Company Feeds | Identosphere Blogcatcher

What if your compliance team could spend more time on investigating complex cases, and less on repetitive triage?

The world of crypto compliance and blockchain analytics is evolving at breakneck speed. High alert volumes, increasingly sophisticated criminal typologies, and ever-tightening regulatory demands are now everyday realities for compliance teams and risk leaders. It's no wonder that conversations about AI in compliance spark both excitement and concern. Will automation really make our lives easier, or does it threaten to sideline the very expertise we've spent years building?

Thales appoints Tommy Ayouty, Vice President Northern & Central Europe prezly Tue, 07/01/2025 - 11:18
Tommy Ayouty

 

Thales has appointed Tommy Ayouty as Vice President for Northern & Central Europe. In this role, he will be responsible for driving strategic growth within all Thales business areas in the region, which represents around 2,700 employees across 27 countries. He succeeds Alice Guitton, who has taken over a new role within the Group.

Tommy Ayouty brings 20 years of experience within Thales to this role. Prior to this nomination, Tommy held the position of VP Sales & Accounts for Thales UK since December 2023. His previous roles include CEO of Thales Denmark and Country Director of Finland, Iceland, Ireland and the Caucasus, as well as leading Thales Nordic & Baltics, a region he helped establish during 2018-2021. Additionally, Tommy also served for three years as Managing Director for Thales in Thailand.

“Tommy Ayouty’s extensive experience within Thales and his deep knowledge of Northern & Central Europe make him an invaluable asset to consolidating Thales’s growing expertise and footprint in the region’s civil and defence markets”, says Pascale Sourisse, Senior Executive Vice President, International Development.

About Thales

Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.

The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.

Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion.

PRESS contact

Communication Director Northern & Central Europe Lynne Scott Walters +45 2119 1441 lynne.Scott-Walters@thalesgroup.com

 

/sites/default/files/prezly/images/sans%20A-1920x480px_101.jpg Contacts Cédric Leurquin 01 Jul 2025 Type Press release Structure Czech - Republic Denmark Finland Greece Hungary Latvia Norway Poland Romania Sweden Thales has appointed Tommy Ayouty as Vice President for Northern & Central Europe. In this role, he will be responsible for driving strategic growth within all Thales business areas in the region, which represents around 2,700 employees across 27 countries. He succeeds Alice Guitton, who has taken over a new role within the Group. prezly_774325_thumbnail.jpg Hide from search engines Off Prezly ID 774325 Prezly UUID 6596810e-7ca2-449c-a49f-67959a66a7a5 Prezly url https://thales-group.prezly.com/thales-appoints-tommy-ayouty-vice-president-northern--central-europe Tue, 07/01/2025 - 13:18 Don’t overwrite with Prezly data Off

“We’ve all heard the calls for more resilient digital identity systems.“

Heck, I covered that in the blog posts I did a few weeks ago on centralization vs. decentralization. Resilience is on my list of the top ten buzzwords of the year. Whether we’re looking at geopolitical turmoil, AI disruption, or yet another IdP outage, it’s clear that the infrastructure we’ve relied on for decades is straining under new (and not-so-new) pressures.

The catch to this demand, however, is that resilience is expensive. And in standards development, it’s often treated like it’s free.

Identity professionals usually talk about resilience as a technical or operational problem, how to recover when something fails. In my early days as a sys admin, disaster recovery and business continuity were my jam, so I get it. But from a standards and governance perspective, I keep coming back to a different question:

What kinds of resilience are current standards actually enabling? And where are we still pretending flexibility comes without cost?

oooooh, hard question!

A Digital Identity Digest Resilience Isn’t Free: What Standards Can (and Can’t) Prepare Us For Play Episode Pause Episode Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds 00:00 / 00:11:33 Subscribe Share Amazon Apple Podcasts CastBox Listen Notes Overcast Pandora Player.fm PocketCasts Podbean RSS Spotify TuneIn YouTube iHeartRadio RSS Feed Share Link Embed

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

Resilience is the wrong word if you can’t afford to change

Most modern identity standards build in some notion of flexibility. You’ll find language about “pluggable” trust frameworks, revocable credentials, and multi-source identity assertions. It all sounds great, on e-paper.

But in practice, very few implementers can afford to build and maintain all the branches that the standards suggest. Most systems implement the bare minimum required to pass a test suite (please tell me there is a test suite) or ship a product. The more complex the flexibility, the less likely it will be used or maintained.

This tension came up repeatedly in my recent blog series on centralization and decentralization. It’s not that one model is better than the other; it’s that resilience requires the ability to shift between these architectures. Shifting means you need a governance structure that can manage both states, not just technical plumbing that supports a theoretical toggle.

Governance is expensive, as is testing rarely used failover paths. Yet we talk about flexibility as if it’s a universal good. It’s not. It’s a luxury, and we need to be honest about that.

Most standards assume stable trust anchors

I want to be clear: assuming stability isn’t inherently bad. The Internet only works because we assume certain things, like DNS will resolve, certificates will validate, and revocation servers will be online. “Turtles all the way down,” as the saying goes. If you don’t trust anything at all, then you cannot actually use the Internet.

