My proposal for a secure KYC system

[ViceOfBTC21]

Given that the geopolitical situation has significantly changed, with authoritarian regimes like Russia or Cuba using cryptocurrency for money laundering or worse, it has become even more likely that the governments around the world will want even tighter KYC regulations than we see today. However, most of the world still uses outdated identity verification systems, with corporations lobbying governments to keep unsafe, outdated scan- or photo-based systems that don't account for modern cyberthreats.

One of the situations might be in a digital ID system that's being run by the governments, where they provide the accounts that you can log in by providing your e-mail, password and a second factor like a verification code or a security key. The system could then provide non-sensitive data and an unique identifier, which then can be used to verify the user's identity without revealing sensitive data such as identification numbers, relying on unique revocable identifiers tied to a company instead.

Instead, only the most important bits are revealed, like name, date of birth and address, while the potentially dangerous bits like identification numbers are never revealed to a company. To tie it to an unique person, an unique identifier can be created for each service, which is revocable unlike a social security number.

It would be possible to revoke such a certificate in case of a breach by either the user, the company or the government, protecting people from identity theft in case of the leak. With the photo of an ID, there's no such mechanism and the only deterrent can be the watermark, which might not be effective, especially in the era when AI can efficiently remove it and steal the user's identity.

Since any reputable financial institution already coordinates with the government, whether it's verifying the validity of data or reporting taxation, I don't see how it would be granted extra permissions over the current system.

This has been implemented in many European countries, where most governments operate identity verification servers that you can use to login to the government websites, however, these services are still generally unavailable to verify your identity with a company.

There should be a globally-recognized standard for secure KYC in such a way, so there would be no need to risk identity theft anymore.

[0x000369]

@ViceOfBTC21 your idea is pretty solid man with all the crazy stuff going on in the world like you said governments are gonna push for more KYC anyway but the current way of just snapping pics of IDs is a joke anyone can fake that with AI these days
i like how youre talking about revocable identifiers thats key because if a exchange gets hacked you can just kill that link without your whole life getting stolen social security numbers are forever and thats dumb
in europe they got systems like bankid in sweden or itsme in belgium where you log in secure and share only what needed maybe crypto platforms could hook into that without giving away too much
but heres the thing we need to think about trust in governments too what if they start tracking every transaction more than they do now maybe mix in some zero knowledge tech so you prove youre over 18 or whatever without showing your full deets
that way its secure but still keeps the privacy spirit of crypto alive

[Ambatman]

My proposal for a secure KYC system

The only secure KYC system is a Non KYC system
No matter how you sugarcoat it any identifier would need to be unique and when it is it shows importance.
I experience first hand how risky KYC was from my job after an insider data leak.
No matter how reputable or pristine they may look
It doesn't guarantee that your data wouldn't be used for nefarious activities.
Even if the government don't themselves, humans work with there.

[nakamura12]

My proposal for a secure KYC system

The only secure KYC system is a Non KYC system
No matter how you sugarcoat it any identifier would need to be unique and when it is it shows importance.
I experience first hand how risky KYC was from my job after an insider data leak.
No matter how reputable or pristine they may look
It doesn't guarantee that your data wouldn't be used for nefarious activities.
Even if the government don't themselves, humans work with there.

I agree with this. The best choice is not having to pass KYC at all compared to having the KYC op wanted and the KYC process right now. There's always a company or platform like that where they said that the data of their players or customers is very safe and yet, in the future the company they run have some of their data being leaked and even some of it are not because of hack but they do it literally by selling the data of their customers.

[ViceOfBTC21]

@ViceOfBTC21 your idea is pretty solid man with all the crazy stuff going on in the world like you said governments are gonna push for more KYC anyway but the current way of just snapping pics of IDs is a joke anyone can fake that with AI these days
i like how youre talking about revocable identifiers thats key because if a exchange gets hacked you can just kill that link without your whole life getting stolen social security numbers are forever and thats dumb
in europe they got systems like bankid in sweden or itsme in belgium where you log in secure and share only what needed maybe crypto platforms could hook into that without giving away too much
but heres the thing we need to think about trust in governments too what if they start tracking every transaction more than they do now maybe mix in some zero knowledge tech so you prove youre over 18 or whatever without showing your full deets
that way its secure but still keeps the privacy spirit of crypto alive

I learned about the W3C's Verifiable Credentials standards. It appears like that the protocol like that was already invented, but wasn't implemented by many countries and companies yet.

[ViceOfBTC21]

My proposal for a secure KYC system

The only secure KYC system is a Non KYC system
No matter how you sugarcoat it any identifier would need to be unique and when it is it shows importance.
I experience first hand how risky KYC was from my job after an insider data leak.
No matter how reputable or pristine they may look
It doesn't guarantee that your data wouldn't be used for nefarious activities.
Even if the government don't themselves, humans work with there.

I agree with this. The best choice is not having to pass KYC at all compared to having the KYC op wanted and the KYC process right now. There's always a company or platform like that where they said that the data of their players or customers is very safe and yet, in the future the company they run have some of their data being leaked and even some of it are not because of hack but they do it literally by selling the data of their customers.

