Original article《To submit, or not to submit》, author: Dana J. Wright, translated by Odaily jk.

Human intuition is an incredible tool. We encounter many things in our daily lives that are so profound and complex that at our current stage of cognitive development, we cannot fully understand them.

Online data collection is a perfect example. When you register for an application or service, you have no concept of what will happen to your name, email address, location, biometric data, and any other information you submit.

Yet, you are always making decisions.

When you enter a create account page, a contact form, or an input payment details page, you consciously or unconsciously quickly assess how much you trust this company or platform, then weigh how much you want what comes after the data collection step, and decide whether to submit.

Just a few days ago, I encountered a situation like this myself.

Here's a quick review of my decision-making process, what my intuition told me, why I decided to do it, and the consequences of making the wrong choices in these situations.

The story begins with this email

In November 2022, with the collapse of the entire FTX empire, BlockFi.US went out of operation after acquiring its controlling stake, prohibiting customer withdrawals, and filing for bankruptcy.

The amount of assets I had in BlockFi was not significant, but it was not completely negligible either. Knowing the bankruptcy process of other cryptocurrency companies that have gone sour like Celsius and Voyager, I did not have much hope of recovering these funds.

So, this email was a pleasant surprise for me. (At least at the time.)

Withdrawal request

BlockFi's second email: Withdrawal request received.

Withdrawal seems straightforward.

I selected the assets to transfer, entered the amount and my wallet address. At first, I entered a small amount just to test and ensure everything goes smoothly, a habit I developed after many painful lessons.

Shortly after, I received an email confirmation containing the summary of the withdrawal, but no funds were received in my wallet. It's not uncommon for transfers from centralized exchange platforms to take a long time, so I wasn't too worried and continued with my daily life.

"Shotgun KYC"

BlockFi's third email requests identity verification.

A few hours later, I received another email from BlockFi stating that in order to complete the withdrawal request, I need to submit identity verification.

This scam is known as "Shotgun KYC" within the cryptocurrency community.

This happens when a trading platform allows you to easily deposit a significant amount of funds into your account with minimal resistance, but when you try to withdraw the funds, you are faced with a cumbersome identity verification process that can take a long time.

Users from various exchanges have reported that KYC processing can take several months, and sometimes accounts are indefinitely frozen.

By the way, the term "Shotgun KYC" was coined by Odell in 2019.

To Submit or Not to Submit

Identity verification form from BlockFi's third-party KYC provider.

Without beating around the bush, I submitted it.

I submitted six sensitive personal identity information, my official ID and a biometric check (biometric facial scan).

In retrospect, the reasons are as follows:

• In this case, there is a reasonable reason for identity verification in addition to financial monitoring, which is that the law firm may need to verify that the claimant is actually the legitimate holder;

• It says in the email that the withdrawal process may take up to 90 days, and I know it may actually take a few months, so I want to get in line as soon as possible;

• For me, the amount of funds to be recovered is worth taking the risk.

People assign different monetary values to their data. If you are a billionaire, you may need to undergo comprehensive KYC and the compensation required to bear these risks may be in the millions, or not worth it at all.

For me, this threshold is much lower.

It is important to understand that you should set a "premium" on your identity data.

Over time, the probability that the platform will sell the information to third parties or be hacked is almost 100%, so you need to be compensated accordingly.

Consideration of Risks and Benefits

The email from BlockFi told me that identity verification helps protect his account and assets. This is a complete lie.

When I read this sentence in BlockFi's email, I just rolled my eyes. I fully understand that this is a harmful lie. Submitting KYC (Know Your Customer) information exposes individuals to various attacks they have never had to worry about before.

Specifically, there are the following points:

• If your account is hacked, the information contained within is enough for the thieves to not only steal your funds but also your identity. Depending on your net worth and the amount you hold on the exchange, your KYC information may be more valuable than your funds. Once hackers gain access to your account, all this information is typically available for download directly from the settings menu, usually located in privacy settings.

• If the trading platform is hacked, customer data is becoming an increasingly targeted asset. While the platform may face immediate legal, reputational, and financial disaster for losing customer funds, the same cannot be said for customer data. I have yet to see any company provide compensation to customers for lost data due to a hacker attack.

• If an exchange shares your data, the possibilities of where your data ultimately ends up are endless. This is the most concerning aspect as exchanges do indeed provide your data to analytics companies, other financial institutions, and government agencies. Nowadays, most exchanges outsource the entire KYC process to third parties. For example, this company claims to store KYC data for over 1000 platforms (I don't even know there are 1000 cryptocurrency platforms).

Once these third parties have your data, you have completely lost control over it and relinquished any rights to restitution if the data is leaked.

And these data will definitely be leaked, it's just a matter of time.

Hacker Attacks

I received my fourth email from BlockFi notifying me that my data has been compromised.

On August 24 (just seven days after the first email was sent out) I received an email from BlockFi stating that their KYC vendor experienced a data breach, and unauthorized third parties gained access to a large amount of customer data.

This is just laughable.

Considering the timing, it seems likely that the attackers may have already been inside the system.

They could have just been waiting for BlockFi to open withdrawals and force tens of thousands of people to submit their data. Then strike.

These are usually experienced hackers.

Final Thoughts

Looking back, would I still submit my data if I knew it would be leaked immediately?

Actually, yes. My KYC data has been compromised multiple times. If that wasn't the case, perhaps I would have had different considerations, but the reality is that I no longer care.

However, for those who haven't had their biometric data and official IDs collected, bought, and sold multiple times on the dark web, it is crucial to understand that submitting KYC is an extremely risky behavior.

At best, it greatly increases the risk of identity theft. Worst of all, it is used as a tool for mass financial surveillance. All three-letter agencies have backdoors and use this data in ways that you may never agree to in crazy ways.

The bottom line is: your data is only safe if it has never been collected.

So next time you stare at these forms, realize how important the requested information is and trust your instincts, and if the return isn't worth it, walk away.