Yes, unfortunately that is the case.  It happens far too often on nostr, for example fiatjaf's njump dot me and benarc's nostr dot com contain spyware that deliberately send your ip address and browsing history to certain VC (bad guys imho), without gaining user consent.  I try to raise awareness of this, but there is very little action, sadly.  Nostr needs to develop good reputations for those that respect privacy.  Most currently do not.  Sadly.