Comment by whiplash451
1 year ago
A number of threads seem to assume that KYC (or identity check) implies that your biometrics or gov ID data is collected/stored by the provider, but it does not have to be.
The identity check is typically done by a trusted 3rd party that can delete the data right after the identity check (and can be required to do so).
So you basically end up guaranteeing that the name, address and D.O.B that you provided to the IaaS provider is actually correct, nothing more and nothing less.
To be frank, I'd be more comfortable with this sort of thing more if there was a full-fat government-based ID platform. Some sort of SSO-style "Sign on with identity.gov" button, where it tells you clearly exactly what information is granted to the vendor, which should be pretty much "nation of citizenship" and nothing else, before you click through.
I trust a "trusted third party" far, far less. Inevitably it's a data hoarder like our credit-bureau overlords, which has commercial motivations to ask for more data than needed, and hold it longer than necessary, and will likely suffer only a slap on the wrist when they inevitably data-breach.
We really needed a coherent plan for national and digital ID 20 years ago, but as they say, the second best time would be now.