USBitcoinServices.Com (OP)
|
|
January 28, 2020, 05:31:47 PM Last edit: January 28, 2020, 06:06:26 PM by USBitcoinServices.Com |
|
We know that centralization is a big problem for society these days, because of its many issues like bureaucracy, inefficiency, corruption, manipulation, data privacy, steal and sale of private information, etc!
KYC is another issue because nobody knows where their info will be ended and who will see it or use it.
The problem with KYC is who is asking for it and what use they will give. There should be a KYP (Know your provider) so far we don't have such a thing! and nobody is thinking about it!
The first step before doing our KYC, we the users should apply KYP and make sure we know who is holding our personal info, the people behind centralized companies need to have their full names and id publicly, they need to be accountable, and transparent. after that, we should proceed to do KYC.
Clever ideas?
|
|
|
|
avikz
Legendary
Offline
Activity: 3262
Merit: 1531
|
|
January 28, 2020, 06:55:24 PM |
|
Do you have a list of details which we must know about our providers before conducting any business? If not, let me give you one,
1. Legal name 2. Tax ID/SSN/PAN 3. Registered address 4. Details of grievance redressal officer and escalation matrix
Can you think of aything else? Now lets assume the company sells off your data to a third party. What extra will you do apart from going to the consumer protection bureau? Let's be practical!
|
|
|
|
USBitcoinServices.Com (OP)
|
|
January 28, 2020, 07:56:52 PM |
|
Do you have a list of details which we must know about our providers before conducting any business? If not, let me give you one,
1. Legal name 2. Tax ID/SSN/PAN 3. Registered address 4. Details of grievance redressal officer and escalation matrix
Can you think of aything else? Now lets assume the company sells off your data to a third party. What extra will you do apart from going to the consumer protection bureau? Let's be practical!
Don't have any list, this is just a general idea first and sees how it develops with the input of many other clever, thinking, creative minds here! For the first one you suggested, it should be for both physical person full name, and company/corporation names, and if it is a corporation or business name, which it has a big list of all its members behind, which normally companies have always their member's name hidden, which need to be always upfront available to anyone to verify who they are. For the second question about what to do when a company is selling people's data... As we know we are still in a new field, where there are few options for the clients to do when things like that happen. But I am sure this will soon be different if people keep talking and bring new ideas to stop the abuser from selling personal data!
|
|
|
|
milewilda
Legendary
Offline
Activity: 3290
Merit: 1156
|
|
January 28, 2020, 08:22:30 PM |
|
Can you think of aything else? Now lets assume the company sells off your data to a third party. What extra will you do apart from going to the consumer protection bureau? Let's be practical!
Theres none for sure and after such complaint.Then whats next? This is why its a total waste of time if you do pursue or trying to fight on. KYP is good but pretty sure that majority of those providers wont surely comply nor wont mind on such request.
|
|
|
|
philipma1957
Legendary
Offline
Activity: 4298
Merit: 8823
'The right to privacy matters'
|
|
January 28, 2020, 09:44:47 PM |
|
Can you think of aything else? Now lets assume the company sells off your data to a third party. What extra will you do apart from going to the consumer protection bureau? Let's be practical!
Theres none for sure and after such complaint.Then whats next? This is why its a total waste of time if you do pursue or trying to fight on. KYP is good but pretty sure that majority of those providers wont surely comply nor wont mind on such request. Then simply boycott anyone asking for kyc if they don't offer kyp.
|
|
|
|
jseverson
|
|
January 29, 2020, 01:47:51 AM |
|
The problem with KYC is who is asking for it and what use they will give. There should be a KYP (Know your provider) so far we don't have such a thing! and nobody is thinking about it!
The first step before doing our KYC, we the users should apply KYP and make sure we know who is holding our personal info, the people behind centralized companies need to have their full names and id publicly, they need to be accountable, and transparent. after that, we should proceed to do KYC.
