“Of course, she could unlink her signing key from her profile, but then she loses all other relations based on that public key. Will she choose to do that?“
First off, in the SAFE network this kind of stuff will be abstracted away in the UI by design. I don’t think the average Alice or Bob will even know what a signing key is let alone waste their time trying to explain to others that it’s mathematical proof that Bob had a photo of Alice that Alice did in fact share with Bob. Alice would have to have the foresight to accept or not accept the risk of sharing the photo with Bob if it would affect her socially if exposed in the first place.
More direct to your question. I may need correction here but I believe this is how it works. In SAFE there is your main account (your passphrase and password that you self-authenticate to the network with) which will have the ability to create and manage as many keys as you like, in the form of SAFE ID’s. SAFE ID’s are like sub accounts in that sense, though no one interacting with them will ever really think of them that way. You can create as many as you like and the SAFE ID is like a profile card allowing you to describe yourself and it holds your contact methods within SAFE, almost like a little digital LinkeIn business card if you like. These SAFE ID’s could just be aliases or you could be who you say you are. You also have the ability to interact anonymously within SAFE.
Each SAFE ID is able to manage permissions of any number of files with any number of other SAFE ID’s. So like you suggest in your post you can share, set time sensitive access, revoke, etc.
If you delete a particular SAFE ID I’m not sure exactly what that would mean for all the permissions of the data it shared. I’m not certain if it just means you lose the ability to manage permissions on previously posted data (other users permanently keep the persimmons you had set), or all the data permissions associated with it are revoked, or if you would be prompted to choose from those options.
But whatever can be shared can be screen captured, downloaded, photographed, you get my point. That is simply just an unavoidable fact. Some people know this and some don’t but if you share something sensitive or share something with someone sensitive then half the damage is done. You can revoke access in the hopes they were already honest and respectable but you just don’t know and so you take that into account going into it. If this person was too lazy to screen shot, etc then they are probably too lazy to go way beyond the user interface into the workings of the network to prove something. This kind of situation is a gamble for Alice and most likely not 100% solvable.