Comment by vouwfietsman
2 days ago
I am eagerly awaiting your grassroots campaign to define legislation that would tackle such uses, and also eagerly awaiting it backfiring because of malicious compliance.
2 days ago
I am eagerly awaiting your grassroots campaign to define legislation that would tackle such uses, and also eagerly awaiting it backfiring because of malicious compliance.
Malicious compliance is a result of incompetent drafting. It's common because incompetent drafting is common, case in point GDPR. It's definitely possible to screw it up less than that -- there are many laws that nobody complains about.
You pass a law prohibiting any entity from conditioning the use of their service on the user providing them with a phone number. Even services that actually use SMS or voice calls are required to provide an alternative like email or the web with no reduction in functionality and for no additional cost.
You pass a law stating that any device which is sold or leased to anyone who takes physical possession of it cannot contain a private key the customer is unable to both read and extricate at no cost.
What does malicious compliance look like there? Anyone can give them an email instead of a phone number and if that doesn't work they're in violation. Remote attestation is the only reason for devices to come from the factory containing an inaccessible private key, which is thereby prohibited and unable to be used as a tracking ID.