I find your question very interesting. Stopping someone from spying on me to throw advertising at me is one level of Privacy. Security to discourage others is something else.
I have read that Encryption is usually broken in practice, not in theory. Meaning people can find their best efforts to use encryption is broken because of something they do, or did.
Likewise real Security can be compromised not just because we did not use the best available software/hardware but because of some way they used the software.
One of the humorous examples being that the Drug King, “Dread Pirate Roberts,” had his location identified by a Captcha. He had been very good about not being identified for years. I do not support the idea that the Drug Trade should be able to flourish. Just this is a good example about how someone who knew to be afraid of his being identified, and knew seemed to know the best tools was caught. Perhaps earlier than his being identified Captcha had not been used to find the IP address of users.
I have read websites which talk about how to be secure. Always a moving target. I find myself looking for a page which suggests not just tools, but assuming the the digital opponent is dangerous to us. A list of “Never do this.” or things like “Never do this while – attempting that.”
Tails may seem like a resource to ultimate security. I wonder about the trustworthiness of Tor.
Yes sending emails by “End to End” Encryption seems like the most probable of can’t be broken or stopped.
My example of a person who needs to have perfect security being like an individual in a nation state where just stating an opinion, a real observation of government action, can cause a long jail sentence, and even worse. Being in the US, I think Red China, or Iran.
I read of a posting where someone was speaking conversationally with the trained Network Engineer who managed Servers. Who said, no matter what IP address you request, I can change it to any place I choose. With enough effort and Preparation.
I take that to mean, If I am logging in, while in a country who worries about what I might be up to. They have a lot of warning I am up to something. Such as, I am reading security websites. I am attempting to download software they might have trouble with. Perhaps even substituting their version. More likely, they can just intercept my efforts to send information out of the country which the country does not allow.
My thought being, first of all. If the person is not a computer expert, on nearly the level of a University trained Masters in CS. Trained in not just managing Servers, but has access to the internet the average Activist does not have. Then they are headed for a jail cell, at best.
My, not very knowledgeable opinion is most activists, journalists do not have minds grooved to being high security computer conscious.
What such an activist/journalist needs is a single time download of software, that they use, and not make mistakes in their use of such software. They never spent hours trying to read websites of additional things to download, like Firefox Addons. As that alone marks them to their countries digital security.
Security advice changes fast.
So yeah, your question goes to basic hope of using Qubes.