What is the issue?
On X, you post something and may get a reply from elon(or whoever), you look at the profile, yes? In that case, the username would be elonmsk or a letter off or a number.
Seems pretty simple. Perhaps a dB of usernames that clients could compare, but it'd never been an issue for me. I've been followed by fake Lyn accounts, I take a look, fake. Blocked or muted or no action. Done.
Everything in your comment requires a central auth DB or a user who is dedicated to “not be phished”.
Nostr will grow. People will be followed by (and follow back) bots and bad actors. Spam and phishing attempts will be shared and reposted.
There is no central auth in Nostr. Our only defense is Webs of Trust between friends and friends of friends. But Nostr only has ad-hoc implementations to establish webs of trust.
Nostr needs better tools. And by this I mean, a free market of tools (content filters and trust rankings) whereby the best ones will emerge.
