A class-action suit recently filed against the cryptocurrency exchange Coinbase has once again shined a spotlight on biometric data collection and use by technology companies. Although the suit is founded on Coinbase’s alleged failure or refusal to comply with the U.S. State of Illinois’ Biometric Information Privacy Act, the class action nevertheless highlights challenges facing tech firms that serve customers or users in more than one jurisdiction.
Web3 and tech firms are often confident their collection or use of biometric data obtained from customers conforms to the law. However, past instances where even corporate giants like Google were forced to fork out over $1.3 billion to settle data privacy law violations appear to support the idea of having a comprehensive federal privacy law rather than the patchwork of state-level regulations.
However, for customers or users whose sensitive biometric data is captured by top Web3 companies including crypto exchanges, the stakes are even higher. The growing incidents in which cryptocurrency users with substantial holdings are targeted by armed gangs seem to suggest that cybercriminals may be in possession of sensitive user information, including biometric data.
As the recent Coinbase cyberattack case demonstrates, allowing non-essential employees access to user data can turn out to be costly in financial terms. Yet, as Michael Arrington, co-founder of Arrington Capital, recently put it, the human cost of this will likely be much higher than the $400 million stolen. This assertion is seemingly backed by the ever incidents in which crypto influencers or holders of significant amounts crypto assets are targeted by armed criminals.
In one recent incident, Festo Ivaibi, the founder of a Uganda-based crypto and blockchain education platform, was abducted by criminals posing as members of the country’s security forces. During the ordeal, the Ivaibi was assaulted by the criminals who seemed to be aware that he had substantial crypto held in his Binance wallet. The founder ultimately lost $500,000 but was left alive to tell the tale. Both the Coinbase cyberattack and the African founder’s encounter demonstrate how sensitive user data is stored and who has access to it matters.
Meanwhile, Arrington’s call for punishment, including prison time for executives of companies that fail to properly handle user data, demonstrates the difficulties facing Web3 and tech firms collecting and storing sensitive customer information. The quandary facing companies like Coinbase and others also show just how limited the protections for Web3 companies are currently. So how can companies ensure the safety of Web3 identity systems?
According to some experts, the solution lies in modular privacy architecture that prioritizes flexibility and user control, rather than rigid, biometric-heavy models. Instead of forcing users into a system where their biometric data is captured and stored centrally, this architecture allows for more adaptable and user-driven privacy settings. This means users can choose how and when to verify aspects of their identity without necessarily revealing the underlying raw, sensitive data.
Nanak Nihal Khalsa, the co-founder of Web3 project Holonym, is a proponent of this approach. He told Bitcoin.com News that KYC without privacy-preserving design, especially zero-knowledge proofs, is a ticking time bomb. He added that as long as exchanges and platforms warehouse sensitive user data in centralized databases, they create honeypots that inevitably attract attackers. He explained why a modular approach is groundbreaking”
“A modular approach to privacy architecture changes the equation. Zero-knowledge proofs and other verifiable credentials allow platforms to meet compliance requirements without ever storing or even seeing users’ most sensitive information. Identity becomes a proof, not a file.”
The co-founder insists that such solutions increasingly matters because the data being collected by Web3 companies is only getting more personal. He argues that relying on biometrics like fingerprints or DNA for identification poses a permanent risk: once compromised, unlike government IDs, these unique personal identifiers cannot be reset.
Khalsa’s Holonym offers a modular digital identity solution that uses ZKPs for privacy and compliance, rather than biometrics. Its Human ID protocol has to date allowed over 125,000 pseudonymous users in 180 countries to verify personhood without revealing their identity. With a privacy-first and decentralized design, Holonym aims to “bring digital rights to the world,” by encouraging websites and even governments to adopt its protocol for ID verification. This modular approach, according to Holonym, helps mitigate security risks and builds trust in digital identity.
Meanwhile, Khalsa acknowledged that incidents like the recent Coinbase breach highlight a deeper problem in crypto infrastructure and underscore how flawed identity systems built on centralized, monolithic architectures are.
“The future of compliance isn’t about collecting more data. It’s about proving more with less. Privacy by architecture, not privacy by hope,” the co-founder said.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
