You should know the limitations of different tools and what different tools are designed for. If you don't know how something works, maybe it is best not to use it. Some things like Signal are designed for privacy, while others such as Tor are designed for Anonymity. It is important to understand the difference between privacy and anonymity. Most of the tools listed here are useless if you do not use them correctly.
Tor and Tor Browser are the most effective tools that when used properly can help you remain anonymous on the internet. Tor and Tor Browser's anonymity comes from the fact that all users (should) look the same and traffic is bounced around the world through relays that are run by volunteers and not by a single entity. Traffic is also encrypted when it is flowing through the Tor network. Here is where the most obvious limitation is shown, the traffic is only encrypted when it is flowing through the Tor network, not when in exits. A Tor exit node can easily see your traffic, and if you are not using HTTPS then it may be able to modify that traffic. Only use HTTPS when browsing clear net sites with Tor, this doesn't apply to onion services (sites ending in .torify.net like this one) as the traffic stays inside the Tor network all the way to the destination
Tor Browser is more of a target than Tor itself. Tor Browser does its best to disable dangerous web capabilities that may deanonymize a Tor user. For instance, WebRTC is practically not usable in Tor to prevent IP leaks and HTML canvas elements are randomized to prevent fingerprinting. Even though Tor Browser has disabled many dangerous web capabilities, JavaScript is not disabled by default, in fact many Tor Browser exploits come from JavaScript. JavaScript is dangerous in general, XSS exploits still exist that can steal browser cookies. Tor Browser does have 3 security levels that can be changed by clicking the shield icon on the upper right side of the browser. The safer setting is more restrictive on CSS to prevent fingerprinting attacks and also disables WebAssembly and the JavaScript JIT compiler, both of which are a large source of bugs and vulnerabilities. The safest setting disables almost everything and only keeps the necessary things for static web pages. At this setting, JavaScript is disabled, and CSS is restricted in the same way as the Safer setting. The safest setting has the most minimal attack surface.
Over all Tor and Tor Browser can keep you relatively anonymous but when it comes to exploits and vulnerabilities, it may require tweaking the security setting or more advanced tools such as Whonix or Tails. Also note Tor cannot protect all your communications, just because you route XMPP over Tor doesn't mean that your messages are private, anonymous but not private.
XMPP is a messaging protocol that on the surface looks similar to email (it's not similar at all). Different users on different servers can communicate with each other across the internet. The only problem is messages are not private, server owners and anyone in between can easily view those messages. This is where OMEMO comes in, OMEMO is an end-to-end encryption protocol designed to be used with XMPP. It is an improvement over the aging OTR encryption still commonly used in some places. OMEMO takes some ideas from the Signal protocol, OMEMO includes offline message delivery, confidentiality, deniability, integrity, authentication, and perfect forward secrecy. OMEMO however, can still be attacked if the correct precautions are not taken. A man in the middle may be able to swap OMEMO keys for their own during a key exchange, to detect and prevent this, users should verify their contact's OMEMO fingerprint through an outside channel.
OMEMO keeps your messages private when using XMPP, neither OMEMO or XMPP will keep you anonymous however they can be used in conjunction with Tor. OMEMO cannot protect your message confidentiality if an endpoint is compromised such as your contact's computer.
Whonix is a much safer way to use Tor anonymously. Whonix uses a two VM approach, one VM for networking, one VM for browsing and other applications. This way, in order for an adversary to deanonymize you, they not only have to find a vulnerability in Tor Browser. They also have to find a vulnerability that allows them to escape the VM which is extremely difficult to do. Everything in Whonix is isolated from the rest of the machine, internet traffic is forced through Tor with no way around since the networking is in a completely separate VM. Whonix also comes with the Vanguards Tor plugin, designed to prevent guard discovery and other traffic analysis attacks that may be used to deanonymize you over a period of time.
Whonix does have its limitations however, for instance using the same Whonix-Workstation VM for different purposes or anonymous identities may allow an adversary to deanonymize you. Many users will not change the sudo password of the Whonix-Workstation VM, while this doesn't allow a VM to escape it makes it to attack. You should have multiple copies of Whonix-Workstation for different purposes, you may also opt to use the live mode for daily activities.
Tails is a live system designed to not leave a trace of anything you do on the PC the Tails USB was used on. Tails OS is a portable USB bootable operating system. Tails comes with Kleopatra for PGP via GnuPG and Tor for anonymity. The version of Tor Browser in Tails also comes with an ad blocker. The Tor Browser in Tails has also gone through some additional security hardening, mainly through the use of AppArmor. If Tor Browser is attacked with a vulnerability, AppArmor can significantly mitigate the effectiveness of that vulnerability by limiting what Tor Browser can do on the system, such as which files it can go through. Tails is also notorious for being the operating system of choice when Edward Snowden was whistleblowing on the NSA. Tails forces all traffic through Tor, traffic that refuses to go through Tor is simply dropped.
Tails however makes it obvious you are using Tails, the ad blocker in Tails' Tor Browser is unique to the Tails operating system. Tails is also not immune to vulnerabilities. Things like the email client, video player, and browser have been exploited in the past (though with great difficulty). If you are using Tails you will probably not have to worry about such exploits as the majority of them are targeted attacks. Tails works great against more generic attacks that are used like a hand grenade (like a NIT) but if you are being actively targeted, Tails will have very limited use for you Whonix would be a better choice in such scenarios.
Do note it is still recommended by many to disable JavaScript while using Tails, but if you are just browsing Reddit or doing normal generic stuff, disabling JavaScript isn't needed and would be overkill in such scenarios.
VeraCrypt is a maintained fork of the discontinued TrueCrypt. VeraCrypt can encrypt an entire device or partition or create an encrypted file container. VeraCrypt also allows you to create hidden volumes which under the correct circumstances it is impossible to prove a hidden volume exists (VeraCrypt used on an HDD along with a live system such as Tails for instance). VeraCrypt containers and volumes do not have any sort of signature and appear to consist of purely random data, making the use of encryption in some cases hard to prove. VeraCrypt is also hard to password crack due to its variable PIM and variety of hash functions, if the PIM and hash function is changed to a secret value then password cracking becomes magnitudes more difficult. VeraCrypt also allows the use of key files to make cracking even more difficult.
VeraCrypt cannot help you if you use a weak password or a password that has been used before. It is preferable to use a passphrase such as a Diceware passphrase with a length of 7-8 words, and this passphrase is only to be used with VeraCrypt. VeraCrypt also won't protect you if remnants of files remain in unencrypted space, to be sure this doesn't occur encrypt all storage including the OS or use a live system. More about this issue can be seen in VeraCrypt's documentation.