I recently recalled a situation when I went through video verification with my passport near my face for an online platform, the main goal was to confirm that I am over 18, and the more I think about it, the more I feel that my passport photo could be circulating online, the more I feel digital vulnerability in such moments. The traditional KYC procedure today looks like a huge security gap, you are handing over a complete package of your most sensitive data to a company whose level of protection you know nothing about. Your passport photo becomes part of their database, which in the event of a breach could end up on the dark web.
If the scenario @SignOfficial had been applied, it would have looked completely different. Here’s how the concept of "attestations" changes the game; imagine that instead of uploading a photo of your passport to the platform, you would provide an attestation. How does this work in practice? A trusted party (for example, a bank that has already verified you) creates a digital signature that confirms only one fact: "This person is over 18 years old." That’s it!
The platform receives a cryptographically confirmed "YES," but does not see your photo, passport series, or registration address.