I haven't done this personally but you can minimize the risk of interception without really changing anything by going through a VPN. This way all unencrypted traffic is strictly on wired networks.
Yes, that's true. That's what the situation in the article was, a hostile WiFi access point. I'd say that running a modern platform countermeasures are only useful up to the point that you trust your OS maker and telco. So if you can get your data encrypted until it reaches a major telco's network, then you are almost as safe as if it were all encrypted.
> That's what the situation in the article was, a hostile WiFi access point.
The point of the article was not the hostile AP, but to simulate a pervasive threat:
we would create a pint-sized version of the Internet
surveillance infrastructure used by the National
Security Agency... Porcello would become our one-man
equivalent of the NSA’s Special Source Operations
department
Which misses the point of NSA surveillance. Ars knew who they were looking at, and could have multiple people look at that one person's history for whatever they wanted.
The broad surveillance of any practical intelligence apparatus only bothers to do that to target actual subjects of interest, and don't have infinite leeway to not produce results while doing it - i.e. if the NSA produces no useful intelligence on Al Qaeda for a few months, they're looking at budget cuts.
Or to put it another way: how many man hours did they expend on this effort, and how many people do they actually think work for the NSA? It's certainly not "millions".
The NSA does this full-time, with a large staff. They have very elaborate systems designed to automatically pull all this information and organise it into databases for easy lookup.
These guys were manually viewing wireshark dumps. Obviously they're going to spend a lot more time to get the same info when working at such a low level, with no access to any of the automation tools the NSA uses.
