My favorite way to explain Nostr: "If all user data is signed, you don't care where it lives and where it gets sent. Prior to Nostr, you could only trust something is authentic because it came from Company X's servers." And then I direct them to https://github.com/aljazceru/awesome-nostr, even if they aren't technical.