This is all very interesting, thanks! I guess you are right. I thought about doubling down on security and going all the way.. using a secure linux, using tor, encrypting all my stuff etc. But like you said, it looks like you have something to hide.
You say it is difficult if you blend into the crowd to notice you. Statistically, that would mean that you deviate little from the mean. As with every algorithm, outliers or extreme deviations from the mean may be interesting. In terms of regression, everybody browsing kittens and 9gag is the mean, but those two persons browsing kiddie pron stand out and do not fit the regression line. So the more you deviate, the more interesting you become for NSA I believe, if you put it in terms of algorithms.
Sorry if that was too much statistics, I'm trying to reason about how the NSA would actually pick you out of the herd, and I guess it is via algorithms, typically based on machine learning and discriminatory analysis. So they need to quantify a way to distinguish the herd from interesting data points (people).
Sticking out doesn't mean you are doing anything wrong, it just puts a spotlight on you, IF someone is looking, and few are,. and even if they do, they shouldn't just because you use Linux or anything else. It's a choice, not a criminal's tool. You can hack just as much in Windows as you can on Linux, possibly more due to all the scripts out there for it.
At this point Linux is common enough to not make you stick out too much, but on top of that, with database sorting and queries, if you REALLY want to drill down and find someone, they can.
My advice, run what you want, block what you can, and stop worrying about the things you cannot change. It's more than most people bother to do.
Another trick I do is use Opendns, if you never ping their site, they can't track you.
I'm NEVER going back to Mac in the near foreseeable future and I'm now running Win7, which I really like. But in the future I will be forced to upgrade to Win10 or what else we will have. (Alongside, I run xubuntu alongside and/or virtualized within windows to do serious programming work).
So I'm thinking about building my own hardware router, using iptables etc and then monitoring what win10 tries to do.
Would that be possible? Or is it also technically possible to make particular ip addresses "undetectable" by commonplace network software?
Funny, I recently switched to a (used) Mac (I looooove the battery life), but I still prefer Linux, and Macs are stupid fickle about which ones are good and which are not (hint, most are pure garbage).
Anyhow...
Win7 will become outdated, at some point you really won't have a choice and will have to go to Win10. Companies will not support it on newer hardware, and unlike XP which they waited a long time to kill, this has already started with Win7 thanks to MS, AMD and Intel (Thanks jerks!). Now that they have stopped, other companies will soon follow their lead. I give it 2 years before the average person and even casual enthusiast has to throw in the towel and go to Win10. I hate to say that, but that just seems how it's going. If MS stopped it would be one thing, but Intel and AMD as well, yeah, you're screwed. And it won't be overnight, all will seem well, and then one day you need a new printer or wifi card and you will be scouring store shelves looking for the rare one that still has support.
As for Win10, why build an entire system to monitor and filter it, I find that an insanely complex and costly solution. Shut it off at the source!
Get something like Win10Privacy and have it disable updates, all the IP addresses and domains (you can actually shut down MS updates just by killing the service, but it won't kill telemetry like this will). It's not the easiest or most obvious thing to use, but it's not too terrible. If you can install Windows or Linux or even consider building your firewall/proxy server, you can do it.