Automated attack tools and poor selectors can turn anyone into a "random dude" sadly. The TLAs don't bear the costs, nor are they accountable.
Probably. But more like 90% of everybody but Linux and *BSD users (because maybe there are fewer exploits for those systems).
don't know if posted before but here's what mr schneier's got to say: https://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
That's good advice. But maybe what's changed since 2013 is #3. NSA has automated a lot since then, I gather
#4. Be suspicious of commercial encryption software, especially from large vendors. Here's another blog post from Bruce Schneier where he admits bailing on TrueCrypt for Microsoft BitLocker. https://www.schneier.com/blog/archives/2015/06/encrypting_wind.html He also mentions that he agrees with another writer's conclusion: "If it ever turns out that Microsoft is willing to include a backdoor in a major feature of Windows, then we have much bigger problems than the choice of disk encryption software anyway."
The one I have never read about being broken into "at rest" is a LUKS header. Assuming it was placed on the disk by someone who knows what they are doing with an appropriate password. Regardless though; LUKS, TC, VC, or BitLocker (even if solid) can be ONLY protect you while the disk is at rest. I will bank my "chips" on LUKS vs all the others I mentioned.
IVPN working well. Just so fast to anywhere even in Multi-Hop. Well worth the $100 yearly. Just waiting for the Android app instead of OpenVPN as iPhone app has been released.
I ended up not working with him. But I did finally finish the project, and it's up as a guide on IVPN: https://www.ivpn.net/privacy-guides/how-to-verify-physical-locations-of-internet-servers
