The best setup acc to me for web is Firefox + uMatrix + CanvasBlocker + WebRTC Blocker + DecentralEyes + HTTPS Everywhere + Smart Referrer + StartPage / DuckDuckGo + any DNS over HTTPS provider of your choice. Be prepared for the recaptcha time sink. You could turn on Firefox's resistFingerpriting setting, too. Use Brave or Bromite as an alternative browser for websites that break.
For phones, you could run DNSCloak with AdGuard DNS (iOS) or Blokada (Android). There's AdGuard Pro, Lockdown Firewall, and Guardian VPN+Firewall for iOS that are super neat.
NoRoot Firewall, NetGuard, and GlassWire Firewall for Android that I've found to have acceptable privacy policies. LittleSnitch or LuLu Firewall for Mac, GlassWire Firewall for Windows are some of the other options.
Pi-Hole your routers too for other devices connecting to Internet.
You can marginally reduce the recaptcha "problem" by using the Privacy Pass extension, though I can't speak to whether there's a net loss of privacy by using it.
In my personal experience, the vast majority of captchas are Google, while Privacy Pass is only supported by Cloudflare. If Google supported it, it would be amazing.
Unfortunately Google uses their captchas to train image recognition algorithms so they have an incentive not to do so.
For phones, you could run DNSCloak with AdGuard DNS (iOS) or Blokada (Android). There's AdGuard Pro, Lockdown Firewall, and Guardian VPN+Firewall for iOS that are super neat.
NoRoot Firewall, NetGuard, and GlassWire Firewall for Android that I've found to have acceptable privacy policies. LittleSnitch or LuLu Firewall for Mac, GlassWire Firewall for Windows are some of the other options.
Pi-Hole your routers too for other devices connecting to Internet.