I'd also suggest checking out a reputable VPN that verifies they use log-less servers. I like NordVPN.
KeepassXC anyone? Yubikeys?
Maybe also checkout running Linux in a virtual machine.
IMHO most VPN services aren't going to hold up to pressure if the gov REALLY wants to know who you are. At minimum use one in a different jurisdiction than you to complicate that a bit.
It's honestly more important to understand how to avoid malware, etc (keep your computer updated, use adblock)
Tails on a thumb drive. An old second- or third-hand laptop paid for in cash at a shop or market not bought online. Pull out the storage. Hotglue up the socket and all external ports other than power and a single USB. Superglue the case screws in and put unique stickers over the holes.