Comment by UltraSane
Stop ignoring my question. If it is OK for YOU to refuse to use a bank that doesn't use TLS then why isn't it OK for a bank to refuse you as a customer if you refuse to agree to remote attestation? Both parties have the right to specify reasonable security postures and either mutually agree or not.
Not OP, and also not sure where I actually stand on this debate because I think your point has a lot of validity to it, but...
I think there's also an argument in favor of a person having the right to access their money (and I'd argue that accessing your bank's website/app is accessing your money) however they want, and that access to their money is more of an important right than the bank's right to control how that access happens.
I think we can all agree to some "within reason" clauses on both sides (eg not allowing HTTP only access seems reasonable), and I guess a lot of this debate is "is requiring attestation within reason?"
To me, any asymmetry between the rights of the consumer and the rights of the bank should be in the favor of the consumer.