This is such a broken overall system. I don't know what the answer is for clearnet, but the chain of trust is just too easy to compromise. I really like private certificates (like here) where we get a published cert fingerprint and my software verifies it before signing in. I only need to trust LWM, which I do, and I confirm a legit connection. I use half a dozen clearnet sites with a similar model. I'll take that over the chain of trust model all day long.
My bad, I forgot about that recent change. I have my system logging Wilder's fingerprints when I come in but have not signed in yet. I still verify them for consistency before signing in. Thanks for the reminder of the change. I need to go do some reading about susceptibility (key hijacks or MITM stuff). This is not a site where my risk factor is large, but still I like to confirm I am really logging into Wilder's.
