For server-independent IDs, would that be stored under another property name other than `id`, or something fully replacing the `id` or being appended to it and parsed? If a server is receiving an activity, then it should inherently have some implied discoverability about where the activity is stored, if it wasn't sent through a relay. I don't know if there's some supplemental identifier that could be associated to an instance that's decoupled from DNS. Maybe a public key-based identifier for a 'activity/actor storage server'? For encrypting private data: perhaps _start_ on a simple PGP-ish model, where payload is encrypted directly for the actor's keypair. People may whine that it doesn't fill every checkbox of their "demands" for privacy, but it would be trivial to implement, and some later "true E2EE with full forward secrecy" solution can come later as an optional upgrade. Perhaps there'd need to be a new object type (or something borrowed from vocabulary of other JSON-LD-based crypto specs) such as 'EncryptedActivity', maybe with an optional type-hint of what the payload activity/object type is (if it's not anything somehow sensitive). Ultimately, I do strongly believe FEP-c390 and FEP-ae97 is the inherent future for ActivityPub, or some light variation of it, and I really hope to see the current hack of HTTP Signatures (and _especially_ the current one-key-only per actor representation, for a key that's just an entirely server-held always-unencrypted private key in a database) to be gradually phased out soon (or at least a shift towards a 'server key' for HTTP Signature-based delivery, of something that can be locked down, versus the lie of a private key for each actor, that the actor doesn't even control, in the current use of HTTP Signatures).