Just to bring this thread to life again and since some of you have mentioned using a VPN, I read last night about the NSA having a tool (XKEYSCORE) where a VPN doesn’t protect you.
What is surprising is that the slides seem to suggest that VPNs and encrypted links may not be secure. “Show me all PGP usage in Iran” and “Show me all VPN startups in country X, and give me the data so I can decrypt and discover users” seem to be functions available to analysts using XKS. This isn’t a direct admission they’ve broken ciphers such as AES-256 and 3DES, but it would seem that they’ve found some exploitable weaknesses.
This leads us to another important question: Can the NSA eavesdrop on HTTPS traffic? In recent years, many web services have moved to HTTPS as standard (such as Gmail), and in theory the encryption should keep your data safe from prying eyes. As of 2012, though, despite the widespread adoption of HTTPS, XKS still seems to be working as intended. Has the NSA cracked HTTPS? Has the NSA somehow obtained the root SSL certificates from the likes of Symantec and Comodo, so that it can perform man-in-the-middle (MITM) attacks on any website that uses HTTPS?
If HTTPS, PGP, and VPNs have been compromised, and if the NSA really has its insidious tentacles hooked into fiber-optic cables, microwave links, and foreign satellite links, there is almost no way of using the internet or any other communications network without the American and other Western governments snooping on you.