tbh I'd rather not considering how easy it is to give the wrong advise. OpSec is a deeply personal affair very everything you do (and don't do) needs to be tailored to what you're trying to protect and consistently (!!) revised.
I did a writeup that was aimed to illustrate the insane complexity of OpSec and for people to follow along to achieve better privacy (e.g. first install some browser plugins, then /etc/hosts blocking, then pi-hole, then Tor, etc ... so it gradually introduces people to the idea, until eventually the steps become too hard or impractical for them). Also be warned about the psychological pitfalls of what secrets/compartmentalization can do to the brain and remember that cops and spooks have specialists to support them while a lone wolf trying to protect themselves remains exposed to these dangers this can do to your mind.
some of the first couple of "Steps" from the document should be ignored in 2019 (or moved to the bottom - to where the more difficult points are listed - because people will get it wrong) and are no longer useful but the final points of the document give some tricks on how to hide completely. Things like sending a friend around the world with a budget of monthly $50,- debit card for beer money (under your name) remain highly relevant.
Other things are totally missing such as what to do if you think your phone is compromised or how to do damage control in general.
Again be warned that certain points are very dated and may not give you the protection they promise in 2019:
> Use a burner phone with a prepaid SIM to safely enable 2-Factor Authentication (2FA) without leaking your primary mobile number to any «cloud based data-krakens». Nokia’s relaunch of the 3110 is OK for that purpose and doesn’t immediately out you as somebody holding a burner phone in their hands. But the problem is that it has a GPS chip and camera. Probably a show-stopper for stricter scenarios. Just get any cheap phone that doesn’t include the word «smart» in the name. You want to be able to text and that’s it. Consider buying a used prepaid SIM for a few extra bucks from somebody not associated to you and who hasn’t advertised this to you before either. In some countries this might be your only choice meanwhile. Immigrants are usually happy to sell their prepaid SIM for some extra cash. This gives you a number including all existing metadata (call and movement history visible to the operator and the spooks) already associated to that device and its previous owner. You have now purchased the «cover» of a whole network of people connected to the previous owner. This adds plausible deniability to what would otherwise be a pristine dataset (starting from zero). You will also inherit any active tracking that the original device owner themselves might have already accumulated. So if you’re unlucky you may buy the phone from someone under active surveillance. However the idea is that as data-sets age they increase in value to anyone studying them (and people who do are never your friends regardless if you have anything to hide). In other words, what we did above with TrackMeNot/AdNauseum, we’re now repeating with a prepaid SIM from a stranger.
