I read it and, maybe it’s because I’ve spent too much time in fintech, I don’t share most of the concerns.
The differences in proclaimed data retention periods is concerning though. The rest is par for the course for KYC/AML.
I read it and, maybe it’s because I’ve spent too much time in fintech, I don’t share most of the concerns.
The differences in proclaimed data retention periods is concerning though. The rest is par for the course for KYC/AML.
I agree; I didn't want to editorialize too much as I think the writeup stands on its own.
My takeaway was that in this case, even an author with a clear and extreme bias against this sort of thing could find only unfortunately-common bad practices rather than deeply nefarious intent. Of course, this is just the front-end code, but this just looks like a KYC platform to me. Most of the secondary reports on this write-up seem to completely ignore section 0x13 and jump to the specific conclusions the author does not draw.
The fact that we've created a system where Discord need and want a KYC platform is a different and quite strange thing, but the KYC platform itself just looks like what it says on the tin.
Tell me more before I doom about this too much.