Bitcoin Forum

As the thread subject mentioned, I strongly believe the KYC documents requirement from the ICOs will open up a new area of scam to the world, much larger than the ICO itself.

Reason 1:
The basic idea of crypto currency is de-centralization and anonymity. I understand that ICO will have to comply with the regulatory requirements, but isn't it directly challenging the basic idea of crypto currency? If KYC is required for every ICO, then the whole idea of de-centralization and anonymity is gone. The ICO requirement should be the other way around. Means, every ICO should provide a proper KYC documentation to the public so that investors can be assured that they are not dealing with a bot or a child operating from his home computer.

Reason 2: (this is a big threat)
KYC means "Personally Identifiable Information" and it is a very serious level of data. Most of the governments have a very stringent rules against the breach of PII data, especially in USA. The SSN numbers of USA residents are traded in darkweb for $5-$10 each based on the details available. While most of the ICO owners are not identifiable to public (linkedin and FB profile can't be considered as valid here), they can secretly open up a secondary market for PII data, that will provide them an extra layer to their income. Most of the ICOs are not compliant with the infosec policy of many countries. No one is sure, what is going to happen with their data. It leads to a much larger future scam.

Reason 3:
It provides a big opportunity to the ICOs to deny the bounty hunters from their payment even after their promotional efforts. I am not sure we have already encountered some of these, but I am sure it will happen in future. I have seen no ICO bounty thread mentioned anything about the KYC requirement. There is no upfront communication. However, they may come back saying that KYC needs to be done before the bounty rewards can be released. That's complete miscommunication and cheating. If the ICOs can be upfront on their KYC requirement (which they are not), only bounty hunters and investors will join who can fulfill the requirement. The campaign managers needs to be upfront in this matter.

*While I don't know what needs to be done in order to regularize the first two reason, the third reason can be solved via upfront communication. Please share your thoughts.

The solution to the first problem is something that the market -- ie. ICO investors -- need to enforce. If people would actually demand proper documentation instead of simply throwing money at every shiny new project they see this problem wouldn't exist. No documentation, no funding. It could be easy as that, but fact of the matter is that most people don't really care all that much as long as there's a quick buck to be made.

The second problem is definitely the most interesting one. Given how much KYC data is being shuffled around in this space, I wouldn't be surprised if at one point gathering exploitable passport selfies becomes a core part of scammy ICO-based "businesses". I'm pretty sure most ICOs already break a bunch EU regulations concerning the gathering, handling and storing of personal data. But of course preventing possible attempts at small scale money laundering is much more important than protecting the personal data of private citizens. In practice I guess the solution is pretty much the same as with the first problem -- stop throwing money at questionable ICOs.

The third problem is simply scammy behaviour and indeed just needs honest up-front communication.

The second part is the major pain area. It is not easy to find a questionable ICO. Every ICO website is listing their facebook and LinkedIn profile details in their website. But that certainly doesn't assure the authenticity of their identity. Creating a fake profile is an easy job but it's not easy to fake a government ID especially when we have scope to verify directly from the government database. Since it is missing, we are not really sure to whom we are giving away our PII data. How they are going to prevent the misuse of that data!!

PII data can be sold in the market very easily. That's where I am very much worried. While majority of the ICOs are scam, how can we ensure that we are dealing with a real company and not with some scammer!!

Crypto..so called the world of decentralization and anonymity is now quite a lot regulated by acquiring KYC. I agree with OP that we are providing our most personal and sensitive data to ICO concerns without any authenticated KYC documentation which can lead us to a BIG scam in future.

While your concerns are valid, they may not be shared by a large number of ICO investors. Ultimately, the free market will decide how to solve this problem. If there are no investors in a project which asks for KYC details, then ICOs will stop asking for KYC documents. We need not fool ourselves that they are doing it only to satisfy regulatory concerns - they always have the option of raising money in a crypto-friendly jurisdiction.

