I think a necessary step is to make sure that there is a general understanding that this is a problem -- here we must not merely preach to the choir but reach a wider and maybe technically illiterate audience) Who are we dealing with
1. People who willingly forgo their right to privacy (and therefore understand the issue at hand)
2. People who are ignorant their privacy rights are not respected (and therefore do not understand the issue at hand)
3. People who are aware that their privacy rights are not respected but wish to interact with 1) and 2) and therefore give up some or all of their privacy rights (and therefore understand the issue at hand)
4. People who will protect their privacy rights at the cost of limiting their ability to interact with at least those in 1) and 2) (and therefore understand the issue at hand)
We cannot save those in category 1), they know the risks and accept the "terms and conditions" of using the internet with public and private data mining/surveillance in place. These people are lost to the Dark Side.
People in category 2) need education on what the consequences of their actions are, and may then resolve into one of the other groups.
People in category 3) should accept that their permissiveness strengthens the hand of the NSA et al. If a practical alternative solution is presented they will probably help to bring people in category 2 away from the Dark Side.
People in category 4) are probably a small population already using Tor, Freenet, PGP, etc. They can help by adopting new technologies that do not compromise (too much) their desire for privacy.