocker for your browser like AdGuard, and enable tracking protection filters. All this will greatly reduce the amount of so-called "analytics" and "telemetry" that spy on you online.
5. It's a big one, but consider using an OS that is better for privacy: Linux > macOS > Windows; iOS > Android (except for some very nerdy custom ROMs). If you use Windows and don't want to change it, you can use apps like
O&O ShutUp10++ that disable at least some of the tracking features.
6. Consider using a better browser for privacy: Firefox > Safari > Chrome.
7. Opt out of all "telemetry," "usage data collection," "customer experience programs," "personalized ads," and similar features in the software you use. These options send data about how you use the software back to the vendor, even if they claim it's anonymized.
8. Avoid internet-connected devices from manufacturers with poor privacy practices, especially low-cost brands from mainland China. These often include hardcoded backdoors, lack software updates, and tend to "phone home" without user consent.
9. Don't forget to use up-to-date software with automatic updates. While it's not directly related to privacy, vulnerabilities in old software can lead to your device being hacked and your data exposed to hackers.
10. Protect your online accounts to avoid being hacked. Always use strong passwords, and always enable MFA and passkeys if they are available. A good password manager is a must-have.
Regarding OPNsense, it's mostly not related to privacy, and it won't help you. You need to focus on the devices you actually use on your LAN and their software.
You can't completely hide from online tracking. But you can still have much better privacy. It's all up to you.
