I never looked at the protocol as used by Mastodon. But it seems pretty broken: https://flak.tedunangst.com/post/honk-preview
And apparently Pleroma is no better?
I mean, people generally like to conflate the protocol with some specific implementation. That being said, there's a lot of wiggle room in AP which will always lead to the same kinds of criticisms.
I'm not going to say Mastodon has the best implementation but I'm not going to shit on it either.
as for shadowing remote profiles, basically all AP servers do it.