Digging into this a bit more, I think there is a really critical tension between "conversations are generally discoverable" and "you can prevent particular people from seeing your posts". It is really difficult to produce an effective person-level blocklist for content, because fundamentally having a blocklist rather than an allowlist means the "everyone not otherwise specified" set of people is able to see content, and requiring people to have one unique specifier that they can't detach themselves from has a lot of really unfortunate effects.
It's also inevitably permeable, because people share information. Sometimes it's incidental that they're sharing it with the blocked person, as with quoted snippets in a reply, and sometimes it's intentional. Attempting to control that with a blocklist is a fool's errand; if you want something to be secret, don't spread it to almost everyone. (And, IMO, claiming to provide an effective blocklist for otherwise-world-readable content is socially irresponsible.)
A corollary of that, I think, is that delegating access control to servers that you don't trust or control is a bad idea, even if you are allowlisting rather than blocklisting. Use cryptography and access keys, or don't use a federated distribution system for limited-access content.
Interestingly, this sort of access-control system would have been entirely possible to implement on top of Usenet. Instead of putting the sensitive parts of your message in the message body, put a url from which it can be retrieved from an access-gated server. A client could present this entirely transparently, and could even implement message quoting by replacing quotes with urls to message-snippets when crafting reply messages.
no subject
It's also inevitably permeable, because people share information. Sometimes it's incidental that they're sharing it with the blocked person, as with quoted snippets in a reply, and sometimes it's intentional. Attempting to control that with a blocklist is a fool's errand; if you want something to be secret, don't spread it to almost everyone. (And, IMO, claiming to provide an effective blocklist for otherwise-world-readable content is socially irresponsible.)
A corollary of that, I think, is that delegating access control to servers that you don't trust or control is a bad idea, even if you are allowlisting rather than blocklisting. Use cryptography and access keys, or don't use a federated distribution system for limited-access content.
Interestingly, this sort of access-control system would have been entirely possible to implement on top of Usenet. Instead of putting the sensitive parts of your message in the message body, put a url from which it can be retrieved from an access-gated server. A client could present this entirely transparently, and could even implement message quoting by replacing quotes with urls to message-snippets when crafting reply messages.