About direct messages, what I have in mind is this:

1. Nobody can see who is messages whom

2. Even access to the nsec will not reveal this

3. When you delete a message it's really gone (from your side)

4. You can only use one device for DMs at any given time (though you can sync between devices using some other protocol if you really really want to offer redundant storage to the cops)

Once in a while your client generates a random new DM key and publishes the public key in an announcement. You client also keeps track of public keys of people you follow, or even just any DM public key it sees announced.

If A wants to send a message to B they generate a shared key using a diffie-hellman exchange (or something fancier). This is an ephemeral Nostr account. A posts a message using that new account, and encrypted such that only that account can read it. B should be monitoring all such potential accounts.

Each message contains a new random public key, so each reply is a new account. This means you really have to catch every message, so your conversation might get stuck.

These messages should be posted using the anonymous posting thing I described earlier.

Optionally when you announce a public key, you also publish a more narrow list of relays that others should use to reach you and that you use to post messages. This saves costs.