My favourite example of this was when Thatcher passed a law banning the broadcast of Sinn Féin. The BBC responded by dubbing the audio with actors’ voices. So you would watch the news and see an interview with Gerry Adams, but you would be hearing an actor speak his words, meaning the BBC were complying with the law by not broadcasting his voice.

https://news.ycombinator.com/item?id=47687533

https://walt.id/verifiable-credentials

The initial email verification sent to you (“click here to confirm your email address”) includes an attachment requesting an auth token. Emails with this attachment get presented to the user in something akin to a friend request for email, with a consent screen describing how they intend to use your email and for how long. Approving the request hands them a Biscuit token.

The sender attenuates this token when sending email to you or when sharing with a third party provider like Mailchimp. Any emails authorised by a token automatically skip all spam filters. This is the carrot for senders to adopt – they can stop worrying about all the deliverability and IP reputation nonsense and can just send direct from their own servers, reversing the centralisation of email and making it more reliable by skipping spam filter heuristics.

All of these emails have reliable provenance and traceability. If a leak / abuse happens, you can revoke the token and any emails sent with it. Senders can also proactively revoke any tokens provided to third-parties in case they were breached, without affecting the sender’s ability to send themselves or through other providers.

Once a critical mass hits, you can auto-deny anything without a token. At this point, all the email you receive is from somebody who has obtained your explicit consent to do so.

It’s not. I give a unique email address to every service I register with, which means I can see who is leaking my email address. Very few of them leak my email address at all, and those that do tend to do so involuntarily through data breaches.

The other main factors in spam are the sleazeballs at Apollo, ZoomInfo, et al., services that use my email address internally for more than I consented (if I use my email address to register for a service, this does not permit that service to add me to their product mailing list), and the spammers who guess email addresses based on LinkedIn info (e.g. name + company domain).

The number of services who appear to take an email address I have given them and sell it appear to be extremely rare.

https://en.wikipedia.org/wiki/Threshold_pledge_system

They are not. You have this almost entirely backwards. To become a standard, you only need two independent interoperable implementations. This means Apple cannot block something from becoming a standard. The only thing Google needs to do is convince anybody else to implement their proposals. So far they have managed to convince precisely zero other rendering engines to do so.

> I'll also point out that Opera, Edge, Samsung and others did implement the Web Bluetooth API, so you are wrong about your assertion that they "couldn't convince any other rendering engine to implement them".

All of these are Chromium / Blink users, not independent implementations.

There is much more to a web browser than just its rendering engine. When you install Firefox on iOS, you get Firefox. It uses the WebKit rendering engine, but it’s still the Firefox browser.

To be frank, it’s pretty insulting and dismissive to all the people putting huge amounts of work into building browsers only to for you go around telling people that all their work is really just a mirage.

> We believe Web NFC poses risks to users security and privacy because of the wide range of functionality of the existing NFC devices on which it would be supported, because there is no system for ensuring that private information is not accidentally exposed other than relying on user consent, and because of the difficulty of meaningfully asking the user for permission to share or write data when the browser cannot explain to the user what is being shared or written.

— https://mozilla.github.io/standards-positions/#web-nfc

And here’s what they have to say about Web Bluetooth:

> This API provides access to the Generic Attribute Profile (GATT) of Bluetooth, which is not the lowest level of access that the specifications allow, but its generic nature makes it impossible to clearly evaluate. Like WebUSB there is significant uncertainty regarding how well prepared devices are to receive requests from arbitrary sites. The generic nature of the API means that this risk is difficult to manage. The Web Bluetooth CG has opted to only rely on user consent, which we believe is not sufficient protection. This proposal also uses a blocklist, which will require constant and active maintenance so that vulnerable devices aren't exploited. This model is unsustainable and presents a significant risk to users and their devices.

— https://mozilla.github.io/standards-positions/#web-bluetooth

The fact is that Google wrote these specifications, couldn’t convince any other rendering engine to implement them, and somehow it’s Apple’s fault the rest of the world rejected their idea.

These are not web standards, they are Blink-only APIs that Google decided to build unilaterally. The web is not defined by whatever Google wants. Web standards are supposed to be arrived at through consensus, and the consensus is that these things should not be part of the web.

This is untrue. People frequently complained that they were VC funded and used it to justify mistrust.

Take this discussion, for example. Completely dominated by the topic.

https://news.ycombinator.com/item?id=44892209

It works for me on Tahoe.