Bitcoin Forum

All of us are afraid of losing money due to hacks, scams, our own mistakes or even bad decisions (buying useless shitcoins, selling coins too late or too early, etc). Most topics cover issues such as these. But when it comes to losses, you should be aware that there’s more than money which can be lost. By this, I’m talking about identity theft of personal data of any kind. Protecting this data and paying attention to privacy should have at least the same priority of protecting your money. After all, money is replaceable; it’s "only" a financial loss. Once identity is stolen, however, there is no chance of its undoing.

This is where the issue begins. One of the best ways to protect yourself from identity theft is to understand the false assumptions of KYC. Some crypto services require its users to undergo a so-called “KYC” nowadays. KYC means “know your customer” and forces users to send personal documents to a company or organization. This is already becoming a problematic issue that some companies are very strict and will not allow you to use their services, even if you just want to purchase crypto worth only a few hundred dollars.

The official purpose of KYC should be to prevent money laundering (known as AML, anti-money laundering) and terrorist financing. Strict KYC and AML were mainly introduced by the US after 9/11 and many countries are guided by the SEC in setting KYC as a requirement. AML existed before but only for institutions and big amounts of money. Average customers were affected only after restrictions introduced by the SEC.
At first glance, KYC sounds good for shutting down criminal activities. Unfortunately, this looks very different in reality. KYC in crypto doesn’t necessarily help to stop money laundering or reduce criminal activity; nor does it help to prevent terrorist financing. On the contrary - KYC endangers our privacy and encourages criminal activities (via KYC scams, identity theft and other means).

---

KYC is encouraging identity theft

When someone is doing KYC, they are forced to hand out parts of their personal identity to a third party (such as an exchange, ICO, etc). After that point, they aren’t in control of the process anymore and are totally exposed on a third party to handle their sensitive data safely. If it gets hacked, the affected people can't do anything.

Everyone who has concerns about the safety of their data and won’t submit personal information required for KYC is excluded from using the service.

It’s clear that risks for normal users are inevitable when they are forced to give their personal data to unknown people or a centralized service. There is simply no guarantee that our personal data is safe there and even big companies with high security standards can be maliciously hacked.

As with all things in a digitized world, companies / organizations that collect KYC are vulnerable to hacks. We have seen that when big companies like Binance get hacked, the hackers are able to steal a large number of KYC materials.

These are just the events that have been reported. It is therefore not unlikely that this is just the tip of an iceberg of nasty KYC hacks that have not yet been publicly acknowledged, because such knowledge would, of course, harm the business of exchanges or the KYC providers themselves a lot. There is no doubt, that professional hackers are developing ways to successfully hack and obtain personal data relevant for passing KYC.

This leads to another problem: with KYC enforcement everywhere, personal documents are becoming a valuable black market commodity and there already exists a huge incentive to hack or steal identities. It is therefore inevitable that a huge illegal market for identities will arise if KYC should be enforced everywhere.
All users who are forced to perform KYC of any sort run the risk of their personal data ending up for sale on the black market. This in turn makes it easy for criminals to purchase "identity packages" composed of hacks on the black market which contain all the data they need to impersonate the user whose data was hacked, and to open an account under their name through which they can perform illegal activities.


Source (https://medium.com/@wilderko/how-does-kyc-aml-pose-a-serious-threat-to-your-privacy-and-should-not-be-used-at-all-88f7acd3f3b)

Hacked identities can be very valuable for criminals, especially if the identity can be tied to other details relevant for crimes against the affected individual. Some of these include:

• name and physical address (from various documents or bills)
• government-ID, passports, pictures or selfies
• biometric data (fingerprint, face- or iris-scan)
• various data from utility bills, source of wealth, employer or bank account
• passwords, used e-mail address
• used crypto addresses including deposits / withdrawals (+ linking other related addresses via blockchain research)
  

Criminals can use this data in various nasty ways:

• They can use it to commit criminal activities simply by impersonating the person whose data was hacked and open an account under their name through which they can perform illegal activities.

• Criminals can use some of the data to access other accounts of the person whose data got hacked:
  
  • resetting accounts via e-mail address
  • resetting accounts via biometric data
  • trying to hack other sites using the same password

• One of the worst aspects of this would be the possibility of a criminal collecting enough hacked data about a person to evaluate how profitable a robbery would be. This would require:
  
  • the physical address of a victim (obtained from a personal document), and
  • information about their wealth (obtained from deposits / withdrawals on the account from linked crypto addresses, or documents like source of income, source of wealth etc).
  Such a set of data could be enough to assess a victim for a possible robbery. Even if the scammers are located in a different country, they could sell information about “promising robbery targets” to other criminals in the home country of the victim.

• Alternatively, criminals can collect and match data with other hacked data to make the data set more valuable for resale.

---

KYC is encouraging scams

In addition to identity theft, KYC offers a new revenue of profit for scammers, which is a currently rising scam strategy called “KYC scams” that are executed as follows:

• Users deposit crypto on a service without requiring KYC.
• After enough people have deposited, the site announces that KYC is now mandatory and all funds are frozen.
• The site blackmails users into performing a KYC. If a user does not want to do this, their crypto is lost, seized by the exchange. If the exchange is a scam, they additionally have valuable identity documents of their customers that they could sell or use for themselves.
• The users have no chance of defending themselves.

The same strategy is also used by bounties, especially altcoin bounties from shitcoin ICOs. Therefore, it is important to be aware of KYC scams. These happen especially with unknown exchanges or shitcoin bounties. It is recommended to use only trustworthy, large exchanges which could not afford to lose its credibility by pulling a KYC scam.

Under no circumstance should users perform KYC for KYC scammers. A reputable exchange will always use the terms and conditions under which the user has deposited their money, and send a KYC implementation notification while users still can withdraw funds at lower limits. This way, users can have a chance to withdraw their cryptocurrencies without being scammed.

---

KYC helps scammers stay undetected

KYC is highly appreciated by all sorts of scammers because criminals can remain undetected and continue their illicit activities by just using hacked or stolen identities to pass KYC. When a lot of money is involved, nothing will stop them:

• There is already a big pool of identity sets on the black market available, mostly from other KYCs hosted or hacked by scammers. The more complete the data sets are, the more valuable they get. To pass a KYC, the criminals only need to acquire the relevant data records on the black market.
• Additionally, the scammers could also organize an ICO themselves or set up a scam exchange and request a KYC there. They can determine the data they need based on what they intend to do with it later. This would make it possible for criminals to obtain specific KYC data for a selected ICO or exchange.

Somewhat counter-intuitively, some "experts" are now proposing to enforce an even more excessive KYC procedure that crypto service customers must adhere to, including the submission of better quality scans or more data, including biometric data. This line of thinking is utterly wrong because such measures are likely to endanger the safety of users even more:

• Biometric data (fingerprint, face or iris scan), can also be used for illicit purposes once they end up being hacked by criminals. The damage to those affected is perhaps several-fold worse as biometric data is among the most sensitive that can be disclosed.
• An improvement in the quality of the submitted data only means that hackers can receive even more accurate and therefore more valuable data. This improved level of quality makes it easier for criminals to impersonate others.
• Criminals are increasingly starting to reconstruct missing parts based on existing, stolen KYC records. Methods of circumventing video identification, such as “deep-fake videos,” are developing rapidly. The production of realistic masks (https://scitechdaily.com/hyper-realistic-masks-can-be-more-believable-than-real-human-faces/), which can hardly be distinguished from real people, is another way to fool identification process. Methods have already been presented at the 2018 35c3 in Leipzig (https://media.ccc.de/v/35c3-9616-circumventing_video_identification_using_augmented_reality#t=884), through which video identification procedures were demonstrated to be circumvented.
  
  These techniques may be at a very early stage, and their results not perfect, but in principle they are already possible. The prospects of rising profitability in the event that KYC is enforced everywhere excessively incentivizes scammers to develop KYC-faking methods to an even greater degree.
  
  In principle, only a few criminals are needed: those who are able to verify accounts with hacked data. This service could be sold to other criminals via the darknet, which alone would make it possible to completely undermine a KYC process.

Therefore, if KYC was designed to stop criminals from doing their job, it has already failed miserably. There are probably millions of KYC data sets on the black market, with this number increasing daily as KYC enforcement becomes more widespread.

With the latest emerging techniques for manipulating all online KYC procedures, criminal gangs are well positioned to verify accounts and sell them to other criminals at a high price on the black market. Alternatively, they could simply hack already-verified accounts and sell them.

Therefore, criminals with evil intentions have a large number of options to choose from to circumvent most kinds of KYC practices.

---

Conclusion: KYC is useless

The primary result of this evaluation is apparent: KYC is not only useless but ultimately encourages what it is supposed to prevent. KYC creates new areas of crime (identity trading of real users) and boosts existing areas of crime (criminals can now go undetected by abusing the identities of innocent users). It also blatantly endangers the privacy and security of all customers.

Therefore, the advertised effectiveness of digital KYC in crypto unfortunately exists only in theory. The community would be better off acknowledging the fact that not only KYC is useless, but it is also dangerous and promotes crime. Since documents for KYC are sold illegally on the web or are even faked by artificial intelligence, KYC doesn’t actually prove anything anymore.

In fact - KYC is encouraging scams and crime as well as endangering the privacy and safety of all customers through identity theft. This creates a dangerous dynamic for users who are forced to perform a KYC check: tons of personal documents are being collected by criminals and will likely go public in the future to a degree we have not seen before.

---

How to protect from KYC?

Be careful and try to evaluate whether using the service is really worth risking identity theft, including all of the associated negative consequences. Also be mindful of what addresses you link to an account should it be hacked. Linking your identity with bitcoin / altcoin addresses cannot be undone if someone knows how to associate them.

It is recommended to use trusted services without KYC like P2P exchanges (https://bitcointalk.org/index.php?topic=5180421.0) or you can trade here on the forum using a trusted escrow.

Avoid KYC for everything else:

• No KYC for altcoin / shitcoin bounties or altcoin / shitcoin airdrops where the owners are likely scammers or incompetent.
• No KYC for shitty exchanges where the owners are likely scammers or incompetent.
• No KYC for low amounts of money where it’s just not worth the risk (this probably includes everything that doesn’t make you rich).

It’s important to point out the dangers of KYC as a preventative measure. After all, it is only a matter of time before a major KYC scandal makes the general public aware of how dangerous and useless KYC actually is. Unfortunately, it will be too late when it happens, and the damage will already be done. You are welcome to link this text so that as many users (and providers) are aware of KYC’s flaws as possible.

In particular, providers who abuse the security of users to fill their own pockets should be aware of their irresponsible behavior.

It is recommended to use a provider that does not request KYC information (or whose limits are justified). This is not only to protect ourselves, but also to support providers who protect their customers.


Final note: I have been writing this text for a while now, since early 2019. In the time since I initially summarized most of the known facts, there have been several informative articles published on the internet that analyze the problems of KYC in detail and call it out.
The points I have made so far have not only been confirmed when reading through these articles, but I have to admit, I underestimated the danger and uselessness of the KYC by far in my original version. The technology and the criminal market for KYC is already far more advanced than I feared and is likely to become even more lucrative due to the increasingly excessive enforcement of KYC. Criminal fraudsters have discovered KYC for their own benefit to commit a new strategy of crimes (such as the KYC scam), to conduct identity trades, and at the same time, to continue their criminal activities unnoticed with identities of innocent users.
It would be useful for security, data protection and crime prevention if it was quickly recognized by the public that digital KYC is not a solution, but instead a risk that endangers every innocent user.


Keep in mind:

The digital world isn’t as simple as many people believe. As an average crypto or internet user, you may make many mistakes, but just a single wrong move is enough to cause risk even if everything else is perfect.
Scammers are often intelligent, hiding traces of their activity and taking advantage of misconceptions. One such misconception is KYC for centralized services, which are often easy to attack and bypass.
If we, the average users, don’t care for our privacy, don’t educate ourselves or don’t claim our right of protection from criminals on the web, we may get into trouble very quickly. Privacy means protection from such scammers, and it’s a valuable good which all of us are entitled to claim. Privacy is not a crime, it’s our protection on the web against criminals and a personal right which we should try to secure whenever possible.

Feel free to share this article or translate it to your local board (you can reserve a translation via PM to avoid double translations). There’s a lot of misinformation promoting a non-existent need for KYC, but if people look into the details it'll help the prevention of many crimes and scams.

---

---

More interesting articles pointing out the danger of KYC:

https://medium.com/@wilderko/how-does-kyc-aml-pose-a-serious-threat-to-your-privacy-and-should-not-be-used-at-all-88f7acd3f3b

https://medium.com/mycrypto/be-careful-with-your-kyc-documents-978ab532f2be

https://blog.goodaudience.com/the-unseen-danger-of-kyc-e3e1c4448eee

---

Translations

Language	translated by	Title
___________________________	_____________________	_______________________________________________________________________
Română (Romanian)	GazetaBitcoin	De ce procesul KYC este unul deosebit de periculos – și inutil (https://bitcointalk.org/index.php?topic=5260591.0)
Français	Perkjeff	Pourquoi le KYC est extrêmement dangereux - et inutile? | Par 1miau (https://bitcointalk.org/index.php?topic=5222860.0)
Hrvatski (Croatian)	TheNineClub	Zašto je KYC iznimno opasan - i beskoristan (https://bitcointalk.org/index.php?topic=5334332.0)
Bahasa Indonesia (Indonesian)	masulum	Mengapa KYC Sangat Berbahaya dan Tidak Berguna (by 1miau) (https://bitcointalk.org/index.php?topic=5229720.0)
Pyccкий (Russian)	zasad@	Пoчeмy KYC чpeзвычaйнo oпaceн и бecпoлeзeн (https://bitcointalk.org/index.php?topic=5222690.0)
Pilipinas	crwth	Bakit ang KYC ay lubhang nakakatakot at walang silbi (hindi maaasahan) (https://bitcointalk.org/index.php?topic=5223563)
Português (Portuguese)	cryptobaboon	[Tradução] Por que o KYC é extremamente perigoso - e inútil (https://bitcointalk.org/index.php?topic=5223742.0)
Türkçe (Turkish)	yslyv	Neden KYC Çok Tehlikeli ve Gereksiz? (https://bitcointalk.org/index.php?topic=5224492.0)
العربية (Arabic)	Ryutaro	KYC - تحرير المفهوم و تنوير العقول  (https://bitcointalk.org/index.php?topic=5233251.0)
India	erikalui	KYC इतना खतरनाक और बेकार क्यों है? (https://bitcointalk.org/index.php?topic=5230618.0)
Việt (Vietnamese)	Crypto Carabao Group	Vì sao KYC cực kỳ nguy hiểm – và vô dụng (https://bitcointalk.org/index.php?topic=60101.msg54911639#msg54911639)
Polski	Tytanowy Janusz	Czemu KYC jest skrajnie niebezpiecznie i pozbawione celu (https://bitcointalk.org/index.php?topic=5263255.0)
Deutsch (German)	1miau	Warum KYC keine Lösung, sondern eine Gefahr ist (https://bitcointalk.org/index.php?topic=5220920.0)
Nigeria (Naija)	sokani	Why KYC dey extremely dangerous – and usesless (https://bitcointalk.org/index.php?topic=5477931.0)

Reserving new translations is currently not available.

