If someone goes to a lot of effort, yes. I don't think there is anything inherent to Nostr that is privacy preserving though.

nostr:nevent1qqs9e4n4yzydwfpzkdkmwze08qkkqdgw9vfxjjuhtsqjd7marlt3rzqpz9mhxue69uhkummnw3ezuamfdejj7q3qgcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqxpqqqqqqzrw5al6

"Remember, relays can see what your Nostr client is requesting and downloading at all times. They can track what you see and see what you like. They can sell that information to the highest bidder, they can delete your content or content that a sponsor asked them to delete (like a negative review for instance) and they can censor you in any way they see fit. Before using any random free relay out there, make sure you trust its operator and you know its terms of service and privacy policies."

nostr:naddr1qq9hyetvv9uj6um9w36hqqg3waehxw309ahx7um5wgh8w6twv5hsygzxpsj7dqha57pjk5k37gkn6g4nzakewtmqmnwryyhd3jfwlpgxtspsgqqqw4rszncwvp

You need to work hard towards that, selecting reputable relays plus using Tor or a VPN, religiously removing metadata from any files you post, and making sure you never post anything that might lead back to you in the real world. One failure and it's ruined. This is no different than other social media, or the Internet in general really.

It is also easy to mass collect notes. I run a WoT relay. It collects notes from ~60000 npubs on a 2 core VPS with 2GB RAM, and it's barely working to do that. I assume govt agencies are already doing the same, except with infinitely more hardware power, capturing every note that is posted. Using AI to correlate and scan, figuring out who is who.

I would never recommend Nostr to someone on the basis of it being more private, as I feel I would be doing them a disservice. It has many ticks in the plus column, but I didn't think being inherently designed for privacy is one of them.