I'd like to suggest another tool for fighting mass surveillance: mass chaffing. Most of the time our internet connections are idle. And when they aren't, we very rarely use all our bandwidth. What if, instead, we each used a small amount of our resources to crawl the web. We could easily generate 1,000 to 10,000 chaff requests for every genuine one — completely drowning out any signals from our browsing behaviour. This is particularly nice because it highlights the stupidity of trying to find a few needles by searching every haystack in the world. Let's all make hay.
This is a bit naive. Your ISP peering bandwidth isn't the complete sum of all its customer promised bandwidth. You have access to bursts of high bandwidth precisely because most of the time our internet connections are idle. Yes, this "burst" can actually be sustained 24/7 by some number of people, but not at a mass scale.
At first thought, chaffing seems like a pretty good idea, but isn't it vulnerable to analysis? By which I mean, if the spooks can demonstrate (based on tracking identifiable markers in your cookies or some other means) that you're at your office, shouldn't they be able to effectively ignore any traffic from your home internet connection?
Maybe if we were all running Tor exit nodes or something, but naïve chaffing sounds pretty ... well, naïve.
Obviously this "chaff bot" will need to copy your user agent string and tracking cookies. It'd also need to behave exactly like a web browser in every way that can be detected. But is chaffing itself a good idea?
If you're willing to use a lot of bandwidth for something like this, just set up a Tor exit node. Somebody else's actual traffic is going to be a lot more convincing than whatever some algorithm can come up with to fake it.
Trackmenot does this on some level, I'm using it currently to clutter up my search data. Doesn't matter much if it's just me, but if enough people use it then it's at least fighting back in some small way.
