There is nothing I could say to make you more comfortable. We could spend all week long discussing why I am “right” and you are “wrong”, but the reality is that we’re both right, here.
This isn’t about any kind of technical issue that can be solved. This is about social norms and your personal feelings, and we can’t really argue about that. If you feel the need to use a platform that somehow protects images from being accessed directly via an URL, then you should look for a platform that does that. No point in using diaspora* if you’re not comfortable with it, there are many choices for you to make!
Quite honestly, I’m not confident in anything at all. I don’t even share private stuff on diaspora* (and I barely share any private stuff in any form online besides actually talking to people in voice chats etc). But everyone is different, and there never will be a “one size fits all” solution here.
For me personally, I found that no matter how many fancy tech I throw at enforcing privacy, the main “violations” happen far outside that realm. Not too long ago, I shared a video of me pulling an espresso shot with a family member. I uploaded that to my own webserver and sent a link, immediately deleting the video after it’s been viewed by the target person. Weeks later, I got pinged by another family member telling me I have a nice espresso machine - and I was confused. Turns out that all my technical methods mean absolutely nothing – the original recipient, without thinking, just long-pressed the video on their android screen, hit “share”, and dumped it straight into a whatsapp group that apparently parts of the family use. If your “data control” is ripped out of your hands that way, you realize that all the fancy tech doesn’t mean too much in the real world.