Point 3 is disingenuous. You can have cold keys on nostr and acting like the worst way to use your keys is the default is a straw man. Your point about persistence is also disingenuous considering you can run Citrine on your phone. The rest seem like valid critiques

We have to agree to disagree then, because lack decentralized discovery ultimately results in a naive identity-key design. Your point about persistence suffers the same weakness: that discovery ultimately relies on centralization in Nostr, so hosting it yourself does not provide any guarantee of being discovered without trust.

what happens if your homeserver goes down?

You switch to another one or host it yourself.

what happens in nostr if someone can't find your data in their relays? and how do they know whether they have all the data?

so if you stop hosting the data and dont care, it goes missing. if someone liked your post or quoted it, because they liked it, they can't find it anymore too. because you decided not to host it anymore. on nostr you can have a relay on your phone, and host it over an onion address. it doesn't have to be up 24/7. some nostr clients automatically resolve onion addresses already. its not self hosting vs public relays. both can exists. makes it easier to use. especially if future clients can have a relay built-in hosted over an onion address. --- many nostr clients walk the relays on the social graph. they are adventurous. quote notes can have the relay list as well, but i don't like that. when you like or quote something your client can also broadcast it to your own relays. so other people can also find what you quoted/liked/reposted. its natural. the person you follow replies, reposts, or likes something, you can find it easily. if you wanna find a person directly, who is not well connected and new. they are probably at least one popular relay so you can find them anyway, but. let's say you can't. we also have nip05 names, which can include your relay data.

Do pubky homeservers also give users the ability to post privately? I tried it but the app didn’t show anything around blacklist, whitelist, etc. the whole reason I want to try Pubky is so I can have more control over data I supposedly own.

Most of what we have shipped is for public-only use cases. However, we are wrapping up work on a pubky-noise library this month, and related tools for our keychain and wallet. This unlocks private messages and related features for Pubky. After that set of features ships, we'll be working on more access-control related features, maybe versioned data, etc.