Replace with homomorphic encryption through third parties. No need to hold kyc or even see it, just need trusted assertion of holding government issued ID
If I understand correctly, this is the flow you are describing :
1. You show your ID to a "trusted third party"
2. They cryptographically attest "yep, this person has valid government ID"
3. The service (Discord, Coinbase, etc.) only gets the yes/no assertion, never sees your actual docs
The third party would still have your documents. You've just moved the honeypot, not eliminated it. Discord's breach was through a third party. Signzy (a KYC provider) got breached. The whole article is about how third parties can't be trusted either.
You don't show your ID to a TTP you show a homomorphic function of your ID which doesn't leak your credentials and you have a second homomorphic function in the website to the TTP which doesn't leak what your verifying against.
2 and 3 are correct but 1 isn't. They don't get to hold reusable credentials about you, only a function in them which can be verified to show you hold the identity.
Replace with homomorphic encryption through third parties. No need to hold kyc or even see it, just need trusted assertion of holding government issued ID
If I understand correctly, this is the flow you are describing :
1. You show your ID to a "trusted third party"
2. They cryptographically attest "yep, this person has valid government ID"
3. The service (Discord, Coinbase, etc.) only gets the yes/no assertion, never sees your actual docs
The third party would still have your documents. You've just moved the honeypot, not eliminated it. Discord's breach was through a third party. Signzy (a KYC provider) got breached. The whole article is about how third parties can't be trusted either.
You don't show your ID to a TTP you show a homomorphic function of your ID which doesn't leak your credentials and you have a second homomorphic function in the website to the TTP which doesn't leak what your verifying against.
2 and 3 are correct but 1 isn't. They don't get to hold reusable credentials about you, only a function in them which can be verified to show you hold the identity.