Incidentally I also use Decoy as one method of PGP public key verification. The “decoy” picture is a screenshot of my public key. The photo hidden behind the decoy is a picture of me, holding up my drivers license and an index card with my username. The picture itself should prove sufficient in 99% of cases but in extreme circumstances I can give out the passcode which provides an additional two layers of verification (the validity of the password itself, and the photographic identity verification)
Of course that could still be spoofed if someone managed to replace all instances of my verification image, and then made a fake drivers license with my name on it and took a picture of that. But if that ever did happen I actually have a final layer of protection which I won’t tell anyone about until I can figure out a way to re-tell it without rendering it worthless.
Per our email exchange, here is the condensed version that uses only your original writing:
Notes:
I removed all the quotations. Although I’m guessing they were probably key to your own understanding of the issue, I don’t think they are an efficient way to improve other people’s understanding.
Much of the post was dedicated (unnecessarily) to why your viewpoint is right rather than just stating your viewpoint. People who agree with you don’t need to be convinced. People who disagree with you aren’t going to be swayed by your arguments.
I removed a few paragraphs that repeated themselves.