I keep my browser cranked down, partially for privacy but also because I just don't know how people can get anything done with windows popping up all over the place wanting you to "punch the monkey"[1].
I also have a separate user on my box whose shell is firefox for the times when I want to visit the very few sites where I need to allow js, cookies, etc. A simple `ssh webuser@localhost` and I can temporarily use the web like a normal person, but not allow access to my real home directory/etc. Add an occasional wipe of /home/webuser and a restore from known state (basically just restoring browser settings). One of these days I probably should create a creditunionuser account so that any online banking is done completely isolated.
[1] If you've been using the internet for quite awhile, you'll probably recognize the reference to one of the early annoying ads. If not, don't assume.
I am mainly Windows based, because I am a repair tech, and I need to use them to be able to fix them...
That notwithstanding, My boxen are all surfing with 'user' level privileges, script and ad blockers, CCleaner is scripted to run on boot, so there are no cookies standing longer than a day, and the temp directory is hosed out every morning... Is it perfect? No, but I can't remember the last time KAV or Malwarebytes had a warning.
I don't do banking on the internet. My books are all old skool. I purchase only with gift cards, or out of a paypal account that never has any more money in in than is needed... And internet purchasing is very little to begin with.
To a point, I am identified, to anyone who can tie my router to my IP at the ISP I use... And the seven years of records they are required to retain... But all that won't give them much of anything... Emails to my family and surfing to my normal watering holes.
When I mean it, It's full-on locked-down linux anonymous, and never ever from a box I can be traced to, and never ever at home... Seldom from the same place twice.
And yes, I remember 'punch the monkey'.