Zentity

Identity verification worldwide is built on a false premise: that confirming who someone is requires collecting and storing their personal data.

@satsdisco We have solved this problem zentity.xyz

ah shit, here we go again 4 days ago a company IDMerit, left their database with 1 billion personal records open on the Internet with no password. What is IDMerit? a KYC verification company, one designed and promised to keep your data safe. Stop and Read this thread 1/22

The common industry assumption that "KYC means storing plaintext PII" is a design choice, not a legal requirement. Why are the mainstream Identity Verification providers choosing to store it in plaintext?

@brave There are better approaches to identity verification and login with ZK. You can confirm with our architecture; there are multiple design issues with existing systems. Read more in zentity.xyz

🆕 Brave researchers have uncovered vulnerabilities in zkLogin, a widely-deployed authorization system for blockchain transactions. Our findings demonstrate the wider challenges facing zero-knowledge proof systems.

@sumsub A bit tone deaf to publish an article on other company incidents when Sumsub just disclosed a threat actor had access to sensitive data that went undetected for 1.5 yrs.

This is why Zentity is being built, because KYC won't stop, and breaches will only increase in size as time passes. theverge.com/tech/875309/di…

We're not only reforming KYC, but also Authorization. We've created a centralized authorization server that achieves privacy properties previously only seen in decentralized wallet-based systems (SIOPv2, SSI), while maintaining full compatibility with standard OAuth 2.1/OIDC

Every breach proves the KYC and Identity verification model is broken. - Coinbase: $355M, 69K IDs stolen. - ICRC: 515K refugees exposed. - Optus: 10M Australians documents. We've been building a different approach. Identity verification and authorization with nothing to steal

Identity verification for KYC has a design flaw. When you verify someone's age, you don't need their birthday. You need to know they're old enough. But traditional systems store everything anyway. Then spend billions "securing" data they didn't need to keep.