Comment by Nursie
13 hours ago
> No, uploading identity documents is never a safe process.
You should probably stop pretending you understand verifiable credentials then.
Because if you did, you'd understand that they don't need to involve uploading identity documents anywhere.
The idea is to defer to service providers such as banks that have already performed such verification, often physically. And if you want to argue that banks should stop verifying who people are when they open accounts... well that's going to be an interesting conversation.
Without doxxing myself too much, I'm going to say that I know intimately the details of a project within Australia to build a standards-based non-government VC system that won't touch a single piece of ID at any stage, as an additional capability on a commercial identity system that's already active and in use.
KYC rules require the banks collect those, and keep them on an online portal. This information is held by the ABA - hence why they were falsely accused because of the infostealer breach last year.
I have absolutely not said banks should stop collecting ID. Collecting it in person is a fantastic idea. Holding it on an isolated network is difficult, but a good compromise, and banks are better suited to doing that than most.
Uploading it to a S3 bucket in Sydney, as the ABA do, is a moronic decision. That myID upload it to a Azure Blob in Sydney, is worse than I feel the need to explain.
If you think you can succeed, where literally no one else in the world has, good luck to you. But I expect the same result as Forticode.