I'm not sure if having their ID public is a good idea, and it certainly isn't as fair as you suggest. Your KYC details aren't made publicly available and neither should theirs, unless they freely do it on their own. But hey, ironically enough, they do need to provide all of these details if they follow legal procedures in setting up a business, meaning you should be able to get a hold of SEC (or your country's equivalent) to be able to verify the details of their registration (or if they're even properly registered). I'm not sure if they'll tell you the names of the heads without a legal proceeding underway, but those details will be available to people who can hold them accountable anyway (i.e. the authorities). It is a good idea, however, to get to know who will potentially handle your data, so you should always do KYP anyway; except IMO more on what they do, how reputable they are, etc., and less on their personal identity which you won't be able to do anything with anyway.
|
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1598
|
|
January 29, 2020, 09:19:08 AM Last edit: January 29, 2020, 09:30:06 AM by 20kevin20 |
|
Know Your Customer, Know Your Partner. What comes next? I think we should be looking for ways to stop this KYC policy instead, as in my opinion it only does more harm than good. Look around what's going on with the platforms using KYC and see for yourself. Bittrex basically confiscated my funds by enforcing a mandatory KYC verification post-deposit. I only care about the safety of my funds, and KYC lowers the safety of them a lot more than lawmakers might've expected. KYP wouldn't make things fair for both sides. What would knowing who's behind Bittrex help me with if they've confiscated my money thanks to KYC? It's exactly the same thing, but more privacy is invaded. Instead of making things better, it would make them worse. Instead of adding this policy, I would work on changing the KYC first so stealing of funds won't be legal anymore... because KYC basically makes money stealing legal. Fair? Obviously not. Then simply boycott anyone asking for kyc if they don't offer kyp.
If KYP would be implemented, platforms would offer it from registration phase. And then it would function just like it does right now, without KYP implemented.
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3108
Merit: 2177
Playgram - The Telegram Casino
|
|
January 29, 2020, 10:42:28 AM |
|
KYC is another issue because nobody knows where their info will be ended and who will see it or use it.
Y'all need proper data protection laws. GDPR got a lot of flak for forcing people to cLicK aWaY uNneCesSaRy cOoKie wARnInGs but it's the sort of legislation created for redeeming exactly that. For EU citizens there's the Right of access, which includings, amongst other things, information regarding: the recipients or categories of recipient you disclose the personal data to [...] the safeguards you provide if you transfer personal data to a third country or international organisation. (yes, I'm aware of the irony of quoting a UK site just a couple days short of Brexit) Apart from that, if you're tired of using opaque and untrustworthy exchanges... stop using them. It's a free market, there's plenty of alternatives out there these days.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
mocacinno
Legendary
Offline
Activity: 3570
Merit: 5233
https://merel.mobi => buy facemasks with BTC/LTC
|
|
January 29, 2020, 10:48:01 AM Merited by vapourminer (1) |
|
Well, avikz's list is a good start, but what interests me the most is what they'll do with my data: - How is it stored (which medium, firewalls, unrouted networks, which database vendor, which OS,...)
- Where is it stored (which countrie(s), where do they keep their backups, is there a guard in the datacenter,...)
- How long will it be stored (x months after transaction, forever,...)
- Who will be able to access my data (all employees, certain employees, only the person in charge of KYC, partners of the company, anybody giving the company money, everybody in general, a 3 letter agency without a warrant,...)
I'd like this info from every company i give my info to... And it should be verified by a trustworthy thirth party before i believe anything they say. Far to often i've heared from companies that keep sensitive data in a web accessible relational database on an unpatched, unfirewalled system... I've seen companies keeping their backups on a public accessible ftp server (with an old, vulnerable ftp daemon). I've even seen companies that had backupsets that were available on their website (backups taken with phpmyadmin into a remote accessible path that were not moved to safety after the backup had run). In these cases, it didn't even matter if you knew the legal name of the company. Sure, you'll have someone to drag to court, but the harm has already been done. I'd rather not have to sew a company than getting some money from them because they lost all my private information and it's now for sale for a couple bucks on some darknet marketplace forever....
|
|
|
|
USBitcoinServices.Com (OP)
|
|
January 29, 2020, 02:49:05 PM |
|
Well, avikz's list is a good start, but what interests me the most is what they'll do with my data: - How is it stored (which medium, firewalls, unrouted networks, which database vendor, which OS,...)
- Where is it stored (which countrie(s), where do they keep their backups, is there a guard in the datacenter,...)
- How long will it be stored (x months after transaction, forever,...)
- Who will be able to access my data (all employees, certain employees, only the person in charge of KYC, partners of the company, anybody giving the company money, everybody in general, a 3 letter agency without a warrant,...)
