We can, just stop calling it even remotely private.
Discussion
It is private, if you run it on a relay most people don't have access to and you encrypt the content.
I'm failing to see how that can't be described as private. You don't even need to run that over the open Internet. You could use a VPN or put it behind a firewall, or whatnot. That's actually what VPNs are for, after all.
i am just bumping into this and forgot just how retarded some nostr devs are about signals intelligence... prime case in point right here
auth stops you from being able to send the message
the websockets are TLS encrypted already
in the case of DMs and application specific data the content SHOULD be encrypted by the protocol (don't tell hzrd149 about that though, he does ASD without encryption which is retarted)
It's simple logic, from where I'm looking. If you put the relay on a machine you manage, you can use all security built into Nostr AND all security that can be implemented on the machine. That is a second, powerful security layer.