[jrochkind1]

Aha, good point! Hmm, have to think about that more.

It might be cool if there were an open source tool (from keybase or not) that would do this check for you. Most people in the target audience aren't going to be able to do it yourself.

That might be something cool for keybase to provide. (Yes, of course you'd still have to trust the open source tool, but that's why it's open source, etc.).

Before sending something particularly sensitive, you could run the tool to check that the public key you have still matches what was posted on their twitter, facebook, etc. (And yes, if someone can hack the old tweet on twitter, then of course, yeah).

[oijaf888]

Isn't that exactly what the command line client does when you verify a user?

[jrochkind1]

Ah, you can re-verify the user at any point, not just the first time you add them as a contact or whatever? Neat.

Okay, this is good marketting for the product, because you are convincing me that at least it might have evaded some of these problems, and is worth further investigation. :)

[maxtaco]

Yes, it is, and it's 100% open source.