Make sure you are following the correct npub. The a "verified follow" mark in the client is a very secure proof of identity verification.
Amethyst got this and other clients should follow.
Discussion
In some ways it helps and in others it doesn't. In Amethyst, I think it means you're following them and not necessarily verified.
Here are a few scenarios:
A) If the profile (maliciously or otherwise) changes their name, pfp, bio and etc. (kind 0), it'll be difficult to know which one of your follows/contacts it was when you initially followed them. This could be used to imposter someone.
B) If the private key of a profile is compromised (similar to A) all metadata can change. If notes appear from this account that the key has been compromised and to migrate to a new key; it will be very difficult to recover and determine honesty. The NIP05 nostr address will also not be useful, as that too could have changed.
C) If you're not following someone, yet still want to be able to verify them, the mark won't help in this case.
There may be others scenarios as well, and plan to go through and document these in more detail. I have a few NIPs drafted to introduce a profile metadata attestation event kind that could be used to verify profiles and mitigate and help the above scenarios.
True! And more better tools are needed :)
I just noticed how disproportionately powerful this simple follow verification tag was recently though. Scam versions of nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcppemhxue69uhkummn9ekx7mp0qyghwumn8ghj7mn0wd68ytnhd9hx2tcewvzaw where appearing in my feed. And this sinole trick helped me notice that in no time.
