Well, it depends on expense, doesn't it? If everyone was doing proper encrypted comms then the NSA's "job" would be prohibitively expensive: they'd have to pick their targets.

But yeah, if you really need security, build your own kit, airgap, one-time pads (stenography is to hide the fact of the encryption) and faraday cages. And worry more about informants, because now you're a target!

Not to mention the expense and difficulty of key distribution with one-time pads and the need to get info in and out of your lockbox. Expensive pain in the ass to implement, especially if you don't want opponents to know that you're doing it.

How do you get the one-time pads to your correspondents? Couriers? In an age of surveillance? Oh dear.

No, that's not the rule of good security.

The rule of good security is that the amount of effort that the attacker has to spend to penetrate your security, less the amount of effort you have to spend to maintain your security has to be greater than the higher of the value to you of not having your security penetrated or the value to the attacker of the attacker penetrating your security.

In practice, there are four groups of people that a private individual does not want to share his mail with, in roughly descending order of capabilities:

• Major governments and corporations.
  
• His boss.
  
• Gangsters.
  
• Non-work relations (relatives, friends, lovers, grudges, etc.).

For the last two, ordinary levels of caution are perfectly sufficient: Family members are unlikely to defeat even simple precautions, and you don't need to have better infowar capabilities than the scammers, you just need to have better infowar capabilities than the random sucker two blocks down the road.

To prevent your boss from reading your mail, it will probably suffice to assume that he monitors all traffic that touches hardware he actually owns. So maintain strict segregation between work hardware and networks and personal hardware and networks, and never use the former for anything you don't want your boss to read along with. Assume that your boss installs keyloggers on anything he lends you.

Assume that all major governments and most major corporations will read anything you commit to electronic signal in any form.

- Jake

Friends come and go. Enemies accumulate.

The first step is a commercially available computer system that does not have built-in security gaps.  WinTel machines are not secure and cannot be made secure.  Apple is the same.  Unix is hopeless.  Linux is better but can still be penetrated.  As part of this, any digital device should have factory installed first level security.  The most common password for mobile devices is "passwd."  Even a random 8 byte password is better than that.

She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre