Up until now, I have never had a good enough internet connection to worry about this crap. But now I do, AND I am with comcast who I certainly do not trust.
The other issue is that I am now in an apartment complex with a bunch of people in range of my router.
I do know the basics. I know I should use a vpn, don't use chrome, make sure the router has a secure password, and stuff like that.
But beyond my superficial knowledge of the basics, I do not know a whole hell of a lot.
For instance, how do I find a good VPN? How do I know that VPN is trustworthy?
Another though I had is that I am being forced to use a comcast modem router because I have VOIP. How can I tell if comcast is doing any funny business directly on my modem?
monitor you network all day long is only way to find out if they do any funny stuff, but being forced to use their router already gives away one line of defense for your network. What you can do is i though Wendell already suggested. Is host a server somewhere else and make a private openVPN connection between you and that server. So it will operate as a proxy with encryption (afcourse first find out a non comcast area, but it can also be outside the USA.)
Also you'd want to check the legals and privacy statements of the country the VPN is based in, for example as a finn I can tell you that privacy here is a basic user right, not just for citizens residing here, I've read through the paragraphs and a 'user' means any person, unless you're a dog from another planet you have the same rights lol. ISPs do contain logs for 6 months 6,9 or 12 months that lawenforcement has access to if they get a warrant. That just as an example since e.g. in the US the laws are pretty much targeted towards citizens. There are nonlogging VPN providers too but this post just as a headsup, there's many countries with similar legislations.
Modems are not that high tech. The term modem stands for a "modulator de-modulator". Modems just convert the source to a different media type; RG6 for example. Comcast can not 'tell' modems to do anything specific (like route or log your traffic). That being said, they can monitor things like signal levels at their end (which they should) because that ensures your connection is up to spec. If they route you through their DNS or log your traffic that will be done on their side.
Since you are living in close proxcimity to other residents I would do a survery with InSSIDer to make sure you are on an un used band for your wifi channels.
And as for the VPN the other posters above me said it well enough.
if you are worried about people near you trying to get into your router using WiFI you can try a few things to lock it down but are by no means bulletproof:
Disable DHCP on the router, DHCP hands out IP addresses to your devices but the down side is you will need to program your devices with static IP addresses. This is what I do. You could setup reservations but that might be going too far if you are looking for something simple/easy.
Use a strong wifi password that is different from your router's logon page. At least 10 characters, some upper case, lower case, numbers and symbols.
Disable SSID or network name broadcast. This will hide your wifi networks from everyone, including you, so you will have to manually enter it on your devices.