Exploring the under-examined triad of closed source software, KYC regulations, and identity theft, and what that means for regular users of online financial services. The Particl.Project explains...
Every day, access to centralized currency exchange platforms is gatekept more and more by the advent of wide-ranging Know-Your-Customer laws.
‘Customer due diligence’ laws, abbreviated as CDD, are at the core of what many know as “KYC requirements”. Although they apply on most cryptocurrency trading platforms to even the smallest traders, their main goal involves preventing tax fraud and money laundering at large scales. As such, they are, at their core, a tool by and for government entities, and they introduce, for all, users security contingencies that are often ignored.
The Grip of KYC on Closed Source Software
Regulatory authorities take this assignment very seriously: nearly every centralized exchange or financial platform (Paypal, Venmo, Binance, FTX, etc.) is exposed to this customer due diligence, which of course, routinely discriminates on the basis of geographical location or even nationality.
On the other hand, the tools available to regulatory entities, when it comes to regulating decentralized organizations and protocols, are a lot harder to come by and can involve extremely rare and difficult-to-enforce provisions. This is especially true when cryptography is heavily involved - those methods, after all, would be limited to governments' capacity to identify and prosecute often hidden users.
A nuclear option, as we’ve briefly explored in a previous piece, can be seen in the U.S. Department of the Treasury's blacklisting of Tornado Cash, a decentralized “bitcoin mixer” service used by some for asset laundering. Although the United States had to go as far as to make it illegal for United States citizens and companies to receive or send money through the service, the open-source protocol still subsists and speaks to the incredible resilience that open-source software can enjoy.
These extreme and unusual measures were taken because Tornado, as an open-source and distributed project, run by a decentralized autonomous organization, could not be shut down or even compelled into KYC requirements; in other words, no central entity running the project could be held responsible for doing their so-called ‘customer due diligence’. This can be a serious problem for those seeking to control cryptocurrency trade, and is a design choice that contributes to the extremely high levels of privacy and data security that these platforms are able to provide. All it requires is a commitment to principles of open source and decentralization.
The KYC to Identity Theft Pipeline
Identifying data on users of financial applications and websites is, of course, extremely valuable for hackers; they are, by their nature, an almost-guaranteed profitable hacking target. After all, these people have digital money that can be hacked or physically extorted, and it is likely that they are somewhat big internet users — meaning lots of accounts and data to steal.
What makes things worse is that it seems that, nowadays, regulations are tightening to such an extent that as soon as one wishes to exchange, buy, or sell assets or cryptocurrencies, they have to reveal their entire identity. These invasive KYC requirements directly led to the 2019 leak of the Binance cryptocurrency exchange user’s information, as well as the more recent MobiKwik financial information data leak in India - dubbed the “largest KYC data leak in history”. These KYC data leaks can involve passwords, pictures, physical addresses, financial information, e-mail addresses, and full names: everything ill-intentioned actors would need to target unsuspecting user’s accounts and assets.
The proliferation of those requirements will, without a doubt, lead to newer, even more severe security breaches — and there really is not much we can do about it if we're so bent on using centralized services that can be compelled into establishing those KYC requirements. And sometimes, to fix serious and persistent problems, you need to think radically outside the box.
A Future of Open Source Alternatives
There are solutions and services developed that aim to radically confront this seemingly inescapable, ever-present reality, notably in the world of currency exchange.
Some of those services, such as the Bisq decentralized currency exchange platform and protocol, live up to their promises of distributed resistance and uncompromising anonymity — but come with serious drawbacks in terms of ease of use and accessibility.
That is why we've built, with BasicSwap, a fully decentralized, open source, private, and cross-chain decentralized trading exchange, powered by atomic swaps, and with an eye for simplicity. BasicSwap enables trading cryptocurrencies without giving away any of your data and while keeping you in complete control over your keys. No central entity or servers exist to record who you are, where you're from, how much money or what coin you own, or what you do with them.
Although BasicSwap does not deal in Fiat currencies, it does allow users to trade financial assets in peace knowing that their data is safe, and that at no point in time will KYC requests be imposed on the protocol. What you do with your assets stays your business, with no risk of having your identity stolen — another priceless feature of the cypherpunk formula of open-source distributedness and strong encryption.
About BasicSwap (will move to open beta shortly)
BasicSwap is a cross-chain and privacy-first decentralized exchange (DEX) protocol and a trading app that allows you to swap one cryptocurrency for another without any middleman or third-party being involved.
It lets you make or take orders on a distributed order book, with no fees, and execute swaps that are private, unrestricted, and trustless.
BasicSwap fosters a safe and pro-freedom trading environment without central points of failure, providing healthier conditions for all.
Learn more: https://academy.particl.io/en/latest/
Particl is an ecosystem of privacy-first decentralized applications built against the centralization of powers and services on the web.
United under the mission of shifting the balance of power from corporate monopolies back to the people, Particl contributors built a privacy-first and modular ecosystem of decentralized applications, complemented by a native privacy coin, to send and receive untraceable currency payments within smart contracts.
These dApps — alternative versions of some of the online services and products we use every day — are designed to operate in complete and total privacy and without intermediaries or restrictions.
Learn more: https://particl.io
Particl is Participation
Get recognized as someone that cares. With your help, we become more noticed out there. It takes seconds, and you are making a statement by giving us a follow and hitting the bell icon.
Join the instant messaging chats. There's no need to be active, but it’s good to be in the loop.
Gain deep knowledge about Particl by reading.
Last but not least, a list that shows an infinite number of links clearly categorized and on one page.
Link to OG article