Agreeing with your post. Never gonna be a fan of KYC, I avoid it as much as possible. The KYC-based scams are getting more popular than ever, and it's concerning. They either have to find a much better way to handle terrorism funding & money laundering or they need to just stop it. Exchanges and wallet platforms are now using it as a weapon against their own customers as if they have the right and authority to hold a customer's funds and, in the end, to basically confiscate the frozen sum. I doubt even half of their procedures is legal.

A few hours ago I was looking to join the Brave network to get some little extra revenue off browsing the internet.. too bad they require mandatory KYC..

Excellent thread  :-*

I totally agree with your analysis even i did KYC verification somewhow in the past. I stopped doing this since a long time and avoid to use services asking for my docs.
When from another approach, some say that as we are still living in a centralized world we still don't have better options to make trades and investment in the crypto world as almost main services are made by centralized entities who are also forced to obey SEC legislations. Some others think that we can do KYC with registered companies so we can take plaints if any proven suspection .
Most of people are familiar with revealing their identities like they do in twitterbook, and also familiar with submitting their perso info docs as they do in Banks, so most of them keep the same behavior in the crypto environment and i doubt if we can really rise the flags about this .

Yeah, this Twitter / Facebook "issue" is causing a general lack of awareness how important it is to protect their own privacy. And another important difference between social media platforms such as Twitter / Facebook and enforced KYC for centralized services: if I don't want to use Facebook or Twitter I'm free to avoid it, so I may disagree if people post their whole life there, it's their problem, it's not affecting me. Nobody is forced to use Facebook or Twitter but people are forced to do KYC when they want to use an important service or even worse if deposited funds are frozen. More platforms implementing KYC means we won't have any other choice; we are excluded if we don't send KYC documents and don't want to risk our documents of being stolen, sold, hacked, collected or analyzed.

Exactly and nobody really cares that our funds are lost.  ::)
Scammers paradise... :D

I did some KYC before when I need to claim my bounty tokens for altcoins. But a bit later on, I stop it due to these risk impose by giving away important documents that we own. Maybe this is the thing I regret doing. Moreover, if your documents falls in the wrong hand then that's could turn into a bloody identity theft.

But I'm indeed do some KYC process on some huge exchange such as Binance. I just hoping this one wouldn't be compromise by hackers and steal some vital info of their users. But probably they will prefer cash over some info right? but they can have both!

KYC purposes for investors are helpful but please if only for campaign purposes. Maybe other's should think twice. I already regret this, and hope new guys, wouldn't easily attracted by free money or it is you would lose more in the end.

Thanks for this informative and clear thread about KYC.

Very detailed explanation about KYC.

---

As a business owner perspective, KYC is essential to verify user and to protect there business from any illegal attempt of it's user and also I believe that this is a requirements of AMLC.
It's really risky to do KYC for an unknown services and many fraud services are copying all legit services doing.

This is quite a long read and I understand why it took you some time before you finally posted it here.

I used to not think too much about the importance of my privacy and that's why I've also submitted sensitive data to some bounty campaigns and low-tier exchanges. When I read articles about those data being sold in the black market, I started to worry but I can no longer do anything about the information I've given before. I can only hope that they were completely discarded.

To this day, I cringe every time I read some hunters and traders say that only people who avoid KYC are scammers/cheaters. What's even worse is that they're fine with how some companies treat KYC by hiding behind "compliance" and having them submit thru a google form!

KYC is really useless for people who are using their services or platform. We don't know that the platform is legit or not and once we submitted our personal information it may be stolen and use our information to do illegal acts that will cause us problems. It may be useful for business to have KYC but it's 100% helpful. I agree with op and I prefer not using any platform that ask KYC before you able to use their platform.

I was wondering yesterday on how this case would end:
https://www.coindesk.com/british-court-freezes-860000-in-bitcoin-linked-to-ransomware-payout
(detailed court order https://www.bailii.org/ew/cases/EWHC/Comm/2019/3556.html).

In the above case, a UK court has ordered Bitfinex to freeze an equivalent of 860k$ in BTC on an account, after the aid of Chainanalysis led to tracing the funds paid in a ransomware case, performed upon an insurance Company (and paid out in BTC by the insurer of the insurance company).

Along side freezing the assets, Bitfinex is being asked to dox the account owner, and that is where the uncertainty is as to what KYC data the ransomware perpetrators used: their own personal data, or yours (generic third party)? The outcome may be considered good or bad in this case, depending on the wit of the perpetrators.

KYC still can be useful though, but perhaps not in crypto space (AML) where the security of your data is not protected enough. For example, for uber-like service in my country, some companies require drivers to do a selfie every day (not only KYC) to guarantee the integrity of drivers' ID for safety reasons. I think users are happy with this rule.

KYC is everywhere, starting from education enrolment, banks, to medical records. You can't be anonymous for this thing, right? However, I agree if the problem is about KYC for AML purposes, plus incompetency concerning data security will bring more problems than benefits.

No doubt KYC is extremely dangerous and useless especially as the risk associated with it isn't sending the right information towards an industy basing its selling point on decentralization but after considering the current developments of the industry, it'll be odd thinking the industry can succeed without implementing some centralized feature like KYC verification. The cryptocurrency industry is getting global and constantly attempting to get the government approval as a recognized currency therefore it'll have to sacrificed some of its decentralized feature to achieve this purpose like the KYC requirements to avoid money laundering.

The issue now is to enlighten the community to avoid falling victim to scammers who'll be leveraging on this development to scam newbies or gullible community users. Just as you have started, total avoidance in sending your private details to anyhow project like bounties, giveaways, newly launched exchange with no reputation of trustworthiness, airdrops etc is encourage since you can never be sure who are behind this projects.

The reason why KYC scams are still prevalent is that most people do not value their personal documents/information and also do not know how it can be maliciously utilized against them. And since it has become very popular even among even the so-called 'trustworthy' websites and exchanges so it seems legitimate when newer sites ask for the same information.

I use Twitter regularly and frequently come across tweets asking users to post their account details or some other information, such as; mother's maiden name or favorite color. This information could be used to draw up a pattern to connect various information about the person.

Probably because no lawsuits have been opened yet against the exchanges and wallets going for this scam.

If everyone who fell in their trap and got scammed by them took measures against them, they would either stop scamming themselves or the authorities would.

But let's not forget the fact that many of those falling to KYC traps prefer to lose their money rather than giving them identity documents.. So they keep thriving off that.

Thank you so much, buddy, for the detailed clarification of KYC. You have mentioned as much as the details which were not known to some of us. Also, I tried some exchanges in the past where they had mandatory KYC no matter whether you are buying crypto or exchanging crypto. For 70$ crypto buying also they needed KYC.So now I avoid using this kind of service who needs KYC for a small number of dollars.

There are a lot of people who do not know how dangerous KYC can be when carried out on the wrong platform or on sketchy or dubious establishment. Newbies would help themselves if they read this post, take it seriously, not just reading it, but doing what is required of them to evade KYC scammers.

Many users have given their KYC information when they were new, and though they have long stopped that, but who knows, for now it may not have had any repercussion, but it may later on since nobody knows where and in whose hands those documents are in now, so newbies should not make that same mistake.

They are innocent to know the risk and mostly we can see those people on airdrop and bounty campaign where they easily bring up their ID with the scammers and it's super dangerous since the scammere could recycle and use their identities for another scam nor sell it to the other platforms for bad intentions.

Yeah, KYC started well on paper.
Then it was badly implemented and was abused, it leads to people doing this only to harvest data and if we talk about the crypto enviroment...it's a disaster.

I have a 10+ account on PayPal, all they ever asked from me was that confirmation code from the first charge they put on my card.
And that's all they need to know in reality, via my bank they have all the details they need for KYC, a mugshot from an individual that could not even exist (hello faceapp) and a bill from the gas company that I receive in pdf format and I can edit how much I want it before printing is not really KYC.

But when it comes to crypto, it's hilarious.
KYC for what? For receiving some shitty tokens for some other shitty tokens in jurisdictions those are not even regulated?
And who is doing this KYC? The 99.9% scammy ICOs that will run with the money before any agencies can even hear of their business?

Anyhow, nothing will change.
A million people will come to this topic and say that KYC is dangerous and people shouldn't do it and one day later  999 999 of them will send their pictures, their IDs, their cat pedigree and a list of their's wife girlfriends with who they've cheated for 10 lollapalooza coins.

Couldn't agree more with you. If everyone would stand against KYC, it would MAYBE make a change.

I can buy gold worth $10k from The Netherlands and nobody would request my ID. Meanwhile, a $5 deposit on a KYC-enabled exchange could be frozen if the exchange considers it suspicious. How does that make sense?

I think money laundering and terrorism happens more with precious metals & fiat than with crypto, I mean it's common sense. Gold & precious metals have been around since before we all were born, Bitcoin is still growing up and nobody has been able to prove through facts that a certain percentage of BTC transactions are money laundering and terrorism funding. It's all bullshit. I haven't provided a single document of identification and I never will.

I am not fan of KYC those related crypto-currency. But unfortunately almost platform are asking for KYC which is really annoying and crypto currency not designed for this kind of KYC processor. However, I forced to submit KYC on Bittrex for withdrawals when they were implemented KYC policy. As I remembered, I have submitted KYC on Binance & Bittrex only. Even I don't like to use any other exchange right now due to KYC drama. I know it's very dangerous for us if in case leak or owner turned into scammer. So always better avoid shady exchange if they ask for KYC. I don't how KYC will prevent so called money laundering on crypto-currency. It's just a worst idea even for crypto-currency community.

Bisq and Komodo's Atomic DEX are your answers. They're working way slower than centralized exchanges, but your funds aren't at risk of being frozen. No more KYC, no more centralization.. we have to move there and stop using these scam exchanges.

This can be devastating for an individual. Criminals can take out credit cards and loans in your name, and rack up hundreds of thousands of dollars worth of debt which you are liable for. They can file claims under your insurance details (including medical insurance), and again, you are liable for the cost. Even if you manage to convince a court that these charges weren't made by you, which can be very difficult to do, you can be left with thousands of dollars in legal fees, huge amounts of debt, and unable to ever get a loan, credit, mortgage, insurance policy, and so on, ever again. Identity theft can literally ruin your life. It is absolutely mind boggling that people risk this daily so they can get paid a few made up tokens which they won't even be able to sell.

Too late I'm afraid: https://www.coindesk.com/binance-kyc-issue

Exchanges often have far more lax security regarding protecting customers' KYC data compared to protecting their money. Lots of exchanges employ very shady third party companies to handle their KYC processes, with entirely expected results. Some exchanges, even major ones like Coinbase, have been caught actively selling their customers' data.

KYC really doesn't make sense, even though the motives behind KYC is good. What then can replace KYC while at the same time serving the intended purpose of KYC without posting harm on its user?

It's lowered to 2k a few weeks ago. :D

But seriously, why should KYC help to prevent terrorism? Or even precious metals or cash? That "argument" is circulating since a very long time, precisely since 9/11. I can't see how KYC should stop someone from getting pilot to kill several thousand people. Where should KYC prevent this?  ::)
Or Nice (France) 2016 where a truck driver killed many people? A strong KYC would have stopped the terrorist?

Someone who wants to do terrorism or crime will always find a solution.

Strict KYC with low limits just affects the nomal users negatively, it's doing far more harm than good right now.

---

It's a difficult question and maybe also a socially one. When we have a look at Japan, the people are very respectful to each other. Doing harm to the community is extremely despised by the japanese citizens. That's a good attitude when people are living respectfully together and because of that the crime / terrorism problem is very low there - and the society is working without privacy invading measures.

I don't had time to do an analysis but my first impression how that could be achived is:
- wealth distributed equally to all citizens (little gap between poor and rich) => no financial problems to do tax evasion, rob others etc.
- disciplined education
- government acting for the people (not for their own power or the rich) => people would see the state as community, which it should be
- no extremism / racism => no terrorism

Even the ancient romans and greeks didn't have KYC and they survived with much lower knowledge than we have today.

I'm still sure the public blockchains can be an important part of a good solution but for now the "KYC-solution" has failed.
Nobody wants his identity used by scammers to commit crime.  :-\

I read your post and some minutes later, I found this topic on Bitcointalk.

https://bitcointalk.org/index.php?topic=5216868.0

First Post + 3 replies (all from OP) with:

• From first post :

• and he is insisting for that, from first reply :

And the guy received negative feedback before.

I'm not saying the guy is trying to scam people, but at least I'm more aware than before on the subject and I will be more careful - seems like I am already actually - thanks to you. Thank you for that.

This argument does not hold much water when you critically analyze it. Anyone who really wants to circumvent the KYC process using dubious means can so do. It is the careless individuals who only wanted to claim a few airdrops or bounty coins end up putting up sensitive documents on the web making them vulnerable to the dark web.
The rationale behind it should be the desire of the government to have control over all the financial affairs of its citizenry, hence why KYC is required by all exchanges and other financial websites. Having an entire community transfer funds anonymously with no means of reaching it led to the idea of identity verification.

The argument has indeed gone on forever and no one will come out with an answer because there is no wrong or correct answer to this question, unless some bias is applied. Though i would like to think KYC was mearnt to vent out some people from either preventing the abuse of a campaign or try and have people that will relate to a product/service(though a questionnaire before kyc process would be helpful )..... cant rule out the fact that some few individuals will data harvest other users information for their own selfishness, whats even mind boggling is BIG cooperations pay handsomely for this data ::)

true, which is scary if you asked me

---

Honestly I thought crypto was suppose to kick out KYC with its so called "anonymous" character but no, crypto had to bend down to the rules of FIAT  so as to allow more people adopt it, back in the early days of crypto most services were accessible with a simple sign up now because regulators have infiltrated the crypto system to have society accept it. Good thread OP

Don't conflate all of crypto with these centralized scammy exchanges. Bitcoin hasn't bowed down to anyone - it is still just as decentralized and censorship resistant as it ever was. It is only the centralized exchanges which have sold out the principles of bitcoin and sold out their customers, enforcing these ridiculous KYC demands and deciding what their customers can and cannot spend their bitcoin on.

If you don't like these rules and regulations (and you absolutely shouldn't), then stop using the exchanges which enforce them. If everybody stopped giving their business to these scammy exchanges, then this kind of behavior would rapidly cease. It is entirely possible to buy, sell, trade, spend, and use bitcoin without touching a single on of these centralized exchanges or giving away your KYC documents to a single service.

This article is long and detailed analysis and evaluation of KYC. Since 2017, when trading platforms and platforms in blockchain fields appeared, it has led to a lot of bounty programs for bounty hunters.

KYC is required and it limits many virtual users, bots, etc.However, KYC information issues of users are not strictly managed and there is no commitment to the records. KYC. The leakage of user information occurs regularly, users when KYC is not guaranteed damage to privacy, ...
I agree with this opinion, there are many cases of unnecessary KYC, in some cases, the developer only wants to collect the user's information through KYC and sell it out.

Are you saying exchanges are the biggest crypto service providers that have most of the  influence on whether KYC should be done or not ?
Thought gambling is one industry that has adopted this KYC culture which imo is hurting their own businesses in the long run

Exchanges are certainly the biggest service providers in terms of volume handled in the crypto-space, but I wouldn't say they have much influence. Most of them are just complying with laws which are being enforced by various governments or organizations around the world. There are certainly ways that exchanges can function without having to ask for KYC - look at some of the good DEXs, for example. But centralized exchanges don't want to transition to that model because it would affect their profits. So instead they sell out their principles and sell out their customers to keep their own bottom line intact.

Thanks for the information, I just wanna share my inputs to this thread. I suggest not to try KYC with websites that do not have a third party KYC Service, having a third party service will make your mind at ease but of course, a reputable service just like Binance is using "Refinitiv" is decent one. A website that does not have this service or similar is suspicious and our data is in danger. Some bounties here on Bitcointalk only using a google form for KYC details that is very dangerous for us so don't you ever try it.

Russian translation
https://bitcointalk.org/index.php?topic=5222690

Man, if regulations in country you live in demands KYC you simply have to do it.  What you can do is to do it where you trust that company to keep your data secured as much as possible. And to avoid service you need doing KYC for, unless you really need to use it.

Kyc have some good side, but mostly if its turns out to be in the hands of bad people things are going from good to worse
why? informations are there which can be use for fraud acts, also can be use to steal money, because of this information,  I dont agree that its useless because as I said there are good use , example are for bank, this will be use for securing you account, yes its also a kyc, also its a protection example if your account been hack, you can use it to protect or open your account

Why is a company using a third party service safer? I'd argue the exact opposite. Companies often tender this out to the lowest bidder, who invariably have very poor security. It also means your KYC documents are being shared around with more people and with third party companies, so there are more opportunities for a malicious employee to access them or a hacker to steal them. Your Binance example is a poor one considering they were hacked for thousands of users' documents and information just a few months ago.

I agree with what you have explained about KYC from the perspective of sensitive data. There is no guarantee that data will be forever safe for third parties and users may not be able to control the data they have submitted whether or not it has been used by others.
So far I have never used my sensitive data for ICO, Bounty and exchanges that have a bad reputation. I only send KYC on the local exchange and it is needed because this exchange helps the government to prevent illegal actions such as money laundering.

However, I also do not know for sure whether my personal data is also used for other things or not because so far I have not had a problem related to the use of personal data.

You don't know because they won't tell you. Have you ever wonder why the ads on your browser show products that you're interested in the recent weeks? That's one of the results of this data collection thing.

Because there is no way you can verify whether they use it for good or bad purposes, you should never do it unless it is extremely necessary. Don't do KYC on a fairly new exchange with ambiguous privacy policy and registered on an off-shore address for example.

French Translation

https://bitcointalk.org/index.php?topic=5222860

You should write a shorter version if you want your text to be shared and translated (and read) IMO. I'm sorry but I found it very long for this kind of subject, some arguments are repeated several times in the text.

BTW Why not launching a petition on change.org?

At the end of the day KYC is something we can't escape so really the only way of protecting our personal information is to whom we are handing out with. 1miau did a really good point on saying you just don't give your KYC to any kind of service and project out there since you can't really trust all of them especially the ones who have a shady background. At least with the reputable ones the only concern you can have when it comes to KYC is from leaks and hacks from happening in their exchange which I think is the best option you have when it comes to the crypto industry. Not unless we have some new and enhanced level of regulation when it comes to KYC safeguards from these services we cannot expect our data from leaking somehow.

There is no problem having a long post explaining everything about KYC, from its history onto how to a conclusion and prevention to it. Everyone must be patient and this posts was indeed long, yet reading it doesn't made me bored as some arguments did lift the other statements.

Launching a petition on change.org would also be useless. KYC and the risks of Identity theft can be prevented as long as the users are knowledgeable with its harm. Therefore, giving your information in KYC-required platforms is your choice. And signing a petition were far to be successful.

Thanks both of you for the translations!

---

The original version (from 2019) was a little bit shorter but also containing less information which was important for me to include. If you think you can create a (significant) shorter version while not missing important parts, feel free to do so, I would be looking forward to read it.

I can't see how a petition could help, while bringing awareness to the risks of KYC helps much more in my opinion. If people know about the risks, they will think twice if they do KYC where it's needless and risky.
Petitions are a good thing but unfortunately not really effective for our problem here in my opinion.

Oh yeah, let's use a website that is known for selling its own user's personal data  (https://www.forbes.com/sites/tomiogeron/2012/10/17/activism-for-profit-change-org-makes-an-impact-and-makes-money/#2fd8a34b7ffa) and uses tracking once you signed one to feed you more money earning "petitions" to complain about KYC.

Yeah, I can see some fine irony in it.

Most reason why people give out KYC details is as a result of poverty and lack of knowledge. people can do anything possible to get money no matter what. even if it involves selling out their bank information. in other to quench hunger. hunger and poverty are the two most misery thing that can make a man release everything in his possession.

Yes, you are right and the newcomers suffer more. Many of these national scandals face disappointment when it comes to getting money to alleviate their own poverty. Now KYC is very dangerous and our person is not up to date.

Finally, a thread that said everything that's on my mind about KYC. I have never been a fan of KYC. although exchanges/platform try to sugarcoat it, it doesn't take away the fact that people got into the crypto space just to get away from KYC/AML – people were tire of handing out their data to these entities. So bitcoin promised us privacy and we got on board to be in charge of our own data. Demanding for KYC completely go against the purpose of cryptocurrencies /blockchain.  I'm aware that some of these exchanges are bending the knee to regulations in jurisdictions where they operate but then, it's wrong to make KYC compulsory. No KYC should be a standard for crypto related businesses and platforms like Exchanges.

KYC is scam. Anonymity and data privacy are the most important things nowadays.

Filipino Translation

https://bitcointalk.org/index.php?topic=5223563

Well done op, great article! And it did deserve a translation to Portuguese speakers:

Portuguese translation
https://bitcointalk.org/index.php?topic=5223742

Good topic

I fee months ago I wrote a post about the cypherpunk manifesto , which I will post a few lines here:


This example of buying a magazine is amazing. If my identification is not relevant for the transaction,  there is absolutely no sense in revealing it.

If we must always reveal ourselves we have no privacy .

I don't want people to know that I deal with crypto,  because that's is something which I do as a hobby in my personal life.

Nice to have your translations to Filipino and Portuguese local board!
I've included them in my OP.
However, I'm low on Merit and will send you when my sMerit is refilled again.  :)

---

Great topic, could need a bump.  ;)
Especially with cash removed, we need crypto as a pseudonymous medium of payment.

It's definitely a great opportunity to have translated it. I have internalized the topic more when I translated it to my local language. It made me realize that it's definitely important to protect what you can and do some due diligence about what you are going to do, in terms of KYC if you are going to do it or not. I kept on reading and realized some of my mistakes on my end (my personal experience) related to KYC. It deserves more exposure, especially to the beginners coming into the cryptocurrency space.

That so amazing post, when people transaction altcoin or bitcoin they must to KYC for transferring but in the near future that isn't safe for them because There're people will know you, they have ID number, Passport, Face,... That is a reason why that is so dangerous for people and workers on Bounty,too! When they working on bounty campaign but that is scam bounty, they are losting time, KYC,.... After that, That scam project will sell that data for third-party,....

KYC is not scam but most people use KYC to scam others.

1- Some websites demands KYC for withdrawals only and use KYC an excuse for not to release the funds/withdrawals.
2- Some websites collect the KYC data and sell it to the dark market or misuse it for advertisements and other stuff.

I agree with every word. KYC is dangerous and useless.
And completely violates the right to privacy.
Especially surprising is the requirement of KYC on some kinds of ICO and presales, as here
https://bitcointalk.org/index.php?topic=5222060.0
It looks like - 'We are pre-selling the very private coin in the world, but please give us all your personal data ...' :D

A great article! Most current crypto websites require KYC to gain some verification steps using account. We already know KYC is useless, so why are they still asking for it. Without KYC, how do we use such services, such as exchanges  ???

thank you for the great article!

Turkish translation
https://bitcointalk.org/index.php?topic=5224492.0

Its the tool that a scammer uses to gather information from the user in order to exploit their funds and assets. Its the reason why people nowadays are in doubt when a website is asking for their personal information because they are aware that its an approach that was commonly used by scammers. Some people had been victimized and lose their funds because of KYC that's why we should always be aware before giving an information about ourselves that can used against us because we can't easily identify if their intention was good and its better to be careful than ending up regretting.

dangerous in sense , i think it take our data like passport photo copy , photos, documents copy everything. they can be used it in any way where they want. if any web site is fake then its really dangerous , but if it is trust able . it give benefit to us .
useless :it take lot of time and limit of files to be loaded, if file got wrong or large size the we have to load it again. after all this many websites are useless and fake al the time which we use to upload and etc work was waste..

Even though it is still risky to submit our kyc to trusted sites like binance, because those sites can be hacked and the information can be leaked. But we have to trust some sites if we want to use them and sites like binance, coinbase etc are one of them. ICO also make KYC compulsory so if you will not submit your KYC, you will not be able to participate in ICOs. We really don't have much options in this regard.  :(

Much appreciated, I've added it:

Language	translated by
____________________	____________________
Turkish (https://bitcointalk.org/index.php?topic=5224492.0)	yslyv

:D :D

https://www.coindesk.com/binance-kyc-issue

https://cointelegraph.com/news/coinbase-former-provider-sold-user-data-to-third-parties-prompting-neutrino-acquisition



Really depends on the country where your ICO is based. If you are based in US, you are most likely screwed currently but in Europe we had a large number of ICOs where it's totally legal to launch a new project and you don't need KYC up to a certain limit. I don't know how it's for other countries but I can't imagine SE Asia / Africa for example is stricter than EU.

Very well thought out.  Basically true only flaw missing is the reason governments are doing kyc is make work for new law enforcement government branches. (paranoid or what)    Same thing as full synching of ipad iphone imac itv  or android tablet pc.

Millennials and gen-x get vitimized via digital fraud a lot as they tend to trust the tech and don't realize  what a weasly scammer can do with it.  Older people  don't wantt the full connivence of being fully synched up as they fear  getting ripped off by it.

KYC  is needed for large money movers not little numbers.  But most of the world governments are still trying to make  the world into 2 groups the have and the have nots.  KYC  for any amount under 1000 usd is truly wrong

I would argue it is wrong for any amount under 100,000 usd value.  At certain wealth numbers it can be argued for since it would not create the demand for stolen info that 1000 or 500 limit does.

Some where I posted a list of btc addresses by value.  I will look for it.  Found it  and you can see setting the kyc at 100,000 usd means under 170,000  people need give kyc for all of bitcoin but setting kyc at 1,000  means over  3,300,000 would need kyc



So having that low level kyc threshold creates a lot of kyc info in a lot of places  only making more victims and more demand and more law enforcement.

   Funny  how that 1,000 level and 100,000 level  apply  a lot  to two different areas.
It is as if the government's  want kyc  to let scammers and thieves rob at that 1,000 to 100,000 level while they focus on the larger 100,000 and up level.

I feel really sad for the people living in war-torn countries, like Syria, Iraq, Afghanistan, Myanmar, Kashmir etc. Digital nomads can take shelter on neighboring countries as a Refugee. They don't have stable physical address to complete their KYC verification. 
Running your laptop on restaurant or airport is also risky and you can be a victim of identity theft. Even government controlled financial and treasury department can snoop on your financial records.
I find it difficult to complete KYC using selfie with required document and current date on a piece of paper. Cryptocurrency exchange, financial institution, fintech, virtual assets dealers might have geolocation tools to track your IP address. I agree that scammers can get KYC from black market. But if the company ask for re-verification then it will be hard for scammer to get payment from that company. Re-verification of phone number and email is very difficult for scammers. They can block or restrict scammers to withdraw tokens. One of the best example of this type of case can be found from Twitter. Twitter regularly suspend users if they detect any unusual activities like IP address change, use of 3rd party apps for system automation, or aggressive behavior(delete bulk message, likes, following or unfollowing) in a short period of time. 
Scammers are unlikely to spend their money heavily like prepared IEO. Startups businesses are not asking KYC at the beginning but will ask at the end of IEO. This is unethical approach and will lead to scam site. IF the company is working hard with skilled team and does not have any intention to scam people then they must clear the KYC requirement first.

I didn't saw this news before that trusted site like binance also have KYC leakage issue but my question still remains the same. If we are to trade the crypto currencies, with good volume, we would have to create an account at Binance and do the KYC. Any other options do we have ?

On Binance users are allowed to have a withdrawal limit of up to 2 BTC per day without submitting personal documents. If you aren't a big trader, this limit is usually enough for normal users.

I know this but you cannot participate in IEOs at binance without KYC ?  As you know that binance IEO are so profitable that everyone who has the account there would like to participate in it and for that they have to complete the mandatory  KYC.

In front of KYC policy we also have to be protected from being your id steald.

That's an excellent argument against KYC measures. Once I'm knowledgeable enough on BTC and altcoins to operate without the assistance of an exchange I'll make sure to try to remove my traces.