I do think most will share those concerns, the third concern is only a problem for bounty hunters and the like, but the first two are extremely important, now investors are forced to identify themselves and the creators of the ico are still in the same obscurity as before, this will create resentment among investors and the second point is the most important, how are the creators of icos going to show they are in fact guarding the information of investors and not abusing it.

This is a very interesting thing to consider. On one hand you have ICO organisers looking to comply with what securities regulators are requesting and making sure that they do not have participants from jurisdictions that have banned ICOs, and on the other hand you have the security of the participants information.

The way I look at it is as another thing to consider when making an investment in an ICO. Would you be happy giving your information to this team? TBH if i didn't find someone trustworthy with my information then I wouldnt be sending them my money either.

I think overall that the introduction of KYC shows that ICO organisers are looking to comply and that is a good sign, of a team that cares and wants to do something so inherently has a degree of trust. But obviously looking further than that is required in the same way that you shouldnt throw money at a project after having watched a 5m youtube clip.

The number 1 thing in the cryptoverse is that your are responsible for your own shit, so take care.

I completely agree, but this is unlikely to happen. If ICOs weren't required to abide by KYC provisions, it could potentially be a hotbed for money laundering, which is already one of governments' biggest concerns with crypto. I'd even go ahead and assume that governments doesn't care as much for their scam potential as their money laundering potential. China likely banned them to prevent capital outflows rather than to prevent scams, for example.

That. China has been known for acting insanely paranoid regarding everything that concerns capital outflow, and let that be cryptos strongest point. Anyone can move billions in wealth to a different part of the world effortlessly.

One way or another, every country is purely implementing regulations to nurse their selfish hidden agendas. It has nothing to do with protection people and preventing the financing of terrorism and whatnot.

If people seriously believe governments act because they want to protect their inhabitants, they are just dumb. The government doesn't care about what happens to you. It's only out to protect itself from a threat called crypto.

Money Laundering is a subjective term. It is basically a way to cover the origin of the fund. It is a method of channelization and filtration of funds which are in question. But why a government is interested to ban money laundering? because it is a tax evasion method. But in the open world economy a person should be the supreme owner of his own funds without having to answer to anyone. Even this is not possible in this strictly centralized economy, but that's the basic idea of crypto currency, De-centralization.

I am sure the government is not worried about the KYC scam as much as they care about tax evasion. But I remember, someone mentioned that, let the free market decide the KYC requirement. If the ICO owners see that people are not investing in an ICO which requires KYC compliance, the owners will eventually move to the crypto friendly territory. But that would take a lot of time before it actually happens. In the meantime, the number of KYC data will flood the black market.

I know most of the people won't take this regulations very seriously because we haven't yet came across any serious and sizable scam by the ICO owners using our KYC data. It will start making sense to everyone, once something like it will happen.

How is it a subjective term? You were able to define it clearly and concisely. The origins of the money in question may be legal for all governments care, but money laundering itself is illegal, so there are no gray areas nor subjectivity there. Engage in it, no matter what your reasons behind it may be, and you will be considered a criminal.


I will say it again: I completely agree. Data has a premium nowadays, and it's indeed risky to divulge information to third parties. It's the same problem with other KYC services, who can get hacked and have their customers' info publicized. My point is simply that governments will not care enough to make this one-sided KYC thing happen; it probably should happen, but it won't.

I believe that data SCAM is  a possibility but the advantages of KYC and "remove" anonymity from this world is so much bigger that it is worth to risk.

Plus, if data will be sold at market rate 5-10 USD, whilst and ICO can aim at producing even 10-20 millions, selling data won't be more remunerative...   

As for the third reason, there are already ICOs that are doing that. They would require the bounty hunters to sign up to their site after the ICO because they would send their share of the bounty campaigns in the site's wallet. While the bounty participant is confident that he will be able to claim his bounty share, he is now discouraged if ever he don't have any verification documents for the KYC and there are even some ICOs in which you submitted the right verification documents but still rejected it so he would end up not being able to claim his share which is unfair because the KYC process was not disclosed at the beginning of the campaign.

However, there are some campaign managers that change their mind and did not require the bounty participants anymore to go through KYC process but will just directly send the shares to their wallet. It would be case to case basis then but later on, maybe all ICOs would require their participant to go through KYC process.

