Encrypt all the things!

My mobile setup:

• Rooted phone (but not using a closed source / one-click rooting tool, as they all include spyware) & open source ROM
  
• No google apps.
  -- This is a huge compromise, and many things don't work without the Google framework. MicroG makes some things workable, and Yalp is useful for installing Play store apps, but over time, fewer and fewer apps will work without Play services.
  
• I use f-Droid predominantly for apps
  
• AFwall (a per app firewall that uses IPTables) takes care of most privacy concerns. If they can't send data anywhere, it doesn't matter that they are collecting it.
  
• Titanium backup gets rid of all the bloatware & unneeded services (or I could just do this manually via the command line)
  
• LBE security manages permissions. I should switch to xprivacy, but I'm lazy. NB - LBE dials home, so keep it behind a firewall! No apps get access to anythihgm, unless they strictly need it and I explicitly want them to have that permission.
  
• Browsing is Fennec, with ublock origin, Noscript, Cookie autodelete, decentraleyes, httpseverwhere, toggle referrer, user-agent switcher & manager (and facebook container on desktop)
  
• Facebook is via Tinfoil for Facebook
  
• ssh tunnel & proxydroid
  
• Find alternatives. They're around.
  
  

Being non-Google, I host a lot of things myself - calendar, email, cloud storage etc... on a few VPS servers.
All of my own cloud stuff using Owncloud & an AWS-like S3 solution (storage on the S3 box is all encrypted and served via my own VPS)