There may be more knowledgeable people on security than Bruce Schneier but hardly any of them are talking to us. They mostly work for the NSA or its brethren or they’re cybercriminals. Happily, Schneier does talk to us and he has good new and bad news.
The bad news is that if the NSA wants to be on your computer, they’re going to be on your computer. They simply have too many resources for just about anyone—and certainly for the average user—to resist. The good news is that they probably won’t try to get on your computer. It’s hard and risky for them to target individual computers so they do it only for high value targets. Unless you’re an Osama bin Laden lieutenant, you probably don’t need to worry.
That doesn’t mean the NSA isn’t reading everything you write though. What they do do is vacuum up essentially every bit of Internet traffic on the net. They do this through a variety of means that Schneier discusses in his post. It starts with secret agreements with the Internet infrastructure providers that allows them to tap into all the net traffic.
But it doesn’t stop there. They also do everything they can to weaken encryption standards. Usually this involves something esoteric like weakening the random number generator that can be dismissed as an error if it’s discovered. The TL;DR is that it’s really hard to protect yourself.
Still, Schneier has some recommendations. They involve using strong encryption—preferably open source implementations—to protect your data. It’s probably true that if the NSA really, really wants to read your data, they will but it pays to make it as difficult as possible so they won’t bother unless you’re the aforementioned bin Laden lieutenant.
Take a look at his post for some actionable advice if you want to protect your data.