If the NSA is a targeted attacker, then yes, the James Mickens "Mossad / Not Mossad Duality" applies. To paraphrase, "either your attacker is or is not the Mossad. If your attacker is not the Mossad, you can use strong passwords and avoid shady websites and you should be okay. If your attacker is the Mossad, there's nothing you can do and you are definitely going to die".
However, the average citizen is not a target of the NSA. They can tap all sorts of public infrastructure and record it, etc. But much of my activity is spread out over many networks, and is encrypted in ways that may still not be super-convenient for the NSA to constantly crack. The problem with these privacy settings is they're causing WAY more stuff to go over infrastructure easily targeted by the NSA than before.
Owning everyone is the very opposite of the definition of a targeted attack. My point is not allowing your data to be collected en masse is a reasonable precaution against mass surveillance.
Most people need better security to protect them from the US companies slurping all their data.