I'm yet to see some valid arguments for KYC. :D

Those who want to commit fraud can make fake accounts bu using stolen or bought identities just like when facebook required you o register your phone suddenly thousands of accounts made in the poor countries were selling likes and follows. They were buying thousands of prepaid cards and pumping accounts for money.
KYC is pumping the market for stolen accounts and identities and being a nuisance for the average user.

I agree with you because we are better off staying away from these sites Because they try to hack our personal information ID through KYC That's why I think KYC is very dangerous and useless Thank you so much I learned a lot about KYC and will always try to avoid it.

One way I found to reduce identity theft with services that require personal documents are to make a photo copy of your documents and then writing the website or domain name onto the photo copied document, prior to handing it over to the website that requires it. You then scan the new document with the writing and forward it to the service. I have not had even one service that denied my documents, because they know what it was all about.

Yes, some people might say that with modern Photoshop software, this can be removed, but I want to challenge them in doing that with documents that was written on and they will soon find out that it would not be that easy and it will also leave some new metadata for the forensic software to be extracted, if it was later used in some crime.

Also, when a hacker gets hold of say 100 000 KYC documents, they would rather use the "clean" documents, than having to go through the whole process of the "cleaning" of your documents with your own water mark.

If the site does not want to accept the "marked" documents, then you know they want to use it in a KYC scam. If they ask you why you "edited" the documents, you just say that you want to track where your documents was sourced from, if it was leaked. You can also keep a copy of those documents as proof that you used it at a specific site, so it will be easier for you to trace, where the leak originated from. (Photoshop will leave some traces of the editing that was done and you might pick up which document they used at the new site.)  ;)

there are many cases where in my country our identity is misused for online lending using that data, therefore I think it is very vulnerable to using KYC on websites / bounties that are not clear because it can harm us, we do not know when our data will be misused, by because it is wise to use KYC, check the web / bounty / airdrop, to avoid the name of misuse of identity

what's the point to dwell on whether KYC is dangerous or useless if you can't omit it, at least when using reliable crypto services?

You invented a great tut to do KYC. Thank you.
If a hacker steal data on 100 000 KYC documents, I believe he will prioritise his time with pure KYC documents, without handwriting stuffs or watermarks. Somewhat, handwriting will play to protect us the second time.

First, from websites that require KYC.
Second, from hackers who will firstly spend their time with non-handwriting KYC documents.

First of all, we all know that their personal significance is very important to every human being Specifically, passport, ID card, credit card information and more. Although many claims that they need to be verified to ensure their ownership While this is a good side there are many bad aspects to KYC, which is why I do not support it but sometimes it takes a lot of time to stop and give personal information.

I lost a lot of bounties because of this KYC rule at the last minute, it's better to be safe than sorry, your identity is far more important than any coins in the market, the coins that you already received from bounty campaign are already gone but your sensitive information will be used over and over again.

That is correct, protecting our identity should be our focus than earning coins from bounties that are requiring KYC. I will never participate anymore in campaign that requiring my I.D.s because I do not want to be in danger. There are now many news in the internet that KYC in different platforms are being traded in the blackmarket and it is really a threat for those users who are uploading their identity in the internet.

You are right I also don't support KYC. It's as bad because it gets the benefits of using passports ID cards credit cards etc. are quite the benefits Most of the time KYC doesn't have any personal information about our cards and hacked is best than not using KYC  KYC is extremely dangerous and creates many obstacles within the way.

I don't know, I've never participated in IEOs on Binance. Maybe you can ask this in Service Discussion (Altcoins) (https://bitcointalk.org/index.php?board=198.0) if KYC is required for IEOs on Binance.
I can imagine that it's different where the project is located.

KYC is necessary for IEO regardless of the project's registered location as far as I'm aware. They're trying to play safe and at the same time use it as a tool to filter out fake users or cheater who use multiple accounts to obtain lottery tickets or something similar. If you like to gamble with your identity document, go for it.

I don't understand very well, you're putting a water mark in the middle of your documents and of your selfie... and no platform has never refused them?  ???
Did you make that with big exchanges? Could you tell us which ones please? It would be very interesting for the community to know which exchanges are accepting that. TYVM

It was bit late for me, I did kyc for airdrop (Airdrop!!!), they never distributed tokens to hunters, when you ask about it in their tg, they block you, I calculated token price and airdrop tokens are worth $2.

I regret it, one of stupidiest thing I ever done.

I can't blame you to get fall from that schemes since they try to look appealing that's why many people same as you fall for there schemes and better next time to be more aware and never provide your KYC details especially on airdrops since they could use your identities on illegal transactions or taking a loan on certain platforms.

Be vigilant next time and this is lesson learned.

As I mentioned yesterday in another thread, this achieves very little. Only huge scams like massive loans or medical insurance fraud for hundreds of thousands of dollars require people to actually show copies of their passports, driver's license, or whatever you have sent to some shady exchange. There are countless banks, credit unions, online lenders, payday loan companies, and so forth whom you can apply to online, and who will quite happily grant you a credit card or a loan if you can provide accurate details without actually seeing a copy of any identification document. The kind of petty scammers involved in fake ICOs and airdrops aren't planning some super heist - they will be attempting to rip off as many users as possible for relatively small amounts each, because there is less chance of them being caught doing that. Plastering a watermark all over your KYC uploads does little to prevent someone from taking out a few tens of thousands of dollars worth of debt in your name.

Ever since that I started studying and doing stuffs that are related on cryptocurrencies,  I never been a fan of this Know Your Customer or KYC.  I always have doubts to give any sensitive information to the exchanges or wallets or any other cryptocurrency sites that requires its members to file a KYC form.  If is always better tk remain anonymous. That is why I prefer those that did not require KYCs. On top of that,  it's dangerous to give your personal identity specially if there are money and assets that are involved.

It's very disappointing, living in big countries leads to this kind of drawbacks, you have more chances to be impersonated...  :-\
But it would be great if Kakmakr could tell us which exchanges are accepting his trick.

I'll do the Hindi translation as I can see till now it hasn't been translated in the Indian section.

A very helpful thread indeed. I've myself submitted KYC earlier for some projects which I considered trusted for $10k+ rewards but two of them turned scam. Don't know what they did with my details but it took me time to realize that just because the project is popular and managed by a trusted campaign manager, it doesn't make the project trustworthy. Jinbi is one such example of a scam project.

At the very least you should be keeping a regular eye on your credit report, to make sure there are no unauthorized accounts, loans, cards, or applications opened in your name. I believe CIBIL is the relevant agency to contact in India. I would also consider opening a fraud alert or similar with them, and filing a report with the police. This will make it harder for anyone with your details to open accounts in your name, and it will also give you additional recourse should you become a victim of identity theft.

In terms of projects to trust, you shouldn't be taking anybody else's word for it. Campaign managers can be fooled by scams just as much as anybody else. There is no replacement to thoroughly vetting the project yourself.

I read new report related to this topic, when companies doing anything to keep their security safe from hackers, and they are is a good company, unfortunately, someone inside the organization / company can be an actor of scam KYC. This report says if a former/ex-employee from this crypto exchange (https://www.crowdfundinsider.com/2020/03/158142-kyc-data-leak-crypto-derivatives-exchange-digitexs-ex-employee-has-allegedly-leaked-over-8000-customer-records/) leaked 8000+ customer data, including passport, drivers license and other sensitive data. Of course, this is not new case, but this exchange hacked by ex-employee two times, the first is their Facebook page and share customer email address, and yesterday happen with KYC document.

^{Source: https://www.crowdfundinsider.com/}

Would be intresting to know if the KYC Details from Users from the closed Exchange Tradsatoshi also be in the future get in other hands.
KYC should be only done if you trust realy the platform you are using and you trade or exchange bigger amounts.

I have already checked my credit score with another website which required my details and they said your credit score is not available as there are no loans taken. Police won't do anything as they did not do anything when I was scammed to and made a report. Till now I haven't found anything suspicious and it's been 1-2 years since I submitted my details. Perhaps the scammers could buy sim cards with these fake details.

This is a very important point. Even if you think the platform itself is reputable and trustworthy (a common argument we see regarding KYC at large exchanges such as Coinbase or Binance, even though I would argue that isn't true), how can you possibly trust every single employee of these exchanges or the third parties they outsource their KYC processes to? You have absolutely no idea who is handling your documents after you send them off

That's good that you have kept an eye on your credit report and haven't seen anything suspicious in 2 years. The police wouldn't do anything immediately, correct, but if you are later the victim of identity theft and have pre-emptively filed a police report it makes it much easier to prove that the malicious activity wasn't you.

Until now many people especially those who are newbies in the Cryptocurrency, they do not even have second thought  doing KYC because they thought it's natural and nothing wrong on it.

This is very important you should only pick the right exchange to do KYC there are so many scam exchange now.


Still wonder why people for as low as $20 are willing to sell their credentials.

The hindi thread has been posted here: https://bitcointalk.org/index.php?topic=5230618.msg53969133#msg53969133

I think that KYC is a necessary factor, because it will identify you when joining to use a certain platform. But that problem is being overused by fraudulent crypto projects. And our personal information can be sold and used for malicious purposes.

My appreciation for your effort in raising awareness about this big issue.
Please add the Arabic translation.
https://bitcointalk.org/index.php?topic=5233251.0

Right from the beginning I never trusted KYC because i feel it's way too much, sending your identity to strangers can easily land you in big trouble and secondly many bounty projects that ask for KYC only aims for your ID so they can sell on darknet

Great, many thanks for your translation!  :)

I've added it to the table of published translations:

Translations

Local board	translated by
____________________	____________________
Russian (https://bitcointalk.org/index.php?topic=5222690)	zasad@
French (https://bitcointalk.org/index.php?topic=5222860)	Perkjeff
Filipino (https://bitcointalk.org/index.php?topic=5223563)	crwth
Portuguese (https://bitcointalk.org/index.php?topic=5223742)	cryptobaboon
Turkish (https://bitcointalk.org/index.php?topic=5224492.0)	yslyv
Arabic (https://bitcointalk.org/index.php?topic=5233251.0)	Ryutaro
Indonesian (https://bitcointalk.org/index.php?topic=5229720.0)	masulum
India (https://bitcointalk.org/index.php?topic=5230618)	erikalui

So, in my previous comment about exchange companies that become a victims of their ex-employee. Now, this exchange (https://digitexfutures.com//) become the first exchange removed KYC after KYC scam case (AFAIK/CMIIW). Quoted from CEO after making this decision


Read more on this blog posts (https://digitexfutures.com/blog/ama-digitex-no-kyc/)

At first KYC was excellent but later KYC became very dangerous I even have never used KYC since the start it seemed fake to me. they struggle to hack the ID with our personal information. That's why we should always all be vigilant and keep everyone faraway from KYC.

I have been wondering how possible can I ever make a KYC for cryptocurrency because that's the worst things I have ever heard from people who believed in anonymous but later turned to KYC. This action is bad and can land any individual into jail, we have heard series of hacks whereby hackers gained access to the database to stole whatever in the database. Many of these KYC done on these affected exchanges or gambling platforms stand a risk to be jail for what never happened to them per se. I hate KYC and won't encourage anyone to participate in the act.

its extremely dangerous since it really expose your identity, specially information the may lead you be a target of hackers , and we know that the information that we are giving is very critical, since this info are also being use in the banks, by a lot of people, hackers can take advantages of the info,
giving your info or selling it, this also can happen, i see a lot of group selling information's for companies the offers credit card and health cards and its annoying i know everyone experience this,
great topic i hope to see more

Personally I dont like to do KYC for any kind of bounty project. But I like to do KYC for exchange platform like binance,bittrex because it has huge advantage. you can withdraw huge amount of btc/crypto and your problem within the exchange will be solve easily. so its good to do KYC for exchange. but for bounty project its not good at all. because most of the bounty project are fake and they are just trying to collect our personal data and so why KYC is very risky for us.

I'd say it depends on how much you need to withdraw on a daily basis. Since you mentioned Binance, they have a a 24-hour withdrawal limit of 2 BTC. For most users this is enough. Do you honestly need to withdraw more than 2 BTC per day that would justify going thorough KYC?

This is absolutely true!
And we have been many cases where data have been leaked and who knows what the hell  happens with these huge data.

Few cases:
https://www.infosecurity-magazine.com/news/data-leak-password-reset-crypto/

https://cointelegraph.com/news/bitmex-email-data-leak-fallout-is-serious-many-users-already-affected

My opinion is that crypto exchanges should be more focused on security than on KYC.
But well, KYC is needed also to fight against things like AML.
It's complicated situation.

But I've passed KYC on Binance just to be sure to have some instrument that my account is mine. Imagine some steal access to your account (probably got access to your mail, but keeps silent about it). How can you prove that this is your without giving any kind of person identification to exchange.

Good security is expensive. Exchanges don't want to spend money and lose out on profits. We have seen time and time again that exchanges can be subject to huge security breaches and lose thousands of customers' KYC data, and people don't care. They will continue to use them and continue to trust them, even though they can't be trusted. Why would an exchange spend all that money on good security for their users, when their users will continue to use them regardless? So instead they opt to tender their KYC processes out to the lowest third party bidder, with predictable results.

This is a poor reason to complete KYC. If you have different, strong passwords for both your email and your Binance account and use a secure method of 2FA for both (not SMS or SIM based), as well as practicing basic security practices such as not logging in on public computers, then the chances of your accounts being hacked are minimal. If your Binance account was hacked, then you should be able to recover it from your email address.

If your account was hacked, and any coins you had on it stolen (although they shouldn't be since you should be storing all your coins in your own wallet), then what good is recovering the account anyway? You won't get your coins back. Risking your KYC documents for this reason is pointless.

I've got your idea. Maybe passing KYC on Binance was not the best idea after all. But what about situation when your mobile with 2FA is stolen. How can you recover access to your account ?

Anyway, I will never pass a KYC for a bounty reward or something that I wont use often.

You should be using an open source 2FA authenticator app which allows you to export your encrypted database as a back up, such a Aegis or andOTP, and not Google Authenticator, which is the worst 2FA app out there. If your mobile with 2FA is stolen, then your accounts shouldn't be compromised because the attacker does not know your passwords, and you can still access your accounts by restoring from your 2FA database back up.

I found this thread to be extremely informative and helpful OP. I truly wish more places and people would take a similar sentiment on the current "accepted" KYC "standards". I will be directing the companies and business who are demanding KYC from me to this exact post. Wonderful read!

