Let's start here: do you use Windows? Or an Apple operating system on your computer? You're hosed. The NSA owns you. They own every thought, all your dreams and aspirations. They own your relatives, your friends, every plan you've ever made and how it turned out, every word you've ever written, every dime you've spent. If they want to be inside your computer watching what you do in real time... yeah: they can do that too, if they want to. But maybe posting with a fake user name on a non-threatening site like DKos... maybe you're flying totally under their radar? Mmmph. You are owned.
Do you use Linux? 1000 to 1 you're hosed. It's possible to lock Linux down, but it's very difficult - almost impossible - and intensely geeky (do you speak Snort?). And while locking down Linux against incursions by some of the very best hackers in the world - those friendly folks at NSA - is actually possible (it isn't with Windows or iOS - period), it's constantly in flux. And keeping up is a labor of love - it does take considerable work.
There is a way, though: a way that is possible for we mere mortals. I don't really expect much traction on this - but I feel an obligation to at least make the effort. And if just one person gets it and does it... well, I'm a happy camper.
So I posted a diary a few days ago about an NSA-proof email system called BitMessage. But, thinking about it, securing our email is really just a small part of what we need to do to keep ourselves safe from our own government.
Complacency is not a characteristic that is naturally selected for.
~Me
There is this operating system. It is called QubesOS. It looks like Red Hat Linux; and it is, sort of - but really, it's a Xen hypervisor. And all that fancy stuff doesn't matter.
You can install it with very little trouble - like any other version of modern Linux - and the only thing that's really important is picking compatible hardware to install it on. There's VT-x and VT-d to keep in mind... blah, blah, blah. Just look at the hardware compatibility list. Download the file. Follow the destructions.
Download (Version 2 Beta 2 works well - Ver. 2 is just about ready. Unlike BitMessage, this is mature software.)
Unpack it onto a DVD or thumbdrive. (I'm not 100% sure, but I think Windows users can use Unetbootin to burn ISOs onto a thumbdrive)
Install.
Read the Manual!
OK - now this is what you've got: you have a computer that is made up of several Domains. Domains can be thought of as virtual machines; like when you use Oracle's VirtualBox or Apple's Boot Camp to run one operating system inside another. These Domains are assigned various levels of trust: and stuff in Domains with lower levels of trust cannot get to higher levels. For example, the Network Domain (and it is the network where bad things usually happen) has zero trust - and cannot access anything. There are 'throwaway' Domains - so you can open a web browser, do some secure surfing, and when you're done it all disappears. There are Domains integrated with VPNs, and Tor. And should any Domain with network access become compromised or get infected by something nasty, it can't affect the rest of your Domains.
[And of course, as with all versions (called 'distros') of Linux, you get the FOSS (Free, Open Source Software) stuff: a full office suite, the ability to watch DVDs and play music, a few tens of thousands of free software packages (everything from a couple hundred versions of solitaire to the packages needed to build your very own supercomputer), and so on. Fair disclosure: QubesOS, at the moment, won't play graphically intensive games.]
Your main and most important Domain is called Dom0. All the others are launched from there, and it is secure to a T - nothing touches Dom0. Nothing. It has no network; and while it fully controls all hardware, it is not exposed to that hardware. You use Dom0 to create, delete, launch and control other Domains. This level of hardware security is why VT-d and VT-x is required on your motherboard, by the way - it allows for complete hardware isolation.
Just as an aside, the idea of isolation is critically important to the lead developer of QubesOS; Joanna Rutkowska. Security by Isolation is an approach that is newer, and very effective. Ms. Rutkowska has a fascinating history that is worth looking into - you can get to her personal blog via links on the QubesOS page. She was a black hat hacker of considerable repute, who is now a white hat.
I'm going to stop the nerd-fest now. The links to QubesOS and the others - to instructions, hardware lists, and so on - are pretty good. They're not inscrutable and dense geek-speak. They're quite accessible, actually - for the most part. I just noticed that there's even a Wikipedia page - that's new...
You can install QubesOS on a small, fresh hard drive in less than half an hour. Just take the defaults, and accept encryption of your Home Directory: give it a decent password. Using it is no different than Windows or Apple, except it's prettier and more customizable: sometimes things are in different places or have different names - but it's just an operating system, and they all work the same.
Yeah. It takes a little effort, and you'll have to learn a few new things. Learning is good - and it's not that hard. Really. The thing is this: it is possible to secure your computer to the point that nobody - even the NSA - can get into it from the outside. We actually can have privacy, and own our lives.
Let me repeat myself:
Complacency is not a characteristic that is naturally selected for.
4:48 AM PT: Update: Thank you, whoever, for the Wreck List. It's kind of like lancing a boil...