this is probably a bad idea, but i’ll propose it just for my own education…

could a “reliable delete” be implemented by having some time-based refresh of a cryptographic signature on messages controlled by the original author?

we do have a global clock! 😉

might be too much complexity, might not be worth the overhead… just curious/riffing