A smart attack would be coupled with a clear message. Have the malware clobber them with anti-evil messages and just like that you have a sound free speech defense.

Consider florida, where if you are caught with shrooms that are wet, freshly picked, they cannot convict you for carrying contraband because you do not necessarily know what you picked.

Laws are often based on intent. In some cases, penalties vary depending on intent. It would be an unacceptably brutally harsh law to judge someone under a presumption of harmful intent for something they might have no awareness of.

QR codes can have icons on them. Certainly if I created such a t-shirt, I would put some cool looking icon in the center of it. Someone being dragged through the system might argue “i did not know that qr code was real.. i just liked the cat in the middle of it”.

“Malice” implies intent. Accidents are not malicious. Neglect in the worst case. So certainly any charges could not be based on malice.

Not sure but I think QR codes that hold wi-fi creds would more likely be automatically processed by phones. Seems like an adequate attack surface. Maybe dodgy creds could overflow or do some kind of DB attack. Or even legit creds could lead someone to connect to a malicious hot-spot captive portal that the attacker carries.

It is exactly that.

There are ~95 pages of rights and obligations covered in EU Directive 2015/2366, as well as EC Regulation 593/2008. Have you read them, or anything else to substantiate your claim?

You’re trying to solve the wrong problem.

There is no such thing as a “wrong problem”.

You do you. This thread is not about your problems. Start your own thread if you want a different problem worked. In this thread, you can either help solve the problem at hand, or fuck off.

The thesis is: what are our rights? Knowing your rights is a good idea /before/ you go off and try to solve a problem.

It may very well be that we have no useful rights and the choices are: be bullied, or find a different bully. But let’s not get ahead of ourselves. Other banks are garbage too, so it may be better to improve the bank you have (if possible through legal actions and exercising your rights) then to make it someone else’s problem.

you should probably just keep the money in cash

Of course. Cash would solve the problem. But creditors are refusing that now and also refusing cards at the same time. Otherwise the bank card could get cash out of the ATM and pay the creditors.

The EU has that covered as REGULATION (EU) No 260/2012 imposes 2FA.

But for me personally, I do not trust closed-source apps from surveillance advertisers running on a Google or Apple proprietary platform, no matter how well they do the 2FA. Even if the endpoint were impenetrable, I do not trust the bank itself not to snoop -- in part because I do not trust the GDPR, which is scantly enforced and regularly disregarded to a laughable extent. And from the ecocide PoV, I refuse to throw away good hardware and support designed obsolescence. They can pry my old phone from my cold dead hands.