Today Galxe released an important feature, called passport which connects Galxe ID to identity information with help of a Persona’s KYC (Know Your Customer) system. Regulations
In the First Place
I want to thank the team to let me raise my doubts and questions, hope it makes everything more clear about this new important feature.an the current moment, this is the only official blog post about “Galxe Passport”: https://blog.galxe.com/introducing-galxe-passport-53502725636a
You can make mint your non-transferrable passport NFT here:
https://galxe.com/passport
Although regulation is an inevitable part of the blockchain world like other industries and will happen sooner or later for big platforms, we need to discuss all other possible solutions to do it without a lack of privacy.
Questions and Doubts
I tried to make it easier by highlighting my questions, hope it helps shorter reading time.
1. Anonymous and Secure
Your identity information will be encrypted with your password. This data is never stored in plain text and will not be accessible by anyone (including Galxe) without your explicit permission. [source]
This is huge, what are the guarantees? While we need to learn more about how data would transfer between Persona and Galxe, I would like the team to consider a remarkable bounty reward for this section. There is not enough information about how our data will be de/encrypted.
2. This data is never stored in plain text and will not be accessible by anyone
But if we read the privacy policy carefully, there is a noticeable context:
Categories of Personal Information. While the Personal Information we collect varies
depending upon the circumstances and your interactions with the Service, we may
collect the following categories of Personal Information (subject to applicable legal
requirements and restrictions):
- Name, contact information and other identifiers: identifiers such as a name,
username, account name, blockchain wallet address, mailing address, phone
number, country of residence, birth date, email address, and online identifier.
And other doubtful paragraphs that can be discussed.
Moreover, in the terms of use:
Eligibility. To be eligible to use the Services the jurisdiction in which you access the
Service must allow these Services and you must be of the legal age in the jurisdiction
you reside in at the time of using the Services. If you are below the legal age in your
jurisdiction, you are prohibited from using the Services.
There are many other parts that are copied from the main rules of the Galxe website which bring up a question: if our data is not accessible, where does the highlighted information for filtering come from?
Identity data shown to the user after successful KYC (only by password). The information extracted (e.g. birthday, nationality) can link us to the preceding issues.
Why not just store the KYC status (boolean value) instead of this personal data?
3. In case of preventing Sybil attacks
We all know about Sybil attacks and how “Galxe passport” can help to prevent them by allowing platforms to enable “Galxe Passport Holder” credential as a base eligibility constraint.
This is a great improvement that makes a disaster disappear with an ease of a click. But I could not find any changes on the OAT contracts or other contracts so how the KYC can prevent Sybil attacks bypassed by the secondary market trades?
4. Alternative solutions without requiring critical information
As the community already mentioned, there are alternative solutions such as “Proof Of Humanity”, “Gitcoin Passport” or “BrightID”. They made for crypto, how and why you decided to go with “Persona“ instead of alternative solutions?
5. Deleting Data [Suggestion]
Currently, there is no way to remove Galxe ID, but with the presence of Galxe Passport, it is mandatory to let users decide about their data deletion anytime.
Thank you for reading my post, and I appreciate any response from the team at the upcoming AMA.