There are a lot of misconceptions about what you can do to remain private online. The original video makes some points, but generally speaking, online privacy is a lot of little things. You want to learn something? Forget TED. Check out Richard Stallman's writings and videos. Yes, he's a nutcase. Yes, he takes most issues to their absolute extreme. However, he cogently outlines each area of concern in a manner that's very accessible to the general public, and each person can take each area of concern and make what they will of it, be it do something, do nothing, or go all the way like RMS does.
Protonmail and Hushmail and similar? There are valid points to that, but there's no magic bullet here. The most attractive thing to the average email user would be their privacy policy. To be blunt, though, if you are satisfied with your own ISP's privacy policy, then Protonmail won't do a darned thing for you if you're just doing ordinary emails. In such a case, you're best off using your ISP email. To get the benefit of email encryption through Proton or Hush or their competitors, all participants must be using the same service or the other participant must be versed in using GPG (and the Proton or Hush user must have the proper service tier). Proton email to Proton email is highly secure. Proton email to something else, or the reverse, is just ordinary email, with rare exceptions (the other participant versed in GPG). Gmail encrypts to other Gmail senders, so it has that, but their privacy policy is out to lunch. As far as email security really goes, Proton's and Hush's security is limited by the fact that the user is not in sole custody of their private keys. That's a weakness. The real strength in Proton and Hush, as I've posted here before, would be as an enterprise solution.
Alarmguy uses Proton. I don't. If I had his email address and his public key, I could send him a secure, encrypted email through GPG and my ISP email (or whatever email I so chose). His inlaws using their ISP mail, or Gmail, or whatever, unless they had a working knowledge of GPG or were also Proton subscribers, could not send him a secure, encrypted email. All they'd really be doing is sending an email to a domain with a good TOS sheet.
With respect to what we consent to when it comes to surveillance, there are differences. At a red light, I'm in public. Anyone is permitted to photograph me in public, including Big Brother. How they handle that data is another matter, but I have very little expectation of privacy in a public place. My email, however, is not Google's business. I can't even send a .7z encrypted archive as a Gmail attachment, so Google really can pound sand.
We are tracked when we buy things with credit cards. Yes, but I trust my credit card company much more than I do Google or many other companies. My credit card company is interested in me buying more services from THEM, not selling my info to someone else. In my email account that I use for banking, I receive absolutely no unsolicited legitimate admail (i.e. partner emails, not scam or phishing). I receive no physical mail ads addressed to me. This tells me that my financial institutions aren't doing too bad of a job protecting my information. They had better, if they want to keep doing business with me.
I use Google searches on occasion. Sometimes I want an ad. Ads aren't completely useless. I want to buy something, I'm going to start at Google. I don't need to feed their information sales machine, though, for every little thing I search for.
One could use TAILS for everything or Stallman's bot process to browse the web, if one is very concerned. That's a little extreme. It's not a dichotomy, though. The alternative isn't that you must allow every cookie on your machine for all of eternity and don't worry about privacy. One can use cookies for where they're useful to the YOU. I use cookies to get onto BITOG. That's of use to me. I couldn't care less about ad companies' concerns about ensuring they supply good value to their clients. Accordingly, cookies get deleted (and other browsing history) whenever I exit the browser.