Depending who you ask, the scandal over PRISM, the NSA's secret data mining program, is either mere confirmation of what we already knew, or a shocking revelation that should drive people onto the streets in protest. It's certainly true that many people suspected internet services, such as Google and Facebook, were open houses to government agents, but there's a difference between suspicions and hard evidence.
Now we know the US government doesn't need to enact legislation such as CISPA in order to ride roughshod over civil liberties, it really does beg the question: Is online privacy a lost cause and is online anonymity impossible to achieve? Well, if you ask me, there's good reason to be cynical over the concept of online privacy.
Email and social
If you want to take privacy seriously then you'll have to make sacrifices -there's no way around it. This means many of the most convenient online services, such as web-based email and social networks, need to be purged from your online life. While this distrust of major providers such as Gmail, Yahoo and Microsoft could extend to all email providers, you could argue that smaller companies, which are not behemoths heavily reliant on government lobbying and co-operation, could offer better privacy protection.
You could also ditch Google and Bing, and start using a more privacy-oriented search engine like DuckDuckGo. But as long as your IP is obscured (which we'll get onto later), you can still use Google privately if you employ a cookie blocker like Ghostery and don't log into your account.
When it comes to social networks it's interesting that Twitter was not on the PRISM's list of compromised companies – especially since Twitter has a track record of defending users.
VPNs and TOR
If you want to browse the web anonymously then the most common, secure, and easy-to-use tools, are The Onion Router (TOR) and commercial VPN services (I2P is also worth looking into for peer-to-peer sharing). But VPN services and TOR both bring different problems to the table.
TOR is generally a very effective tool to keep your IP address private and hidden from surveillance. It's also free and used successfully by journalists, dissidents and privacy-conscious citizens. But it does have vulnerabilities. The most obvious being the ability to passively monitor the connection of both a sender and receiver of data over the TOR network and therefore correlate traffic. This is doable because anyone can run a TOR exit node.
Commercial VPN services don't suffer from these vulnerabilities, but they do suffer from potentially much worse flaws. The problem with VPN services – providing they use a secure standard like OpenVPN – is that you have to trust the company providing your service. A cursory look at many VPN privacy policies will reveal that such trust is easily misplaced - policies often either explicitly state they log data in the same way as an ISP, or they’re so vague that you don't know either way.
There are some good resources to get around this problem such as TorrentFreak's round-up of VPNs that don't log data and my own company's ongoing guide on understanding VPN privacy policies. Of course, a good way of mitigating the vulnerabilities of TOR and VPN services is to combine both services to achieve security in depth.
The biggest barrier
So to summarise; yes, you can achieve a high degree of anonymity online without any specialist knowledge, but regaining your online privacy is not a simple task. It requires some work and a few sacrifices.
Perhaps herein lies the biggest problem. While many of us were up in arms over the PRISM revelations, how many have since changed their online behaviour in the last few days? How much of that outrage translated into closed Gmail accounts and TOR installations? Maybe it’s still too early to assess the fallout, but my suspicion is the main barriers to online privacy – other than the illegitimate behaviour of law enforcement - is our own apathy.