| ▲ | nebezb 8 hours ago | |
I read it and, maybe it’s because I’ve spent too much time in fintech, I don’t share most of the concerns. The differences in proclaimed data retention periods is concerning though. The rest is par for the course for KYC/AML. | ||
| ▲ | bri3d 3 hours ago | parent | next [-] | |
I agree; I didn't want to editorialize too much as I think the writeup stands on its own. My takeaway was that in this case, even an author with a clear and extreme bias against this sort of thing could find only unfortunately-common bad practices rather than deeply nefarious intent. Of course, this is just the front-end code, but this just looks like a KYC platform to me. Most of the secondary reports on this write-up seem to completely ignore section 0x13 and jump to the specific conclusions the author does not draw. The fact that we've created a system where Discord need and want a KYC platform is a different and quite strange thing, but the KYC platform itself just looks like what it says on the tin. | ||
| ▲ | boppo1 6 hours ago | parent | prev [-] | |
Tell me more before I doom about this too much. | ||