I'd like this info from every company i give my info to... And it should be verified by a trustworthy thirth party before i believe anything they say. Far to often i've heared from companies that keep sensitive data in a web accessible relational database on an unpatched, unfirewalled system... I've seen companies keeping their backups on a public accessible ftp server (with an old, vulnerable ftp daemon). I've even seen companies that had backupsets that were available on their website (backups taken with phpmyadmin into a remote accessible path that were not moved to safety after the backup had run). In these cases, it didn't even matter if you knew the legal name of the company. Sure, you'll have someone to drag to court, but the harm has already been done. I'd rather not have to sew a company than getting some money from them because they lost all my private information and it's now for sale for a couple bucks on some darknet marketplace forever.... That is a good list, and I am sure that at some point in time there will be some blockchain projects using smart contracts in order to set all these questions into a contract, so clients and providers can benefit from settle down the basics of protecting users with data privacy, and enforcing KYP at the same time. Right now we know that doing the process of KYC is a pain in the ass.
|
|
|
|
CryptoBry
|
|
January 30, 2020, 02:04:08 AM Merited by vapourminer (1) |
|
Once a business is legally registered, all of its information can be found in government agencies where they got their legal status to do business. I am sure those data can be retrieved by anyone asking for it. Now, what we should be worrying are illegal firms pretending to be legal and have more chance of dealing with the information from their customers not accordance to the law existing to protect data misuse. However, I think the idea of KYP has no chance of progressing so it is all up to us to do our due diligence and use our right to choose the providers whom we think are behaving well, though admittedly that can be a difficult one to determine because even famous names online are also mismanaging data of their own customers and users (remember Facebook?). Data gathering, handling and management will always be an issue all because we are already in the data era and data can be a good mine for money and can have big potential economic power one can use well or abuse.
|
|
|
|
sunsilk
|
|
January 30, 2020, 08:18:43 AM |
|
It's a good idea you know, it's the first time to hear/read that we're going to demand it to the providers or businesses that we want to use. But basically, they wouldn't do this kind of compliance just for the sake of a customer and that is why they have "About Us" and it's the least that they can provide.
I highly doubt it that they will provide those important details about them such as #2 given example of avikz but the rest including the address, name, company's organizational chart and other details that can be publicly displayed can easily be asked to them.
|
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3015
Welt Am Draht
|
|
January 30, 2020, 01:45:16 PM |
|
In this scenario use your common sense.
I'm fine doing it with somewhere like Coinbase. It's not great but at least I know they're vaguely competent.
I would not be fine doing it with some piece of shit airdrop on here or any shitcoin exchange.
As for them giving you their details, that ain't happening.
|
|
|
|
1Referee
Legendary
Offline
Activity: 2170
Merit: 1427
|
|
January 30, 2020, 11:18:08 PM |
|
I'd rather not have to sew a company than getting some money from them because they lost all my private information and it's now for sale for a couple bucks on some darknet marketplace forever....
That makes sense. I have been looking at how trustless exchanges on Ethereum work and I have to say that I'm very impressed with the state of the whole ecosystem. It's so easy to exchange one ERC20 token for the other on one of the several dexes that I hope to see Bitcoin adopt some of these features as well. That's how you make centralized exchanges asking for KYC and whatnot obsolete. It has been the goal for many people since the very beginning and it's getting closer and closer, but it seems that Bitcoin itself has still a lot of catching up to do in order to stop seeing the gap with Ethereum widen further on that front.
|
|
|
|
USBitcoinServices.Com (OP)
|
|
January 30, 2020, 11:46:45 PM |
|
In this scenario use your common sense.
I'm fine doing it with somewhere like Coinbase. It's not great but at least I know they're vaguely competent.
I would not be fine doing it with some piece of shit airdrop on here or any shitcoin exchange.
As for them giving you their details, that ain't happening.
So far costumers are used to providing personal information without demanding their providers for transparency. As we know this is the result of how indoctrinated the system is making the masses, that people have forgotten to claim for what is fair and reciprocal.
|
|
|
|
jseverson
|
So far costumers are used to providing personal information without demanding their providers for transparency. As we know this is the result of how indoctrinated the system is making the masses, that people have forgotten to claim for what is fair and reciprocal.
I don't necessarily have a problem with this, but my gripe is that KYC isn't for transparency at all; it's for accountability. It's a requirement set by regulators, so it's not like providers are requiring it just for the sake of having your data. Also, as far as reciprocality goes, isn't it reciprocal that regulators are also asking company heads for their personal data? For as long as a business is legitimately registered, you will have access to all the information you need for a lawsuit (which means they can be held accountable) -- that tells me that provider transparency or reciprocality isn't the problem with KYC, unless your solution to private data being mishandled is doxxing them. If the problem is that providers are able to get away scot-free from mishandling data, then way I see it, there are two simple solutions: 1) abolish KYC entirely -- meaning providers won't have an excuse to ask for our personal information anymore or 2) stronger data privacy laws -- impose penalties that will actually make providers think twice and thrice about being reckless or doing anything shady with customer data. We know KYC won't be abolished, but we can actually urge lawmakers to pay more attention to data protection. I see where you're coming from though. I personally stay away from KYC unless absolutely necessary.
|
|
|
|
USBitcoinServices.Com (OP)
|
|
January 31, 2020, 05:38:01 AM |
|
So far costumers are used to providing personal information without demanding their providers for transparency. As we know this is the result of how indoctrinated the system is making the masses, that people have forgotten to claim for what is fair and reciprocal.
