How does that work? (That lite clients are able to read all private messages?) - @bobhaugen

Hmm, not quite true. The lite client can't read everyone's private messages.

The issue is that with ssb-ws you could websocket into another sbot and request their indexes, which contain decrypted private messages.

So with a lite client from a pub, you accidentally end up sharing private messages sent to the pub with the public web.

Here's an example exploit, just to be clear:

Alice and Rob are on the same local network, or otherwise know how to directly contact each other's sbot.

Alice requests Rob's query indexes over ssb-ws.

Rob's ssb-query sends his indexes over muxrpc to Alice.

Alice records the ssb-query index to her computer.

Later, when Rob isn't around, she reads all of Rob's private messages that he'd decrypted on his own machine with his private key.