I believe there is a nip for "private" notes. But if a note is published to a relay, and a user has permissions (auth) to access that relay, they have your notes. And that is, if _another_ relay "federates" your notes _and_ has access to that private relay, your notes are now public.

For example.

If I publish notes to nostr.land (which has auth enabled) then relays like theforest.nostr1.com will also have a copy of your note. Which means, for example, if primal.net relay syncs with nostr.land, everyone on primal _and_ other relays will share your notes viral.

So no you can't really control who sees your notes, unless you publish a private relay where you control who has access to them. But for example. If I was authed to your private relay, I could abuse my nsec to copy all notes from your relay to mine and then share that to the chain of public relays.

So unless you control _and_ trust the user authed to your relays, your (kind 1 etc) notes can always be read by the public.

Anything else and your basically asking for communities, group chats, or DMs, which the rest of the nips surrounding this topic are used for. Which the only way to accomplish this privacy is to encrypt notes for specific users. Creating a whitelist. A blacklist most likely cannot exist.