I'm SO mad about computers sending ICMP Unreachable messages about closed UDP ports.

DON'T JUST GIVE AWAY WHAT PORTS YOU ARE USING

StackOverflow posts like "How do I turn this off" with answers like "Stop wanting to turn it off" EAT 100% OF MY ENTIRE ASS

I just want to run a service that can't be tagged on Shodan without having CAP_NET_RAW T_T

Please

@jennamagius maybe add a firewall rule blocking outbound ICMP Unreachable?

@queerhackerwitch That's what the StackOverflow advice is, and that's pretty much the best answer. It doesn't really make it possible to run a hidden service without privileges though, 'cause you need privileges to make the firewall rule.

@queerhackerwitch The reason I want to operate without privileges is not because I can't get them; I'm developing some security-paranoid software, and rule 1 of security paranoia is "try not to have privileges. The more privileges you have, the worse it is when you get pwned."

@jennamagius In this case though it’s not the software that needs privileges, it’s the admin during setup

@queerhackerwitch That's true, but I'm disappointed to have written a program that can do 99.9% of it's work with user privs, but isn't directly usable when you only have user privs.

@jennamagius That’s because those privileges have to keep the security of the rest of the system in mind. Those privileges aren’t normally available to users because they can be abused. This is why many services usually start as root and then drop their privileges after they’ve used them to set up what they need.

@queerhackerwitch I assure you I understand this, I'm not... new to computing. My argument is that "services should be visible to any unauthenticated anyone who looks for them, from anywhere" is an unreasonable default.