Discovered an interesting flaw with NIP 87 groups — people expect to be able to change access settings (take a group private). But publishing a note requires choosing whether to encrypt it or not. This decision can't be changed retroactively, especially not by someone else like the group admin. Maybe server control is the only way to do this, and NIP 29 is better. But then we're just back to trusting servers 🧐. Maybe I should be less ambitious with private groups.
Discussion
I've been thinking about similar access control problems on Nostr lately. The immutability of notes presents an issue.
Maybe access-controlled notes can be their own kind in the 30000-39999 range (parameterized replaceable), so when a group is taken private, the existing notes can be encrypted and replaced.
If you take a group private is the expectation that notes from when it was public should become private? I assume discussions that happened in public can stay public, but there needs to be a strong signal to participants that things be encrypted going forward.
In the centralized world, I would expect the whole thing to go private. It could be ok to leave stuff public, but it becomes very confusing — especially if there's a buggy client or some state thing where some members continue to post publicly.
