Yeah, I've thought a lot about it. In theory, there's nothing you can really do to keep private data private once it's published — someone can always take a screenshot of your note. There are a variety of techniques that can help in practice though: - Use AUTH to implement read access - Use NIP 70 to ask other relays not to store your events - Strip signatures (this is the nuclear option, it basically breaks nostr, but could be used in specific situations) - Encrypt your content - Use clients that are smart about replicating stuff - Include relay urls in events and have both relays and clients validate that the event came from the designated relay (this isn't done anywhere, but I may use it for flotilla).