After writing my first post, on why KYC/AML is adding friction to onboarding, and to adding new customers, I realized there's more to be said about the subject. So rather than just discussing the problem, I intend to offer solutions, such zero-knowledge proof of identity. But before we get to that, I'd like to dedicate this post to the "P-word" - privacy.
Here are the points I'm going to cover in this post:
1. Why are you totally entitled to your privacy
2. Why you're entitled to your privacy online
3. Who wants you to give up your privacy?
4. Crypto and privacy
5. Why you should never trust corporations with your personal data
Please bear with me, because we have some ground to cover.
If you're looking for the TL;DR of this post it's: "Privacy is good, and should not be given up".
You're entitled to your privacy
Depending on where you're located, free speech is an enshrined right. If not, stop reading right now - you may be having bigger problems than lack of privacy. On the other hand, no one bothers to adding an amendment protecting your personal data, likeness, movement and identity.
We all have things we'd like to keep private: we close the door behind us in the restroom; we do not share our bank account status with friends; we may be entertaining social or political thoughts that are different than the people who surround us; we may believe in a different deity than the colleague sitting next to us.
You're entitled to your privacy online
When we go on a message board, or a chat, or even a financial app, we'd like to keep our identity and actions to ourselves. We don't want to be judged personally based on our opinions or actions. We do not want a bunch of actions on one site to be correlated with actions in another.
Furthermore, since crypto trading still has a social stigma in some place, you may not necessarily want to advertise that you're trading in crypto, or how much. Certain institutes even blocked money transfers to crypto exchanges, as if you were touching THEIR money. I would not like financial institutes to get reports on my crypto activities. I wouldn't like my insurance company to know what I'm doing on an exchange. I do not think my government needs to know what I'm doing - I report profit and loss on my annual report - the rest is none of their business.
Who wants you to give up your privacy?
Lately, corporations and governments started telling us that there's nothing wrong with disclosing your identity. After all, if you're not doing anything "bad", what have you got to "hide"? (notice the quoted words, used to add negative connotations to the sentence).
These same governments and corporations cynically use that information to spy on journalists, "dissidents", and your ex-wife's new boyfriend (I can add tons of links here to each case, but a short internet searching will get you tons of examples - try searching for "Uber spying on journalists", "NSA spying on ex-wife" for some fun times).
When it comes to governments, they try telling you that the ONLY way they can combat terrorism, is if they have access to EVERY conversation made in the world, on ANY platform. To that end, they try to make companies weaken their encryption, provide backdoors, and otherwise share every bit going through their servers. This need is not only baseless, but pure LAZY. Just read the Snowden papers to get the full lowdown on the length these non-elected officials in your government go to.
Even worse is the case when it comes to corporations. Companies like Facebook and Google turned into data siphons, devouring every piece of PII (personally identifiable information) they can get their hands on. They do so directly (you "volunteer" it in order to use their "free" service) and indirectly (they troll and spy on your contacts, and glean information from their interactions with you). Unlike governments that pretend to do it for the "right reason" (terrorism, remember? it's EVERYWHERE!), these companies do it for greed. Nothing to add here. The equation is PII == $$$.
The next time someone asks you: why do you want privacy, if you have nothing to hide? refer them to this article by the guys at DuckDuckGo, a private search engine that's a great alternative to Google.
Crypto and privacy
Say you want to buy something on Amazon. You want to open an account, to get free shipping. They ask for a user name and password. When you order, they ask for your address (you can easily provide a PO box) and a credit card details (must pay somehow). 2 days later, you get your brand new doodad. Done. Amazon trusts the credit card company knows who you are, that you provide the right challenge answers (CVC number), and does a cursory address match, if that.
Now let's say you want to buy that "Bitcoin" thing your friend talks your ear off about all the time. You have been an upstanding customer of Bank of America for 20 years. You search around and decide to use one of the major American-based exchanges. After providing username/password, they suddenly ask you for your date of birth (maybe they want to send you an annual birthday gift?), then your address ("but why?" you ask - isn't this a virtual currency? what are they planning on sending? Maybe this is for the aforementioned birthday gift as well?), and then your social security number (wait, why?), and then a picture of a valid ID (because you've been lying so far), and then a picture of you, holding said ID (because you're an ID thief on top of that). At which point you ask yourself what did your friend mean when he said virtual currency is "easy", "digital", "private" and "decentralized" if you have to provide more details than you needed when taking a car loan?
And I say WTF???
If I'm about to connect my 20 years old bank account, in order to transfer money to your service, don't you think my bank knows who I am? Where I live? Why collect more information, that you can later lose, or just share with "subsidiaries", "partners", and "government"?
And please service providers, please don't hide under "the government made me do it". If the government came out tomorrow and said a nude photo of your CEO must appear at the top of every page on your site (blech), you'd fight that all the way to the supreme court. Why is my privacy less important than your CEO's privates?
Crypto currencies arrived in our lives promising noble ideas like decentralization, sharing, ease of use, and yes - privacy. But like everything good in life, corporations inserted themselves between us and our goals, and corrupted everything.
Why you should never trust corporations
Corporations are motivated by greed, eh sorry "revenues". Any action that will make the bottom line bigger is allowed, or rather, mandatory. Investors, boards and stockholders determine the actions. All those claims of "our customers come first" are PR crap.
But it gets worse. Let's say I - a proponent of privacy, decide to start a new crypto company tomorrow. I swear on a stack of bibles that not a single shred of PII will ever be used for revenue. That my customers' privacy is a major tent pole of my company's vision. I promise to encrypt all PII I collect, in such a way that not even I will be able to access it. And you trust me, and use my product, providing tons of data along the way.
As the company grows, I bring in outside money (someone said "SoftBank"?). I get diluted in my holdings. And one day the board decides that the transactional data I collected is useful somewhere else, maybe in another portfolio company. Or maybe I sell my company to a bigger one, and that company decides my users' data is worth more than my actual product (ask WhatsApp users how they feel about joining the Facebook family). The point is, despite my original promise, your data, and my use of it, is out of my hands.
No one can ever promise you anything. Not a single CEO of a small company will say "no" to government or a larger corporation on your behalf.
In Karate Kid 2, Mr Miyagi tells Daniel-san: "best defense - don't be there". Your best defense against losing your privacy is to not use services that demand you give it up. Don't trust - suspect, verify, and ditch privacy-violating services.
And I'll leave you with this final quote:
“Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.”
― Edward Snowden
In the next part, we'll discuss ways online services can 100% verify your ID, without you sacrificing your privacy.