Giving such information can really lead to a scam specially when ICO created for that purpose. We have to be very careful when joining such ICO. This is supposed to be a decentralized market yet since people are trying to regulate such anomaly, cryptomarket are slowly getting centralized.

What advantage your are referring to?? I don't see any advantage in your opinion. can you please point it out?


Signing up to their website is OK, but asking for the KYC data after the end of ICO, is not OK and I believe it is a non-professional behavior. If an ICO would require their bounty hunters to submit their KYC, they need to be upfront. I still haven't came across any such instances where the bounty reward is denied due to the requirement of KYC data, but if it happens, they need to be tagged. Can you point me out to a list of ICOs those who are following these malpractice or even some reference?

if ICO operators want to avoid kyc then all they have to do is hide their jurisdiction. there are still ways and enough willing victims to go for it.

the handing over of personal data is going to be incredibly lucrative on its own. many ico operators have been proven to be completely unscrupulous. no way would any others get my data.

what they need to do is utilise a known and trusted verification platform like jumio to go through, even then i wouldn't be all that keen.

I am sure ICO operators will have to comply with some regulations, but I am worried about the mishandling of the data. Personal Identity market is really lucrative and pretty much active. in darkweb. A central repository like Jumio can be a solution for sure. They also have presence in various countries and the addresses are given in their website as well. That just should not end like Mtgox. First winning the trust of the market then do a scam worth billions.

I am not also in favor of this KYC requirement when joining ICOs. Exposing and submitting your personal data might put a person in a serious security threat. Your personal data can be used for personal gain of other people who handles it. And besides the whole idea of cryptocurrency being decentralized will be set aside.

With the advent of services like Onfido and Netverify (Jumio) for ID verification services, most new ICO's are making use of these to verify their customer's ID's which could seem relatively safe but we would still have to entrust our private information with them and the data policies of the countries in which they operate , but it's good to assume that if your data is collected through a Google survey form, like I've noticed a couple of new ICO's and cryptocurrencies doing there's a huge risk of ID data leak and this like you've mentioned is a matter of concern. Also, from what you've specified, most people would be definitely be hesitant to sign up for the ICO's if anonymity is of their importance.

Continuing to this I had a question - If the purpose of collecting the KYC information is to justify a lawful operation of the ICO or their business, then would it makes sense to continue using such 3rd party services to safely collect KYC information and verify them?

Comments.

Reason 1:

It would really remove the decentralization matter if documentation have been asked by these companies yet we do know that we do like on being anonymous here in online world but such regulation do made these changes on where those companies originated to would really need to comply such rules.


Reason 2: (this is a big threat)

Risk would be always there on having leakage on such informations which we don't really know on how those informations being secured or might really be used into other purposes.This is why its our choice if we can handle or ready for the risk or not.

Reason 3:

As of these days I haven't seen such requirement for those bounty hunters that they would need to comply KYC rules on claiming their bounties but I do agree that it would really be seen sooner or later.

This is something I've been thinking about because it's a real problem.  I have some ideas but there's no perfect answer to the situation.

Here in the United States we have legal requirements for Know Your Customer / Anti-Money Laundering / Countering the Financing of Terrorism.  I certainly understand the reason we have these regulations in place, but when you apply the same principles as used in legacy banking and finance to the world of crypto assets, new problems emerge:

• How do you know the ICO is who they represent themselves to be?
• How do you know the ICO is going to safeguard your PII?  They could be careless and it could be stolen through a hack, or they could be malicious and sell the information or use it directly to steal your identity.  Sad to think about, but some of the ICOs are full-out scams.
• What happens to your information if the ICO fails, shrivels up and dies?
• How do you still comply with the legal requirements while implementing a trust-free model?

