Wowza! That is indeed a helluva backstory! And well told, I might add. You've given me a wide opening to ramble some more, so here goes!
I have often expressed (here, and elsewhere) that "security and convenience are a tradeoff." The more convenient your computer usage, the less secure. The more secure your computer usage, the less convenient. It's just a generalization, of course, but your experiences and future plans show the practical truths to my generalizations.
While a lot of your anger is directed at foreign entities, I would remind you that some of the best hackers and criminals are here in the US. Also, nothing is perfect. People in China are able to go around The Great Firewall. I'd guess that Equifax used firewalls when they were hacked. My VPN can show my location almost anywhere... which allows me to watch Australian TV when I am otherwise restricted. But foreign entities can use VPN's too and look like they are in the US. Firewalls are good, but don't let it give you a false sense of security.
VPN's are simple and prevalent. Skilled criminals likely have many tools to use. While many people choose convenience and are easier targets, even those of us who try to be more secure will always be vulnerable. I can tell that you will be even more security-minded than I am, and I am always questioning whether I am doing enough. The tradeoff is tough sometimes.
I'll mention these below, though you are probably already on top of this. But maybe some others will benefit from the comments.
You can "freeze" your credit with all three major credit bureaus (Equifax, Experian, and TransUnion). There used to be a fee in many cases to do this, but after the Equifax hack, the government forced them all to offer this for free. Sometimes they will try to offer "something else" (something "more convenient") but I think the freeze is a primary defense for average folks like us. The freeze is permanent and you have to manually unfreeze it yourself in order to open new credit (less convenient). But another thing you can do with the bureaus is put a "Fraud alert" on your account. This is only good for a year but can be renewed. With a Fraud Alert, the bureaus are supposed to call you before opening any new credit, so you need to keep your phone number with them current. Regularly get an annual free credit report (
here) from the bureaus. Staggering between the bureaus will give you a free report every 4 months. If you're married, staggering between bureaus and between your wife and yourself can give you a report every 2 months, because usually your spouse's credit is very closely tied to your own credit, although that is by no means true for everyone. It is true for my wife and I though.
Identity theft more often targets your credit than your savings account. Your story is rather exceptional in that respect. But good computer security should try to see the big picture of your financial vulnerabilities.
Some recent threads on this forum were about password managers, and you might look those up or start a new thread if you have questions about them. There are pros and cons to using a password manager. It took me a long time to finally accept using one myself. They are a good tool, but you definitely want to know their vulnerabilities too.
NoScript: This may interest you. NoScript is a Firefox browser add-on that stops Java scripts from running on web pages you visit, but it lets you pick and choose which scripts can run. This is NOT a convenient tool. In fact, it can be annoying. You absolutely need scripts to run sometimes, like to do online banking. But you don't need ALL of the scripts on your bank's page to run. You can give permanent permission to sites like your bank, and you can give temporary permission to others as you figure out what is needed, and what is not. It will let you export your settings to use on other computers or to store as a backup. You would definitely want to back this up for all the difficulty there is in getting it set up over time. But it is a very powerful tool to defend yourself, so it's worth some effort.
Biometric data: Do you use your fingerprint to unlock your phone? This is just a personal view of mine, but I don't want any biometric information exposed without some seriously good reason. If your email password is ever hacked, you can change it. If your fingerprint or iris scan is ever hacked... how can that be fixed? A whole lot of people like the convenience of touching their phone to unlock it... because it is so inconvenient to enter a passcode or swipe pattern. Oh well.
Alright, back on topic... I like your "skinny surfer" idea. I've had similar thoughts in the past with the plan of using a "Live DVD" to load Linux instead of a write-protected SD card. Once the DVD is burned and the session is closed, it cannot have anything further written to it. Same concept for sure, but the SD card would boot quicker than a DVD. Once loaded into RAM, there may not be any difference. The Raspberry Pi would be great for this, I think, but you can probably boot the SD on other computers too. And you could use USB as well. Often a Linux Live USB is setup with "persistence" which allows you to write to it... you can install programs, and it will remember your wireless password. But you can use a USB without persistence too so that nothing "should be" written to it. The USB is probably a little more universally bootable since many computers don't have a DVD drive or an SD slot.
Again, nothing is perfect. I'll be interested to follow your progress and see the choices you make, if you share them. It's understandable if you keep things private too. You may give me some new ideas as well. In fact, in writing this I have discovered that I need to go renew my Fraud Alert... thanks!
[EDIT #1] I made a mistake earlier about the phone number with a Fraud Alert. The bureau will provide your number to a lender so they can call you to verify your identity when opening a new credit account. But giving the phone number was OPTIONAL, so I left it blank this time. That could cause even more trouble, but I don't apply for new credit often, so it was worth taking the chance for me. I used TransUnion to place the Fraud Alert, and they will notify the other bureaus for me. They also removed me from pre-screened credit offers for another year.
[EDIT #2] With credit frozen, the free annual credit reports were difficult to initiate. I'll have to mail a request to 2 of the 3... only TransUnion was successful in giving the report right away, after answering various identity questions.