So Congress decided it’s okay for ISPs to sell your personal, private information without asking you first. And you’ve already taken the first, important steps of getting a VPN and then changing your DNS servers.
You should also encrypt everything.
Encrypting stuff with your browser is actually pretty easy. First, install HTTPS Everywhere (Firefox, Chrome, Opera, Firefox for Android). This means that all your web traffic is encrypted back and forth.
You’ll also want to look at Privacy Badger and Ghostery (though the latter is owned by a private company) to eliminate silent trackers (and there’s more than you think!).
Then you’ll want to look at encrypting your e-mail. This is a little more daunting task, but there’s plenty of help out there. GPG (or PGP, or OpenPGP, it’s all essentially the same thing) is what you want.
There’s LOTS of very complicated explainers out there. Here’s the simple idea:
I have a public key and a private key. I can hand out my public key to everyone. My private key I keep secret.
If you encrypt something with my public key, only my private key can decrypt it. If I encrypt something with YOUR public key, only YOUR private key can decrypt it.
There’s a lot more to it than that, but that’s the basics.
Lifehacker has a really good step-by-step for setting up encryption for your email at https://bit.ly/gpgEmailGuide.
There’s also services like ProtonMail that try to make it seamless for you, or Keybase that verifies that you’re you on social media and the like. (I’m at https://keybase.io/stevensaus; please feel free to friend me there or ask for an invite.)
Finally, as a reminder, if you’ve got Bash, you can run the Saurian Spider in the background to pollute your web history with random links.