Nobody can tell you what you need to do, and that’s exactly why threat modeling is important. I understand your feelings, to an extent. I got caught up in “threat modeling” and kept trying to find a specific and detailed guide on how to actually conduct the threat model. It’s akin to strategic planning in business; everyone talks about it but nobody shares how to “do it”.
I also think you’re over-complicating it. If you’re looking for someone to tell you what to do just so you can follow it, your privacy journey will likely end soon as you will give up due to inconvenience, etc. The idea is that YOU decide which aspects of your online life you want more private, and you search out methods of accomplishing that.
Starting with a VPN is great, because it’s easy and in your case, free. Yes, a VPN protects your web traffic from your ISP, which also means they can’t target you with ads and sell your data, they can only see that you’re connected to a VPN and get the encrypted traffic which is useless to them (I’m ready to stand corrected because I’m also not an expert). If you don’t care about targeted ads and you don’t care at all if your ISP sees all of your internet traffic, then don’t use a VPN. It’s as simple as that. Try running the VPN in steam and if you find the speeds acceptable then just keep using it. If not, then turn it off when gaming and turn it back on when done. It’s totally your choice based on if you see your ISP as a threat to your data and privacy.
Regarding a password manager, you seem to already understand why that’s important. Good for you because that protects your online accounts from being easily hacked.
You don’t need to understand the technical jargon and aspects of a tool to use it and benefit from it, in my opinion. I’m not even sure that’s exactly what you’re articulating.
Encrypting your OS (Windows 10) is important because if someone gets physical access to your computer, unless you have an idea to crack password, it will be extremely difficult for them to access your data. It’s free, easy, and requires nothing for you to have turned on BitLockers, so good for you.
ProtonMail is good because it encrypts your emails end-to-end when you’re sending to another ProtonMail account. There are some complaints that because most people are sending emails to non-Proton accounts, then your email is still visisble on the other end. That may be true, but you are still protecting the rest of your emails that come from secure systems from outside attack, and they are encrypted in storage so even if ProtonMail is somehow hacked, the data is encrypted. If you don’t care about the privacy of your emails or the things in your gmail accounts, then you should have just kept them.
TOR? Do you really need it? I find TOR is generally overkill for common internet users.
You should use aliases as much as you can, because you can easily stop receiving email from that alias without having to change your entire email address. Also, if one service provider gets hacked, they only have access to your alias and not your real email, which then you can turn off that alias.
This is just off-the-top-of-my-head stuff from someone who doesn’t really know much. The truth is, nobody can tell you what to do because nobody can say what’s important to you and what you’re willing and unwilling to give up and/or change.
Maybe ask more questions?