Let's say I've put in "reasonable" privacy measures across my browsers and devices.
How do I actually go about testing it - finding out what's leaking/leaked, comparing it to "default" setups, etc?
I guess there are some good guides around, but also thinking in terms of ongoing process/strategy.
If the platform was iOS, my go to for checking on what's getting through would probably be Guardian app's reporting features (product link below). They did all the hard work on coding ways to detect privacy violations at the connection level. They even have a day pass option so you could just use those for updated testing over time as they keep their data and methods updated.
If you're wanting to be a bit more hands on, I'd try Charles Proxy. Available for multiple platforms, it will let you "man in the middle" your own connection fairly easily so that you can see all the connectivity coming from your test device when you perform certain actions (or just idle). It is usually pretty capable of pulling back a curtain of encryption sometimes used to hide exfiltration of private data.
"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko