New Hardware: The hardware is a reasonable step up from what you have. I'd add a 5 or 6 TB HDD, or a NAS, for backup, particularly if you're using Time Machine. (IIRC, there was another backup tool in that config report.)
Why "stuffed"?: I'm particularly looking at how much physical memory is configured in that Mac, and how much is used.
Old hardware: Too much active stuff for too little Mac. I'd remove the VPN, the add-on anti-malware, Java, and probably the third-party block storage services except when using those as those can add a chunk of overhead.
VPNs: The commercial first-few-hops VPN providers badly solve a problem that hasn't existed for a decade or so, but do badly solve that non-problem in a way that is perfect for personally-identified metadata collection. And too many of the VPN providers look rather sketchy. As differentiated from first-few-hops VPNs, I do use end-to-end VPNs into associated networks (and usually the built-in VPN client).
Geoshifting: If I really needed geoshifting with some degree of metadata privacy, I'd look at running my own Algo server on a hosting provider somewhere in the target region.
When not in use: If not currently using the commercial first-few-hops VPN, I'd remove it to ensure none of my data is getting tangled with it, and that it's not active in my routing until and unless I need it. Some of the add-on VPNs still tie into network routing, even when supposedly not active.
"Badly solve"?: the commercial first-few-hops VPN providers use a very weak second tunnel wrapping just part of the existing and secure end-to-end tunnels, terminating that tunnel in a place to sniff all of your traffic metadata, and with all that traffic and that metadata directly tied to your credentials. It's an advertising and data-harvesters' dream setup.
