The git repo should ignore the venv folder, so when you clone you then create a new one and activate it with those steps.
Then when you are installing requirements with pip, the repo you cloned will likely have a requirements.txt file in it, so you ‘pip install -r requirements.txt’
If you arent an actual journalist who is being personally, specifically hunted then you probably don’t need to take the same precautions as one.
And yea, the guide boils down to “none of these things are 100% safe but they are realistic things you can do that can offer more protection than not doing them.”
Your skimming of the article missed how they do indeed talk about the shortcomings of every suggestion they have. For example, the article also does indeed talk about how you can turn off gps but your phone will still ping towers revealing your location, and goes on to say that you can put your phone in a faraday bag but that isnt practical for most people but is indeed an option if you want to do it.