When I first got onto the Internet in the early 1990's, there were three things that were made quite clear to me when given my account:
- Don't put anything onto the Internet you wouldn't want seen on the front page of the New York Times; it will be available for all to see and it will never be deleted;
- The Internet is a public space and there is no expectation of privacy in public; and
- The packets that make up your communications are not letters but postcards -- anyone on the way between you and the destination can read everything.
The NSA claims they are simply collecting Call Detail Records (CDRs) and packet headers, although likely more is being collected. But seeing CDRs and IP headers is no different than watching me when I'm walking around the street. Seeing the packets to my Google session is no different than knowing that I walked from my house to the nearest pizza shack. Everybody and anybody could see me do it, but it doesn't mean my privacy was violated -- I did all of these actions in public!
People should not be surprised or upset that this information is available to be collected because that is the cost of using the Internet. You are intentionally sharing information with third-parties in the interest of obtaining a service. Even the snooping of email in GMail or Yahoo should not be surprising because you shared that information with a third-party (the service provider) and the provider has different legal requirements than if you simply shared that information directly and exclusively with your interlocutor.
If you are upset about the Internet being public, then you should stop wasting your breath complaining about how what you thought was private is actually public and instead start advocating for the wide-spread use of encryption algorithms and always-on SSL. You should start advocating for the ability to run servers (mail and web) on residential connections so you don't have to share "private" information with third-party providers. You should advocate for rolling out IPv6 instead of being lazy and claiming that unencrypted NAT-ed IPv4 is good enough security.
And when your done advocating, lead by example and use these technologies yourself.
Just because you think something is private and secure doesn't mean that it is.