I don't necessarily have a problem with this, but my gripe is that KYC isn't for transparency at all; it's for accountability. It's a requirement set by regulators, so it's not like providers are requiring it just for the sake of having your data. Also, as far as reciprocality goes, isn't it reciprocal that regulators are also asking company heads for their personal data? For as long as a business is legitimately registered, you will have access to all the information you need for a lawsuit (which means they can be held accountable) -- that tells me that provider transparency or reciprocality isn't the problem with KYC, unless your solution to private data being mishandled is doxxing them. If the problem is that providers are able to get away scot-free from mishandling data, then way I see it, there are two simple solutions: 1) abolish KYC entirely -- meaning providers won't have an excuse to ask for our personal information anymore or 2) stronger data privacy laws -- impose penalties that will actually make providers think twice and thrice about being reckless or doing anything shady with customer data. We know KYC won't be abolished, but we can actually urge lawmakers to pay more attention to data protection. I see where you're coming from though. I personally stay away from KYC unless absolutely necessary. Data protection is a big issue these days, hopefully, blockchain will bring solutions to that.
|
|
|
|
avikz
Legendary
Offline
Activity: 3262
Merit: 1531
|
|
February 02, 2020, 05:47:10 PM |
|
Do you have a list of details which we must know about our providers before conducting any business? If not, let me give you one,
1. Legal name 2. Tax ID/SSN/PAN 3. Registered address 4. Details of grievance redressal officer and escalation matrix
Can you think of aything else? Now lets assume the company sells off your data to a third party. What extra will you do apart from going to the consumer protection bureau? Let's be practical!
Don't have any list, this is just a general idea first and sees how it develops with the input of many other clever, thinking, creative minds here! For the first one you suggested, it should be for both physical person full name, and company/corporation names, and if it is a corporation or business name, which it has a big list of all its members behind, which normally companies have always their member's name hidden, which need to be always upfront available to anyone to verify who they are. For the second question about what to do when a company is selling people's data... As we know we are still in a new field, where there are few options for the clients to do when things like that happen. But I am sure this will soon be different if people keep talking and bring new ideas to stop the abuser from selling personal data! No buddy, you are not getting my point here! We can ask N numbers of KYP data from our providers. Including how they are storing our data and who all are having access to it etc. But my point is that, how do you prove that a company sold off your data to a third party? What action would you take after knowing that fact? Remember, we are free to go to consumer protection forum at any point of time. But how do we prove that that company actually sold off our data? It's a big gap!
|
|
|
|
Harlot
|
|
February 02, 2020, 06:14:55 PM |
|
"KYP" exists and maybe you just don't realize it by now, these businesses won't even be legal if they haven't submitted the appropriate documents needed to be fully operational in their country. Before one can even erect their business they must provide things such as their articles of incorporation, certificate of business registration, valid IDs, Proof of address and dozens more that if they screw up it will be easier for them to be found. All of the information they have provided to the government will also be accessible to you if you know where to find them such as their SEC's website or a company registration list in your country.
|
|
|
|
USBitcoinServices.Com (OP)
|
|
February 02, 2020, 06:45:24 PM |
|
"KYP" exists and maybe you just don't realize it by now, these businesses won't even be legal if they haven't submitted the appropriate documents needed to be fully operational in their country. Before one can even erect their business they must provide things such as their articles of incorporation, certificate of business registration, valid IDs, Proof of address and dozens more that if they screw up it will be easier for them to be found. All of the information they have provided to the government will also be accessible to you if you know where to find them such as their SEC's website or a company registration list in your country.
Yes, they are registered, but the level above of them are people working for centralized organizations, and who is asking these centralized organizations for transparency, accountability, data protection? etc? a lot of people are indifferent and don't question authorities... something I found online and I agree what they say: "KYC is identity theft. When you use an exchange, you’re trusting them with your funds, not the other way round. Unless they provide you with passport copies, bank statements, selfies, & proof of residence of all their staff members - you shouldn’t have to provide a thing"
|
|
|
|
|