At minimum i usually keep ad block plus, disconnect me and blur plugins running all at once. It might be a bit redundant but some of them catch what the others don't. I use google DNS because my ISP, time warner cable, is notorious for prying on peoples internet habits and colluding with the CIA and FBI with prism type backdoors and whatnot. but i still don't trust google in general. If i need an extra level of privacy security, i go with tor. It basically routes your IP through someone else's ip somewhere else in the world and appears like you are them. It is a whole network of peer to peer ghost routers basically. there are a variety of anonymized search engines that allow for this as well built into the browser bundle now. By default, scripts and cookies in tor browser are turned off, and you should leave them off because some scripts can find ways around it and figure out where you're at. Tor is still not 100% safe either, for a triple threat you should use Tor through a VPN and private DNS, maybe add some popup blockers and do not track plugins to boot. There are tens of thousands of companies tracking you in a given month. You may not realize how many until you see with your own eyes. My blur plugin says i've blocked 100,000 since september. If you haven't been blocking them all your life, many of these people have incredibly detailed files on you. There is nothing you can do about that. You can call in to all of them, ask to have your information removed. They are legally bound to do so, but that does not mean they will, and it also does not mean there is really any legal recourse for you if they don't. They can and do sell that information for a profit. They can also sell that information to the government without a warrant. The government does not need a warrant to collect information about you through a third party. That is their legal loophole for due process. The NSA buys this information in bulk. Other people who buy this information, are targeted ad services who try to pander to you not only online but also to your mailbox and your phone. Someone may have cross referenced the identical names in their database and connected your phone with your email what you bought last week on amazon, with your facebook page. Anyone who works for these places, if they wanted, could stalk the **** out of you.
One thing that you may notice when using tor, is that some sites can detect when you are using it, and many, especially those of bigger corporate owned websites ask you to stop. This is because they are tracking you. Do not go on those sites anymore. If you feel that the website doing business with those tracking companies and selling your information to god knows who is a fair deal for what you get from those sites, then just be conscious of that. I still buy groceries with my vons card even though i know the very same ad companies track my food consumption through it. I don't care. Who cares what i eat?
Do not ever send money to someone you meet online. Not if they pretend to be a nigerian prince or a kidnapped girl held hostage in a foreign country. If someone says the credit card is only for verification purposes, cease contact with them at once. No one needs to verify your age. No one cares. Look at porn sites. They've gotten so laissez faire about it that they don't even make you type your age anymore. If doing business with a small internet company you've never heard of which does not have a corporate headquarters listed, check the better business bureau, or yelp, or scam report. If still inconclusive, check the whois registration. There are a lot of scams out there. Casting360, for acting, a **** ton of fake pharmacies promising prescription drugs, dating sites that turn out to be empty only after you've paid for membership, fake charities, fake file servers that pretend to have nonexistent files, applications that are free and open source being sold by a profit by scammers, "download helpers" of any kind, adware or popups that says you have a virus and you need software to fix it, and thats just scraping the surface. people are animals.
Do not ever click on a link to a webpage purporting to be from that webpage in your email, unless it is one of those "verify your account" links. They can spoof those. Phishing is basically the practice of sending out fake emails that look like they are from the actual websites but instead send you to a fake clone of those websites, and then have you type in your private information so they can steal it. If you notice something weird in the url not being the way it was supposed to i.e. "facebookmailserver.com" or extra numbers or letters, or from websites you have not visited, this is probably what that is. Do not click on any of the links because they can also store cookies and to be safe flush your cookies and app data often.
I do not like the realities of the internet age. I think a place where you can't take a single step anywhere without someone stalking you or tracking you or trolling you or exploiting you is a terrible, terrible f*cking place. But we've made it necessary to our daily lives and going through unpleasant or less convenient internet avenues is the cost to bear for freedom without sacrificing security or personal liberty.