The fact that anybody can verify keys raises the stakes of attempting a MITM attack significantly and thus protects the majority that doesn't verify keys themselves.

Even my tech-illiterate mother asked if I was hacked or just got a new phone (I got a new phone). The study you link is from 2018, I think it's not a bad assumption to say that people have had some education since then. In 2018 I just started using Signal, nowadays everybody is on it, in my various circles.

literally no one cares for the 'secret key of x has changed' on whatsapp, so i might as well enjoy the supperior useability of telegram.

Signal makes some cruddy decisions that makes identity verification happen way more often than necessary. Keybase did it better, too bad Zoom bought them just to kill them. Here's their blog post: https://keybase.io/blog/chat-apps-softer-than-tofu . TL;DR:

> Is there a good solution, one that doesn't involve trusting servers with private keys? At Keybase, we think yes: true multi-device support. This means that you control a chain of devices, which are you. When you get a new device (a phone, a laptop, a desktop, an iPad, etc.), it generates its own key pair, and your previous device signs it in. If you lose a device, you "remove" it from one of your remaining devices. Technically this removal is a revocation, and there's also some key rotation that happens automatically in this case.

> The net result is that you don't need to trust the server or meet in person when a partner or teammate gets a new device. Similarly, you don't need to trust the server or meet in person when they remove a device, unless it was their last. The only time you need to see a warning is when someone truly loses access to all their installs. And in that case, you're met with a serious warning, the way it should be: