I think the best way to be anonymous is to practice pseudo-anonymity and try doing sensitive-looking things ad nauseum until you do the actual anonymous activities for real. Similar to drills, or dry runs. Typically you don't want to do fully fledged Silk-Road type things if you haven't practiced selling lemonade out of the boot of your car at the seaside.
What you typically want to do is know your enemy and threat model. For example, when I got my first Android phone and naively downloaded all the apps I could find, I was super reckless and done some very sensitive things on the phone, and only when I plugged it into Wireshark and realized any number of beacons and analytics scripts running in the background did I stop using it entirely. I now vet all my apps before using them, and if possible, create my own ones where I know exactly what each line of code is doing and why.
In terms of threat modelling, I think things like TOR are sufficient enough to blackout the NSA as long as you're using it correctly and know of all the attacks (previous and current) which are used against TOR. What always annoys me is that people don't include the NSA in their threat model and make up stupid excuses not to use TOR, thereby downgrading the security of others and making the Internet a breeding ground for more spying.
I know TOR is not a silver bullet though, and there are many strategies to compliment TOR like compartmentalization. For example, separating work from play, using disposable email addresses, having no centralized e-mail account for ever single thing you do (a big problem that still hasn't been solved yet). And just general OS hardening. Using OSX over Windows, using disposable VMs (Think Qubes), and paying attention to the last mile of The Internet usually holds us in pretty good stead. Using crypto for everything, and locking shit down with 2FA are two other strategies entirely missing from vast swathes of Netizens too.
What you typically want to do is know your enemy and threat model. For example, when I got my first Android phone and naively downloaded all the apps I could find, I was super reckless and done some very sensitive things on the phone, and only when I plugged it into Wireshark and realized any number of beacons and analytics scripts running in the background did I stop using it entirely. I now vet all my apps before using them, and if possible, create my own ones where I know exactly what each line of code is doing and why.
In terms of threat modelling, I think things like TOR are sufficient enough to blackout the NSA as long as you're using it correctly and know of all the attacks (previous and current) which are used against TOR. What always annoys me is that people don't include the NSA in their threat model and make up stupid excuses not to use TOR, thereby downgrading the security of others and making the Internet a breeding ground for more spying.
I know TOR is not a silver bullet though, and there are many strategies to compliment TOR like compartmentalization. For example, separating work from play, using disposable email addresses, having no centralized e-mail account for ever single thing you do (a big problem that still hasn't been solved yet). And just general OS hardening. Using OSX over Windows, using disposable VMs (Think Qubes), and paying attention to the last mile of The Internet usually holds us in pretty good stead. Using crypto for everything, and locking shit down with 2FA are two other strategies entirely missing from vast swathes of Netizens too.