Should it be considered “legal” to register an id of a product that is owned by somebody else but maintained by you ?

For example:

I bought a car, and I register it on a service which allows me to track my vehicle.
This service could implicitly register this car on the blockstack after it’s verified that the vehicle is indeed owned by that person.

How should it be handled legally ? Should the user be made aware of this registration upfront ?
Or is it ok, as long as the user can transfer his id to whereever he wants it to go ?

How this should be handled legally depends on many things, not least of which is the jurisdiction in which the transaction is taking place is. Many places have data protection and privacy laws that might govern such a transactions. I’m not an expert on any of these. There is a marmot-loving lawyer (@preston) that might be able to shed some light on the subject.

This seems more like a design decision that would depend on what your (business?) goals are.

One thing to note is that technically you can register a record and point it to anything. The domain name system works the same way. Of course, a verified record is a different story and requires other pieces of evidence to be referenced in the profile of the record.

As @larry said, legality depends on jurisdiction, but I don’t see why nicknaming and referencing objects could be considered illegal. From another perspective, an online record/identity may only carry legal weight when there is sufficient evidence that it was properly created and authorized. As an example, if someone creates a Twitter account with your name and picture and then threatens someone, you shouldn’t be liable. However, if there’s evidence that you actually created the account (the email address you used, quotes from interactions you’ve had with others), then you should be.

In Blockstack, the evidence in profiles for people takes the form of social media proofs, signatures by digital keys, and attestations by other people.