@alok on Farcaster: "Let's assume that (1) KYC as-i..."

7mo

Let's assume that (1) KYC as-is is broken and a security risk due to potential data leakage and (2) dropping ID checks altogether is a nonstarter. What's the solution?

4recasts·

19likes·

1.7Kviews

alok

7mo

I've seen a lot of hand-waivey "zk fixes this". Ok, how?

mjc716

7mo

you can make a case that a utility that uses p2p zk venmo txs for (small) immediate, painless onboarding to apps does not constitute a money transmitter there was a project that was trying this that no longer seems to be doing it, so maybe not tho

mjc716

7mo

idk if that is exactly your question but onboarding crypto assets to mobile apps is still hellishly frictioned

dwr

7mo

PII with an expectation of privacy should be locked down within companies. Like private keys or passwords. Any leak should come with a per instance leak penalty of $10,000 automatic disclosure / pay out to the individual affected. Companies have 3 years to migrate. Put a clear penalty in place, companies would update their systems.

alok

7mo

I don’t hate that idea. A lot of big companies with a lot of customers and shitty tech may get hit hard. But se la vie?

7mo

sounds like a feature to me

7mo

orbs

sethpate

7mo

zk.me works well. Totally eliminates the data at rest attack surface. The client side production of snarks means the onus of responsiblity lies on the user to not have their devices compromised tho... Also the SBT is static. So reproofing must occur for KYC compliance checks. I'm using their service in my app for sybil resistance and to detect and expel fraudsters. Very grateful they exist.

zk.me

zkMe - The Web3 zk-Credential Network

tgrex.eth

7mo

some really interesting projects working on this. I find it odd how little alignment there is between different wgs as I imagine a unified spec benefits all 🤷‍♂️ anywhoo, gordion envelope has some firepower imo👌 🔐

github.com

Gordian/Envelope/Use-Cases/README.md at master · BlockchainCommons/Gordian

Show more replies