Why KYC is extremely dangerous – and useless

[joniboini]

-snip-

KYC is necessary for IEO regardless of the project's registered location as far as I'm aware. They're trying to play safe and at the same time use it as a tool to filter out fake users or cheater who use multiple accounts to obtain lottery tickets or something similar. If you like to gamble with your identity document, go for it.

[Saint-loup]

One way I found to reduce identity theft with services that require personal documents are to make a photo copy of your documents and then writing the website or domain name onto the photo copied document, prior to handing it over to the website that requires it. You then scan the new document with the writing and forward it to the service. I have not had even one service that denied my documents, because they know what it was all about.

Yes, some people might say that with modern Photoshop software, this can be removed, but I want to challenge them in doing that with documents that was written on and they will soon find out that it would not be that easy and it will also leave some new metadata for the forensic software to be extracted, if it was later used in some crime.

Also, when a hacker gets hold of say 100 000 KYC documents, they would rather use the "clean" documents, than having to go through the whole process of the "cleaning" of your documents with your own water mark.

If the site does not want to accept the "marked" documents, then you know they want to use it in a KYC scam. If they ask you why you "edited" the documents, you just say that you want to track where your documents was sourced from, if it was leaked. You can also keep a copy of those documents as proof that you used it at a specific site, so it will be easier for you to trace, where the leak originated from. (Photoshop will leave some traces of the editing that was done and you might pick up which document they used at the new site.)  

I don't understand very well, you're putting a water mark in the middle of your documents and of your selfie... and no platform has never refused them?  
Did you make that with big exchanges? Could you tell us which ones please? It would be very interesting for the community to know which exchanges are accepting that. TYVM

[libert19]

It was bit late for me, I did kyc for airdrop (Airdrop!!!), they never distributed tokens to hunters, when you ask about it in their tg, they block you, I calculated token price and airdrop tokens are worth $2.

I regret it, one of stupidiest thing I ever done.

[Taskford]

It was bit late for me, I did kyc for airdrop (Airdrop!!!), they never distributed tokens to hunters, when you ask about it in their tg, they block you, I calculated token price and airdrop tokens are worth $2.

I regret it, one of stupidiest thing I ever done.

I can't blame you to get fall from that schemes since they try to look appealing that's why many people same as you fall for there schemes and better next time to be more aware and never provide your KYC details especially on airdrops since they could use your identities on illegal transactions or taking a loan on certain platforms.

Be vigilant next time and this is lesson learned.

[o_e_l_e_o]

I don't understand very well, you're putting a water mark in the middle of your documents and of your selfie... and no platform has never refused them?

As I mentioned yesterday in another thread, this achieves very little. Only huge scams like massive loans or medical insurance fraud for hundreds of thousands of dollars require people to actually show copies of their passports, driver's license, or whatever you have sent to some shady exchange. There are countless banks, credit unions, online lenders, payday loan companies, and so forth whom you can apply to online, and who will quite happily grant you a credit card or a loan if you can provide accurate details without actually seeing a copy of any identification document. The kind of petty scammers involved in fake ICOs and airdrops aren't planning some super heist - they will be attempting to rip off as many users as possible for relatively small amounts each, because there is less chance of them being caught doing that. Plastering a watermark all over your KYC uploads does little to prevent someone from taking out a few tens of thousands of dollars worth of debt in your name.

[Shimmiry]

All of us are afraid of losing money due to hacks, scams, our own mistakes or even bad decisions (buying useless shitcoins, selling coins too late or too early, etc). Most topics cover issues such as these. But when it comes to losses, you should be aware that there’s more than money which can be lost. By this, I’m talking about identity theft of personal data of any kind. Protecting this data and paying attention to privacy should have at least the same priority of protecting your money. After all, money is replaceable; it’s "only" a financial loss. Once identity is stolen, however, there is no chance of its undoing.]

Ever since that I started studying and doing stuffs that are related on cryptocurrencies,  I never been a fan of this Know Your Customer or KYC.  I always have doubts to give any sensitive information to the exchanges or wallets or any other cryptocurrency sites that requires its members to file a KYC form.  If is always better tk remain anonymous. That is why I prefer those that did not require KYCs. On top of that,  it's dangerous to give your personal identity specially if there are money and assets that are involved.

[Saint-loup]

I don't understand very well, you're putting a water mark in the middle of your documents and of your selfie... and no platform has never refused them?

As I mentioned yesterday in another thread, this achieves very little. Only huge scams like massive loans or medical insurance fraud for hundreds of thousands of dollars require people to actually show copies of their passports, driver's license, or whatever you have sent to some shady exchange. There are countless banks, credit unions, online lenders, payday loan companies, and so forth whom you can apply to online, and who will quite happily grant you a credit card or a loan if you can provide accurate details without actually seeing a copy of any identification document. The kind of petty scammers involved in fake ICOs and airdrops aren't planning some super heist - they will be attempting to rip off as many users as possible for relatively small amounts each, because there is less chance of them being caught doing that. Plastering a watermark all over your KYC uploads does little to prevent someone from taking out a few tens of thousands of dollars worth of debt in your name.

It's very disappointing, living in big countries leads to this kind of drawbacks, you have more chances to be impersonated... 
But it would be great if Kakmakr could tell us which exchanges are accepting his trick.

[erikalui]

I'll do the Hindi translation as I can see till now it hasn't been translated in the Indian section.

