Each user gets his or her own newsfroup subhierarchy which anyone may subscribe, cache, archive, or distribute.
Postings are signed by the user, where the signature points to a parent, Merkle-tree style. A valid posting must encrypt its Message-Id and Newsgroups header lines with the newsgroup's posting-user's private key, and with half of a key shared with the hierarchical parent newsgroup's owner set out in e.g. the cmsg newgroup message and follow-ups to it.
Postings may be signed cleartext or signed ciphertext with the decrypt key encrypted on the public keys of eligible readers.
Postings may be dropped (and should not be presented by a reader UA) if a signature trace upwards, potentially to the root of the hierarchy -- there may be many hierarchies, but each would have unique root newsgroup -- fails.
Posting would work like moderated newsgroups, with the "moderator" being whoever posseses the valid signing information, and any unmoderated postings going ignored.
The equivalent of posting on a friend's wall would involve either posting into a subgroup of the friend's primary newsgroup for which the posting-friend has the appropriate signing information, or goes into a dropbox subgroup encrypted on the wall owner's public key, which the wall owner should monitor, and from which the wall owner could sign-and-promote postings onto her or his own wall or some other non-dropbox subgroup.
There are similar drawbacks to USENET: once posted, a message cannot be unposted or edited reliably. Postings may be lost.
Additionally, postings might not be permanently secret. Posting and reading credentials may be lost or stolen. Legitimate readers might repost information they shouldn't. None of these are too different from the facebooks.
The bright side is that this could be started today with just UA work, using the existing USENET transfer-and-storage systems. Newsgroup creation and policies on expiration and peer-and-downstream transferring would need to be made more scalable; the line about "cmsg newgroup" exposes the problem even in the hundreds of users of USEFACE, let alone several orders of magnitude more newsgroups than exist today.
However, there aren't obvious ultimate scaling limits thanks to hierarchicalization; the hardest part is probably organizing where UAs will get their NNTP reader service from -- it's unlikely to be just one reader that happens to subscribe to all USEFACE hierarchies and stores all postings indefinitely. This was already a problem for USENET, although there are various partial solutions that already exist.
The way I'm imagining it, you can both use server based and P2P based distribution. You can federate across servers, have channels/rooms with filters / blacklists set by the moderators. You can have one-time user keys and PFS algorithms, with optional support for users later claiming authorship if they preserved their old keys. And everything would be timestamped using transparency logs or a blockchain. Edits are diff messages.