Technology

The NSA’s BULLRUN program suggests that the TLS encryption is compromised anyway.

I doubt that. Potentially, at some point, that might've been true, but TLS constantly changes which encryption algorithms are used. The older algorithms that leaked documents state the NSA had cracked are no longer allowed in TLS and your browser will refuse to load pages that use them. Current algorithms are far more secure and the open source implementations used for them have no back doors. They're being audited constantly by hundreds of thousands of cybersecurity experts. If any back doors appear, we'll know pretty quickly. If you're using a proprietary browser like Chrome, however, there's no way to know if Google has altered the implementation in some way (although someone at Google probably would speak up if that was the case), so I'd recommend never using a proprietary browser. Use something like Firefox or Chromium instead. Ideally, Firefox or one of its forks such as Librewolf.

My money is on certificate authories having given the NSA a backdoor ‘for national security

This wouldn't do anything but make it a little easier for the NSA to run man in the middle attacks. It would not give them the ability to crack any encryption at all or even make that easier, and if the CA was ever discovered doing this, they'd go out of business immediately (this has happened before), so they're highly disincentivized from allowing it.

I don’t think that they need to compromise an app directly.

This is actually true, but not in the ways you listed. A lot of the web is now using Cloudflare's free CDN service. They proxy their traffic through it to make their sites faster and reduce server load. Cloudflare issues their own TLS certificates and the connection is made between the browser and their servers before getting forwarded to the destination. That means Cloudflare is in possession of plain text data from all users who use any site that happens to use Cloudflare. If Cloudflare has given the feds a backdoor (and they probably have), that would give them lots of data. Lemmygrad is not using Cloudflare, nor do any of my services including the genzedong matrix server.

Also, most people are using proprietary OSes like Windows or Android with Google services. No one has any idea what data is being collected by those, and what is being done with that data. So, for anything truly sensitive, use an open source OS like Linux.

If you need to communicate privately, please don’t use an open forum. Use an OS without telemetry (not Windows), make self-generated keys for GPG emails or OMEMO chat, and verify the key signatures directly with your comrades. If you need to communicate anonymously, bear in mind that there is no silver bullet.

This is good advice. Ideally, if your life genuinely depends on being able to communicate or otherwise use the internet privately, use an amnesic OS like TAILS that will irretrievably erase anything you were doing once you shut down or for something more permanent, an OS specifically designed for protecting your anonymity, such as Whonix.

Ooff... That's a bit worrying.

Daammnnn that’s slick.