A very helpful thread indeed. I've myself submitted KYC earlier for some projects which I considered trusted for $10k+ rewards but two of them turned scam. Don't know what they did with my details but it took me time to realize that just because the project is popular and managed by a trusted campaign manager, it doesn't make the project trustworthy. Jinbi is one such example of a scam project.

[o_e_l_e_o]

Don't know what they did with my details but it took me time to realize that just because the project is popular and managed by a trusted campaign manager, it doesn't make the project trustworthy.

At the very least you should be keeping a regular eye on your credit report, to make sure there are no unauthorized accounts, loans, cards, or applications opened in your name. I believe CIBIL is the relevant agency to contact in India. I would also consider opening a fraud alert or similar with them, and filing a report with the police. This will make it harder for anyone with your details to open accounts in your name, and it will also give you additional recourse should you become a victim of identity theft.

In terms of projects to trust, you shouldn't be taking anybody else's word for it. Campaign managers can be fooled by scams just as much as anybody else. There is no replacement to thoroughly vetting the project yourself.

[masulum]

I read new report related to this topic, when companies doing anything to keep their security safe from hackers, and they are is a good company, unfortunately, someone inside the organization / company can be an actor of scam KYC. This report says if a former/ex-employee from this crypto exchange leaked 8000+ customer data, including passport, drivers license and other sensitive data. Of course, this is not new case, but this exchange hacked by ex-employee two times, the first is their Facebook page and share customer email address, and yesterday happen with KYC document.

^{Source: https://www.crowdfundinsider.com/}

[Lafu]

Would be intresting to know if the KYC Details from Users from the closed Exchange Tradsatoshi also be in the future get in other hands.
KYC should be only done if you trust realy the platform you are using and you trade or exchange bigger amounts.

[erikalui]

At the very least you should be keeping a regular eye on your credit report, to make sure there are no unauthorized accounts, loans, cards, or applications opened in your name. I believe CIBIL is the relevant agency to contact in India. I would also consider opening a fraud alert or similar with them, and filing a report with the police. This will make it harder for anyone with your details to open accounts in your name, and it will also give you additional recourse should you become a victim of identity theft.

In terms of projects to trust, you shouldn't be taking anybody else's word for it. Campaign managers can be fooled by scams just as much as anybody else. There is no replacement to thoroughly vetting the project yourself.

I have already checked my credit score with another website which required my details and they said your credit score is not available as there are no loans taken. Police won't do anything as they did not do anything when I was scammed to and made a report. Till now I haven't found anything suspicious and it's been 1-2 years since I submitted my details. Perhaps the scammers could buy sim cards with these fake details.

[o_e_l_e_o]

This report says if a former/ex-employee from this crypto exchange leaked 8000+ customer data, including passport, drivers license and other sensitive data.

This is a very important point. Even if you think the platform itself is reputable and trustworthy (a common argument we see regarding KYC at large exchanges such as Coinbase or Binance, even though I would argue that isn't true), how can you possibly trust every single employee of these exchanges or the third parties they outsource their KYC processes to? You have absolutely no idea who is handling your documents after you send them off

-snip-

That's good that you have kept an eye on your credit report and haven't seen anything suspicious in 2 years. The police wouldn't do anything immediately, correct, but if you are later the victim of identity theft and have pre-emptively filed a police report it makes it much easier to prove that the malicious activity wasn't you.

[Saisher]

No KYC for altcoin / shitcoin bounties or altcoin / shitcoin airdrops where the owners are likely scammers or incompetent.

Until now many people especially those who are newbies in the Cryptocurrency, they do not even have second thought  doing KYC because they thought it's natural and nothing wrong on it.

No KYC for shitty exchanges where the owners are likely scammers or incompetent.

This is very important you should only pick the right exchange to do KYC there are so many scam exchange now.

No KYC for low amounts of money where it’s just not worth the risk (this probably includes everything that doesn’t make you rich)

Still wonder why people for as low as $20 are willing to sell their credentials.

[erikalui]

The hindi thread has been posted here: https://bitcointalk.org/index.php?topic=5230618.msg53969133#msg53969133

[Jack Min]

I think that KYC is a necessary factor, because it will identify you when joining to use a certain platform. But that problem is being overused by fraudulent crypto projects. And our personal information can be sold and used for malicious purposes.

[Ryutaro]

My appreciation for your effort in raising awareness about this big issue.
Please add the Arabic translation.
https://bitcointalk.org/index.php?topic=5233251.0

[Ryushin]

Right from the beginning I never trusted KYC because i feel it's way too much, sending your identity to strangers can easily land you in big trouble and secondly many bounty projects that ask for KYC only aims for your ID so they can sell on darknet

[1miau]

My appreciation for your effort in raising awareness about this big issue.
Please add the Arabic translation.
https://bitcointalk.org/index.php?topic=5233251.0

Great, many thanks for your translation! 

I've added it to the table of published translations:

Translations

Local board	translated by
____________________	____________________
Russian	zasad@
French	Perkjeff
Filipino	crwth
Portuguese	cryptobaboon
Turkish	yslyv
Arabic	Ryutaro
Indonesian	masulum
India	erikalui

[masulum]

So, in my previous comment about exchange companies that become a victims of their ex-employee. Now, this exchange become the first exchange removed KYC after KYC scam case (AFAIK/CMIIW). Quoted from CEO after making this decision

in actual fact, “No KYC is a thing of beauty.”

“We are literally going to have 10 times more users without KYC,”

Read more on this blog posts