[Apologies to all who thoughtfully replied to this mailbox; I am currently triaging messages in the absence of sufficient time.]
...and then just post lessons I've learned to the next generation on a widely read forum. I've been doing that for years with few results. I still do it though.
And now I live in near poverty at a low paying job without previous references posting cutting edge security engineering for free to blogs and to project leaders hoping to influence them into doing it right for once. (shrugs) Life is what it is. Maybe I should've taken a job at Goldman instead. But I am that I am.
No, no, no, Mr. P! You should've taken a job at JPM.
Characteristically, the "nobody" uid runs an unprivileged process for network-facing activity on behalf of other processes, plural. From the limited data within my memory space, and speaking for my own non-self, I infer there are projects hidden away in dark corners of the net with the purpose of "doing it right for once".
"TL;DR" top-line question: What practical and efficacious risk minimization approaches are available to those of limited resources ("near poverty" or in actual poverty; fragmentary or highly partitioned support network) and specialized competence (writing of correct code, yes; construction of EM shielded thermite-self-destruct vaults, no) to get things done without being done for?
The principal objectives of this exercise are to publish words, code, and practical knowledge. But if the pen is more dangerous than the sword, the "who/what/why" must be evaluated accordingly. Drug dealers and gun runners risk prison; effective authors, coders, and publishers risk slipping on a banana peel, or becoming incompetent drivers, or hanging themselves without leaving a note. Most authors, coders, and publishers are safe because they are reasonably ineffective, or can be neutralized by softer means---e.g. a flattering magazine spread, a government grant, or (for the truly competent) that job at Goldman. What a weapon!
Principal observations I have made or seen made:
- Knowledge is power, and therefore dangerous. In summary: Monetary greed is an insufficient explanation for the behavior of dominant institutions. When the study of knowledge is limited to "members of the academy", who will never challenge the academy, the question is not only of following the money: It must be asked, whose imperium does this limitation serve? In answer to some late propositions, the United States does not want students at e.g. Indian universities to be able to compete with students at American universities; all knowledge is a munition of sorts, in the view of a global military and economic hegemony. By the same token, certain entities prefer that Nick P be reduced to leaving comments on blogs, observing "few results" and shrugging; neutralization is achieved, after all. ;-)
- "Doing it right" is dangerous. Consider how many times you have seen the following scenario: A well-known open-source author has a demonstrated ability to (a) write correct software, and (b) get projects done. With fanfare and a few sharp words for existing broken software, he announces a new library oriented toward doing something right for privacy, security, and/or cryptography. The new project then suddenly becomes vapourware, with the announcement and v0.01 source tarballs gathering dust in an obscure corner of his website (he would not be told to draw attention to the project by disappearing it). He releases other code, and writes extensively about security---oftentimes referring to his own projects, but never again mentioning that particular project. Everybody else continues using code which is not only buggy, but broken by design.
- Publisher anonymity is the only means of self-defense. Well---that, or the backing of a nation-state. And when it comes down to brass tacks, even the President of Ecuador can't argue with the United States. Thus if you wish to inadvertently become a "trouble-causer", either you must cause enough trouble to give Mr. Putin a smile, or you must assure you are not findable.
- Publication must be just that. Underground trade in sources and samizdat is all good and well; I owe much thereto. But desired results cannot even be attempted without trying to reach a wide audience.
- The needs of producers are oft ignored in favour of the needs of consumers, in anonymity systems just as in iBugs. (Proving the point: There is a fine article on the topic I cannot share, because its producer fears making it public.)
- Security is expensive, and paranoia causes paralysis; but lack of security is very expensive, and lack of paranoia causes compromise. Institutional control mechanisms win by either (a) actively destroying those who would challenge them; (b) capturing challengers, with a shiny medal or that job at Goldman; (c) passively paralyzing potential challengers who are smart enough to know they are insufficiently secured to act; or, (d) draining time and resources which could be applied to useful activity, but are diverted to security instead. Any which way, they win.
- Overestimation of threats results in "chilling effects", just as surely as actual threats. Yes, I am paranoid. No, I am unlikely to ever seriously present a challenge to everybody. But then, I do keep a running list of how many Snowden revelations merely confirmed my prior suspicions. Paranoia in the colloquial sense is not necessarily irrational.
- Operating under surveillance is more difficult than avoiding surveillance in the first instance. I get the idea that some of us are already watchlisted, over and above the usual dragnet. Otherwise, I would buy a Windows 8 machine and use it to access Gmail and Skype---and I would never openly touch Tor. But it may be a wee bit late for that.
- Everything is broken. For example, I was previously rather proud of my setup browsing the web in text mode in a tty (no X abomination). Then I started reading the kernel sources of my platform's termios stack, much of which looks like it was written by a bright and trusting college student and not touched since---counting the ioctls available on fd 0, some of which shortcut to hardware and some of which do not even require priv esc... ouch. I've always been partial to Marcus Ranum's advice to get off the patch treadmill, "Don't run software that sucks." Really, I barely run any software at all. The problem is, all software sucks and nobody "does things right".
Anybody else @localhost either can't or won't step forward, for whatever reason (don't ask/don't tell). I myself have a fairly solid grasp of C and Unix, but no experience with "High Assurance" systems; and I certainly do not have the resources to do more than dream about some of the setups you and Clive describe. The best I could do within my knowledge is to throw up a sometimes-available Tor hidden service on hardware I don't even particularly trust, play some rather creative and obsessive sysadmin chicanery, and hope that strange car occasionally parked down the street isn't what a paranoiac might assume.
Now excuse the hyperbole, but the need for a thermite containment chamber in an underground bunker results in paralysis---just another form of threat neutralization, although admittedly far better for me than other potential ways to skin this cat. I should emphasize that nothing in the aforesaid objectives is technically illegal---yet either (a) I grossly overestimate the potential impact of those at localhost, or (b) my risk is worse than it would be if I wanted to sell heroin. If my purpose is to be effective, I should not stake my safety on my and my comrades' grandiose incompetence. What say you?