Topic: Who is behind KYC info? Why we don't ask them for KYP? - page 2. (Read 466 times)

No buddy, you are not getting my point here! We can ask N numbers of KYP data from our providers. Including how they are storing our data and who all are having access to it etc. But my point is that, how do you prove that a company sold off your data to a third party? What action would you take after knowing that fact? Remember, we are free to go to consumer protection forum at any point of time. But how do we prove that that company actually sold off our data? It's a big gap!

Data protection is a big issue these days, hopefully, blockchain will bring solutions to that.

I don't necessarily have a problem with this, but my gripe is that KYC isn't for transparency at all; it's for accountability. It's a requirement set by regulators, so it's not like providers are requiring it just for the sake of having your data. Also, as far as reciprocality goes, isn't it reciprocal that regulators are also asking company heads for their personal data? For as long as a business is legitimately registered, you will have access to all the information you need for a lawsuit (which means they can be held accountable) -- that tells me that provider transparency or reciprocality isn't the problem with KYC, unless your solution to private data being mishandled is doxxing them.

If the problem is that providers are able to get away scot-free from mishandling data, then way I see it, there are two simple solutions: 1) abolish KYC entirely -- meaning providers won't have an excuse to ask for our personal information anymore or 2) stronger data privacy laws -- impose penalties that will actually make providers think twice and thrice about being reckless or doing anything shady with customer data. We know KYC won't be abolished, but we can actually urge lawmakers to pay more attention to data protection.

I see where you're coming from though. I personally stay away from KYC unless absolutely necessary.

So far costumers are used to providing personal information without demanding their providers for transparency. As we know this is the result of how indoctrinated the system is making the masses, that people have forgotten to claim for what is fair and reciprocal.

That makes sense. I have been looking at how trustless exchanges on Ethereum work and I have to say that I'm very impressed with the state of the whole ecosystem. It's so easy to exchange one ERC20 token for the other on one of the several dexes that I hope to see Bitcoin adopt some of these features as well.

That's how you make centralized exchanges asking for KYC and whatnot obsolete. It has been the goal for many people since the very beginning and it's getting closer and closer, but it seems that Bitcoin itself has still a lot of catching up to do in order to stop seeing the gap with Ethereum widen further on that front.

In this scenario use your common sense.

I'm fine doing it with somewhere like Coinbase. It's not great but at least I know they're vaguely competent.

I would not be fine doing it with some piece of shit airdrop on here or any shitcoin exchange.

As for them giving you their details, that ain't happening.

It's a good idea you know, it's the first time to hear/read that we're going to demand it to the providers or businesses that we want to use. But basically, they wouldn't do this kind of compliance just for the sake of a customer and that is why they have "About Us" and it's the least that they can provide.

I highly doubt it that they will provide those important details about them such as #2 given example of avikz but the rest including the address, name, company's organizational chart and other details that can be publicly displayed can easily be asked to them.

Once a business is legally registered, all of its information can be found in government agencies where they got their legal status to do business. I am sure those data can be retrieved by anyone asking for it. Now, what we should be worrying are illegal firms pretending to be legal and have more chance of dealing with the information from their customers not accordance to the law existing to protect data misuse. However, I think the idea of KYP has no chance of progressing so it is all up to us to do our due diligence and use our right to choose the providers whom we think are behaving well, though admittedly that can be a difficult one to determine because even famous names online are also mismanaging data of their own customers and users (remember Facebook?). Data gathering, handling and management will always be an issue all because we are already in the data era and data can be a good mine for money and can have big potential economic power one can use well or abuse.

That is a good list, and I am sure that at some point in time there will be some blockchain projects using smart contracts in order to set all these questions into a contract, so clients and providers can benefit from settle down the basics of protecting users with data privacy, and enforcing KYP at the same time.

Right now we know that doing the process of KYC is a pain in the ass.

Well, avikz's list is a good start, but what interests me the most is what they'll do with my data:

• How is it stored (which medium, firewalls, unrouted networks, which database vendor, which OS,...)
• Where is it stored (which countrie(s), where do they keep their backups, is there a guard in the datacenter,...)
• How long will it be stored (x months after transaction, forever,...)
• Who will be able to access my data (all employees, certain employees, only the person in charge of KYC, partners of the company, anybody giving the company money, everybody in general, a 3 letter agency without a warrant,...)

I'd like this info from every company i give my info to... And it should be verified by a trustworthy thirth party before i believe anything they say.