The answer I come up with is to have a trusted party conduct the KYC and make attestations to ICO issuers.  But, I don't like that idea because it has a point of centralization that could abuse trust.  So, I'm thinking about a decentralized way to do it.  Potentially something like, go through the KYC gamut with your primary exchange, be that Binance or Coinbase, etc., and then they would be able to issue some type of credential that ICOs would accept as KYC verification without having access to all of the information directly.  Potentially even non-exchanges could provide this as a service.  If done properly, you as a user would be able to approve what information they are able to access, on an ICO by ICO basis (or any other entity that was using the system, for that matter).  Somewhere in this concept a user would have to place trust in someone, someone must actually perform and verify KYC, so I figure the best place for that trust to be the exchange they already have a relationship with.

Facebook has something like this in how they implement third-party app permissions (as does Android).  They have a basic permission that allows them to get basic information, and then if the app needs more information, like your social graph, or the ability to post, etc. it's another "confirm/decline" decision for the user.

I think something like this could be the way to go, but it needs an open standard on conducting the due diligence as well as a software interface to accessing the information.  It's an idea that's been in my mind as something that we should look at through BTRIC Institute.

I believe if done right it would reduce fraud.

Best regards,
Ben

That's a concern for sure! We have seen instances where ICO owners are caught using stock photographs of little-known models and used in their website as the ICO owners. I am sure there are more such ICOs. Even though some ICOs are upfront about their owner's identity, majority of them do not bother to provide the same and tries to mask them. One such instance,

https://bitcointalk.org/index.php?topic=2979889.0

You can easily understand what will happen if you provide your KYC data to such scammers! Probably you will be seen as their next owner. The only way to counter this is to be vigilant and thorough research. 


There is no way to know that. As I have already mentioned in the main thread, that KYC is a very serious level of data and has a big underground market. It's very easy for anyone to sell out that data to get some extra income. I am not particularly worried about the hackers because majority of the ICOs are scam. If your data lands in the hand of those scammers, the repercussion can be huge. We are not able to understand the threat just as yet because a sizable scam didn't happen in recent past. My thread will start making sense to a lot more people if any such scam happens. 


Again a gray area! I have no idea hence this brainstorming!


I don't think it is possible in any way. Complying to government regulations for having a trustless and de-centralized business model, is directly opposite to each other. But I believe government needs to step in here to provide a proper framework for the ICOs operating from their soil. On 16 Feb, Swiss regulator FINMA provided a very basic framework for the ICOs operating from their country. While the main framework is not very extensive and have many opportunities to improve, I like the part where all ICO owners need to submit proof of their identity to the government. The pdf can be obtained from the below article. Click on the "guidelines" hyperlink. 

https://www.coindesk.com/switzerland-will-treat-some-icos-as-securities-finance-regulator-says/

Go to page number 9 of the PDF where it has given the directives to the ICO owners on the data they need to submit before opening an ICO in their country. That's a welcoming move. At least the government will have all details of the ICO owners. It will significantly reduce the possibility of scam. But that doesn't really apply for the trustless business model.

So to your question, I have no idea. But such kind of framework can help bring back the trust within the ICO market and reduce the risk of investors.

 

While I will not directly condemn the use of KYC from ICOs because of the regulatory requirement, the concern is the whole of ICOs asking for it if they are all doing it because of regulatory requirement of if its because they are doing it for their own primary purpose or joining the bandwagon and if they are asking for regulatory purpose, the question to ask is who is then the body doing the regulation?

Today, virtually all ICOs coming out today, wants use to join the 'whitelist' even to those developers that don't even know what it means to be on a whitelist which to me is not even relevant because majority are even trying to meet the Soft cap not to talk about the Hard Cap and if they cannot raise the required amount, it then means that the project would likely be abandoned and the question again is what happen to the data collected by those that joined the 'whitelist'?

I agree that this will bring about a new wave of scam because information gathered can then be sold to those who wants to use it to spam, generate an email to ensure unsuspecting individuals just click and then becomes vulnerable, specific emails because their target audience mails have been gotten already.