Great work @1miau. If you don't mind i would like to do Polish translation.


I will quote my post here that i made for a guy who was pro restrictions and pro KYC:


And actual data right from darknet:


In present world you don't even need to collect single $ from ICO to call it successful. All you need to do is no-KYC bounty and change it to KYC bounty after 2 months.

Off course kyc could be risky factor our data could be used in wrong purpose if the website that we had done a kyc being fraud than it ws not good for us....

I myself do KYC while buying ico in years 2018 if secure my data I do not quite know that KYC be misused someone irresponsible when I read this thread I realize that personal documents are very important and very dangerous if it is owned by the bad guys and used in any use for the benefit of crime.

Sometimes it is unavoidable to go through KYC, but it is extremly important to check the party to which you submit your documents beforehand.

I guess for some exchanges KYC is just an alternate income stream (by selling this data) while other exchanges indeed just try to comply with the law.

One extreme example I encountered is Crex24 for which I created a Scam accusation recently after they suddenly and out of the blue went "you need KYC to withdraw":

https://bitcointalk.org/index.php?topic=5243879

The need to pass verification on Binance is not only to increase the daily limit for withdrawing money. Passing KYC allows you to use additional services of the exchange. Only after verification you will be able to take advantage of margin trading and futures. In addition, you will be able to restore your account if you lose access.

KYC is much riskier and more likely to be a victim of fraud The reason KYC is dangerous is that we don't have personal information and there are many KYC who do not have wallet keys and hack our wallet I was once the victim of this deception. Therefore, it is better not to do KYC to protect your data from the websites that ask you to do KYC.

PM me a copy of your ID. I swear it will never be misused.

You wouldn't do that, would you? Why would you give it to somebody else? Whether it's a small company, a corporation or simply a person, just why? Moreover, why do you have to give it after registering and depositing funds on most websites?

You could deposit 1 BTC on a website and I may have the password of it and complete KYC to withdraw your money from your accounts into my wallets and nobody would suspect a damn thing, I mean.. "you" have completed the identification process, haven't you? Besides IP, how would Binance know that the guy who completed KYC after their account activity turned "suspicious" is the same guy who registered?

It's just plain nonsense and too many are taking advantage of it. But it's only me and a handful of others complaining about it, everyone else says "well you should give it if you really have nothing to hide" .. -insertEdwardSnowdenquotehere-

---

Let that be their personal matter. If you'd like to sell your hands to somebody 'cause you want to make money off them, then feel free to do it. They're doing that as they will to, but nobody tells you about the dangers of KYC before registering everywhere. All you're being told is, "obey the law".

Almost platform are posing for KYC which is basically annoying and crypto currency not designed for this type of KYC processor. However, I forced to submit KYC on Bittrex for withdrawals once they were implemented KYC policy. As I remembered, I even have submitted KYC on Hitbtc & coinbase and also some exchangers.

AFAIK, Binance one of exchange that not asking KYC for members who not needed to withdraw more than or equal 2 BTC/day. It's mean, if you are joining in exchange that asking KYC to activate your account, you should avoid them. How to do this, you can join them, but don't use real personal information first. Or, if you want to play safely, you can try to search/ask in the forums before join and find information about KYC on exchange you want to join. This exchange list articles (https://news.bitcoin.com/6-cryptocurrency-exchanges-that-dont-require-kyc/)^[1] can be an option that not asking KYC as mandatory for members.

^{[1] DYOR/DWYOR}

A BIG WARNING here! STAY AWAY from Binance Free Accounts! At some points, they will freeze your assets and force you to provide KYC. THis happened to me! This Exchange is not serious at all!

based on my chat with Binance support, frozen account or assets happen because you account got security issue or something else made your account detected unusual. This case can be a good information for all of binance user, especially who don't want to passed KYC. Thank you for sharing, i hope you can get your money back.

What makes it worse is the fact that even decentralized platforms and exchanges now are starting to ask users to go through KYC process to be able to use that exchange (Idex is one of them) which doesn't make sense at all, after all one of the main reasons why decentralized platforms exist in the first place apart from safety of funds is because these decentralized platforms don't need much information from users that can be considered sensitive so they are anonymous in a way and because of that they don't need to worry about their identity information safety or platform is going to sell their information on black market or not.

So these supposed decentralized platforms by asking their users to provide them with their personal documents are going completely against what you expect from a true decentralized platfrom and of course decentralization as a whole.

sometimes they could freeze it for higher deposits/trades than normal so it's better to stay away if you want to trade without KYC.
any exchanges do something like that with free accounts.

there's a lot of room for DEXs to grow.

KYC is really risky for a lot of users and I don't really recommend doing it for some of the members if not necessary.

Your personal information could be used in many illegals things online so you might want to think twice before doing KYC on a website, make you that the website your doing KYC is a legitimate company, or have licensed.

In my country with just a 1Valild ID, you could already do a loan in a mobile application imagine if your information is used to gets a loan.

This KYC sustem is bias sence of political fight against inter citizenship, bittrex suffers this because their customer decrease with a short time in the name KYC system, from your explanation KYC system is fiscally rubbish because of the hinderant it shows on investors.

That is bitter. Did they not give any easons why they have frozen your account? What is the sum involved and what is the current status? Would be nice if you could provide us with more information.

In fact, Binance will have to pass KYC if you decide to engage in margin trading or futures. In addition, verification is required to participate in IEO, which are held on the Binance exchange. Therefore, if you decide to use these additional services of the exchange, you will be forced to pass KYC.

Of course, this is the risk of a free-account that has a limit given by centralized exchange providers. This of course has already been mentioned by each exchange. However, when we talk about volumes, generally Centralized Exchange has higher volumes compared to DEX, and Binance fame is like being a magnet that can bring users to use this service. I myself have used Binance, but not to KYC, because I am no longer interested in this exchange service.

I don't like KYC as well, scammers steal others identity and use them to create crypto projects, other ICO rating websites collects the project team KYC to verify that the ICO project is real, on their websites you will be  KYC VERIFIED, very popular on ICObench but doesn't mean it's real team ID

This has been noted all too often in the past. Unfortunately it is also no big problem to buy a identity. Recently I read a report about it. I think it cost about $100 for KYC data.

Already posted it here:
50$ for full KYC data (with utility bill)
100$ for new credit card
Real physical fake id - 100$
NEW IDENTITY - 500-1000$ (with birth certificate, ID, driving licence, passport etc.)



KYC will not stop scammers. It helps scammers collect more data for thier scams.

 These aren't usually verified IDs there's no got to KYC in verified IDs, they're so reliable this is often usually a replacement strategy to steal someone else's money. the rationale why KYCs are so dangerous is that they will steal money from our personal information also as spend it on many illegal activities If they use our biodata for other websites there's an opportunity that our ID is going to be hacked by winning So now most are trying to remain faraway from KYC and KYC is becoming useless.

Sorry, I've totally missed your request. ^^

Of course, I would be happy to get a Polish translation. I've reserved it for you now:

Translations

Local board	translated by
____________________	____________________
Russian (https://bitcointalk.org/index.php?topic=5222690)	zasad@
French (https://bitcointalk.org/index.php?topic=5222860)	Perkjeff
Filipino (https://bitcointalk.org/index.php?topic=5223563)	crwth
Portuguese (https://bitcointalk.org/index.php?topic=5223742)	cryptobaboon
Turkish (https://bitcointalk.org/index.php?topic=5224492.0)	yslyv
Arabic (https://bitcointalk.org/index.php?topic=5233251.0)	Ryutaro
Indonesian (https://bitcointalk.org/index.php?topic=5229720.0)	masulum
India (https://bitcointalk.org/index.php?topic=5230618)	erikalui
Romanian (reserved)	GazetaBitcoin
Polish (reserved)	Tytanowy Janusz (https://bitcointalk.org/index.php?topic=5221497.msg54406652#msg54406652)

Totally agreed here, KYC is making personal data / hacked and already verified accounts a very valuable good, unfortunately. I guess some people are trading it as asset and hope its value will increase, when moon?  :-X :-X

The next step will be 3D printed face masks to fool video verification...
Nice business opportunity for scammers.  :D

Serious traders should not worry about KYC.  Create a corporation and use that information.

The government only cares about finances.  1)  Collect it's income through taxes and 2) Verify it's expenses (double dipping such as collecting EI and welfare at the same time)

If an exchange does not accept legal corporation information, verify the exchange is operating legally. 

If you give personal info to a non-registered exchange, don't be surprised if you see it online later.  :/

Yes I do believe that KYC is not really needed in decentrized system. Keeping it anonymous is what this decentralized system is all about. Yet, the government meddle because of security purposes as it has been observe that the cryptocurrency has been subjected to abuse like illegal transactions and other illegal activities.

This is why KYC was being implemented as to give also the government of data or information needed if there are any inquiry among users if there are any doubts that a certain user may doing illegal activities.

Thus, making it dangerous among other users for as we all know that it could be subject for an hijack or hacking the platform which will then enable the hacker to get our important details.

For now, all platform requiring KYC were just promising that important details will be safe but the question is until when could it will be still safe.

Today most of the transactions are required to fill up the KYC and this is just because they want to make sure the security of their platform who is the person making a transaction on them which would like to deposit or pull out their funds but the main problem is some of those platforms requires a valid ID which is you are giving your identity include the address, date of birth, place of birth and etc. Which can be used for identity theft but I'm not included all of the platforms but we cannot deny the risk of your personal information because of it.

Still there are some platform does not require your information just to use their services example are this wallets.

• Electrum
• Coin.space

AFAIK they are requiring the KYC to level up your account into VIP 1 if you are one of the users would like to withdraw their funds for over 20 BTC but if you are just a normal trader want to exchange your funds and earn a small amount of profit you does not need to upgrade your account and make a KYC.

If you have no issue in doing the KYC then you should do the KYC on binance and do not operate it as a free account. In some point, if you account is hacked or there is some problem, KYC might help to resolve the issue as you can prove yourself as original owner of the account.

If you are not doing anything suspicious, your account should not trigger risk management, because when it does, it will definitely freeze your account, I've been using it all this while and got no issues with them, if you are into any suspicious activity stay away from Binance.

There are many other ways to prove that you are the right holder of your account. Especially if you deal with cryptocurrency there are a well-known method ;)

Binance may have been a reliable exchange in the past, but Binance can be hacked just as any other exchange. Then your KYC data can fall into the wrong hands and be misused. Binance is constantly changing the location where it is "officially" based on to escape the regulatory authorities. For example, it states that it is based in Malta but in Feb 2020 Maltese authorities (https://www.mfsa.mt/news-item/public-statement-2020/) stated that it is not authorized to do crypto business in the country. There is therefore no data protection law to which they are subjected. It's naive to think that Binance is safe when it comes to KYC.

I think the only danger on submitting our kyc is that our identity would be rob by scammers and use it for their own activities on fraud works.

Indeed. And what you said basically already stated by OP and others above. Well, that's why we must be careful and never share private data like our identities. You should ever hear that our identities can be traded on the black market. It is a warning, thinking about the risks before submitting private data to any project teams.

Thanks. I'll let you know when it will be ready.



Just like your bank, your police station, airport, tax office and every other entity that has ever stored your sensitive data. IMO binance security is on higher level than most of those including banks.

People move by incentives.
knowing that there are darkmarkets for KYC, documents and selfies I wouldn't be surprised it we had schemes of new exchanges giving 10 USD per KYC only to "flip" iton these markets and make some thousands or even million dollars (plus trading fees)

Well, that's true. But if my bank is hacked and money is stolen or they have violated data protection laws, then the bank must pay the compensation or can be sued. That is not the case with Binance. You don't even know where to turn for a legal action. Malta? China? Singapur? Hongkong? All the institutions you mentioned are subject to strict legislation.

indeed, your bank would be more responsible by your funds in the case of a hack.

BUT it's worth to remember that binance and bitmex have their funds, (remember SAFU?) and have copensated users due to hacking loss in the past.

But we are talking about sensitive data hack. There is no compensate that bank can offer that will reverse your ID being actively traded on darknet (if they admit to being hacked at all).

Regarding binance. They have special #safu fund that collect 10% of trading fees in case there was a security issue to cover users loses. Their reputation is worth more than coins in their wallets. They will pay better and faster than bank guarantee fund.

The KYC are not safe not even at the Binance site. I know that Binance will never misuse or sell your KYC but you know that exchanges do get hacked and binance was also hacked couple of times. So if the hackers get the access of your KYC stored in the binance servers, they may sell it in the black market or misue them. But most of us don't have any option if we want to trade at binance and other sites we have to submit for KYCs.

What is the situation with the providers of Video Ident anyway? Are there any cases where their data has been passed on? Was there ever a hack or an inside job?

But if you want to use additional services of Binance, you have no choice but to pass the KYC or leave the exchange. I am now talking about such services as margin and futures trading, as well as participation in IEO, which are held on the exchange. Of course, there are many other exchanges, but they also can't guarantee security.

Great post, very informative and detailed.
For me greatest danger of KYC is identity theft. Too many shady exchanges and bitcoin wallets demand KYC.
You never know where your data will go when you send it. Its prone to beign hacked or used with malicious intent.

Agreed. Can't trust most exchanges with my ID and personal info due to all the hacks.

Yeah, you are kind of forced to go through KYC if you are trading or withdrawing a rather large amount of assets because you can not just trust any new exchange these days, although I'm pretty sure many whales out there won't be using their own identity information to pass KYC and many of them buy identity information or the trading account(pre-verified) itself either from a person or the black market that we talked about in this topic earlier, also they have the option to use a few decentralized exchanges that still don't ask users for KYC, they definitely won't have as good experience using this exchange comparing to the centralized ones since it has larger spreads, lower volume, less number of pairs and higher fees(blockchain transaction fees), but regardless they will be able to trade big amount of assets without the need for KYC verification.

Better ignore the sites asking for that information esecially if they are new nor unknown in the industry and we must learn to reject things whatever good offers they give to us, We need to be more careful its been expose that our details are been sold on the dark web so for personal protection we should avoid any and stay with familiar and famous sites.

A major point you didn't determine here is - KYC is pointless.
I mean, what's the point of KYC here when we are talking about a community which is interested in sheer anonymity in order to save their asses from governments and other financial authorities which keep track of whatever we do, be it online or offline?

Yes it may be pointless in a decentralized system and most of us hate this KYC. This is a private identity interception.

