Just to clarify.
If your security model requires that people not look at public information, that's not how security works.
It's actually works the other way around. You assume your attacker has a hefty amount of resources and the goal is breaking the security.
I completely understand this. I am definitely not advocating security through obscurity. The problem is about morality, or lack thereof. It's like saying you're only making knives, knowing full well your buyer is slaughtering animals.
This is also a question of motives and potentially disincentivization e.g. DCG (or the DIF) prioritizing certain activities over others in fear of upsetting the wrong people. It's also about association with organizations where the sharing of personal data is actively encouraged and profited from. Not least that Chainalysis provide essential services to companies and governments where data retention is
required i.e. illegal to immediately delete it. Those financial institutions that Chainalysis serve are also
required to secretly report on anyone caught in their dragnet. So yes, you're right, the banks, governments and institutions have a hefty amount of resources and you want dash to go out of it's way to engage with them.
As you know, these companies aggregate very personal information from multiple sources (and governments) globally to then act inappropriately against millions of people for whom they have no jurisdiction. That person in country A comes under the purview of country B which ultimately feeds back to the government of country A. As an individual you have no leverage over country B and yet you fall under the regulatory umbrella of both countries. This subsequently leads to both international treaties and blockades that work against individuals who just want to get on with life without burden or intrusion.
Data "privacy" laws are designed to work against individuals and to empower companies like Chainalysis. As an individual it would be illegal for me to follow you home, enter your home, copy all your financial information, including credit cards, CVVs etc. But as a company you are given a license to do so. It's not an exaggeration. Let me give you some real examples of how "transparency" can be used against you.
Harry Dunn: Lawyers claim phone may have distracted suspect
"They said no calls or texts were found on her SIM card on the day of the crash, but call records were found for the day before and day after.
The documents said this "raises the possibility that Ms Sacoolas was distracted by her mobile telephone... and establishes that relevant phone data was deleted".
Not that data can be deleted from the blockchain but rather humans can choose to ignore one thing while simultaneously providing "proof" of something else. The tools to create a certain narrative.
Or how about Nexo's openly declared anti-VPN policy. Forced transparency to "protect you". Yes, Nexo will shut you out for continuing to use a VPN (see ToS / ask them). On the one hand they claim it protects them from hackers, but at the cost of compromising their customers security. Because VPNs aren't just about hiding your location, you can easily authenticate who you are, but they also help protect unwanted inbound traffic.
So yes, all this info is publicly available, but someone somewhere woke up in the morning and decided, "you know what, I can abuse so I will abuse. I will exploit people when I have other choices in life".
WHY must the DIF associate with such criminals when the presumption should be innocent first?
