They could still perform a man in the middle attack, re-signing all of your notes with a new public key.
But then they would be signed by a different key
Please Login to reply.
Correct, but what if someone sees the posts from the second key-pair first? How would anyone be able to tell which public key is the real one?
Web of trust, out of band key exchange, lots of ways. The objection you're making doesn't really make sense.