Yet, we could also blame them because this is their part of intervention among users who are abusing the system. Having the infoemation with them could be easily track and law enforcers will not be having a hard time to locate the users for illegal use of the system that involves high value of money traded. This could be an indicator also of an illegal activities like transaction of payments for illegal drugs to where it is possible to be done in cryptocurrency.

Even though KYC really dangerous for the users but since our love to cryptocurrency is strong then we have to do it without questioning the KYC system.

We have to do what? KYC?
You just gave a great example first and now you're only saying this? I mean, just think of a project you're heavily invested in, and you decide to go for a KYC check that's levied by them by saying that you won't be eligible to get your coins for which you have paid, unless you go for KYC and give them your personal details.

There will be 2 scenarios:

-   What if you give a fake ID? How will they determine whether it's you only or you have used someone else's docs in order to gain your coins? This would be cheating for your own financial benefits, though it's true that you've purchased the coins yourself but then giving a fake ID is also cheating.

-   What if the company you've invested in, runs away with both your documents and the money you invested? Don't you think they may use your docs anywhere including dark places so whatever they'll do, you'll be penalized for the same? What will happen if that company turns out to be a drug dealer and gives their clients' (investors') KYC docs to other parties as well as police in order to remain safe from them?

If you trade on the Binance exchange or other centralized exchange where KYC is passed to another person, you risk losing your Deposit. At any time, the exchange may require re-verification and if you do not have access to the documents of another participant that were used for KYC, your account will be blocked.

Never heard that someone (ie. Binance) asked to pass verification once again. Do you know how the exchange will act, if I provide other documents, than I used to pass verification before, because my previous are expired? For example passport's ID changes when you change expired to new one. Also expired one is taken away and it is impossible to provide old one and new one to exchange.

If you lose access to your account, you will need to re-verify it. And if your documents have changed, you will pass verification without any problems. But I wrote above that if you passed KYC on someone else's documents, you will not be able to re-pass it on your own, since there will be a different name and surname.

If you are tempted to do KYC in any project other than reputable exchange then better take note or read all the points here over and over again KYC is the next dangerous thing after hacking, one submission to one bad projects and you are in danger anytime to being exposed, used your credentials to scamming people and the next time you know you are involved in a scam activity because of your submitted credentials.

We have a new translation, done by GazetaBitcoin and translated into Romanian:

Translations

Local board	translated by
____________________	____________________
Romanian (https://bitcointalk.org/index.php?topic=5260591)	GazetaBitcoin

Many thanks @GazetaBitcoin for your translation.  :)

Yes and I am a little bit worried before because I have done KYC on some projects and exchanges. It may be used in another way like scamming other people and that using my identity. So, this means a good luck to me and to others also that are doing the same providng KYC.

Anyway,  I think there are thousands of us having this KYC issue. I just need to be ready if situations comes to worst.

When a project or a gambling site is requiring a KYC, we do have doubts on submitting it to them because if a project or a site have turned out to be a scam, our personal information or identity could be stolen and can be used in illegal activities like a scam. But requiring KYC in a project and other sites could be helpful to them because it could avoid people for making multiple accounts.

That is the main reason why I always careful when I upload my identity online, I'm afraid that my identity will be sold and will be use in many criminal activities. Whenever there is a project that I want to participate, I identify first if they are requiring KYC before I join. There are now a lot of issues in terms of KYC and we should really be careful if we will upload any types of I.Ds online.

You described really well but now all Airdrop hunters are mainly victim of kyc scam.Because they hunt Airdrop tokens by verifying kyc from new launched exchanges or Airdrop sites.
By verifying kyc to the scammers means they are inspiring scammers indirectly.

Just finished my Polish translation. Its been a while but i was busy doing xxxx xxx (hidden to protect personal data :) )

https://bitcointalk.org/index.php?topic=5263255.new#new.

Once again - great reading. Even translating was fun to do.
And a very serious problem that requires wide publicity

Even the bounties and airdrops that requires kyc are risky ones too
KYC is absolutely risky for cryptocurrency. With my experience. I've signed up for a cryptocurrency airdrop once and these which required kyc to be eligible for distribution. This is Tratok airdrop and after all the KYC verified, I still got nothing and the bad thing is they already have my information. I felt bad and since then, I stopped participating in any airdrop which requires kyc.
I've done a lot of kyc before then and I've been like. I've open my ass out too much. Seeing this thread made me know more risk behind kyc.

Even some reputable exchange will reject some Submitted information about kyc and most time when this happens, I use to feel like they already have this information they need but it seems they just needed to be sure its you.. Reputable exchanges as also risky as I can see.
I've had a lot of bad kyc experience and I feel kyc isn't the right thing to prevent fraud. Its just an act of fraud.

What is the real purpose of KYC? In my opinion, KYC is the only way to bind your identity with a bitcoin or other coin address now. Then who needs it? Exchanges where you convert cryptocurrency into money, controlled by the government. They must pay taxes on their income. Or to prevent crime explained by op.

I think that's the main reason why KYC is needed. However, it turns out the identity is sources of income that can make data owners tempted to sell it. No offense, it is human nature.

At present, Doing KYC is mandatory, and there is nothing we can do. Therefore be careful when doing KYC because a trusted place is consist of human.

Where is the trust inside an untrust environment?

KYC is the way governments like to control their citizens. Where are KYC from initially? If not from governments' forced requirements on exchanges. In the future, all centralized exchanges will be required to do KYC on their customers. The future will belong to decentralised exchanges

there's still a lot of room for DEXes, you are right
I like the work blocknet is doing.
they're unstoppable.

I don't think dex is a solution to removing the KYC process, because you can't exchange your crypto for money. You still have to use your local exchange. I think P2P is a solution, but it can't be implemented now because not everyone understands and accepts crypto. Now it is better to stop and avoid those who ask for your identity.

have you heard about Bisq?
there are descentralized solutions in the market already operating to make the bridge fiat-crypto.

I haven't use it. I installed it few years ago, just to have a look how it works and so on.
But what I have been heard is, that it can be problematic if you do a Crypto-Fiat trade with someone who under suspicion about money laundering. Problem is, that you don’t know that but suddenly you get a letter from the prosecutor.
Can anyone verify this?

never heard about it.
would be good to have sources on it.

fiat-crypto trades can be on deposit or even w/ personal meetings (observing some security practices of course)

Hi!  :)

Great to have your translation, I've added it to my list:

Local board	translated by
____________________	____________________
Polish (https://bitcointalk.org/index.php?topic=5263255.0)	Tytanowy Janusz

And nice, that you had fun to translate it.  :)
When I was researching different sources, it was very interesting to see, what fallacies KYC is actually based on.

Hmmm, I just found out that Bitsquare has rebranded to Bisq. Yes, I use their software. At present, we cannot use it as a solution. Using a third party will add more cost and a wall for most unbanked. They must add more currency and remove the trading limitation.

Binance limited account may be a temporary solution to avoid the KYC process. However, I believe someday someone will provide the answer.

Where did you get the information from? I cannot find anything about it in the internet. I see that bitshares will upgrade their protocol to release 4.0 at July 30, 2020.  But not anything about that bitshares rebranded to bisq.
I would also be surprised if this was the case, because bisq is a stand-alone software and is built completely different than bitshares.

he said bitsquare and not bitshares.

bitshares has no relation to bisq.

I'm not that sure about bitsquare.
binance may not be the best solution long term, for higher volumes and for anonimity. but it's good overall

https://i.imgur.com/sa0tC6r.gif

 ;D

Why did I read bitshares? I cannot even say, it was to late....

The reason why they have rebranding was quite simple. They wanted to register the bitsquare brand. But the words "bit" and "square" were not very unique. So they asked the community for a new name...

https://bisq.network/blog/bitsquare-is-rebranding/
https://bisq.network/blog/bitsquare-becomes-bisq/

I agree with the OP, the KYC is against the idea of blockchain/crypto economy.

However if someone is operating really big money, they KYC may be justified.
It's not the crypto projects that demand it, but the governments that regulate thier business.

There should be some alternatives for KYC I think

hahahaha sometimes we just need to rest.
thaks for the information, it makes sense.

and BisQ name is definitely better than bitsquare, don't you think?

bisq is definitely shorter than bitsquare. So for that at least the change was good.  ;) Now it's just a matter of showing people how good bisq is too.

Well if that the case then I don't mind to submit my personal information however, this will be limited only on reputable sites.
It is the truth that most of the time projects and exchanges are now mandate KYC before you getting your rewards or to be able to withdraw your funds. KYC is more likely inevitable now and I can't blame them. I guess all we need to do is to make sure that you are sending your info to reputable platforms to avoid the use of your identity in any kind of malicious intent.

You can never be sure that your data will not be stolen. Even when it comes to an authoritative platform. Hackers are capable of hacking anyone, and there are thousands of proofs of this literally every day. I have a negative attitude to the need to provide my personal documents somewhere, because I perfectly understand the risks and absurdity of this kind of checks. But, unfortunately, we cannot qualitatively influence this, and we have to do it from time to time, because our government is the initiator of KYC politics.

Know Your Customer (KYC) has always felt like a good idea to me, it's funny how we never realized the dangers it posses. For a fact, every idea has a unique code and it's all that is required to register on some of our local platforms.
We never know how much details we expose and how it could be used against us in the wrong hands.
Let's take this more seriously.

This is the way it is sold to the people. But if we take a closer look behind the curtains and questioning the underlying processes things suddenly look very different.

Actually, you are already vulnerable if you upload your identity or any type of your private information in the internet. The issues about KYC is becoming more hot because a lot of exchanges and projects have been hacked anf the identity of the investors are stolen where it can use in illegal ways. I'm really afraid to participate in any kind of KYC because I know that my identity may be sold or stolen and use it in a bad way.

The Vietnamese local thread was unlocked last week and one local translated your thread into Vietnamese. Please add the translation to OP.

Vì sao KYC cực kỳ nguy hiểm – và vô dụng (https://bitcointalk.org/index.php?topic=60101.msg54911639#msg54911639), translator - Crypto Carabao Group (https://bitcointalk.org/index.php?action=profile;u=2393389)

If you are worried about Bisq security, you can see their code. Bisq is open-source. I'm not sure because they still use a third party for FIAT transactions, where you still have to obey the KYC process. Binance Dex is good for trading without KYC, but you can't take out FIAT directly. We must use our local exchange, and they oblige our identity.


My advice is to stop providing your identity to any bounty campaign. The bounty manager should also refuse the project asking for KYC. There are many ways to filter out users who have multiple accounts without having to ask for their identity.


It's not all about the hackers. It also involves an insider. We never know what is falling.

I did not know the exact information about KYC before. However, I found out a lot after the pig in this thread. I will think 10 times before doing KYC in future. Thanks Friend for sharing such information with us.

The level of KYC requirements in bounties has decreased and some bounty managers may have rejected and did not implement KYC requirements. You are right, KYC not only identifies multiple accounts but there are other purposes behind it and your data can be misused. Beware and guard your identity.

Jeez...
There's probably no way of finding out where & who has my personal details either..

... Pfff

Is is not only full KYC at exchanges or Bountys which is dangerous. Even if you purchase something what is relating to Crypto and your adress got leaked you can get in really danger. Just look at the Ledger hack.

You are just very right, but I believe those people do not know they were getting verified for just buying ledger wallet directly from the company, now many of the buyers are now facing even threats that are physical and also phishing that have cost many ledger wallet owners to lose their funds. In anything we are doing, no kyc is the best, we should be completely having no link of our address, email or any related things to our wallet.

Yeah this is what I am afraid of because it happen that I am actually doing KYC in an exchange that I was trading. And now that I quit trading I must have to delete the account but it could not be possible because you need to contact the support and request for account deletion. If it is only there is an option to everything to have some delete account option then that would be nice in my part to delete account.

KYC is bad here and there, I can see how many people hate the system but what are you guys going to do now that it looks like all centralized exchanges will abandon non verified traders on their exchanges soon? I'm sure many are trading on centralized exchanges that accepts non verified users e.g binance

How about a biometric kinda verifications? Maybe we  see this in the future? Also I want to clear some fact about KYC strategies, some are better than those that only need you to submit identity card or passports, binance KYC is more strict because it allows live KYC verifications, once you click on KYC tab it will direct you to your mobile camera straight, you can't cheat this verification process

We have now also a Croatian translation why KYC is useless and dangerous, done by TheNineClub: Zašto je KYC iznimno opasan - i beskoristan (https://bitcointalk.org/index.php?topic=5334332.0)

Many thanks!  :)

good point - was the hacker using stolen personal data to kyc ?  or did they catch the hacker because he used kyc ?  wonder how many "chainanalysis" traced accounts were opened with stolen personal info....that is where the kyc will start to spring back against exchanges....

I really hate when you register in a wallet or any project that requires KYC then they let you deposit money without KYC, but they tell you it's a must to complete KYC for withdrawing! That's like scamming I guess. Sometimes they may restrict some countries from their services but they will not tell you until you deposit your money, they do that because they know you will never complete KYC to withdraw your money.

Today I bumped my polish translation of this thread. I decided to do the same with oryginal thread because there are two good reason for that. One is obvious - very important thing is very well explained here.

Second one is that 4 days ago, February 2 we had 9th anniversary commemorates the moment when Beyonce's lawyer won a court case for removing this photo from the Internet:

https://i.imgur.com/gEx0i83.png

As you can see, it didn't worked :)

I wanted to use this event to remind an important thing. Remember ... once your sensitive data falls into the wrong hands on the internet ... it will always be floating around the darknet in the ever-growing and resold hacker databases used by scamers.

