Why on-chain KYC may be a misstep for Web3

Recently, Galxe (formerly Project Galaxy) announced the Galxe Passport. Galxe said the project could serve as a universal identity for users in Web3, with the ability to store identity information securely and anonymously. This event also borrows the popular “soul binding”, Galxe Passport will exist in the wallet in the form of SBT.

But after its launch, the project sparked widespread discussion in the community, and discussions about the event continued to spread and expand to similar tracks.

Why on-chain KYC may be a misstep for Web3

After the actual experience, Odaily Planet Daily found that the casting of Galxe Passport requires users to provide ID, such as ID cards, passports and other documents. If you are not the first 100,000 minted users, this SBT even requires users to pay $5 as an authentication fee.

There is no doubt that Galxe Passport is trying to collect user identity information to KYC the wallet address.

Coincidentally, Galxe is not the first to do so. Not long ago, Binance announced the launch of the first Soulbound Token based on the BNB Chain: Binance Account Binding (BAB) token, as the identity proof that Binance users have completed KYC certification, and uncertified KYC users cannot be minted. The token is non-transferable and unique.

SBT is naturally suitable for KYC?

Some time ago, Buterin released an article on “soul binding”, which brought NFT into a new field that no one has been involved in. While many viable use cases for SBT have been proposed, such as trusted reputation data, skill credentials, better POAP, and more. But these more practical use cases are still mostly experimental and too far from reality.

At present, the most extensive SBT use cases are probably Binance BAB and Galxe Passport. And the two are highly similar: they are both on-chain KYC.

The characteristics of SBT determine that it can be used to store or prove certain information. From a formal point of view, this token is practical and convenient as KYC.

Currently, Web3 lacks a native on-chain KYC solution. When the project party conducts “real person” authentication, more Web2-based verification methods are used to indirectly realize real person authentication. For example, verifying a Twitter account, Discord account, etc. This relies on the centralized Web2 infrastructure at the bottom and has certain limitations.

Perhaps it is for this reason that on-chain KYC based on SBT has become a track favored by many project parties. Project parties in the crypto world seem to really need a crypto-native identity solution. But there is no better choice on the market.

Does the wallet address require KYC?

When the project parties are trying to issue KYC to our wallet addresses, a more critical question may deserve our attention: Does the wallet address need to be KYC?

KYC is fully necessary throughout the crypto world. This is for compliance, regulation, investor protection and many other fields,

Decentralization is the cornerstone of the encrypted world, and the account system built with wallet addresses as identity IDs has been operating stably for a long time. The words “no trust” and “decentralization” are not just words. With the long-term efforts of the builders, the crypto natives have really built a free world on the chain that does not require bank cards and passports. Smart contracts, DeFi, NFT, technological advancements allow the decentralized world to run smoothly.

Naturally, a KYC-free order has its downsides as well. For example, community governance is more difficult, fakes are prevalent, and there may be a risk of sybil attacks. But these issues are being addressed by the industry in various ways. KYC on wallet addresses is perhaps the worst option.

Worse than asset theft is identity theft

KYC verification of the wallet address is not a once-and-for-all solution. It may even have the exact opposite negative consequences.

In centralized platform KYC, nothing too bad seems to be happening. But this is precisely due to “centralization”, not the inherent advantages of KYC.

After the centralized platform KYC, in the event of a security incident such as password loss, users can freeze and lock the account by themselves, and can also confirm the final ownership of the account. After KYC, the user is “authenticated”. Although the data is kept by the centralized platform, relying on the centralized process, the user’s ownership and identity are unquestionable, and all centralized data can be frozen, retrieved, and cancelled.

For the platform, the platform can also grasp the user’s identity, meet compliance requirements, confirm the authenticity of the user, eliminate robot interference, and so on. KYC verification on a centralized platform is not a bad thing.

But what happens when this set of processes is on the chain? The ownership of the wallet is not guaranteed by a centralized institution based on ID documents, but is fully controlled by the private key. This also means that KYC has almost lost its greatest meaning: confirming the authenticity of users.

Although SBT is non-transferable and untradeable, wallet addresses can be shared. With the help of a smart contract wallet, the wallet address can even realize the transaction of ownership.

If the user uses an on-chain address that is not their own KYC, this result is almost catastrophic. For the project party, the first is that the user data obtained by the agreement may be distorted. Because the actual controller of the address can be changed, the actual on-chain behavior of the user may be quite different from the behavior of the bound address.

For users, because of the characteristics of SBT, this KYC cannot be eliminated or even transferred. Once the private key is leaked, users will not only lose their property, but even their own identity, which is particularly terrifying.

What other questions are there?

In addition, data security issues also deserve enough attention. After the user performs operations such as KYC on the chain, where is the identity serious information stored?

In the future, with the evolution of technology (and the improvement of the project party’s KYC requirements), do we need to submit our fingerprints, faces, and certificates to the project party? Undoubtedly, the transmission and storage of these data is still Web2, and although we have obtained SBT as a data certificate, the risk of data security is still a Web2 issue. In addition, the project party still has a huge moral hazard with user data – no one knows how this data will be used by the project party.

There is no doubt that on-chain KYC is a Web2-style data collection action that wraps data credentials in Web3. This is far from the Web3 idea that users have data sovereignty.

And in the crypto world, we usually all have more than one wallet. A single address cannot represent a user and faces risks such as changing addresses and losing private keys. Encapsulating user identity information in a specific on-chain address is distorted. The data behavior of a single on-chain address often cannot fully represent the user itself.

Although the crypto world needs a trusted identity system, a more reliable DID. But is KYC on wallet addresses really the best option? The confrontation between identifying and forging false identities has been going on, but no project party dares to take the risk of the world and ask users to “hold ID cards to receive airdrops”.

That’s what Web3 promises – a free, open, permissionless decentralized internet.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/why-on-chain-kyc-may-be-a-misstep-for-web3/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-09-16 23:39
Next 2022-09-17 10:19

Related articles