Yes.
If you want to follow my world-wide-web content, you have to get it from https://mikedilger.com/. You cannot get it from your own local website. The outbox model is the same thing, and so is RSS. If you want my microblog, you get it from where I post it.
Under the outbox model, clients figure out where stuff is and then they go and get it... on relays you may have never even heard of. This is no different than going to a website, and that website telling your browser to grab a font from fonts.google.com or to fetch a javascript library from a CDN, or to grab advertisements from doubleclick.
If you have a problem connecting to "strange relays" that you have not vetted, then you should use a VPN or Tor. They were designed expressly to address that concern. Trying to re-invent them inside of nostr is a fools errand.
And by the way, it is safest to use Tor via a system designed to use Tor, e.g. on qubes or whonix. Torsocks should also be safe since it replaces DNS lookups at the DLL layer. I'm not sure if using Orbot on Android avoid all the sidechannel DNS leaks, but I hope Amethyst did it right. I just don't know enough about Android to say one way or the other. But for desktop apps like gossip, Tor should NOT be builtin, users must use torsocks or one of the systems I mentioned which will always be more secure than anything I could code.