looking at this again, the exposed query.read to friends is the problem and should have been raised when PM decryption was made transparent. I didn't know that was possible to begin with. As a stop gap we should maybe only listen to ssb-ws on localhost or rip it out all together.

Yes, I think either private messages should be stored encrypted or ssb-query shouldn't be exposed to friends over ssb-ws. It's kind of an either/or thing that wasn't really talked about when private indexing was implemented.

Pubs running this shouldn't be that much of an issue, I think, since they don't have the key to access PMs not for them and don't get PMs frequently, at least in the uses I know of.

Yah, I'll just turn the private message tabs off in the lite clients I'm running until a solution is discovered for this.

Thanks for taking the time to look into this @cryptix!