@mixmix interesting suggestion. But apart from performance, I don't think it addresses my other concerns:

• avoid updating every plugin/view, but get to use privacy layers on any message type.
• make sure the views didn't leak private messages via client requests

Okay, I took a stab at this... convieniently, there was a util.formatStream that everything used to handle wether you had keys or values in the output. This is pretty much a secure-scuttlebutt standard, so I just added a private option to it. If private is set to true, then it will give output that is private, otherwise false. So by default, all the current uses will work the same. if you want private data, you must explicitly set private: true

If you request a message by it's sequence (used internally by indexes) you'll get the decrypted message, so indexes will index private data by default.

Pretty sure none of the other plugins return data over the network, only local stuff.

I'm not gonna merge this till after I've carefully checked all the plugins.
it's up at the v18 secure-scuttlebutt branch. I don't recommend running it yet, until after a careful review!

But I have got all the secure-scuttlebutt and scuttlebot tests passing, and patchless still works (after removing ssb-private).