#KYC and telegram

Require KYC verification for every individual who opens a cloaked account. This measure assists in maintaining the integrity of Cloaked by preventing misuse of numbers for scams or fraud.

Cloaked Team must create channels and groups on Telegram. There's a significant industry on Telegram that specifically requires numbers, especially from the US and UK, for various tasks. I am involved in this industry!

Hey there, thanks for the feedback! I've passed this onto the team internally who will look into this further! Once we have any updates to share we'll reach out!

That's a big no from me. KYC, or "Know Your Customer," is a process used by businesses, especially in the financial sector, to verify the identity of their clients. Its main goals are to prevent identity theft, financial fraud, money laundering, and terrorist financing. This involves collecting and verifying basic personal information like name, date of birth, address, and a government-issued identification number. Sometimes, more information may be needed to confirm the source of funds and the nature of the customer's activities. KYC ensures that financial services aren't misused and maintains transparency in business relationships. However, the whole point of Cloaked is to avoid divulging such information, thereby preserving user privacy. By requiring users to give up their data, it contradicts what Cloaked stands for. The core purpose of Cloaked is to protect user privacy. Surrendering such information negates its true intent. I'm pretty sure Cloaked aims to prevent sharing this type of data with third-party companies. Here's my take: if you implement a system where the user surrenders privacy rights, no company, including Cloaked, should need this information. While I understand your viewpoint regarding security, this is not the right approach. There are many risks, like data breaches or unauthorized sales. As someone in cybersecurity, I believe this approach is incorrect for this app. While the intentions might be good, it could still pose risks to Cloaked's customers we need to preserve rights of privacy to users.

Thank you for your comment. However, the fundamental question is whether Cloaked is designed for personal individuals to protect their privacy or for companies to generate unlimited resources like numbers and emails. If it's tailored for individual use, then implementing KYC would indeed seem quite reasonable. Please feel free to correct me if I've misunderstood.

no, you are correct however, from what I understand Cloaked is for personal individuals and it’s to protect the privacy from companies from selling your data, etc however, I just think the end user shouldn’t have to give up their privacy in order to use a feature or Cloaked for that matter because at the end of the day, it’s not about whether you have something to hide it’s the fact that people want privacy from foreign entities or bad actors. You know I honestly think that with today’s day and age with technology changing we as the people need to change with it but implementing such security system would also give up the rights in privacy of its users, if such system was to be implemented, don’t get me wrong. I am all up for security, but there are many ways to combat bad actors rather than going to that extreme measure, while we understand that fraud and things can indeed happen, but we also need to also realize as individuals that, not everybody is going to commit fraud because not every person does I think that there could be another system in place to do such but however, I do completely understand where you’re coming from as far as security goes. This would be the ideal situation however, if the user would have to literally give up their date of birth, their email their first and last name, and sometimes and even certain circumstances even their identity I just feel like it’s a little bit wrong because to me, I feel like you would be the wrong approach. I just feel like a lot of people need more privacy aspects don’t get me wrong security is great as well but they’re just Has to be another way.

I don’t know we’ll see what the staff have to say

I completely understand your point. However, considering that Cloaked offers a high level of security, including the safeguarding of banking information, users inherently place their trust in the company. Consequently, providing personal information to protect a Cloaked account and sensitive data seems reasonable. For instance, I've opened a Cloaked account and stored all my work-related information. Cloaked didn't request my personal details, indicating a lack of seriousness in data protection. I used a random nickname, which suggests that they didn't emphasize security measures. My concern is if Cloaked implements an automated API for various tasks and allows widespread access, individuals might generate unlimited Cloaked mail through fake user profiles. This could lead to spam, fraud, and potentially blacklist Cloaked domains on major websites like Google and Outlook. Presently, it seems there's a smaller number of users registering legitimate information with Cloaked, while many are creating fake accounts on different social media platforms for dubious purposes. Imagine if the entire platform went down due to a few shady individuals. People on Telegram suggested using Cloaked. Were they using Cloaked to store personal information? No, they were using it to create fake accounts and exploit the system here and there. I'll agree with your point that implementing KYC verification would be a significant decision. Cloaked could integrate this system in a way that passing the KYC grants unlimited resources and possibilities, while failing to pass or not passing it imposes certain limits, even for paid users. I believe this change could positively impact Cloaked's system, preventing abuse and distinguishing between trustworthy users and those aiming to misuse the platform. Those who store critical personal information might not hesitate to provide their identification. Adrian, I'm pleased with the engaging conversation we're having

I am too buddy and I’m just more concerned about the privacy concerns I mean I think maybe it should be maybe a one time verification but never be stored. Maybe that could work just as a one time verification once they go over that limit, but I do now see your viewpoint on this security matter, if it’s a one time verification, I don’t see why it wouldn’t be a bad idea however, if they were to store this information, then I would raise an eyebrow.

Adrian, thank you for understanding, my friend. Don't worry, if Cloaked ever introduces such a system, I might be the first to panic and switch my Cloaked information to my personal details because my entire work currently relies on Cloaked US phone numbers, haha! It was a pleasure talking to you, sir.

Hard no on this one. There would be no way that cloaked could keep this information private. Yes, they could put in mitigations and "delete" the user data after use. However, what about when a government decides that it doesn't like a specific group of people and requests their accounts to be shut down? If all the accounts are set up in a true name, any government could easily completely shut down any citizen's digital life at any moment.

Cloaked's entire business is built upon establishing user trust - users have to trust that Cloaked will protect the data being entrusted to them. If users lose faith in Cloaked, then Cloaked will die. Period.

The best way to assure users that Cloaked couldn't/wouldn't surrender PII is for Cloaked to not have that information in the first place.

There are other/better ways to combat fraud and abuse than requiring that users surrender personal information.

What way would that be precisly?

Setting reasonable rate limits on how many email addresses / phone numbers can be generated within a set time span, monitoring usage for anomalous behaviors (are you sending 100 emails/texts within an hour or generating a dozen different identities for the same web service?), preventing sign-ups from IP blocks known for malicious / fraudulent activity (or from known free proxies/VPNs), disallowing commercial use (fraudulent or otherwise) in the terms of service.

Maybe add an option for people who need a higher rate limit to validate their identity in exchange, but don't require it for every Cloaked account.

I like your idea

"We think these are reasonable limits for personal use. If you need to go beyond these limits, we'll need to verify your identity and confirm that you aren't using the service for scammy, fraudulent, and/or commercial use."