While for some the point of cryptocurrency is anonymity, the reality is the real value for most it is reducing barriers and serving the underbanked. True anonymity is only a nice to have for most. For the larger ICO market that spans beyond cryptocurrency, blockchain is opening up a new economy of doing business - with reduced barriers. Certainly businesses are motivated to know and serve their customers as it is a primary marketing tool and feedback loop. For those that seek anonymity, products and services will emerge for them. For most businesses, they will naturally seek out KYC to many levels for marketing purposes and to ensure they are not an accidental front for money laundering, and to ensure business continuity in the face of regulation.

The security perspective to prevent hacks like Equifax is something we need to develop better practices and technologies for to safeguard. I see some companies out there doing some work to this end already, for instance the co-founder of Ethereum has a company Consensys (https://new.consensys.net/ (https://new.consensys.net/))that appears to be working on these issues.

The real answer is while technology (and cryptography) can help secure investors, there will never be an excuse to not do your own due diligence. Never share your private info with someone you don't trust.

I agree that the verification of KYC by the companies conducting the ICO is quite a big and urgent problem that is waiting for its immediate solution. Neither investors nor members of the generosity campaign can be sure that their personal information and copies of passports will not be used for any unlawful purposes. It's no secret that among the ICO companies there are a lot of scammers and transferring their identification data and copies of passports in such a situation is very dangerous. Regulatory authorities, if they require the collection of such information, must guarantee at least that such ICO teams will not be fraudulent.

From my observation so far here in the forum and from the bounty campaign which i have participated in the past , i believe that your submission number three is one of the main reason why ICO and campaign manager will required participants to provide KYC . This help the manager / ICO to identify bounty Hunter from countries that are not qualified to participate in campaign.

KYC is a Bank structure. Do you believe that they will only fight fraudsters? I have a friend. He is from Ukraine. It cannot pass the KYC check on THE cex stock exchange.IO. I have not heard that Ukraine is on the list of banned countries. There are no sanctions against this country either. Where is the guarantee that this mechanism will not be used against the ICO?

I can say aside the exchange site that I see the need to have a KYC policy in place other are just making life difficult and more of repitition of functions. Every investors in ICOs wants to buy when its worth is low then sell when its high but that is not possible without exchange sites which means when the exchange sites insists on KYC there is no reason why any other body and not iCOs to say the least requesting for KYC. It defeat the entire purpose of anonymity.

Decentralized market is slowy changing and KYC is the first step to define it. Though KYC is really for the protection of every investors, I still believe that if you give too much information from any ICO, your personal information is on risk and may result to a scam.

The whole point of crypto and also (security) tokens IMHO is that they are highly portable bearer instruments

Most stocks and of course bank accounts are registered securities, and not portable either, so you cannot own them. Same with real estate. All those things must be considered borrowed; the government lets you use it ... until they decide to punish you for whatever reason.

So today, if government goons talk about KYC and AML, they are the bad guys, not the good guys.

Steve "Batman" Mnuchin and all the SEC/Fincen/CFTC/whatever are not concerned about investor safety, they are concerned about the modern version of the Swiss bank account.

https://www.bloomberg.com/news/articles/2018-01-12/mnuchin-warns-against-bitcoin-becoming-next-swiss-bank-account

In Nazi Germany, Jews were persecuted. And what they considered to be their property, was seized. With the exception of the money that was sitting in Swiss bank accounts. How can property, ownership, and privacy be marketed as something negative? How insane has our society become?

The KYC/AML craze is a reversal of evidence, it is turning everyone into a potential criminal from the first second of a business relationship! It is pure communism/stalinism; KYC/AML is very un-American; I wonder what the founding fathers would have to say about today's regulatory landscape.

There is no point in registered or "KYC"ed crypto or ICOs, none at all. I would not spend a penny on them.  >:(

Btw. if this was about investor protection, no KYC would be needed for that at all, just scrutinizing the ICO's. Mind you, Gox had KYC, Madoff did KYC...., Enron shares were registered securities with full KYC, the list goes on and on ;D

Hi leopard,

I completely agree that the place the standards need to be applied is in ICO/ITO issuers, to rate their quality, security, and really evaluate the project potential in a standardized manner.  So many scams out there.  In addition, I also believe standards should be applied to crypto businesses such as exchanges.  When you're dealing with electronic money or other cryptoassets that can be stolen just like someone breaking into your house or business, it's important to know that the exchanges have in place best-practices for security.  Most people wouldn't trust a million dollars to just be sitting inside of their shed, with no security to speak of besides potentially a padlock.  With cryptoassets, we are talking about much more value than $1 million in many cases, trusted to businesses with unknown security.  Some do a great job, some are horrible.

