It is possible for an attacker to save a malicious link or image ip address logger as profile image and most of the nostr clients leak IP address for the users if they view the profile image in an event or elsewhere.
Attackers can spy using public keys to see who is sending DMs to whom and the time. Although they wont know the content of messages
****Repeat they won't know the content of messages
Meaning they can only see the sender and receiver name
Relays know IP address, user agents, public keys trying to read/write, websocket request info etc. about clients so joinstr uses below things:
You could also run your own relay for some use cases although its always good to use multiple relays. Use clients that care about privacy and VPN/proxy. If you are running a relay, being anon could be helpful if government agencies have issues with some events being published in the future when nostr gets too big.
Users should never be clicking unsolicited links posted in notes. Unsolicited links can result in off-client phishing attacks, malware downloads, and scams.
To protect against these types of attacks, it is important for users to be cautious when clicking on unsolicited links and to verify the identity and intent of the sender before interacting with the link.