Replace with homomorphic encryption through third parties. No need to hold kyc or even see it, just need trusted assertion of holding government issued ID
ybceo•1mo ago
If I understand correctly, this is the flow you are describing :
1. You show your ID to a "trusted third party"
2. They cryptographically attest "yep, this person has valid government ID"
3. The service (Discord, Coinbase, etc.) only gets the yes/no assertion, never sees your actual docs
The third party would still have your documents. You've just moved the honeypot, not eliminated it. Discord's breach was through a third party. Signzy (a KYC provider) got breached. The whole article is about how third parties can't be trusted either.
ggm•1mo ago
You don't show your ID to a TTP you show a homomorphic function of your ID which doesn't leak your credentials and you have a second homomorphic function in the website to the TTP which doesn't leak what your verifying against.
2 and 3 are correct but 1 isn't. They don't get to hold reusable credentials about you, only a function in them which can be verified to show you hold the identity.
ggm•1mo ago
ybceo•1mo ago
1. You show your ID to a "trusted third party"
2. They cryptographically attest "yep, this person has valid government ID"
3. The service (Discord, Coinbase, etc.) only gets the yes/no assertion, never sees your actual docs
The third party would still have your documents. You've just moved the honeypot, not eliminated it. Discord's breach was through a third party. Signzy (a KYC provider) got breached. The whole article is about how third parties can't be trusted either.
ggm•1mo ago
2 and 3 are correct but 1 isn't. They don't get to hold reusable credentials about you, only a function in them which can be verified to show you hold the identity.