I agree that no KYC would be the best, however, if it has to be done, it should be done in a secure, privacy-preserving way. It addresses some of the problems associated with companies collecting and selling sensitive user data, but I doubt whether any government in the world will roll back the clock on such procedures, especially as we have to deal with nation-state threats these days.

[nakamura12]

I agree that no KYC would be the best, however, if it has to be done, it should be done in a secure, privacy-preserving way. It addresses some of the problems associated with companies collecting and selling sensitive user data, but I doubt whether any government in the world will roll back the clock on such procedures, especially as we have to deal with nation-state threats these days.

That it is true that governments likely won't remove the KYC as there's a reason why KYC is implemented to platforms like casino and exchanges but still there will always be a chance for hackers to be able to steal sensitive data to sell like I explained that there will always be a situation where people cannot predict. It may seem that they can keep your data safe but if there's a hacker who found an issues then that hacker will surely find a way to bypass it to steal data. Well, I don't think it's a problem for other people if they don't really protect their privacy.

[Ambatman]

I agree that no KYC would be the best, however, if it has to be done, it should be done in a secure, privacy-preserving way. It addresses some of the problems associated with companies collecting and selling sensitive user data, but I doubt whether any government in the world will roll back the clock on such procedures, especially as we have to deal with nation-state threats these days.

KYC and privacy doesn't really mix or work hand to hand.
KYC, Know your customer is already written In its name
The only that might look like a KYC that protects privacy is Bitcoin pseudonymity with addresses
But that really isn't KYC.
For KYC data that associate the original owner with they account must be shared.

[Stalker22]

sounds great on paper.  

But, in reality...  There is still a single point of failure.  What if the government ID server gets breached?  or a "system error" happens?  you dont just lose your ID.  You lose access to every service tied to it.

[GreatArkansas]

My proposal for a secure KYC system

The only secure KYC system is a Non KYC system
No matter how you sugarcoat it any identifier would need to be unique and when it is it shows importance.
I experience first hand how risky KYC was from my job after an insider data leak.
No matter how reputable or pristine they may look
It doesn't guarantee that your data wouldn't be used for nefarious activities.
Even if the government don't themselves, humans work with there.

I agree with this. The best choice is not having to pass KYC at all compared to having the KYC op wanted and the KYC process right now. There's always a company or platform like that where they said that the data of their players or customers is very safe and yet, in the future the company they run have some of their data being leaked and even some of it are not because of hack but they do it literally by selling the data of their customers.

That's already the downside of you giving your personal information to other entities, it's already given, even if that entity is reputable, even if it is the government. Once you have already given your personal information, don't expect that it will be safe anymore. So for me, that is really the downside of this massive worldwide KYC system, especially in Bitcoin where the essence of Bitcoin for being Bitcoin is kinda being not making sense anymore.

[PrivacyG]

Given that the geopolitical situation has significantly changed, with authoritarian regimes like Russia or Cuba using cryptocurrency for money laundering or worse,

Do not worry, the Saints of the United States Government are here to save you.  Ignore their affiliation with criminals, you HAVE to think about how Russia is Money Laundering.  Never mind your own Government, look around you and see!

Why would Money Launderers and criminals give you the solution against their own operations?  Have you ever asked your self this question before?

One of the situations might be in a digital ID system that's being run by the governments, where they provide the accounts that you can log in by providing your e-mail, password and a second factor like a verification code or a security key. The system could then provide non-sensitive data and an unique identifier, which then can be used to verify the user's identity without revealing sensitive data such as identification numbers, relying on unique revocable identifiers tied to a company instead.

You will LOVE the European Union in a matter of years then, because this is particularly what they are planning to roll out.

The only thing is.  Even if the system had the most Security it could.  It damages Privacy so much.  Seeing people ASK for this level of complete surveillance nowadays is absolute craziness.  You are being presented an enemy that you never saw, will never see and you fear that enemy so much that you would give your rights up to fight against it while the people presenting you the enemy are fucking children on an island.

What has this World become.

You will not be able to speak free any more.  You will think twice before writing your thoughts on an electronic device.  You will be afraid of possibly reaching the limits of how green your month was and you will have to let your Government know where you are going, when, with who and how much Money your family receives from you.  And then there will be the Money Launderers.  Exactly like before, only using other methods.

[uchegod-21]

...and who is going to control the identifier? Definitely still the government.  They might help to make sure that bad guys do not get hold of you through your details on the internet. But, the truth still remains that the government still knows you very well.and what you are up to
 You cannot avoid KYC completely  no matter how you try to hide your identity.
Just imagine one server holding the kyc information of the whole country and it is eventually hacked.

[ViceOfBTC21]

...and who is going to control the identifier? Definitely still the government.  They might help to make sure that bad guys do not get hold of you through your details on the internet. But, the truth still remains that the government still knows you very well.and what you are up to
 You cannot avoid KYC completely  no matter how you try to hide your identity.
Just imagine one server holding the kyc information of the whole country and it is eventually hacked.

Every approach to KYC has benefits and drawbacks, and it's up to each person to decide which KYC method would be the most acceptable to them.

