Comment by kube-system

1 year ago

> You're calling a collection and storage of your personal information as "benign"?!

All major cloud services already collect this information. I filled in the bare minimum on AWS, and they've got my full name, address, phone number, email, and credit card details.

13 comments

kube-system

Reply
monksy  1 year ago

They collect biometric data (selfie) plus a copy of your drivers license? That's a big part of KYC/AML.

That's a huge difference from address, email, CC number.

  • lolinder  1 year ago

    You should really read patio11's article on KYC [0]. A relevant paragraph:

    > Many people believe that the law requires a bank to see your government-issued ID in person to open a bank account. Again, this is incorrect; the law very rarely requires any particular action. The most prescriptive the US gets is that the sort of KYC information required about a customer include their true identity, including a name (not, incidentally, their “true” name because governments actually have some glimmer of understanding that that is not a thing which exists), a residential address, their date of birth, and an identifying number.

    [0] https://www.bitsaboutmoney.com/archive/kyc-and-aml-beyond-th...

    • monksy  1 year ago

      Looks like his argument is that randomized and client to client based rules are better. To some extent I agree.

      However, it's inconsistent and we have a government that is punitive, which is why I see that these KYC approaches are reactive to that. There's not punitive measures for violating privacy concerns and storing/profiting from this data.

      In practice, to buy crypto, you have to give a disreputable private entity (crypto exchanges have a terrible history of not being scummy.. is cryptobase good? only time will tell) very sensitive documents.

  • whiplash451  1 year ago

    Your biometrics and gov ID data don't have to be collected or stored by the provider.

    They can be used during the identity check and deleted right after, without ever entering the provider's infrastructure (assuming they are using a trusted 3rd party).

    • monksy  1 year ago

      > They can be used during the identity check and deleted right after, without ever entering the provider's infrastructure

      You trust them to delete it right after? What about the human reviewers in other countries that are working at home taking pictures of their laptops with your id on it?

      > trusted 3rd party

      You trust that 3rd party's intent and word? It's pretty weird to bring another company to steal your data and details.

  • kube-system  1 year ago

    At a quick reading, it doesn't sound like those are requirements. It also doesn't look like any documentation is technically required. One of the methods permitted is "Verification through non-documentary methods".