If this happens, would it be considered as "lost bitcoins"? Since it was tagged as coming from a scam, I don't think no one wants to touch it. The problem with returning it would be a hassle unless there is a service for that and verified wallets should be done as well. But there are a lot to consider since there are custodial wallets that cannot sign messages as well, it would be a hassle to verify. I think you could add this as a point to consider.
Let's say this get's adopted, and every honest user and website agrees to adhere to it...
What simply happens is that cheaters will use platforms such as bisq or maybe to a lesser extent sites like Paxful, or really just any pure P2P trade where they will give a slight discount or whatever, luring newbies who have not heard of the above understanding to get "scammed", because they'll receive coins which are basically unspendable on centralized exchanges.
Unless you also enable these flagging tools in clients such as electrum and bisq, but even then, it seems like a ridiculous hassle, I mean... BISQ/Paxful can't even implement native segwit.
In an ideal world, the "hackers" - lol.. should get caught at the on-off ramps. This is not a responsibility of the protocol.
At least the scammer will get hard to convert the bitcoin collected into cash right now. There are too many bitcoin transaction investigators who keep their eye on the bitcoin scammed.
He will have a hard time proving where he suddenly received $130k from. other than that, i don't necessarily see that many obstacles.
There are a plethora of ways to try and make it untainted, and just as many selling P2P without revealing your real identity.
That's the idea, but not "honest people", just regular users. Similar to reports on hacked accounts or faked identities on social medias like Twitter. There should also be a review system to check the reports and decide whether or not to act, this should reduce witch hunts.
I'm not suggesting users have access to addresses that have tried to use such services, it's just sort of a forewarning to the service providers that this address has been used for scams.
I also see how it can prevent regular users from using such services as they would fear being locked out.
I think this might be a slippery slope.