These and other asymmetric cryptography schemes depend on trust through peers (WoT) or direct trust through out-of-band verification of key fingerprints. Yet the large majority of users don't bother with either. A horrific problem for activists but does not make use of these technologies entirely useless, if at least they would pin certificates in a meaningful way.

Why do these technologies not provide a level of trust based on "initial certificate" so that at least a MiTM attack happening later would provides an alert "This persons key has changed!". So what are the reasons for this not happening already?