My organization is looking at having a set of 1.0 standards during April.  The first draft will be published to GitHub soon and public comment and participation is welcomed.  It's all open, usable by anyone.

Voluntary standards can improve on this situation.  No standards would be forced on anyone, but voluntary standards can become "expected".  They need to take into account the unique factors of the various different types of cryptoassets and other businesses.  It can also help us stave off government regulations, by demonstrating self-regulation.  They're going to stick there noses in this field whether or not we want it, but I believe that there's ways to encourage "light touch" regulations that don't stifle innovation.  I agree with much of Coin Center's position on regulatory matters, but there's some areas where I believe a more permissive approach is needed.

As far as KYC with ICO investors, I believe the current framework that is basically bolted on from the model that banks use is inappropriate for many/most "ICO" investments.  There may be exceptions, but the more we go down the "securities" path, the more concerned I become about heavy regulation that will favor large financial institutions and hurt new entrants and small, but innovative, organizations.

Best regards,
Ben

I think that ICOs don't have a choice...if they will not collect KYC then they can be blamed to take money from potential "terrorists".
also there can be a problem in the future to list in a "good" exchange if not collect that date. Maybe I am wrong.

Yeah, as we see the U.S. definitions evolve -- not through regulations but rather by court cases and letters to Congress (novel way that will probably stick until/unless Congress gives them additional legal authorities), it's clear that a crypto-centric SRO needs to get organized or the large financial institutions are going to run the tables.

They're basically pointing all exchanges at FINRA which is legacy finance's largest SRO.  Good luck with that.

I'm thinking on this issue and am going to reach out to a bunch of people/organizations.

Best regards,
Ben

I don't understand such prohibitions. Well let's say the man stole the money. He can always keep them in cash. If he invests them in ICO, they will work for the country's economy. I think that's the best option. Of course I am against organizing an ICO for the production of an atomic bomb. But any legitimate activity must be supported.

It's all about "money laundering and terrorism financing" is what they say.  The reality, a lot of it is about tax evasion.

Many, but not all, people in crypto already "trust" at least one entity with their KYC information, that being an exchange that allows buy/sell to their fiat bank account.  I think these organizations should work together on a model KYC policy that if you're known to one member of the group, it can be attested to that your KYC is on file.  A decentralized way to accomplish this would be nice, I've sketched out some ideas.

I've seen some third-party ICO's that are trying this angle, but it might be better to go to the exchanges and see if they'll get on board.  I've had to do similar work before to track traceability of food, different providers made certain attestations that were relied upon without actual transfer of the information in 99% of cases.

I'm looking into this because it's definitely becoming "a thing" from the regulators perspective.

Best regards,
Ben

Yes, it would be great if only one entity had request KYC info from a user with periodical updating and then share that info with another entities authorised by a user to share such personal info. It would safe a lot of money for the crypto industry and speed up its growing.

Such 'one' entity could focus only into the protection of that data.

That's the plan.  Though it's not "one" entity in that it's a centralized point.  It's the one entity that YOU trust, which may not be the same as the entity that I trust.  All of the entities will be following the same rules for KYC, in federation essentially.  I don't want it to be a single, solo entity because that gives them too much power and control.  But sure, a few leaders that have earned trust for safeguarding the information would be the probable result.  But there's nothing stoping a new entity from coming into the field.

I have this on the drawing board, I want to make something of it.  I believe it would have great utility across the crypto field, and I've spoken to attorneys that believe if it was designed in the right way it would be fully legal and compliant.

