I want to elaborate on some of these.
>pay with cash
this one is more important than you might think. If you want, you can use ATMs to have a bank account, but watch out for fake ATM fronts. Seriously, inspect them.
>turn your phone off in crowded areas.
personally I keep my phone off unless there's some reason I need it on(which is about half the time). Remove the battery. Text through Signal and try to get all your friends to as well.
>Disable JS in the browser
needs to be more precise. JS is oftentimes needed and usually benign. Use something like policeman or umatrix(I prefer umatrix) to enable content to/from certain websites. Image is a list of firefox addons that I use and would recommend. To further harden firefox, go to about:config, search for google, and delete every entry that comes up. Also consider enabling most of the options for Random Agent Spoofer, it gets most things.
>Change your appearance subtly in all documented photos, such as IDs. Changing your hair style is an easy way to do this.
this won't work. Anyone competent will be able to recognize your face. I recommend not having any more ID than is strictly necessary on you, though.
>Use Free Software.
Simply using free software is not enough to protect you, though. One needs a lot of technical experience to really get it right, and unfortunately it's usually hard to ask the right questions for personal research.
Some basic pointers:
-linux and OpenBSD are the only reasonably secure operating systems
-there are things called containers or jails, which you run applications in, that are very useful for preventing hacks. I recommend firejail.
-free software cannot fix defective/compromised hardware. Phones are guilty of this particularly.
-the chromium browser is open source and reasonably secure, but it's simply not possible to harden it as much as firefox.
-newer almost always means more secure.
good google alternatives include duckduckgo(I personally love the !bang functionality) and startpage.
generally, if you're coming down this rabbit hole, you need to be pretty paranoid, but it needs to be controlled paranoia. Don't be afraid of hypotheticals, be afraid of real possibilities. Keep up to date with the latest tech and hacking news. Many exploits that have been proven to work are outlandish, while many simple things that seem easily breakable are in fact not.