I've adjusted and improved my list of translations into local languages below my text on the first page, so it might be easier for you to read it in your local language, if it's available.
Probably, I've still missed some languages in my list, searching content on Bitcointalk is very difficult due to Bitcointalk's outdated layout.
In case you know about local translations missing in my list, plz let me know and I'll add it.  :)

Language	translated by	Title
___________________________	_____________________	_______________________________________________________________________
Română (Romanian)	GazetaBitcoin	De ce procesul KYC este unul deosebit de periculos – și inutil (https://bitcointalk.org/index.php?topic=5260591.0)
Français	Perkjeff	Pourquoi le KYC est extrêmement dangereux - et inutile? | Par 1miau (https://bitcointalk.org/index.php?topic=5222860.0)
Hrvatski (Croatian)	TheNineClub	Zašto je KYC iznimno opasan - i beskoristan (https://bitcointalk.org/index.php?topic=5334332.0)
Bahasa Indonesia (Indonesian)	masulum	Mengapa KYC Sangat Berbahaya dan Tidak Berguna (by 1miau) (https://bitcointalk.org/index.php?topic=5229720.0)
Pyccкий (Russian)	zasad@	Пoчeмy KYC чpeзвычaйнo oпaceн и бecпoлeзeн (https://bitcointalk.org/index.php?topic=5222690.0)
Pilipinas	crwth	Bakit ang KYC ay lubhang nakakatakot at walang silbi (hindi maaasahan) (https://bitcointalk.org/index.php?topic=5223563)
Português (Portuguese)	cryptobaboon	[Tradução] Por que o KYC é extremamente perigoso - e inútil (https://bitcointalk.org/index.php?topic=5223742.0)
Türkçe (Turkish)	yslyv	Neden KYC Çok Tehlikeli ve Gereksiz? (https://bitcointalk.org/index.php?topic=5224492.0)
العربية (Arabic)	Ryutaro	KYC - تحرير المفهوم و تنوير العقول  (https://bitcointalk.org/index.php?topic=5233251.0)
India	erikalui	KYC इतना खतरनाक और बेकार क्यों है? (https://bitcointalk.org/index.php?topic=5230618.0)
Việt (Vietnamese)	Crypto Carabao Group	Vì sao KYC cực kỳ nguy hiểm – và vô dụng (https://bitcointalk.org/index.php?topic=60101.msg54911639#msg54911639)
Polski	Tytanowy Janusz	Czemu KYC jest skrajnie niebezpiecznie i pozbawione celu (https://bitcointalk.org/index.php?topic=5263255.0)
Deutsch (German)	1miau	Warum KYC keine Lösung, sondern eine Gefahr ist (https://bitcointalk.org/index.php?topic=5220920.0)

Looks like KYC is working great on Gate.io. A user registered as "Kim Jong-Un" and the e-mail "notlazarus" and got verified within minutes (Lazarus is a hacking group, run by the government of North Korea).

Another example why KYC is useless and why it is dangerous to use your data on questionable exchanges.

https://i.imgur.com/X32xNtN.png

https://i.imgur.com/wWem0Zc.png https://i.imgur.com/XIRgAnS.png

He tried other names, like "Harmony Hacker" and got also verified within minutes.

https://i.imgur.com/jGlXNyQ.png

Full Thread: https://twitter.com/zachxbt/status/1655929037770899457

At least, Kim Jong-Un got exposed now for using shitcoins (probably) and storing his shitcoins on a centralized exchange.  :D

---

While I didn't expect much from shitcoins shithouses, it seems KYC 1 level on Gate.io can be faked by anyone:

https://www.talkimg.com/images/2023/05/12/gate1416034628493922.png
https://www.gate.io/help/guide/security/23118/about-identity-verification-kyc-procedures-on-app

Just enter some random data, should do it already.

Even (if required) official documents can be faked by professional scammers.
And now, with AI entering the game, KYC will get even more unrealiable.
Most likely, all digital verfication can't be trusted as professional and experienced hackers will be able to fake it.


But I've tried to upload a picture of DOGE once for KYC, didn't work unfortunately.  :'(

The system noticed that there is a discrepancy between the name "1miau" and the profile picture of a dog! :P

---

This thread's introduction is indeed valuable and I have only gone through KYC once, which was during my earliest days as a Bitcoiner and the only safe way for me personally to get Bitcoin. I am still ok with it, but I would never go through another KYC process on another exchange again. Data theft happened/happens nonstop, but the risk one had to take was that an exchange pulls the KYC card when you wanted to trade a coin or token that was only listed on a specific exchange back then. And that was quite common in the early days because exchanges were also popping up like tokens do today. Cryptopia, Bittrex, Cryptsy, Poloniex, HitBTC, Mintpal (god damn it, Mintpal :D that's a story...), I have never ever provided any documentation there and I can only recommend to never do that. I know the early days of all those exchanges, how they started and how they were operated and I can tell you if you knew, you would certainly not consider sending your documents there.

Poloniex was a pump and dump, bot manipulated shit place, but it was hot for some time. The Poloniex guys listed every shitcoin and managed to attract tons of volumes, which was the key to their success as you could trade everything with decent liquidity even if it was manipulated by bots (or because of that partially). These guys were then even approached by Circle, a company backed big time by Goldman Sachs, and they sold that shitcoin hole for $400 million after operating it for just four years (https://coincentral.com/goldman-sachs-funded-circle-purchases-poloniex-400mln-buyout/) in the most amateurish way (https://www.coindesk.com/markets/2014/03/05/poloniex-loses-123-of-its-bitcoins-in-latest-bitcoin-exchange-hack/) possible. The hack wasn't the only issue.

Now I knew how that thing was operated and I was really shocked about the amount of money they got for the exchange. Shortly after, Circle wanted to turn it from a shitcoin hole into the serious go-to-place by introducing the magic KYC-forumla! :D What happened? Traders jumped ship like crazy. This is the outcome.  (https://www.coindesk.com/markets/2021/07/08/circle-lost-156m-on-poloniex-acquisition-spac-documents-reveal/)

I guess this shows that most people had a relatively good understanding about the KYC risks and I am not talking about those who avoided KYC for criminal reasons. Poloniex was such a mess after all that really nobody wanted his personal documents being attached to some messed up databases.

I read the post from allyouracid (https://bitcointalk.org/index.php?topic=5203028.msg53128470#msg53128470) (German) and seriously, if it can happen on Bitcoin.de that you get accused of trading with someone who is involved in shady activities, holy Christ, how should I haver ever known with whom I traded on Poloniex? How can I even tell when I just use a buy/sell trading interface? That's ridiculous. It would be the same if you buy Applestock and it turns out one of the people who sold you Applestock is a drug dealer and the police knocks on your door because you, as a KYCed customer, bought Applestock from that anonymous counterpart on the NYSE. :D  

And here is one thing that 1miau is trying to get across: KYC is worthless because it doesn't even protect you on an officially registered, fully audited and authority controlled German exchange from being accused of engaging in illegal trading activities because another KYCed, shady party did a trade with you. What the heck is that? Really, this is beyond me because that is the maximum you can do. Go to a fully licensed, registered, legally acknowledged exchange with obligatory, extensive KYC and trade there. And still you get into unexpected trouble. That's a bad joke.

It is ridiculous, and ended up being nothing but a waste of money for the govt.
But I feel I should mention that bitcoin.de is a marketplace where you pick whatever order from the books, and you do a direct trade with that person. Bank account to bank account, crypto wallet to crypto wallet. And the issue was that the counterparty used a hacked bank account to buy crypto, so the actual owner complained and our super clever repression agencies immediately drew the conclusion: the receiver of the stolen money must be the bad guy! Understandable... if you have no clues about the matter you're dealing with.

Issues like that theoretically can't arise on a normal CEX, because you're not directly trading with individual persons. Well, the money comes from persons, but in that case, the exchange is your counterparty, esp. when you withdraw fiat bs money to your bank account.

Exactly that. Such trading sites are often operated by shady people and even if they don't get hacked, we don't know at all where our personal data is sold.
It's very common for these shady exchanges to make money from everything, even selling customer data on the darknet.
These trading sites are not regulated at all, often nobody knows who's behind them or where their headquarter is located. They will do nothing when our funds are lost as we won't have any chance to get our funds back.
And these shady operator know it.
They are just not liable for any fraud they are doing.


It's different here for Bitcoin.de as written above by allyouracid.
Bitcoin.de isn't a centralized exchange and they are writing that on their site, too:

https://www.bitcoin.de/en

It's like a (semi) P2P service, where funds are sent from bank account (seller) to bank account (buyer) and BTC wallet (buyer) to BTC wallet (seller):


Bitcoin.de isn't a bad site it's just involving some risk like doing P2P with a (potentially) criminal.
We can also get robbed when trading P2P, for example.

In oppsite, on centralized exchanges we don't interact with anyone, the centralized exchange is managing everything.
The problems of centralized exchanges are different disadvantages compared to (semi) P2P trade sites like Bitcoin.de.
Centralization 3rd party / loss of funds when getting hacked etc.

---

I remember I didn't call my account "1miau" as cats are not allowed to have personal documents.  :D
1miau is only existing online, so it can't be tied to any identity documents (besides its profile picture  ;)).  :)

I learned this phrase which just matches all too good for anything crypto related, and I turned it into a mantra which — no shit — has kept me mostly safe in Cryptoland for years: "There is no free lunch."
While its original meaning slightly differs from this, I think it also applies here: at the end of the day, you have to decide which risk you prefer; there is no way without any risk involved:

• P2P trading: counterparty risk / risk of physical harm and potentially death
• CEX trading: risk of exit scam, hacks, KYC loss / misuse / extortion by the exchanges themselves
• marketplace trading: risk of harassment by authorities if you happen to trade with a criminal / counterparty uses a hacked bank account
• DEX trading: risk of loss of funds — hackers and scammers are not as dumb as they used to be, and keeping up with security is a tedious, neverending task. Also, this option lacks ways to convert from / to fiat money

I've had situations in category 2 and 3: I once lost ~USD 30.000 because an exchange kept my funds hostage, trying to force-KYC me without giving me the option to withdraw my funds and part ways in peace. It was a rather new Chinese exchange I was trying to sell mined coins on (pretty ridiculous to demand KYC + source of funds on mined coins, and they knew the coins were mined but still kept up that excuse for locking my account, which was a red flag), and when it became clear that I'm not gonna get back my money, I started publicly ruining any potential reputation they might have gained in the future until they closed shop for good.
Bad marketplace experience (some know about my thread about this ^^) was a trade with someone using a compromized / stolen bank account, with police showing up at my door, harassing me and my family. This kind of risk can be reduced a bit e.g. by only selling to known, reputable users, for example market makers with a registered company which can be held liable in case of any issues.

So, eventually, the risk can only be shifted, and an actual reduction of risk goes along with less features (which makes sense: do less things → have less exposure to risks involved with things) or a reduction in comfort. The best way to pick one's option is probably to know your strengths, the risks involved (and what danger they pose to oneself) and adapt strategies accordingly.

Edit: @ 1miau posted at 2:45 am – it's hard to get to sleep, right? So calm at night, nobody bothers you with random things... almost worth being tired next morning  ;D

Nice post and I wonder which Chinese exchange that was! ;) I had the same situation with funds being kept hostage and it never ended well. But sometimes there was no other way around it. As you said when it comes to selling mined coins, it can be troublesome when it is not listed anywhere on a reputable exchange yet. Speaking of reputable, which exchange was even reputable in 2014? :D None of them could have built a history to trust in even if they wanted to.

When I mined XMR in its very early beginning via AWS instances, there was no market for that coin. You could either go through tedious OTC trades on the forum, which is a nonstop back and forth sometimes and pricing is obviously subpar, or you decide to use this exchange that decided to be among the first to list it. I can't remember the name, damn it, but that was one time when my funds were kept hostage and not returned. In total it happened to me three times, but after the first time I became much more careful in terms of amounts I choose to deposit for trading and there was really only one time that was painful.

Now even if these scam exchanges request KYC, you almost instantly know that you could provide whatever documents they ask you to provide and it would change nothing. I guess in many cases they speculate that funds stem from illicit activities and therefore people refrain from providing KYC docs. But usually it is the other way around! :D People don't provide KYC docs because they fear illicit activities on behalf of their personal data by the scam exchange operators.

The system these scammers developed is quite sophisticated. In some cases have pretend to have some value proposition (for example, early listing of a new coin) that could make it seemingly worth it to deposit. They are grinding on the edge with their reputation such that you believe it could work out. Once you deposited and did some successful trades, you might be inclined to increase your deposit amounts. Out of a sudden, you are forced into the KYC procedure. You exactly know that you got scammed and there is no way out. There isn't even any recourse because you are afraid of data abuse and you can't call for help because you refuse to provide KYC data for a good reason in the first place.

Bottom line: better not touch centralized exchanges unless you absolutely have to! But the good thing is that the number of options besides CEX has increased significantly and also improved significantly.

Edit:


I like that one! Quite some truth to it! ;)

Very true and especially for Newbies it's extremely difficult to get an understanding and make a proper assessment of these risks. There are many traps, very different from each other depending on which option we are considering.
As experienced people, it's much easier for us, how to assess such risks but still, we can't know everything, too. Learning is a constant process and especially with technologies moving forward, there'll be other challenges coming up. Crypto is moving quickly. For example just comparing MEW (MyEtherWallet) from today's version to what it has been in their early days. It's completely changed, but worse (in Germany we say "Verschlimbessert"  :D). I'm missing their straigt forward design and functions from pre 2018, it's a completely profit oriented concept right now. Security functions removed for targeting dumb less experienced people, integrating shady 3rd party bullshit and abandoning their straight forward approach.
I'm still using MEW's pre 2018 versions offline and it's working very well, nothing compared to their bullshit updates.  :P


Yeah, that really sounds like scamming on purpose to increase profits for the exchange (as an additional revenue for the exchange  ::)).
I'm not an expert for exchange fraud but we've seen this from Bounties here on Bitcointalk not paying out promised rewards, exactly for the same reasons.  ::)


+1
For every move, there are risks involved.
Is it woth buying a shitcoin to make a quick buck or will it be a rug pull / pump and dump?
Do I really need to hold my coins on an centralized exchange to trade / buy / sell quickly, risking my coins being frozen / hacked or should I go for an easy HODL in my own wallet?
It's really important to make a wise decision here. For me it better safe than sorry.

---

Yes, you are right indeed.  :D
It's like travelling with Deutsche Bahn. Avoid the rush hour.  :D

Hello @1miau, I find this topic of your very interesting and I'd like to do a pidgin translation.

Hello, sokani  :)

Yes, you can translate my topic and I've already reserved your translation in my list:

Language	translated by	Title
___________________________	_____________________	_______________________________________________________________________
Nigeria (Naija)	sokani (reserved)	reserved (https://bitcointalk.org/index.php?topic=5221497.msg63100707#msg63100707)

When your translation is ready, feeld free to post a link here and I'll update my list.
Your effort is much appreciated.  :)

Translation is ready  :)
https://bitcointalk.org/index.php?topic=5477931.0

Hello sokani  :)

Many thanks for your time and dedication to deliever a translation for our Nigerian local board.  :)
After officially approving it, I've added your translation to my list now:

Language	translated by	Title
___________________________	_____________________	_______________________________________________________________________
Nigeria (Naija)	sokani	Why KYC dey extremely dangerous – and usesless (https://bitcointalk.org/index.php?topic=5477931.0)

KYC is staying a hot topic and to be aware how dangerous KYC can be is of very high importance.
Well done.  :)

With what is happening to mixers now which will most likely make them illegal in reality, where are we in this issue of KYC? How will people be able to safely convert from fiat to crypto and vice versa without passing through KYC?

