KYC fails at the only thing it claims to do(servury.com)

7 pointsby ybceo12 hours ago1 comment

ggm12 hours ago
Replace with homomorphic encryption through third parties. No need to hold kyc or even see it, just need trusted assertion of holding government issued ID
- ybceo11 hours ago
  If I understand correctly, this is the flow you are describing :
  1. You show your ID to a "trusted third party"
  2. They cryptographically attest "yep, this person has valid government ID"
  3. The service (Discord, Coinbase, etc.) only gets the yes/no assertion, never sees your actual docs
  The third party would still have your documents. You've just moved the honeypot, not eliminated it. Discord's breach was through a third party. Signzy (a KYC provider) got breached. The whole article is about how third parties can't be trusted either.
  - ggm10 hours ago
    You don't show your ID to a TTP you show a homomorphic function of your ID which doesn't leak your credentials and you have a second homomorphic function in the website to the TTP which doesn't leak what your verifying against.
    2 and 3 are correct but 1 isn't. They don't get to hold reusable credentials about you, only a function in them which can be verified to show you hold the identity.