I think it might be in order to open up thread here to exchange some stuff on XPrivacy. I intend to re-visit this post for editing later. I would also suggest the moderators to make it a wiki, so others can edit, too.
Continuing the discussion from Cyanogenmod 11 for Fairphone Install guide + experiences:
I agree, XPrivacy is overwhelming. It is also quite an education to use it, and to see what an app actually accesses. In general, I tend to tick as much boxes as seems reasonable first.
A very quickly written first guide (later editing intended):
After installing, first go to Settings. Go to the Fake Data section and tick randomize on boot, and all boxes below. If you want, you can tap Randomize now to see what happens: your phone is providing apps which you restricted with fake data. Don’t forget to tap the 
icon to save your changes before returning to the main menu.
Now, choose an app which you want to restrict. I suggest to start with an easy one, which does not need much access to your phone. Take ObscuraCam, for example: it does not need to access your phones serial number, nor the MMC and MNC, does it? But it definitely does need to access your SD card, right?
If you install a new app now, or run an update, then XPrivacy will kick in and ask you to edit the Settings for this specific app. If you do, and save your settings (that strange symbols from the 90s, remember? ), you will arrive at the restriction screen for this app. If it’s a new one, it will not have accessed anything on your phone, probably - so you can just tap the question mark, if you want. As soon as the app requests information from the Android system now, you will be prompted if you want to restrict it or not. Beware, this can render an app quite useless for a while, until you answered all the pop-ups. Also, if you restrict some stuff, apps may crash - but remember you can revisit you settings. Don’t tick “Location” settings for the OSM~And app, for example, and expect the app to find you position by GPS. 
It’s quite interesting to see what apps access. For me, it has been QUITE an education - and I’m still learning a lot.
Also see other Wiki posts in the [Security Category][1].