But the new nip is supposed to fix exactly that.
Discussion
But how would the key exchange take place between sender and receiver?
There is no key exchange. The protocol sends an encrypted message from a new random key per message to the pub key of the person.
You can count how many "encrypted things" a user is receiving, but you won't know where they are coming from, if they are real or not, if the date is correct or not.
why does no one talk about nip 101 and what nostr:npub1tm99pgz2lth724jeld6gzz6zv48zy6xp4n9xu5uqrwvx9km54qaqkkxn72 has done with npub aliases? also i think iris desktop is using. seems promising to me, but no chatter
Because ideas with aliases and other shared key protocols require you to trust the counterparty you are talking with. They can leak all your conversation at any point without leaking their private key. There were many proposals, but they all require some level of trust in the counterparty or in a private relay operator, for instance.
This one does not. You can talk to your worse enemy and they won't be able to expose you unless they expose themselves as well (leak their main account's private keys).