If I know Marisa's public key and Marisa knows Omar's public key, she can sign a message to me saying, "Omar's public key hash is c2ecc3b9b9eb94dcafe228f8d23b1e798597d526358177c95effa6bc0ded3a35". I can then use that key hash to authenticate messages from "Marisa's Omar". If she gives Omar mine too, he and I can set up a private channel without further involving Marisa.
Hopefully we aren't just talking to Marisa's MitM proxy. If other mutuals also know him as "Omar" then I can ask them for his key too, and if I get the same response, I can have more confidence that Marisa isn't playing that trick on us.
Never total confidence, though. You need some way to bootstrap a non-MitMed connection; no evidence can ever prove conclusively that you aren't a Boltzmann brain floating in the post-heat-death void, or Descartes being tricked by his evil demon that controls all his perceptions, or Neo in the Matrix.
But meeting up with one of your friends in person once to exchange either public keys or a shared secret, even before you start using the system, can go a long way to ensuring that you are all actually enjoying privacy.
If I know Marisa's public key and Marisa knows Omar's public key, she can sign a message to me saying, "Omar's public key hash is c2ecc3b9b9eb94dcafe228f8d23b1e798597d526358177c95effa6bc0ded3a35". I can then use that key hash to authenticate messages from "Marisa's Omar". If she gives Omar mine too, he and I can set up a private channel without further involving Marisa.
Hopefully we aren't just talking to Marisa's MitM proxy. If other mutuals also know him as "Omar" then I can ask them for his key too, and if I get the same response, I can have more confidence that Marisa isn't playing that trick on us.
Never total confidence, though. You need some way to bootstrap a non-MitMed connection; no evidence can ever prove conclusively that you aren't a Boltzmann brain floating in the post-heat-death void, or Descartes being tricked by his evil demon that controls all his perceptions, or Neo in the Matrix.
But meeting up with one of your friends in person once to exchange either public keys or a shared secret, even before you start using the system, can go a long way to ensuring that you are all actually enjoying privacy.