If i would have gotten a dollar for every time this was brought up in 2017-2019 i'd be a rich man. What you say is true. Of course we where aware of this work around in 2017 when we designed our current solution. We even had a few solutions ready for in case it showed up in practice (like tracking IMEI, and some indeed involving some identification). In the Netherlands there is a ID solution of banks for example.

However this issue never materialized. Never ever did we see a tweet, facebook message, ebay or other marketplace post offering a full phone. We of course saw countless attempted scalpers (which didn't realize they didn't have a QR code to sell). Never in 2.5 million tickets was ever a phone offered.

My view on it is that one should not seek a perfect and waterproof solution, since such a solution will likely require user give a lot of private info and it will make de UX certainly worse. The proof is in finding a solution that is 'pretty perfect' and ensures 99% of the people have a smooth ticketing experience without having to do passport identification.

You have to realize that at this very moment most of the ticketing is done by showing a static QR code at the entrance. It is literally as safe and smart as buying tokens from a stranger by buying his private key (with his promise he won't sell the same private key to somebody else). Consumers want easy to use tools and prefer to keep control of their personal info. Checking IDs at the entrance causes HUGE holdups at entrances which can be very dangerous if crowds are large. Also there are legitimate reasons to want to sell your ticket. That is the reality. A perfect solution as proposed by you would make an event ticket as restricted and frustrating as airplane tickets. At what gain? Why not consider a somewhat less waterproof solution that has a proven trackrecord of no scalping that has some theoretical and un-observed ways to scalp it.