Oddbean

NIP-05 doesn't prove an account is "legit", nor was it ever meant to. It's not intended as a form of verification and it's a shame clients may imply that it is. Please, see this: https://hedgedoc.semisol.dev/ciXY6QE-Tx6CQZowDwcK4A Or this: nostr:naddr1qvzqqqr4gupzq5455pmtewaacws6a73hxkqkea6fjwcm3keq9vqu3q7930nl4k9aqyghwumn8ghj7mn0wd68ytnvv9hxgtcppemhxue69uhkummn9ekx7mp0qqfxu6tsxq6j66tn94hx7apdwejhy6txpdekay Anyone can buy a domain name, therefore anyone can get a NIP-05 identifier. Just setting up a NIP-05 identifier does not prove an account is "legit". Setting up, specifically, an identity associated with a domain name which is known to be legit may prove it, however, as long as the user actually verifies the domain (rather than relying on the useless and misleading "verified" sign that some clients may display). See, also: nostr:nevent1qvzqqqqqqypzprhy9yxf3vst9xv38zej9arxagsvw4sg7452k570z9yjh7djapyuqqs92h746wgvk95ymf08xf4eph897g64262pen5js7zmwj3r8pz43qcvpfnrj