Best regards,
Ben

After the appearance of such a regulator, the basic rule will be violated is decentralization. Very bad intentions can be concealed under a good pretext. Money and power spoil people. Who can guarantee that this body will not eventually turn into a repressive apparatus? I think I need another solution to this problem.

Document provided in ICO's for KYC completion may create some chaos if the ICO Team is fraud. We should never share our official documents on any open platform for KYC like telegram etc as it may create more problems for us. We should always submit the documents as per the process decided by the co. which is usually confidential.

The ideal scenario is that a business you already trust, such as your fiat/crypto converter, has performed KYC as a part of your account onboarding with them.  Then they could participate in this pool and they would be the place you already trusted.  The data itself would be decentralized and in the custody of that business, acting as a KYC trustee. 

Working out some details related to different KYC jurisdictions.  Also have to sketch out under what conditions the information would be released, such as judicial order, etc.

KYC goes both ways in some sense.  Personally, I hope it eventually goes away entirely, or nearly entirely, but while it's necessary, I'm trying to find a way to comply that is as easy as possible for everyone involved and balances privacy issues.

I'm looking at Visa's model, they require KYC be done by banks in order to issue certain products as well as for merchant processing services.  They have to deal with different KYC requirements all over the planet.  I'm applying to that the FinCEN guidance on KYC but making it a more even system.

I also believe that ICOs should have to do KYC type verification so that you know who you're investing in.  The other day there was an ICO people were memeing on Twitter that used Ryan Gosling's picture as one of their team members.  That crap has to stop.

Best,
Ben

There's a risk when we give out personal information to an ICO however it should still be part of the process. It would be truly chaotic if the ICO is an information phishing scam because the information they have gathered may be used against you. Investors must have some user protection upon submitting the KYC requirements. Having KYC requirements may be attempts to avoid money laundering or tax evasion but the investors should have protection along with it.

You right. It should be decentralised BIG board of independent people who can confirm the identity of every new person.
For example, a person who wants to be verified (and pay for that 10 tokens)-> put request into the system with time and place when he want to present its original docs->> the system automatically figures out the nearest ALREADY verified people and offer them 9 tokens for the completing verification of that person (come to the predefined place and time). smith like that-)

It should really be confidential but the big question is,if those companies asking documents are legit ones? or they would keep those documents in private and secured.If we do sent out any documents to other parties then we are not really assured that they wont leak out.For all investors out there where engage into ICO that do require it better to be careful on sending out informations towards your identity.Just submit those thing on your own risk,if you cant then don't invest to them.

The requirement to pass the KYC test from the ICO companies is really a big problem for investors in such ICO campaigns, as well as for the participants of the generosity campaign. Of the 902 ICO campaigns conducted last year. about a third turned out to be fraudulent. This means that if these ICO companies demanded the provision of certain identification data and copies of passports to investors and bounty hunters, these persons transferred them directly to criminals. The problem is that nobody checks the participants of these companies and they try to collect such personal data. This is in any case wrong.

A serious problem is that. that ICO companies are beginning to require the provision of identifying information and copies of documents to the signatory campaign participants at the stage when the ICO campaign has already ended and it is necessary to pay counted tokens. After presenting such requirements to the participant of the signature campaign, there is no longer any right to provide such data or not. If they refuse to provide them, they simply do not pay the earned tokens. I believe that such requirements are presented at this stage in order not to pay out parts of the campaign to the signatures of the tokens they counted and then assign them to themselves. Practically this is a common fraud.

Yes, I agree that KYC information after you've performed work for them by participating in a bounty campaign or other promotional effort is outrageous.  Sounds like they're just looking for a reason to say you failed KYC and deny you the earned bounty.  I am concerned about the exchange of any unnecessary information whatsoever.  If an ICO is doing KYC I can understand that, especially given the current regulatory mess.  However, if they need to do that on bounty participants they should state that up front and do it in advance.

I've had my identity stolen twice in my life and it is not fun to say the least.  One time was, unfortunately, an ex-girlfriend, which I suppose I could have prevented though I had no way to know she'd turn out how she did.  The other person was apparently a federal prisoner and I only found out because the IRS put a hold on my tax filing because they'd already processed one from someone else with a return address of some prison in Arizona! (I live in New Jersey.)  Now I have to go through extra measures every year when I file my taxes, but I guess it's "for my protection".

