|
|
|
|
|
|
by ybceo
176 days ago
|
|
|
If I understand correctly, this is the flow you are describing : 1. You show your ID to a "trusted third party" 2. They cryptographically attest "yep, this person has valid government ID" 3. The service (Discord, Coinbase, etc.) only gets the yes/no assertion, never sees your actual docs The third party would still have your documents. You've just moved the honeypot, not eliminated it. Discord's breach was through a third party. Signzy (a KYC provider) got breached. The whole article is about how third parties can't be trusted either. |
|
|
2 and 3 are correct but 1 isn't. They don't get to hold reusable credentials about you, only a function in them which can be verified to show you hold the identity.