If I know Marisa's public key and Marisa knows Omar's public key, she can sign a message to me saying, "Omar's public key hash is c2ecc3b9b9eb94dcafe228f8d23b1e798597d526358177c95effa6bc0ded3a35". I can then use that key hash to authenticate messages from "Marisa's Omar". If she gives Omar mine too, he and I can set up a private channel without further involving Marisa.
Hopefully we aren't just talking to Marisa's MitM proxy. If other mutuals also know him as "Omar" then I can ask them for his key too, and if I get the same response, I can have more confidence that Marisa isn't playing that trick on us.
Never total confidence, though. You need some way to bootstrap a non-MitMed connection; no evidence can ever prove conclusively that you aren't a Boltzmann brain floating in the post-heat-death void, or Descartes being tricked by his evil demon that controls all his perceptions, or Neo in the Matrix.
But meeting up with one of your friends in person once to exchange either public keys or a shared secret, even before you start using the system, can go a long way to ensuring that you are all actually enjoying privacy.
actually though? storing a very small but important info (public keys, domain ownership and such) would have been a perfect use case, which also keeps the chain small...
The new version of Bitchat (from Jack Dorsey) is interesting: it's a chat over BLE mesh, but says that it'll continue the chat on the nostr infrastructure if two (in principle anonymous) participants fave each other in the app. Haven't had able to try this out yet.
