awarded badges should be encrypted until accepted
#[0]
#[1]
Discussion
That was my line of thinking. Otherwise you could label someone anything you want and they dont need to accept.
so when clients do adopt it, accept means show on profile publicly. They won’t automatically appear here. But you could log in with npub or on a site like badges.page do /p/npub to pull up someone else’s profile, still technically public, definitely an attack/harassment vector, definitely should be encrypted to avoid this.
Clients can also opt to choose what badge issuers are allowed to actually appear on profiles, but that doesn’t stop the marking of awarded unaccepted badges unfortunately.
I know this means reworking everything but confirm through dm (prior to awarding) is a good idea
#[4]