Pages:
Author

Topic: KYC methods which make identity theft more difficult - are they possible? - page 2. (Read 361 times)

legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
- Registration without email or phone. While email addresses or phone numbers seem not to matter that much if you have to submit an ID, photo or video, they are elements which could be linked to the rest of your data, making the construction of a fake identity easier. Thus, a registration based, for example, on a public key/private key pair (like on the Nostr network), is a little bit less dangerous.
I agree with risk from registration with email addresses or phone numbers. Non-tech users usually use one or two email addresses for multiple platforms that destroy privacy and even anonymity..

Theymos used to share his opinion on it and 1miau has an excellent thread on risks of KYC.

BTW, email is a big privacy issue in general. It's too expensive (mainly time-wise) to create new email addresses, but if you use the same one, it creates tons of links. Ideally, you should use one email per service. I've had two ideas in this area:

First, you could create a simple email forwarding service like this:
 - Without registration (but maybe with a tiny fee via eg. Lightning), take a user's email address, generate a random key, and use the random key to encrypt the email address.
 - Also encrypt the email address with a server secret.
 - Give the user an email address of the form [email protected]
 - When the service receives email at a forwarding address, it decrypts the email first using its server secret, and then using the provided decryption key. Then it forwards the email to the email address
 - To destroy forwarding addresses, users could provide the service with both their forwarding address and target address, and the service could then send a confirmation email.

This would be convenient, and it'd fix the problem of services being able to connect users across multiple sites through email-address reuse. But it trusts the forwarder not to log the per-email decryption keys or give up the server secret key. Though if multiple services like this existed, you could chain emails through them to increase security.

My second idea is:
 - The user would be using his own software (like eg. Thunderbird or perhaps prontonmail). From this software, the user could instantly create low-capacity throwaway accounts on the server. Each throwaway account could be (or behave similar to) a POP3 account with low capacity (eg. 50MB) and quick message expiration (eg. 60 days).
 - The client software would use Tor and careful polling to download all of the messages on its throwaway accounts without leaking to the server info about which accounts are connected. To improve anonymity and efficiency, you could perhaps use PIR, or the server could publish hourly/daily bloom filters meant to match email addresses which received mail in the time period. The client software would collect all of the messages into a single inbox for the end-user. Since it polls frequently, the client wouldn't have to worry about the low limits on the individual throwaways.
 - The server could anonymously require a small one-time for each throwaway account by using blinded bearer certificates.

With this, the server shouldn't ever be able to connect any of the accounts together. You could also send mail from the throwaways.

The main thing necessary for this second idea is a really smart email client meant to juggle many throwaways. You also need a cooperative server allowing quick account creation (like cock.li), ideally via an API.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
The whole mixer discussion and also the ever-tightening regulations of Bitcoin/cryptocurrency services let me think about if KYC at least could be more friendly. Particularly, if there are practices and methods which don't allow hackers to steal the identity of the service users, or to link different personal data together.

Of course in general I strongly prefer non-kyc services (for well-known reasons - read this excellent thread by 1miau). But in particular for the fiat-Bitcoin on- and offramping step the services are limited, above all in some lesser-known currencies.

In reality, not the KYC data collecting itself is the most problematic step, but the verification process, which often involves images and videos of the user and his/her documents.

So here I want to collect methods and "best" or "least worst" practices which at least make it more difficult to facilitate identity theft.

- Offline verification services. In some countries "old-style" verification methods exist, like Postident in Germany. In these cases you go to a store, show your ID document, and the store employee thus confirms to the service provider that you are the person you impersonate. Sometimes, a copy of your ID document or passport has to be delivered, which makes the whole process a bit more vulnerable if this is stored digitally, but on the whole I think these methods are still preferrable because a black-and-white passport copy has often low resolution and would not be useful for a criminal trying to get an online KYC verification with your data.
- Proving ownership of a bank account (added Aug. 2024). The service provider sends a very small amount of money (a few cents) to the user and attaches a message. The user has to provide that message to the service. Doing that twice with at least 30 days between first and second time should be safe enough to deter most attempts to "game" that method, e.g. with a stolen bank account.
- Registration without email or phone. While email addresses or phone numbers seem not to matter that much if you have to submit an ID photo, selfie or video, they are elements which could be linked to the rest of your data, making the construction of a fake identity easier. Thus, a registration based, for example, on a public key/private key pair (like on the Nostr network), is a little bit less dangerous.
- Selfies with dates and service names on paper (to link the photo/video to the registration date and the service). This is actually quite common, but I guess with the advent of AI imagery tools it is less efficient than it was before. (Edit: There are variants like a Street selfie where even more items are required to be present in the selfie like a sign with the street address, but these seem overly intrusive and carry other dangers, so I don't want to point out them as "good" examples here, even if they might make an identity theft more difficult too).
- Transparency - it should be clear who does the KYC verification and who stores the personal data - the service provider itself or a third party, and data about the third party should be provided in the ToS of the service (Providers located in countries where the GDPR or other restrictive data protection laws exist should offer this).

Do other such methods exist which still allow an trustable verification making identity theft difficult? Are there examples in the Bitcoin/crypto service world?


I could imagine methods based on cryptography, where an image for example can only be considered valid if the user signs it digitally together with a message that links it to a service and date. It would be basically the "digital variant" of the third method mentioned above. But the problem here is that this would have to be an universal standard, because the photo could also be used on another service which requires it.
Pages:
Jump to: