- Jul 12, 2015
Thank you, that's great to hear!
Awesome! I love that the timing was exactly 1 year apart!@craymarshallg Just thought I should share this. Almost exactly one year ago, MadDashFuryCash (Twitter) created this :
I'm not sure about this.
- The "local" version is actually international and the "plus" is US only.
- No KYC for the US Plus but mobile / email required for everyone else. Isn't email / phone a form of soft KYC?
- No ATM at all unless you KYC.
- Non-US will lose all unspent funds after just 4 months.
- Not clear, needs example, $1K max per card, yet $10K max per day. This is to say $1K per day from pre-loaded and $10K per day if you spend directly from crypto? Just want some clarification.
- What are the 30+ countries?
Actually, for the Rewards Local program, either email or phone can be used. While law enforcement could obtain the information (email or phone), the email and phone have not been kyc'd, which means you can use whatever. Just setup a private email for transactions and use that. Since no other information is being captured, you're golden. The email address is not tied to your identity. I made test transactions using this program this week. It works perfectly with an email address. You have 10 minutes to confirm an OTP sent to the email address in order to login to the bank's portal. That's what it is used for. The process for activating the card isn't great and we are working to see if we can automate it to make it a cleaner UX.Thank you for making this clearer.
I understand only email / telephone number are collected and it is a requirement imposed on you by others. It is, in fact, somewhat traceable using warrants. It is also the very same reason why I can't convince financial institutions to switch from SMS 2FA for a more secure TOTP or U2F. Frankly, I find SMS 2FA a PITA for losing / switching SIMs, or expired SIMs. They all know how vulnerable SMS is to SIM swap attacks.
I understand you're attempting to integrate with this crazy antiquated system that is holding us back. But as I previously said, hats off to you for your perseverance, I know I couldn't do it.
Thanks for the nudge. We have been building the products and have made a ton of progress. Here are a few relevant updates for the community:Two months since the last update, anything new?
Btw, can't install DashDirect from the Philippines, Play store says "country not supported", even though companies like Amazon are doing free delivery here. I'm an apk person but just nudging you about this.
Btw btw, I get similar problems when using the bitrefill website. Even if I set my country as "United States" they deny purchases, so I always have to switch the VPN to the US.
The details of each of our 3 programs are posted here:I'm not familiar enough with what you're calling the "Visa Rewards Local" program (and others) to know what exactly this all means. I like the Dash Back (not the real name) feature, and that much is new to me, but could you please give us the "diff" (to use a coding term) between what is planned to land and the old Dash Direct MasterCard feature?
Will I be able buy things at (all?, most?) Visa-accepting merchants using Dash and without giving up any personal data?
The name was originally due to supporting local currency. It was not global, as it worked in the region where you live. The new program is easier and has a better UX, but is only in USD. It can be used globally, so we will rename it Visa Rewards Global.That sounds like what's now called "Local" is the *global* version. Not confusing at all - glad they will be renaming that.
This is a deficiency, because in many parts of the world, revealing your phone number equals to KYC.Do you mean for the DashDirect app, or for the prototype? The prototype works on desktop. DashDirect uses the Dash Core mobile wallet, and is only for mobile devices.
I believe you are conflating mobile app, phone number collection for 2FA, and KYC. We do support WIFI only devices. We just don't yet have a version for desktop use. For now, we do ask for a phone number to secure your account with 2FA, but we may be able to change that in the future. That is unrelated to the above and also unrelated to KYC. It doesn't matter where you are in the world, sending an OTP via SMS is NOT KYC. DashDirect does not perform any KYC for any users in any way.This is a deficiency, because in many parts of the world, revealing your phone number equals to KYC.
At least, we can use a wifi tablet, cant we?
I don't want to be so picky but for someone like me - which I accept is possibly the minority - when a financial service demands SMS OTP and refuses point blank to implement TOTP or U2F as an alternative, then yes, I definitely see this as soft KYC. It is compatible with "follow the money", knowing various logs will be created, even if it's not by the financial service themselves.
A working example of how negative SMS OTP is for foreign travel. The act of logging into a bank or the processing of transactions may at some point trigger an SMS OTP verification. For the customer this means:
I realize I am the edge case here and many people are just super compliant, and the banks take advantage of this. And I'm definitely not saying Dash Direct is in the same league as these banks! But I think if you have a technically savvy customer that is familiar with TOTP / U2P, then I think, why not offer it as an option? It doesn't strike me as particularly high maintenance code.
- Use your home country SIM, which probably works but...
- it reveals and links who and where you are to the telcos and to all the people they share your data with.
- your home country SIM will expire if your stay is extended (definitely someone like me).
- you only have one SIM slot / phone and it's a PITA to switch SIM / drop the SIM / misplace it.
- Roaming may still be active even though you have disabled it in settings! This is 100% true, and the only way to be sure is to physically remove the SIM.
- I travel abroad and I don't know what my foreign phone number will be ahead of time, which is probably everyone.
- place a long distance call and sit in a queue for an hour before you can inform them of your new number and thereby reveal your current location, which should be none of their business. Assuming access to banking services but no forign ATM / in-store payments (which is also me).
- go online and upload new photos holding ID and so on. Not to mention the PITA it is to deal with time zones and weekends.
Regarding app usage vs the web. A lot of services have a nasty habit of building a captive audience and then adding all sorts of required permissions later. Again, I am not saying this is Dash Direct!!! But this behavior grows general caution and distrust among certain users.
For the above reason, many TOTP implementations are also tied to the hardware. And because they are tied to the hardware, they can be considered a soft KYC.TOTP credentials are also based on a shared secret known to both the client and the server, creating multiple locations from which a secret can be stolen. An attacker with access to this shared secret could generate new, valid TOTP codes at will. This can be a particular problem if the attacker breaches a large authentication database.