%frR3+PWtcNdnV8DBlMMjPSH6mSJFMQSU/FFzcJPFzs0=.sha256Unpopular, unsolicited, and polemically one-sided opinion incoming: I think restrictive gossiping is a bad idea.
Why? It can not be enforced. Restrictive gossip is intended as a mechanism to keep data from being truly public, instead making it only visible in some sort of social sphere. But this a distributed system, once you send data to someone, you can't do more than nicely ask to not leak it. But at sufficient scale, these data leaks will be constantly happening anyways, whether it is through malicious behavior, well-intended efforts such as the public viewer, carelessness, laziness or plain bugs.
"But we have blocking, we will block these users." Sure, but that won't undo the data leak. And first you need to realize that data is being leaked. Somewhere among the thousand people of your foaf radius (which may or may not include popular pubs). And also, this directly conflicts with the premises behind out-of-order messages.
No matter what kind of promises any number of mainstream implementations make about publicity and crawlability of data, it does not change that fundamentally:
- every unencrypted message on ssb is public forever and to everyone
- every encrypted message on ssb will be public forever and to everyone, not today, but tomorrow someone may break the crypto
Talking about restrictive gossip does nothing more than closing the eyes and hoping the problem goes away. It won't. All this does is to give a misleading sense of security/privacy to nontechnical users, who will then suffer the hardest when data gets inevitably leaked.
A strong protocol should embrace [0] the realities of distributed settings, not willingly ignore them.
CC @mix @Piet @andrestaltz @cryptix
[0] In this case, this could for example mean using ephemeral public keys for replication to increase user privacy, or gossiping over a resilient random overlay network. But let's not get into that right now, I just want to bring up that there are indeed gains to be had from accepting the loss of control over data access that ssb inherently brings with it.