The "one slip up" does appear to be the more common risk today, but I think the reason the NSA wants to archive everything for later analysis is precisely panarky's scenario.
You are right that today it remains a bit difficult, but as time goes on, sheer engineering effort will give us a better set of tools to do this kind of "show me TOR + Outlook + Kingston buyers + Mozilla user agent" queries.
Perhaps we're looking at this problem the wrong way. What if, instead of trying to hide our activity online we drown our signal in noise; make activity logs worthless.
For example instead of everyone having a unique email address, why not have shared email accounts with many hundreds of thousands of people, but where messages meant for you are encrypted with your public key. Your email client will attempt to decrypt all messages the account receives but will only succeed with yours.
Or for making a blog post, rather than publishing on one single server / blog domain, why not post to hundreds or thousands of different blogs at once, using all kinds of different IP addresses. Perhaps even have other people that blindly post for you (mechanical turk/crowd sourcing)
Perhaps the meta level idea here is if we want to restore privacy, we need to sacrifice our individual identity (my email address, my blog, my phone) and lose ourselves in the crowd
The "one slip up" does appear to be the more common risk today, but I think the reason the NSA wants to archive everything for later analysis is precisely panarky's scenario.
You are right that today it remains a bit difficult, but as time goes on, sheer engineering effort will give us a better set of tools to do this kind of "show me TOR + Outlook + Kingston buyers + Mozilla user agent" queries.