Far to often i've heared from companies that keep sensitive data in a web accessible relational database on an unpatched, unfirewalled system... I've seen companies keeping their backups on a public accessible ftp server (with an old, vulnerable ftp daemon). I've even seen companies that had backupsets that were available on their website (backups taken with phpmyadmin into a remote accessible path that were not moved to safety after the backup had run).
In these cases, it didn't even matter if you knew the legal name of the company. Sure, you'll have someone to drag to court, but the harm has already been done. I'd rather not have to sew a company than getting some money from them because they lost all my private information and it's now for sale for a couple bucks on some darknet marketplace forever....

Y'all need proper data protection laws.

GDPR got a lot of flak for forcing people to cLicK aWaY uNneCesSaRy cOoKie wARnInGs but it's the sort of legislation created for redeeming exactly that.

For EU citizens there's the Right of access, which includings, amongst other things, information regarding:


(yes, I'm aware of the irony of quoting a UK site just a couple days short of Brexit)

Apart from that, if you're tired of using opaque and untrustworthy exchanges... stop using them. It's a free market, there's plenty of alternatives out there these days.

Know Your Customer, Know Your Partner. What comes next?

I think we should be looking for ways to stop this KYC policy instead, as in my opinion it only does more harm than good. Look around what's going on with the platforms using KYC and see for yourself.

Bittrex basically confiscated my funds by enforcing a mandatory KYC verification post-deposit. I only care about the safety of my funds, and KYC lowers the safety of them a lot more than lawmakers might've expected.

KYP wouldn't make things fair for both sides. What would knowing who's behind Bittrex help me with if they've confiscated my money thanks to KYC? It's exactly the same thing, but more privacy is invaded. Instead of making things better, it would make them worse. Instead of adding this policy, I would work on changing the KYC first so stealing of funds won't be legal anymore... because KYC basically makes money stealing legal. Fair? Obviously not.


If KYP would be implemented, platforms would offer it from registration phase. And then it would function just like it does right now, without KYP implemented.

I'm not sure if having their ID public is a good idea, and it certainly isn't as fair as you suggest. Your KYC details aren't made publicly available and neither should theirs, unless they freely do it on their own. But hey, ironically enough, they do need to provide all of these details if they follow legal procedures in setting up a business, meaning you should be able to get a hold of SEC (or your country's equivalent) to be able to verify the details of their registration (or if they're even properly registered). I'm not sure if they'll tell you the names of the heads without a legal proceeding underway, but those details will be available to people who can hold them accountable anyway (i.e. the authorities).

It is a good idea, however, to get to know who will potentially handle your data, so you should always do KYP anyway; except IMO more on what they do, how reputable they are, etc., and less on their personal identity which you won't be able to do anything with anyway.

Then simply boycott anyone asking for kyc if they don't offer kyp.

Theres none for sure and after such complaint.Then whats next? This is why its a total waste of time if you do pursue or trying to fight on.
KYP is good but pretty sure that majority of those providers wont surely comply nor wont mind on such request.

Don't have any list, this is just a general idea first and sees how it develops with the input of many other clever, thinking, creative minds here!

For the first one you suggested, it should be for both physical person full name, and company/corporation names, and if it is a corporation or business name, which it has a big list of all its members behind, which normally companies have always their member's name hidden, which need to be always upfront available to anyone to verify who they are.


For the second question about what to do when a company is selling people's data... As we know we are still in a new field, where there are few options for the clients to do when things like that happen. But I am sure this will soon be different if people keep talking and bring new ideas to stop the abuser from selling personal data!

Do you have a list of details which we must know about our providers before conducting any business? If not, let me give you one,

1. Legal name
2. Tax ID/SSN/PAN
3. Registered address
4. Details of grievance redressal officer and escalation matrix

Can you think of aything else? Now lets assume the company sells off your data to a third party. What extra will you do apart from going to the consumer protection bureau? Let's be practical!

We know that centralization is a big problem for society these days, because of its many issues like bureaucracy, inefficiency, corruption, manipulation, data privacy, steal and sale of private information, etc!

KYC is another issue because nobody knows where their info will be ended and who will see it or use it.

The problem with KYC is who is asking for it and what use they will give. There should be a KYP (Know your provider) so far we don't have such a thing! and nobody is thinking about it!

The first step before doing our KYC, we the users should apply KYP and make sure we know who is holding our personal info, the people behind centralized companies need to have their full names and id publicly, they need to be accountable, and transparent. after that, we should proceed to do KYC.

Clever ideas?