No store allows you you to swap ids quickly https://damus.io/note1zn29hn0pwz9eefc0d7jwywr5kk5jhrrphl937lzny8t9u7346j0qtmfq0n

No, ideally the clients do it for you and give you the hints. It’s like https and the green lock in your browsers address bar. Back then it was just a lock, then warnings became more sophisticated. It’s just a matter of time until it will get build into the clients here but fundamentally it’s the same cryptographically verifiable trust relation.

The difference is that db would control the private key if I understand you correctly. In nostr case you alone own the private key, it’s possession IS the identity, all your messages and comms are signed with it.

Yeah, sure we can also exchange keys via third comms channel and the UI would ideally indicate that you know one but not the other.

#[2]

for example linked his pubkey to cash.app by placing this to the cash app domain https://cash.app/.well-known/nostr.json?name=jack

The eve impersonator can’t sign messages with the private key of the public key which belongs to @jacks profile. On some profiles you see the purple NIP05 checkmark, which would be another indicator.

For example if I own joern.com I could link the public key of this @joern username to joern@joern.com. To do so I need access to the configuration of that domain. Fraudsters can’t do that too.

It’s the public key, npub1gh4z9pyza2g9y87xte7nzkgwhe3xtwt9g7rannvfec4s9vl5vlwqseq4nu in your case, which is unique and can cryptographically be signed and trusted, not the @user.

You can cryptographically prove ownership, that’s the base over here. With that you can verify your identity by linking it to a domain you control via NIP05 https://github.com/nostr-protocol/nips/blob/master/05.md

In the end the whole system here is math based, over there it’s build on top of authority.

Payed relays also give scamming and impersonating a cost, so there is less financial incentive to do it.