| The realistic path off looks like this, I think: * I use Bluesky to chat as a Twitter replacement, which gets me into the Fediverse and gets me a PDS * I use my PDS to store my payment details, giving me a (at first client-side) way to submit stored payment details that feels similar to storing it in the browser, but stores it in my "server" * From there, it's a natural step to giving the retailer a token that can be used to pull payment details from my PDS; early adopter retailers are incentivized to do this because it frees them from the burden of storing and updating PII/PCI * After some subset of users and retailers do this, users see the benefit of controlling their data as a viable alternative to some of the worst user-hostile patterns, e.g. the New York Times' "we don't have a cancel subscription page, you have to call an 800 number" nonsense. * To the extent that storing PCI/PII in a PDS is as easy as storing it in the browser but with perceived additional benefits, user demand drives wider adoption * Once it's technically feasible for sites to maintain their business model without storing any PII/PCI, it is much more realistic to write laws that proscribe it effectively for those users who choose that |
I wonder how many years need to pass after a company removes a user-hostile pattern before it should stop being lambasted for it. I don't know how long they did what you say, but I could see that 5 years might not yet be enough.