By sending a photo ID, it might contact the government systems at some point, but there is a high risk of identity theft if it falls into wrong hands. With a digital ID, the government knows what you're doing, however, there might be less chance of identity theft, depending on how this technology is implemented.

Nothing is perfect, and ideally, there would be no KYC. Given that you already have to tie your exchange accounts with your bank account, I always considered these KYC checks redundant.

[Lakai01]

[...]
Nothing is perfect, and ideally, there would be no KYC. Given that you already have to tie your exchange accounts with your bank account, I always considered these KYC checks redundant.

However, this ultimately leads back to a single point of failure when one system relies on another and that system is hacked or manipulated.

Interestingly, this was still the case back in my early days with Bitcoin around 2012/2013. A major European exchange at the time did not require KYC itself, but you had to make test deposits from a bank account and even have the authenticity of the account confirmed by the bank.

[BlackHatCoiner]

There's still a database that connects these unique IDs with the real names of the people. Whether that is government owned, corporate owned, or even "decentralized" in some fancy way, it's still possible to breach it. The most secure system that protects the people's identity is one that requires no KYC.

Know Your Customer is a psyop to make you compliant and to voluntarily give up your bitcoin activity to the government. Money laundering is a psyop itself. You launder money because you don't reveal them to the pedo owned governments. We don't need another KYC system. We need to collectively realize the psyops.

[dkbit98]

There should be a globally-recognized standard for secure KYC in such a way, so there would be no need to risk identity theft anymore.

Secure KYC is never going to happen.
It's silly to think that KYC is created for protecting customers and helping them with anything.
Only purpose of this is getting more control over citizens in every way possible, especially with digital ID and digital assets.
I just saw they are now forcing everyone to face scan just to use stupid Discord, and to ''protect'' teens 
https://www.theverge.com/tech/875309/discord-age-verification-global-roll-out

[ViceOfBTC21]

There should be a globally-recognized standard for secure KYC in such a way, so there would be no need to risk identity theft anymore.

Secure KYC is never going to happen.
It's silly to think that KYC is created for protecting customers and helping them with anything.
Only purpose of this is getting more control over citizens in every way possible, especially with digital ID and digital assets.
I just saw they are now forcing everyone to face scan just to use stupid Discord, and to ''protect'' teens 
https://www.theverge.com/tech/875309/discord-age-verification-global-roll-out

Back in the day, there was a standard that allowed parental restrictions to work locally, without the need to upload ID. Internet Explorer had a support for the RTA standard which allowed users to restrict access to adult website at the device level, with a simple password protection mechanism.

Unfortunately, due to corporate interests encouraging the government to enact privacy-invasive laws, we have to push for implementing such privacy-preserving mechanism that work on the client-side based on the header information accessed from the server.

I have checked some popular porn sites and they already implement a sort of this standard: https://davidwalsh.name/rta-label

[Mhizlove]

My proposal for a secure KYC system

The only secure KYC system is a Non KYC system
No matter how you sugarcoat it any identifier would need to be unique and when it is it shows importance.
I experience first hand how risky KYC was from my job after an insider data leak.
No matter how reputable or pristine they may look
It doesn't guarantee that your data wouldn't be used for nefarious activities.
Even if the government don't themselves, humans work with there.

I think I will agree with you because a system that don't collect a sensitive information like Non KYC which is also the no identification platforms can setup more security for privacy because there is nothing to access unlawfully or exposed. Even though your reputation is that strong but still yet it can't still stop you from the errors humans make or protect your from humans errors or fraudsters

[henry_of_skalitz]

I think I will agree with you because a system that don't collect a sensitive information like Non KYC which is also the no identification platforms can setup more security for privacy because there is nothing to access unlawfully or exposed. Even though your reputation is that strong but still yet it can't still stop you from the errors humans make or protect your from humans errors or fraudsters

human factor is always there, we can only minimize its effects on our bags.. or to minimize the chance we will fall in such traps / situations at all.

[welovebit]

My proposal for a secure KYC system

The only secure KYC system is a Non KYC system
No matter how you sugarcoat it any identifier would need to be unique and when it is it shows importance.
I experience first hand how risky KYC was from my job after an insider data leak.
No matter how reputable or pristine they may look
It doesn't guarantee that your data wouldn't be used for nefarious activities.
Even if the government don't themselves, humans work with there.

I think I will agree with you because a system that don't collect a sensitive information like Non KYC which is also the no identification platforms can setup more security for privacy because there is nothing to access unlawfully or exposed. Even though your reputation is that strong but still yet it can't still stop you from the errors humans make or protect your from humans errors or fraudsters

I have to be agreed with this as well but now main problem is on many places we can't go without KYC while many peoples have no luxury to live without KYC as well just because of this acceptance is also part of cryptocurrency I personally not like this idea, but I can't live without this also.
Being living in third world developing country still using bitcoin and cryptocurrency is blessing, but due to many factors also have to accept KYC on many places because without these using of this is not easy even possible but too many hurdles. After having good information and updates about Electrum I am using this but still for few things I have to rely on few exchanges and other third parties options which always ask for clear KYC.