How does that work? (That lite clients are able to read all private messages?) - @bobhaugen
Hmm, not quite true. The lite client can't read everyone's private messages.
The issue is that with ssb-ws
you could websocket into another sbot and request their indexes, which contain decrypted private messages.
So with a lite client from a pub, you accidentally end up sharing private messages sent to the pub with the public web.
Here's an example exploit, just to be clear:
Alice and Rob are on the same local network, or otherwise know how to directly contact each other's sbot.
Alice requests Rob's query indexes over ssb-ws
.
Rob's ssb-query
sends his indexes over muxrpc
to Alice.
Alice records the ssb-query
index to her computer.
Later, when Rob isn't around, she reads all of Rob's private messages that he'd decrypted on his own machine with his private key.