Thorny indeed. I haven’t given the issue the amount of thought it deserves but I think it really looks different depending on what perspective you take on it. So “cardinal virtues” may not be very helpful, if everything is strongly context dependent - which is my general perception. Without going into detail (also because I’m still very shaky on them) I’d point to Alasdair MacIntyre’s approach to the general dilemma.
Now on the pragmatic side, I’d try to have my system work best for the intermediate case of all manual to all mental labor - if I have to pick one. Classrooms, screens, and schools have their place, but in short, I think we’ve overdone it (partially because it looked cheaper in the spreadsheets). Mens et manus. Thus you sound like my target audience - so please feel free to criticize without remorse.
Cameras and listening devices will probably just turn into a fact of life (just like our trackers have). We could perhaps re-privatize the skies (+ some enforcement) but short of that you’re better off “buying a couple of hats and sunglasses”. That does not mean we should stop thinking, or drop any inhibitions - but we can be pretty sure some party will. And we’ve learned some of them have pretty deep pockets too.
So what could we do? My current favorite approach for digital things would encrypt stuff using multiple pgp-style keys. So in a collaboration, stuff that gets archived is no use to an external party (they can still download it though) unless the group members let them decrypt it. Ideally one would be able to implement things like 2 out of 3 keys is enough - so if a key gets lost, or someone doesn’t react you can still get things done.
Then I think it would be important to have different levels of security, and default settings of course. The basic security should fence off automated large scale snooping and penetration mostly (say make it 3-5 magnitudes more costly to snoop). The higher level assumes you already are on someone’s list and you need to assume there are some man-hours sunk into digital and IRL penetration attempts. I think that would severely limit what you want to do digitally though.
For the soft security I could imagine a sort of “veto” style release routine. Content will be accessible to the involved parties exclusively for, say 3 days. If no one wants to veto (or extend the delay, or modify the license) a release, it goes public after that time pretty much automatically (e.g. a query to people’s enigmail settings - replied through default settings). Ideally you could nest such groups/licenses into each other easily.