Most people don't care about privacy. Edward Snowden and others have been trying to convince people that they should care. And events where good people suddenly become seen by society as bad people have worried a lot of us, so more people care now.... the excuse "I don't need privacy, I'm not doing anything wrong" doesn't apply to that last case. Whoever you vote for you will have enemies, and you should want protection from them.

I've already commented on IP address privacy - I don't think it should be handled in-protocol. I believe using the web stack puts both privacy and security at risk which is why the client I develop (gossip) runs on the desktop without a web stack. I've tried to include a lot of settings to allow people who care about privacy to maintain their privacy. You can disable rendering media inline automatically. You can disabling fetching of avatars, of media, of checking NIP-05, of fetching metadata. You can run in offline mode. You can include a ["client","gossip"] tag if you want, or can turn that off. You can include a user-agent string if you want, or turn that off. Oh, and your private key is stored encrypted under a password and zeroed (along with passwords) before memory is released.

I intend to give users more control over connecting to and authenticating to relays via whitelisting (slated for 0.10).

I intend to implement NIP-46 in both directions, which will help a lot with key management, especially as other nostr clients and services begin to support it.

As for moderation, gossip allows you to write a script to filter posts using any code you can dream up. We also just added code to not load posts from people you don't follow unless they are on relays you designate as 'spam safe'.

So I think we are on track, and these issues are all being addressed. But there is plenty of work to keep on doing.