Those that will suggest DEX, is there any way to convert fiat to crypto and vice versa? At the point of entry and exit, you will be required to pay with card or do wire transfer, both of which are KYC'd, by so doing, have you truly beat the KYC process?

@Sokani,  I made a similar comment in your translated post in our LB, there I narrowed my enquiry to our peculiarity in such as restriction on cards on FX and others. I will be happy to get a response there as well because many people might run into scam platforms trying to evade KYC, you should know how that will end.

Thank you so much 1miau. I'm overwhelmed by the responses from my local members, especially the newbies, as some of them did not know the danger KYC poses. Your article is amazing and indeed an eye-opener. With the message conveyed, I believe most persons will have a rethink, whenever asked to perform KYC on any centralized exchanges or services.

Already responded on the LB. Sadly, scams are one of the challenges of P2P trades, but it's still the best and safest opinion.

Hi @1miau, This is an important and useful topic and I would like to translate this to Urdu language for my Pakistani community. May I ? 

Hello

I'll quote my text from the OP here:
Unfortunately, officially reserving translations it not available currently due to previous abuses mentioned in Meta (https://bitcointalk.org/index.php?topic=5471131.0).

---

Happy to be of help here. Especially Newbies are well advised to read about the topic and to get knowledge about dangers tied to KYC. Hackers and criminals will keep targeting personal data and identity theft.
So, I'm also appreciating your effort very much for bringing this topic to your local board members.  :)
That's a big part of sharing our knowledge.

The issue here is the employee correct?

Its left for every crypto platforms to upgrade their KYC requirement tool, I don't want to believe that criminals can pass KYC requirement with stolen identity, if you believe that this is possible please share how they can maybe I can learn from you, any KYC requirement that's not live on camera it is not a strong one, and yes criminals and hackers can use stolen identiies to pass KYC on such platforms.

I remember when I was just starting out with crypto, I have no form passing any KYC requirement until I had no choice and I use my older brothers national ID card and it was successful, but fast forward to today I can't do such again because they are all live KYC requirement, where you can't upload any pictured identity, you are only left with using live video by camera to take picture straight away into the exchange.

---

I am in support of avoiding KYC by all means but its a matter of choice, if FTX SBF was running a decentralised exchange where no KYC is needed he can still pull his action on the customers one way or the other, this is the problem I have with Dex and anonymous way of getting crypto, if they decide to go bad they will go down hard on people.

You shouldn't doubt it, criminals have taken their scheme to a new level. They've a way of exploiting virtual cameras to bypass KYC and one of such ways is the use of AI assisted tool known as deepfake, which was touched upon in the article. However, If you want to know more you can read the article below and watch the Youtube video (https://youtu.be/t59gRbpYMiY?si=a6PrOSNl44fnH75s).

• How I used deepfakes to bypass security verification in a bank (https://www.finextra.com/blogposting/22795/how-i-used-deepfakes-to-bypass-security-verifications-in-a-bank#).

I want to tell you that AI is now doing the opposite of what we think. I was going through a Tiktok posts about some AI app that can give you voice cover and video of with any type of face you want but the App was a paid version befpore anyone can utilized it. It has a first time free use and the author actually did test this app to give you how to impersonate people and to be honest with you, people are using such bank apps to scam people and byepass some security checks even verify some banks account, now tell me how this cannot be used again to do wrong KYC verification.


I don't want to say I'm in support of FTX but more than half of crypto investors don't value privacy a bit because look at the number of traders and users on centralized and decentralized exchanges, we more of them on centralized exchanges. So if FTX has been decentralized exchange, it wouldn't have people like that as compare to centralized exchanges despite the not your keys or your coins that is been warned all the time.

If FTX has been a decentralized exchange, SAM FRIED BANKMAN wouldn't have been able to pull that stunt he did because a decentrantilized means the keys to coins belong to the customers and not in the hands of the exchange and according to what happen to FTX exchange, they used customer's fund meant to be held in their hot and cold wallet and that was how they went illiquid after enriching the politicians, his girlfriend and the circle of his friends.

On security wise i would agree with you have said but based on functionality i will disagree with you on what you have said. AI has been improving in various aspects of life rapidly of which the main reason Ai was introduced is being fulfilled. Of, course i believe you know that AI was introduced to support humans in whatever activities we want to do. It makes it easier and faster for Humans to achieve something when they use AI.

Now the question is who programmed AI? Yes, it is we Humans. So definitely it will follow the prompt, instructions and command we give to it unless it is out of its reach or range. What am saying in essence is that AI is literally doing what it is made to do, but the programmer, user of the AI is who command the AI to the opposite. A tool is being used properly but when it falls into the wrong hand it will be used for bad things.

Let us talk about the cybercrimes, hacks and other crazy things people use AI for. It was not basically designed to do those things. It’s always different though, when each one of us get to use the AI. We all have different intentions of which some are good, and some are bad. So we chose what we want to use the AI for, and when we chose to use it for the wrong purpose it's just like power falling into the wrong hands.

This is a typical example of what am saying. I heard this news one certain time last year. Perhaps the AI should be down by now. Also heard about the Bitcoin flashing AI for Coinbase and Trust wallet. Infeed these criminals are going extremely mile to suck the wealth out of every careless individual online and they adopt to every new technology of which AI is not an exemption.

I have read a lot of comments in the section and I am not surprised that everyone are saying the same thing about KYC verification, I have personally passed many KYC verification on exchanges myself and I don't regret doing it.

I am someone who likes looking at things from both sides, just because I don't like KYC verification doesn't mean it is nonsense, I am currently staying away from giving up my identity to any centralized exchanges but how about we think this way instead?

OP, this is for you, have you put yourself in the position of running a platform yourself? That can't do without regulation like running a casino? Or running a crypto exchange like Binance? Can you do away without asking your customers for KYC verification? Can you advice them to avoid passing KYC because its not safe? I will love to hear people's opinion.

If I may ask, do you mind reading the original post from the beginning to end? There are convincing reasons in the post to stay away from the KYC compulsory exchanges. I definitely understand your point as well and in as much as we condemned KYC, we can not completely stay away from it. KYC is not only unique to crypto, it's a common practice in the financial industry and it is used for some purposes. If you manage to escape in the crypto space, you won't escape it in the banking sector.

Actually, there are take home points in the post but truth be told, there's no balance of justice as regarding the KYC. The poster focuses on the negative aspects of KYC and reasons it should be totally discourage. KYC must surely have its own advantage in some cases but perhaps it was overlooked by the poster because the dangers overwhelm whatever advantages it has.

It's now a thing of choice. If you are still comfortable with it, you can go ahead. The post is not about preventing people from using it but rather enlighten them on the risk and danger associated with KYC. Your privacy is in your hands and you can choose what to do with it.

This is not addressed to me, but I also have a counter question. If platforms like eXch.cx have done it (not asking for KYC from their customers) for years, then why not?
It's not impossible to do. The biggest problem is actually greed. Most of those platforms start out good with a lot of incentives including promising their customer no KYC but after accumulating lots of money and looking to get more, they start squeezing their clients.

If there were an alternative to avoid KYC please share it here we are all ears. Because in my country it is impossible to avoid KYC unless it is a physical P2P transaction deal. Dont make it sound like we all are saying KYC verification is so bad. In as much there are disadvantages of it there are still advantages of KYC. But for me i feel like it has more of the disadvantages and that is why OP has shared it here so that people who are not aware would be aware of the dangers of KYC and play safe.


Perhaps OP, is still busy enjoying the New year season. Let me jump into these questions.

Yes, i just did. And i understand that the main reason why they made KYC mandatory is because they prioritize user's security and also respect   government regulations on cryptocurrency in the respective countries. Now this second reason is what i find uncomfortable with. Am curious to know what are the data they are sharing with the government and the tax authorities?

Like i said before if there was a means to bypass or avoid completing KYC it would have been better. User's information is important and it's a criteria to so many people to protect their privacy because they love to stay anonymous.

Well expect majority will agree to the risk about this KYC since there concern is really valid. There are lots of scams happening that's why a lot of people are so skeptical about undergoing on this process.
But so for many years of doing this I also don't encounter any issue so we can assume that we are fine here as long as we choose those reputable platform and we are totally safe for any huge risk that people are talking about.

The most important thing here is we should not submit our documents to any platform like Airdrop or any other centralized exchange which doesn't have any good reputation so that we will not put ourselves on any unimaginable risk that we don't want to happen to us in future.

I agree that KYC can be extremely dangerous. specially if it is done in the platforms where the money is involved.. But I think there are some legit businesses also who ask for KYC because they also have no other choice. they are forced by govt law inforcement agencies for that. IF they don't do KYC and don't provide required details to govt their services will be shut down.
I think consumers should avid doing KYC in multiple and unkown places. and minimize that as much as possilbe. for example by sticking with just one crypto exchange. using Non Custodial wallets, using DEX instead of CEX.

    I totally agree with you because your privacy is compromised and any body can easily use your personal official information to open fake account using your names and details to transfer (millions of money or investments) through an outside party to conceal the true source,  through fake crypto exchange accounts.

   KYC is determining identity of stealing specifically and a dishonest way to make money by deceiving people because create wider data base,and they assist scammers to be undetected which made an hacker  to buy KYC data and use it in verifying host of different cryptocurency exchange accounts  without being identified since the IP is hidden or obscured, it also helps in changing of accounts.
Making use of any KYC/AML service is a privacy threat today and future threats seriously .
   To avoid it ,it is better to make use of decentralized crypto exchangers instead of intervening to your privacy.

I am never a fan of kyc, matter of fact I find it really annoying whenever I am asked for kyc. Because I do not know exactly who is at the other end having access to my personal information and I do not have any control over it immediately I upload these information.
I quite agree with the OP, it really is a dangerous thing releasing your personal to the public under the guise of doing a kyc.

This is so wrong of you to say, because Binance has mandated all his customers to do KYC doesn't mean there are no other places to use. We still have some centralized exchanges that offer no KYC accounts and can trade peacefully without any restriction. Government involvement in crypto is not a good deal for everyone because of personal reasons and political reasons, it becomes a conflict of interest when the government get involved in anything, you don't want an Irak person's account to be closed because the US don't like him or because they suspected him of anything that threatens their national security, US is not the only species on this planet right!


If there is any way to turn back the hands of time, the centralized exchanges where I have done KYC I will remove them and close the account completely but it is too late for that because even if I deactivate my account, they have my details already and it will remain in their company forever, so it's like trying to live a plant that you have already killed, it is not possible to do that again. I still don't like the idea of centralized KYC platforms but if you are cool with it, don't encourage others to do the same because privacy remain the number one thing everyone should keep to their self, not for the public.

Nice article, artificial intelligence is making is taking another new dimension which could be a disaster in the feature if things are not modified. I have seen videos on how scammers are using different AI apps to generate videos and identy cards to present to there clients to synphone money from them. We need to be aware of various scams techniques so that we don't fall victim.
Exchanges too are making efforts to make sure that such attempt of fake KYC by users are prevented. This might be a serious concerns to exhanges during KYC.

There is also another AI tool "OnlyFake"^[1], it seems to be a complete package tool to help pass verification up to VIP 100x level. OKX exchange is one of the “victims” of this tool.
Unfortunately I haven't found the official site of this tool, I think they were taken down or actually don't operate on sruface web.

1. https://cointelegraph.com/news/ai-generated-fake-ids-pass-crypto-exchange-kyc-onlyfake

Recently there was another case highlighting the importance of that subject: KYC data of 5 million people (https://bitcointalk.org/index.php?topic=5358665.msg63930970#msg63930970) were leaked in El Salvador in early April. The culprit unfortunately was the Chivo wallet - it was already suspected before but yesterday the hackers also released the Chivo source code (https://cointelegraph.com/news/el-salvador-hacks-leak-state-bitcoin-wallet), confirming the suspicion. The data included photos and addresses, so it very much was one of the biggest desasters you can imagine.

I support the Salvadoran Bitcoin policy, but the implementation of the Chivo wallet seems to have been really problematic. There should at least have been a no-KYC option for those not wanting the Bitcoin "airdrop".

We can only consider KYC dangerous_and useless, only when the platform that you're ask to complete your KYC verification happens to be fake. However I think kYC verification is very important in terms of  crypto wallet so as to enable your assets to be secured, and it will be very heard for scammers to access your wallet.

Your reply is really surprising and I guess you didn't read the whole topic. You probably skimmed through it or responded based on the title. Op has taken time to explain why KYC is dangerous and why you should avoid it at all cost. I'd like you to take some time to read it for your own good. Also, incase you're not fluent in English language, at the footer are translations in other languages.

you are wrong here, many platforms enforce KYC but they are big platforms, not fake platforms, what is discussed in this topic is what will happen when the privacy data of users who register using KYC is exposed by irresponsible parties, still remember In the case of Facebook where user data was leaked, they were immediately summoned by the US authorities

what is feared happening with CEX is not only wallet hacking but also manipulation carried out by the CEX itself, such as the FTX case, they manipulate liquidity which causes many investors and traders to suffer big losses and lose their assets

I'd like to address this misconception. Securing a wallet is possible without any KYC at all. The platform simply can give you options which depend on non-personal data. For example, a one-time password generator is not problematic privacy-wise (think open source alternatives to Google Authenticator). Things like email or telephone verification are not necessary for account recovery, any way to communicate is possible, so for example also a decentralized solution, something like Bitmessage, ZeroNet, Mastodon or Nostr could be used for that task.

There's a twist though: If the scammer gets all your access data, then he can access your account and your coins or data. You may believe that if you then show that you are the "legimate" owner, providing state-issued ID documents for example, you could access your account again.

But that's also not strictly necessary. If all normal access data is captured by the imposter, but one single additional code is used for recovery and only for that purpose, stored completely separately (e.g. on paper or metal) and you can show it to the service, then your proof that you're the legitimate account owner is exactly as convincing as if you provide them a state-issued ID.

By the way, the OP was prophetic:
Chivo wallet (_all_ KYC data of almost all Salvadoran adult population exposed) is perhaps such a major KYC scandal. It's of course not good that it happend just to a crypto-friendly state, but it is what it is.