After I wrote most of this, I see Norbert covered some of the same points, but from the point of view of his specific use case. So I'm just going to send despite a bit of redundancy.
Rich Kulawiec writes:
Granted, this will diminish as more communications become encrypted, but for the forseeable future, anyone using encryption or similar privacy measures will be targeted:
https://www.wired.com/2014/07/nsa-targets-users-of-privacy-services/
The people I know (and I don't know any so it's no use trying to figure out who they are :-/ ) who develop encrypted communication systems seem to disagree with you about the use cases for this: they do use encrypted mail.
I think about it this way: as you will undoubtedly point out, they know they're targeted, and they have the skills and motivation (see "know they're targeted") to do something about endpoint security. So given that their perceived threats aren't in the endpoints, they apparently see encrypted channels as useful.
In many of the use cases that have been discussed in the past, we are looking at lists where the users have *specific* threats they're worried about, such as (ex-)spouses and other stalkers, employers, and public insecure wireless (since it's a mailing list, you need to worry about whether your correspondents -- whose identities you may not know -- are all using VPNs etc). While I agree with your assessment of "a billion pwned devices on the Internet of Threats[tm]", I don't necessarily think that any given user's threat is going to be a relevant pwner. (And in fact we already know that they compete with each other, and I see no reason for that to change. Sure, the FSB and NSA will be the biggest players, but they also have some incentive not to advertise openly even on the "dark web".)
Yes, users need to be aware of the issue that their personal endpoint is not that hard to hack, and that if that happens it's not the ML's fault that their enemy is reading their "secure" mailing list posts. They also need to be aware that *anybody* subscribing is a passive threat (by "passive" I mean that if that person's endpoint is hacked, who knows who might have access to cleartext). For that reason I am of the opinion that encrypted mailing lists should be anonymous by default.
So if it becomes desirable or profitable for the new owners of those systems to pay specific attention to encrypted mailing list traffic, they will...and probably much quicker than anyone anticipates.
I'm not going to anticipate how long it will take, I'm going to assume that encrypted traffic will attract attention, including attempts to crack it just for the lulz, from the get-go.
But I suspect that the really skilled and dangerous folks won't bother targeting encrypted traffic. They'll just read everything anyway, maybe sift through it with text mining tools. I suppose such tools might be instructed to check for encrypted traffic just to save cycles by not grepping the encrypted parts, and that could lead to lists of encrypting endpoints and specific targeting as you suggest.
Thus the target end user population for encrypted mailing lists looks something like this:
You're clearly assuming we all count APT28 among our enemies. I don't think so! Yes, I assume that if a "private sector Echelon" indeed comes into being there will be a market for its services and any previously collected information it preserves. I'm not sure garden-variety snakes in the grass will be able to afford it, though, and of course it will be a "dark web" thing, so hazardous to the health of would-be users.
In other words, I agree to an extent with Norbert that this *will* increase the cost of targeting list traffic and provide a certain amount of "political" deterrent (in the sense of being on the dark web).
I'm not saying "don't do it". As an intellectual exercise and a development challenge, it's interesting.
In other words, it should be a GSoC project. It is, or at least we're hoping it will be. :-)
I'm saying "make sure -- if people are thinking about deploying this -- that they understand that they have almost no chance of making this work as intended in the real world."
Yeah, well, good luck on that. 62 million Trump voters will believe whatever the Breitbart review says. :-(
Steve