Do you think it is possible to build a permissioned content system without a trusted third party?

I'm talking about adding and then removing people from a list of who can see certain content.

I can imagine we could use a combination of lists and DM's to share the each piece of content to each person individually such that when we remove them from a list, new content is no longer available to them, but making content unavailable after the fact seems to be impossible.

Likewise adding people to a list later on should not give people immediate access to your historical posts, they should be able to merely request for historical content based on metadata or you can push all data to them optionally if you truly trust them (with warnings galore).

The reasoning is this idea that people like to share photos of their family online but privately. People may also add others to their allow lists accidentally, but that should not lead to a disaster of mass data leak to a malicious identity.

All platforms offer access control, including Twitter.

My thought is: is there already someone working on access control? Are there already better ideas for this? Do you know of any/anyone?