I can back up my notes and rebroadcast them, and no one can revoke my ability to do this.

Exactly. I find it frustrating when people nitpick the reliability of individual components in a system designed to have layers of redundancy. I don't understand why people do that. Are they just too used to thinking about systems without redundancy, like ActivityPub or like VPNs?

Tor is designed to anonymize relay operator and partially mitigate the problem, but not sufficient to scale. See we only have a few of them and they barely work and those that work are well known and easy to trace: https://github.com/0xtrr/onion-service-nostr-relays. Don’t forget that notes are stored on relays and relays are not obligated to keep your data. That makes accounts vulnerable. Let’s come back to censorship problem. Here’s a practical scenario: a relay operator logs your IP, a government obtains a warrant, the operator hands over the logs, and law enforcement knocking your doors. That’s why people in highly repressive countries like North Korea and China avoid using nostr. Now imagine a more aggressive attack: arrest one of the largest, well-known relay operators to set a legal precedent. Even well-resourced relays would likely unplug to avoid liability, leaving the network unusable which leads to: no incentive to host a relay if it risks jail time. People forget what happened when Snowden joined Nostr and shared it on Twitter. So relays struggled to scale and nostr was unusable. The only way to make Nostr truly censorship-resistant at scale is to decentralise relay functionality into clients. If clients run embedded relays (on phones or laptops), store data locally, and route through Tor, censorship and legal pressure against single relay operators become far less effective.

I brought up the design of Tor as an analogy for the design of Nostr. It's irritating that you only considered how Tor can be used for Nostr rather than the general design of Tor itself, but I'd rather drop the topic than try to spell out the analogy better. You are right that if a Nostr user's privacy is compromised, that can be leveraged in order to censor their speech. It doesn't matter how many relays are willing to publish a person's notes if the person in question is being imprisoned and physically prevented from posting those notes. However there are many existing privacy technologies that can be applied here. The most robust protections focus on protecting the user rather than the relay. Why agonize over finding a relay owner who will resist torture to keep your IP address when you can just avoid giving them your IP address in the first place? Personally I use a VPN because it's easy and convenient, but there's no reason a person couldn't send notes to Nostr relays over Tor or I2P or from a burner phone in a remote field. If privacy is the issue then there are lots of options, but if the issue is finding a Nostr relay that you know for sure is trustworthy, then you have no options at all.