If I know that Lyn's website is lynalden.com then how would seeing that domain attached to her profile add to confusion? I understand that someone would register lynallden.com and use that for scamming and I also understand that not ever single client shows a Nostr error when it's invalid. The first one we can't fix, but reading and paying attention helps here. The second one just takes more lobbying from all of us to devs to do some basic validation. A Nostr address is not a perfect solution, but it's miles ahead of doing nothing.
Discussion
This is all you need to identify the nostr:npub1a2cww4kn9wqte4ry70vyfwqyqvpswksna27rtxd8vty6c74era8sdcw83a you're looking for:
Nothing about this needs permission from anyone:
Everything about this is 💯 Nostr.
1. Npub: colour + last 6 charracters (can be mined if she cares about having a specific one)
2. Followers: tailored to the user (can even be adapted to where the user is coming from, podcast link etc...)
NIP-05 on the other hand:
1. Only "works" for popular profiles of which the domain is known, that have enough high signal followers for it to not be a problem in the first place
2. It clearly doesn't work at all for the people that are being scammed right now by the fakes of those popular profiles. They are too lazy to check and would be way better of with an imposter warning (provided by a free market of services).
3. It doesn't work for censored profiles. Good luck keeping your Neo-Nazi childporn NIP-05 ID.
4. It makes Lyn's followers think NIP-05 is the most important ID and that they also need one asap. Only to then find out only a fraction of Apps actually properly displays it and even less actually verify it.
5. The Apps that do display it everywhere you'd need it end up either bloating their UI or hiding away the actual Nostr native things, for a "later" educative moment they never get too.
6. And then their normie friends will start telling their "email" doesn't work 🤣.
7. It takes extremely precious time and space away from showing users what makes Nostr so unique, powerful and fun: Keys, Zaps & Interoperable Hosting (Relays, Blossom, ...)
8. It sets the door wide open for things like custodial bunkers with NIP-05 + password.
NIP-05 doesn't solve anything. It is miles behind in permission-land.
I'm with nostr:npub149p5act9a5qm9p47elp8w8h3wpwn2d7s2xecw2ygnrxqp4wgsklq9g722q here; a bad solution is worse than no solution and NIP-05 is not good for "verifying" for the reason you mentioned; domain-typo "spoofing" would be even bigger if nostr became successful and this were a part of how we get rid of impersonators.
NIP-05 is ONLY good (but it's a very important thing) as a human-friendly pointer to an npub ("my nip-05 is pablo@f7z.io").
WoT gets us 99.9% there wrt knowing who's the "real" because even "real" here is subjective. (Pablo for some people here might be me and for other people someone else entirely and both are real)
Where I do disagree with Niel is that using just the last six digits of the pubkey to uniquely color the profile is not good; it's a neat trick but six characters are way too easy to mine, would make more sense to do the average or some other simple arithmetic op over the last, say, 24 digits.
You're the real Pablo in my eyes (and WoT)
The Public Key colour is the first 6 characters of the hex key (see next.nostrudel).
Add to that the last 6 characters of the npub and you've got a pretty high cost for impersonating.
Very much open to ideas on how to make it even more impostor-proof.
Although I do like the fact that it's still doable to mine for a specific human-readable ending + colour.
+1 nip-05 is great for this case.