https://www.ivpn.net/blog/privacy-guides Specifically the advanced guides. Would this be a good set up to use? I notice on part 8, one of the comments at the bottom says that the NSA can now de-anonymize you even if you use this guide now.
That's hard to say. Using a few nested/chained VPNs plus Tor is probably about the best that you can do with what's commercially available. Doing it as anonymously as possible from public WiFi hotspots, maybe just using each one once (as LockBox recommends) will also help. And make sure to turn off auto-connect, so that you're not broadcasting all of the WiFi hotspots that you've used before. It will also help to use multiple WiFi dongles, rather than the built-in WiFi adapter. That gives you a different MAC at each hotspot. That's safer than using MAC changers. I'm working on a setup with hardware isolation of networking from workspace, using Raspberry Pi, and also looking at strategies to tolerate firmware compromise.