Could client apps perhaps store a local hash of name/display_name and profile image for pubkeys they follow, and then detect a duplicate/mismatch?

(I’m glossing over how image hashing/similarity matching could be calculated).

The pubkey with a newer profile update becomes the suspected impersonation, and the app could flag or show UX as less/untrusted awaiting user input.

I think name and profile image are the two major things people read to match identities, since both are displayed in the timeline.

Could even be used in global - “this post pubkey has a imitating name/profile image match to someone you follow.”