SNOWDEN: Yes, he's on his laptop. And we're looking at the man behind the device. And in his lap is a little boy, a toddler, who's just playing on the keyboard. And the father's smiling. And the little boy looks at the webcam. It's just a glimpse, but to me it seems as though he's looking at me. And it reminds me of my childhood, of learning about technology with my own father. And I realize this man has done nothing wrong. He's just trying to get a job. He's just trying to study. He's just trying to get through life like all of us are. And yet, he's caught up. His children are caught up. We are all caught up by a system that we were not allowed to know existed.
The trouble is, targeted surveillance frequently includes the indiscriminate collection of the private data of people targeted by race but not involved in any crime. For targeted communities, there is little to no expectation of privacy from government or corporate surveillance. Instead, we are watched, either as criminals or as consumers. We do not expect policies to protect us. Instead, we’ve birthed a complex and coded culture—from jazz to spoken dialects—in order to navigate a world in which spying, from AT&T and Walmart to public benefits programs and beat cops on the block, is as much a part of our built environment as the streets covered in our blood.
What's "wrong" is not objective, and surveillance builds haystacks to find needles.
Even if you "aren't doing anything wrong", surveillance alters people's state of mind.
Similar to the state you enter when there's a police cruiser behind you.
So why would I want to practive digital privacy and anonymity anyways?
Before exploring tools, we need to talk about OPSEC.
In every instance, it is the lack of compartmentation between accounts and personas that has been the cause of the pain. Without proper compartmentation, attackers are able to leverage information from one compromised account to access another related account. ..At a bare minimum — keep your business and personal life (and accounts) separate.
While sometimes it might be best to absolve from doing these things at all while using anonymity tools, there are ways to do them safely through a bit of "compartmentalization"
tl;dr - Multiple hops through these circuits allow anonymization of your actual IP address
NoScript and HTTPS Everywhere addons
Blocks scripts and enforces encryption, respectively.
Tor has mobile clients!
Be _very_ careful with un-official Tor apps - these are often fake and created to track users/spread malware.
What is metadata?
EFF: Metadata (or "data about data") is data that describes a piece of information, apart from the information itself. So the content of a message is not metadata, but who sent it, when, where from, and to whom, are all examples of metadata. Legal systems often protect content more than metadata: for instance, in the United States, law enforcement needs a warrant to listen to a person's telephone calls, but claims the right to obtain the list of who you have called far more easily. However, metadata can often reveal a great deal, and will often need to be protected as carefully as the data it describes.
Physical access means "game over". Machine configurations such as Full Disk Encryption can only partially help protect against this.
Leaving no traces might seem over-paranoid, but in may cases its worth going to these measures.
Threat modeling is useful.
EFF: A way of thinking about the sorts of protection you want for your data so you can decide which potentional threats you are going to take seriously. It's impossible to protect against every kind of trick or adversary, so you should concentrate on which people might want your data, what they might want from it, and how they might get it. Coming up with a set of possible threats you plan to protect against is called threat modeling or assessing your risks.
Tor Project's official documentation is your friend!
Thank you, and stay safe.