How can I defend against ISP/government surveillance and prepare for a not-so-bright future?

TL;DR: The political climate of my country seems like it’s pointing towards authoritarianism, and I fear that could mean an increase in mass surveillance and censorship from the government and state-owned institutions, so I want to know how can I prepare in case that future materializes.

Recently my family and I moved and the only ISP available available at the new place is state-owned, so that’s what we ended up getting for Internet access. This has me a little worried, because although the country I live in has, AFAIK, held up until now a relatively strong democracy and good track record when it comes to upholding freedom of speech/press, a lot of things have happened in recent years that suggest that could change for the worse sooner rather than later. Particularly the previous and current government have shown an increasing interest in law initiatives to establish mass surveillance systems and discriminatory policies against journalists, students, the LGBT+ community, immigrants and indigenous people (just to name a few), and our current government also seems to be slowly taking increasingly authoritarian stances, which are helped by the fact that neighboring countries are already going down that route in the name of “public security” and “economic growth”, with supposedly favorable results and massive popular support.

On top of that, there are already some things that makes our current situation not exactly ideal when it comes to privacy, like KYC being a requirement to activate any phone number, having an account on a state-owned bank being a de facto requirement to get a job anywhere, the entire country running almost completely on top of Meta platforms or, as I said before, sometimes being forced to get Internet and communication services from the state-owned ISP (and a little aside, even if they really didn’t actually had bad intentions, I don’t fully trust them to be providing a reasonably secure service).

My objective is, then, increase and defend my (and to the extent that is possible, my family and friends’) privacy and security against mass surveillance that could potentially be already taking place from the ISP and/or government, as well as mitigate security vulnerabilities to the extent that is possible for me to do anything and prevent further damage if things keep going south. I’m already aware of some things I can do, like using a VPN (or Tor when the situation calls for it), using our own router instead of the ISP provided one or convincing my family and friends to use more private communication mediums, like Signal instead of WhatsApp or Telegram, for example. But I would like to know: What do you think? What other suggestions do you have? Am I being too paranoid?

P.D: The threat model (if any of this can be considered as such) doesn’t really account for being individually targeted because despite everything, I don’t expect to be in such a position and if I ever did, I know that I would be screwed lol. This is more about mass surveillance and censorship.