In reading Glenn Greenwald's 2014 book No place to hide, one thing stood out to me as a bit odd. Greenwald details how Edward Snowden was insistent that Greenwald install PGP in order to communicate securely, but Snowden then later (before PGP encrypted communications is available) agrees to talk over OTR-encrypted IM on an unspecified IM network. My boldface in the quote below; this is from page 17 in the hardcover edition. Any typos are likely to be my own.
I was uncertain what he had meant about "declining short-term travel": I had expressed confusion about why he was in Hong Kong but certainly hadn't refused to go. I chalked that up to miscommunication and replied immediately. "I want to do everything possible to be involved in this," I told him, suggesting that we talk right away on OTR. I added his user name to my OTR buddy list and waited.
Within fifteen minutes, my computer sounded a bell-like chime, signaling that he had signed on. Slightly nervous, I clicked on his name and typed "hello". He answered, and I found myself speaking directly to someone who I assumed had, at that point, revealed a number of secret documents about US surveillance programs and who wanted to reveal more.
The OTR key exchange is automated, and is supposed to be verified by confirming the key fingerprint ideally out-of-band in a manner that allows both parties to confirm who they are talking to (for example, over phone by the parties recognizing each others' voices, or by means of a shared secret). But Snowden (quite likely with good reason) does not trust the communication channels -- e-mail, basically -- that he has available to Greenwald to not at least be monitored, and he probably wouldn't trust them to not be tampered with at least to some degree. Snowden doesn't actually share any documents before PGP encrypted email is available (that is basically stated on pages 19-20, again in the hardcover edition), but this still seems to me to present a communications channel bootstrapping problem.
Assuming that they have had no previous contact, how would Snowden have been able to positively confirm that he was actually talking to Greenwald, and not someone else, or someone performing a man-in-the-middle attack?