Dude. Who TF checks npubs?
This is not an intellectual problem. It is a real world user problem. Nostr is dead already.
Discussion
umm, i do, and I hope everyone does
that's literally the point of signing and having private and public keypairs, lol.
the key can't be spoofed on the relays. they can spoof account names, nip05 maybe, avatars, and more. but if you know the npub, nonworries.
We all know this. But the real world usage (your and mine prolly also) is different. We need to solve for real world.
What is the issue?
On X, you post something and may get a reply from elon(or whoever), you look at the profile, yes? In that case, the username would be elonmsk or a letter off or a number.
Seems pretty simple. Perhaps a dB of usernames that clients could compare, but it'd never been an issue for me. I've been followed by fake Lyn accounts, I take a look, fake. Blocked or muted or no action. Done.
Everything in your comment requires a central auth DB or a user who is dedicated to “not be phished”.
Nostr will grow. People will be followed by (and follow back) bots and bad actors. Spam and phishing attempts will be shared and reposted.
There is no central auth in Nostr. Our only defense is Webs of Trust between friends and friends of friends. But Nostr only has ad-hoc implementations to establish webs of trust.
Nostr needs better tools. And by this I mean, a free market of tools (content filters and trust rankings) whereby the best ones will emerge.