The overwhelming majority of general surface attacks that organisations like the NSA can initiate on a wide spectrum of people, for example the SilkRoad userbase and/or vendors is through undocumented browser exploits and 0-day exploits and like the FH one, people who were hit with it had no idea because no anit-virus will pick it up and there are no warning signs. Therefore, even disabling javascript is not protecting you to the best degree.If you want to look into a better degree of protection, lookup a virtual machine deployment called Whonix - that is what people like me and astor use because it means even if the NSA done a full browser exploit and actually managed to get root access to the virtual machine it runs in, they still would not be able to identify your IP, hostname, mac address, hardware etc and so is pretty much right now the best protection you can use which doesn't require too much knowledge. Be wary it is persistent however and therefore you should keep the VM on an encrypted drive just like you would for all the usual programs. Whonix is significantly more secure than TAILS assuming you use it right and don't disable its security features so I'd recommend switching.However, principles remain the same. If the NSA want to find you or want to access you're computer, you aren't going to be able to stop them sorry, they are simply too big, too powerful and have all the best people working for them, so the best you can do really is make yourself a smaller target by changing names regularly etc because it is infeasible for the NSA to go around creating individual exploits due to the cost involved and the amount of staff time it consumes.