On the subject of allegedly private communication being tracked, I've run experiments which might be called "feeding them a barium meal". (Anyone who has had a GI series will remember this part of the experience.) The technique is to restrict information on one subject to a single communications channel. You have to be careful to avoid basing this on searches which you know are being tracked. Having a long memory and a large library of printed material helps in doing this.
I recently did such an experiment by accident, when discussing very old memories with a new correspondent. One message contained an account of a drug abuser I knew in the 1970s. This promptly generated spam for drug rehab. I live a very unexciting life, and go to great lengths to avoid recreational drugs. I am cautious about things other people don't even consider drugs, like caffeine, and over-the-counter drugs like diphenylhydramine. This greatly narrows the number of communications which might trigger spam concerning drug rehab.
Other examples of this have been messages containing jokes which no machine is likely to understand. It is far easier to find examples of communications which are being scanned by machines than those which are secure.
Besides the certainty that Windows 10 is effectively spyware capturing everything you do, and traffic analysis showing that turning off controls on a dozen screens to opt out of this does not reduce the volume of network traffic from your machine, we have problems with what goes on before your data even leaves your home.
More of us use WiFi than not, simply because of the difficulty of running cables to every place we want to use a computer. Google logs the location of WiFi networks for Google maps unless these use a SSID which opts out by adding the suffix "_nomap". The catch here is that you may opt out, but unless all your neighbors opt out any WiFi device nearby will identify your location, even if you do not allow use of GPS data, as many mobile phones do. Google does not collect WiFI passphrases, so they say. (This could open them to damages in cases where there are security breaches, like the one at
Target or
Home Depot.)
Fortunately for attackers, Microsoft has stepped in to fill the gap with "WiFi sense". By default, it collects WiFi passphrases, encrypts them, and squirts them to centralized servers. These servers then dispense them as needed to other Windows systems of your friends. How do they know who you trust? They look for Facebook or Skype friends, or contacts on Outlook.com. Bet you didn't know you agreed to sharing your WiFi with all of these.
The defense against these charges is that Microsoft does not allow your friends to know the passphrase, only their operating system has the unencrypted form. (I mean has anyone ever heard of a Microsoft operating system being compromised?)
Weeks ago I started a mental clock to see how long it would take for this practice to generate a newsworthy data breach. I haven't checked today's technical news.
This bypasses the need to compromise particular brands of wireless routers, like Cisco, which have built-in "backdoors", or home routers which are still set to allow remote administration with the default administrator password. (I'm talking about administration accounts on the router, not the computer connected to it, and not the WiFi password. People get confused. Other people exploit confusion.) Of course, if your router depends on Internet access or a program on your machine for set up, it is pretty easy for the people who do the set up to compromise it. It is also possible for router firmware to be hacked. I typically replace firmware with known good firmware before I use one, except in cases where there is something interesting about the hacked router.
I have a router in my collection which was diverting search engine queries to a different search engine. I haven't had time to see if it contained code to divert Internet banking to fake sites.
It's a jungle out there.
Added: as another example of how monumentally stupid and arrogant default use of "WiFi sense" is, consider the problem with people you have already given your WiFi passphrase to when they visit your home. You can turn off the sharing on your machine, but the passphrase they have will be shared if they don't change the default settings. Your security is at the mercy of the most clueless person on your list of people who visit your house.
Microsoft also claims that W10 will not allow these "friends" to access the private files of yours which remain an open book for those in Redmond. This sounds similar to a WiFi guest account. The problem is that the restriction is only enforced by W10 software. Anyone who extracts the unencrypted passphrase can have full access, just as you have.
Perhaps this is a clever plan to sell a new generation of wireless networking devices which will be incompatible with existing hardware and software.