> KYC is an important area for many applications.

Agreed. Superb for malicious hacks and information leaks.

It's more productive to direct criticism at the legal systems that necessitate KYC rather than the technology that allows compliance. Being that hacker news is a technology-oriented forum, readers must be forgiven for interpreting your comment as criticism of the referenced project, rather than the policy that gives rise to its necessity.

With that said, KYC is a prerequisite to doing business in a number of fields, and I applaud any efforts toward an open source and auditable implementation.

It is malicious technology just like AI surveillance. And just like AI surveillance Being enforced by regulation doesn't make it moral. It _will_ eventually be hacked and you may even endanger the lives of your customers by leaking financial information paired with physical addresses.

For whatever reason harvesting personal data like big tech does is bad but if you slap a KYC sticker and say its for fighting terrorism it's all good.

It's not for fighting terrorism it's for mitigating fraud which is rife in finance

KYC and more broadly AML efforts are meant to detect and prevent both profit-motivated crime like fraud and terrorism. It's a shame that a 2011 report by the UN showed only 0.2% success rate (criminal enterprises kept 99.8% of illicit earnings) after two decades of the stuff. Things haven't exactly gotten better since then, with as little as 0.1% successfully confiscated and the proportion attributable to money laundering regulations possibly as low as 0.02% (https://www.emerald.com/insight/content/doi/10.1108/JMLC-01-...). It's possibly the least effective policy experiment of all time.

The whole endeavor might be so entrenched now that it's "sovereign-complete" and will require complete regime change to really change it, much like other things, but from more optimistic views there's probably already enough people working at the layer of law to try and make things better (here's a random congressional testimony from 2017 https://www.judiciary.senate.gov/imo/media/doc/Cassara%20Tes... "Modernizing AML Laws to Combat Money Laundering and Terrorist Financing"). People working at the layer of tech might help best not by making the most streamlined implementations of everything possible, though open source is certainly better than not, but by making the experience as brutally inconvenient and complaint-generating (directed/redirected at law makers) as possible, doing the minimum necessary to follow the laws and regulations as currently written to minimize their harms, since their gains are pretty much nothing. As they currently tend to exist, KYC setups end up being more useful for crime than against it.

Regardless. Keeping CID financial data is like handling nuclear toxic waste with a plastic bucket. It's not going to end well for you or the customer. Find a better way.

Does KYC help to prosecute Microsoft support scammers?

KYC's purpose is to prevent you from transferring money anonymously. However there still are methods to do this (for example, gift cards or betting on sports).

I made a few flippant and really vague remarks at my bank and I regretted it later, when I realized they were genuinely trying to KYC and not just be nosy in my personal life.

Thanks! that was part of our motivation behind it. you can read this blog post about KYC UX from our experience previously working together at a Neobank, by Nitzan who is leading the Product on this project: https://vaulted-law-a70.notion.site/Creating-the-perfect-KYC...