Doesn't make me like the IRS any better, lol.

Best regards,
Ben

I had created a POLL on that issue...it's very interesting what people think: give personal info or not to the start-up during ICO.
Participate too: https://bitcointalk.org/index.php?topic=3105224.0

That's exactly what I have mentioned in the point number 3. I have seen ICO bounties are not upfront about their requirement of KYC documents. I am active in few bounties and till date I didn't face any issue about the KYC. I always join the telegram group of the ICO and ask the admin of the group about the KYC requirement of the bounty participants. I only join the bounty after I get confirmation from the admin about the KYC requirement. Till date I have seen a very few ICOs are asking KYC from their bounty participants. Majority of them are not asking for KYC from the bounty participants. So it is somewhat OK as of now.


Lol! So you know how it feels when your identity data is misused by someone unauthorized. That's exactly I am trying to say to the community. Since you are from USA, you must be knowing that SSN data has an underground market. A lot of offshore call centers are associated in buying and selling of KYC data of USA people. But when it comes to ICO, no one is sure about their identity and the future usage of your KYC data. Till date, I have't seen a big scam surfaced from the ICO market on KYC data, but it may happen in future. So it's better to take precaution. 

I think the very first argument is something you just can't accept. I understand cryptos have that basic idea of anonymity and all but still whatever you say it doesn't really has the capability to turn the whole empires. You can expect cryptos to be used in normal day to day procedures but obviously government wants your data to keep every kind of control on you. The second point is just the biggest argument against this KYC scheme. There is probably no security measure that ICO owners take to keep a check on the security of KYC data so its a big concern.

Experienced it in the past, before they say that immediately after the TGE happens everyone who bought in their ICO will receive their tokens. But after the TGE happens they announced in their website as well as their Telegram group that they will instead manually distribute their tokens which they are now requiring KYC, this is a really big catch in which they have not announced it earlier. Basically what happens is they are trapping you with only one choice as if you don't give your information and necessary requirements they are talking about you wouldn't receive your tokens you have bought from them.

Changing the rules after the game is wrong. For me it is a sign of a Scam. Probably the tokens of such ICO will not have prices. So you won't lose much if they don't give you tokens. But it seems to me that the duty to fight crimes is the duty of the state. ICO and cryptocurrencies don't have to accept the rules of this dirty game. KYC rules should not be accepted in the cryptocurrency community.

Governments keeping the KYC data and ICOs asking for KYC data are two very different scenario. Government is the owner of your KYC data because they issue your ID cards, so they ask for it, it's normal because we are assured about its security. But when an ICO does the same, there is a concern because we don't know about the identity of the ICO owner, neither we are sure about the usage of those KYC data. Identity theft is a big crime and can lead anyone to a big mess.



These are signs of scam and unless someone have bought significant amount of tokens, they should accept the loss instead of trying to get the token by providing the KYC data. Because if a company is not upfront with their communication, they don't have any business ethics. They are likely to mess up big time at any point of time. So your investment will be gone in any ways. 

We need to have services like Jumio or Onfido in this field. Where the investors will verify their identity and get an ID number. Now they can pass on that ID number to the ICO companies they are investing. The ICOs will be assured about the identity of that person but will never have the documents in their hand. That is one solution that I can see to overcome the KYC risk as of now.

I agree, but decentralized.  Get fiat/crypto conversion exchanges (that you already give your KYC anyway) to work together on a common KYC standard that they all benefit from and contribute to.

This is how I think it should be done.

It's a pity, that this is not what we'be been expected. At all.

Working out a common standard is a big pain and some company or the community leaders will have to take that initiative to work out a common ground. Being decentralized in nature, it will still have to face credibility issue similar to what we are facing now with ICOs. That's what the pain point is. We are OK to provide our KYC data if we are absolutely sure about the identity of the opposite party and his intention. This is hard to achieve.