Let’s say someone creates a NIP17 groups client that facilitates the kind of purposeful history falsification described in the article below. We’ll call that client Gaslighter. With Gaslighter, for every new message you can create multiple different versions to be seen by each person in the group. These message versions can be completely different to each other, or just subtly different. Either way, when you press send each person gets a different message, and each person thinks the message they’re seeing is what everyone else is seeing. (To be clear each person gets the message customised for them and *does not* get the messages customised for everyone else, so for everyone in the group it's just one new message added to the history, even though you just sent a bunch.)
The UI can be very user-friendly, showing all others in the group and, next to each avatar, the message that each will see when you press send. You can choose to apply one message to everyone and then make little edits per person, or just compose them one by one. You can also group people into sub-groups, create one message for one sub-group and one message for another, and so on.
For pros, you can create a string of messages that includes both dirty messages (messages that some people will get sent but not others) and clean messages (messages that everyone in the group will get sent). This is to help thwart hash-based gap detection, if such a security feature ever enters the NIP17 spec, though in all likelihood this kind of gap detection will be deemed to be so unworkable (at least without *some* exposed metadata) that it won't.
You can also choose to send a message to everyone except one poor person, or except a few poor people. And many other such devious things. Either way, with Gaslighter loaded up and a few minutes of posting you can turn any NIP17 “group” that you're in into this mutant thing where everyone has a comically different chat history to everyone else, and nobody knows it, and these chat histories will never re-align. (And it was all on purpose, by you, not the result of missed events.)
Why would you do this? Most likely for fun. Messing with friends’ minds. “You guys will never believe what happened to me this morning!” you send to all three others in a group. Then you send a different story to all three at once. The first story is shocking and unlucky, the second is shocking and lucky, and the third is just boring, hardly a story at all. Everyone gets very confused by everyone else’s reaction, and eventually you tell them about Gaslighter and everyone goes lol. (That said, after having played around with Gaslighter for a bit, even just having fun with friends, you’re probably always going to be on your mental guard when in a NIP17 group.)
But when you start to consider the social-engineering attack surface here, it’s not so funny anymore (see the article below for an example). If NIP17 groups take off then at some point some normie user is going to get unfairly scammed in this way. I say unfairly because it’s clearly unfair to put it on the normie user to understand that the group chat history can potentially be manipulated to be different for each participant. (Key word, purposefully; not just missing a message here or there but socially engineered by an attacker so that each person has the history that the attacker wants them to have.)
This is just not in keeping with how modern users understand group chats to work. If a normie user does get scammed in this way, you can be pretty sure the first question on his or her mind after being clued in to the scam will be “How was that even possible?”