Let's assume that (1) KYC as-is is broken and a security risk due to potential data leakage and (2) dropping ID checks altogether is a nonstarter.

What's the solution?

PII with an expectation of privacy should be locked down within companies. Like private keys or passwords.

Any leak should come with a per instance leak penalty of $10,000 automatic disclosure / pay out to the individual affected. Companies have 3 years to migrate.

Put a clear penalty in place, companies would update their systems.

Working on Farcaster and Warpcast. Longer thoughts at https://dwr.email

I don’t hate that idea. A lot of big companies with a lot of customers and shitty tech may get hit hard. But se la vie?