But most identity standards still assume that key pieces of the trust chain are always available and operating neutrally. Whether it’s SAML federation metadata, OpenID Connect trust frameworks, or verifiable credential issuers and resolvers, there’s usually no plan B.

When systems fail due to policy shifts, infrastructure outages, or organizational collapse, the standard itself rarely provides fallback guidance. At best, you’ll get some MAY clauses. More often, it’s left to implementers to figure out what to do when their trust anchor disappears.

Some specs (notably in the decentralized identity world) are starting to grapple with this. But many others still reflect a stable-world mindset. That’s a mismatch for the world we’re actually living in.

Delegation, AI agents, and identity sharing are afterthoughts

What makes me sad is that we, the people working in tech, knew these problems were coming, and we kicked the can anyway.

Delegation has been a known issue in identity for years. We’ve seen efforts like User-Managed Access (UMA) define how to handle “on-behalf-of” scenarios, layered roles, and AI agent use cases. But they’ve remained niche, partly because the implementation complexity is real, and partly because the incentives haven’t been there.

Now we’re scrambling to retrofit standards that were never designed to handle autonomous agents, shared credentials, or multi-party authorization flows. And we’re trying to do it without breaking existing infrastructure that assumed a much simpler world.

If we want identity infrastructure that can survive the next decade, we have to stop treating delegation and agentic identity as edge cases. They’re central to how identity will work going forward, and they’re crucial to any conversation about long-term resilience.

There’s no such thing as neutral infrastructure

Let’s talk about government-issued credentials.

They’re often framed as the gold standard for trust, and for many high-assurance use cases (finance, travel, health), they are. But they’re also highly contextual. They encode the priorities, capabilities, and politics of the issuer. Not everyone trusts their government. Not every government trusts other governments. And, not every global corporation can figure out how to deal with all the government requirements, especially when governments contradict each other.

A system that assumes government credentials are always the best option risks becoming brittle. What happens when a user doesn’t have access to those credentials? Or when the trust in a government changes?

The DC API

This question is playing out in real time in the standards world. A recent discussion about the Digital Credentials API in the W3C’s Federated Identity Working Group points out that not all wallets are created equal, and neither are the governance models behind them.

A government-issued wallet may want to authorize verifiers through its own mechanism, asserting tight control over how its credentials are used. A browser acting as an intermediary might conflict with that, unless a protocol allows the wallet to enforce its preferences. But for other, non-government wallets, such as those used in enterprise, education, or social scenarios, the browser might be the only line of defense, especially where verification risk is low and wallet quality varies.

This is where the fiction of neutrality breaks down. When browsers or OS platforms decide how wallets should behave, who gets trusted, and what protocols are supported, they stop being passive conduits and start shaping the structure of the ecosystem. And that has consequences for which identity models can thrive. (To be fair, I’m not sure they have a choice, given how they are held liable for when things break down, but it’s still a matter of consequences.)

Resilience, then, isn’t just about supporting many wallets. It’s about enabling multiple trust frameworks to coexist, even when their needs are in tension.

That means standards shouldn’t default to one “gold standard” credential or wallet model. They should support a plurality of issuers, governance structures, and levels of assurance, because no single model is durable enough to anchor every identity system, everywhere, forever. No one is going to “win” the wallet wars.

If resilience is the goal, we need better defaults

We often measure the success of a standard by how widely it’s adopted. And that makes sense; if no one uses it, it doesn’t matter how flexible or forward-looking it is.

But in a world where trust assumptions are increasingly unstable, we also need to ask:

Can this standard still function when the environment shifts? Can it support multiple deployment models? Multiple trust anchors? Conflicting governance approaches?

Adoption is essential, but it’s not enough. Standards that can’t adapt get ripped out when the world changes, assuming we pay the technical debt. That might not happen in year one. But over time, brittle assumptions break, and infrastructure that once seemed “standard” adds to the debt that’s breaking our industry.

If resilience is the goal, we need better defaults:

Defaults that don’t assume the trust anchor is always online. Defaults that let delegation and AI participation evolve without rewriting the spec. Defaults that recognize different types of wallets, verifiers, and issuers will operate under different rules, but they still need to work together.

And maybe we also need more standards participants with risk assessment experience (please and thank you), so we can start designing for volatility from the beginning, not just retrofitting it later.

Wrapping up

I’m not arguing that we need to abandon federation or centralized identity, or that VCs are the answer to everything. I’m arguing that we need to stop building identity infrastructure that assumes everything will go right.

Resilience isn’t about architectural preference. It’s about designing for a world where the map keeps changing. If we want our standards to hold up under pressure, we need to stop pretending that flexibility is free and start deciding where we’re willing to invest.

Because trust might be turtles all the way down, but someone still has to check on the turtles.

Want to stay updated? I write about digital identity and related standards—because someone has to keep track of all this! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

(00:00) Let’s talk about one of the most common words in tech media today: resilience.

(00:37) In 2025, it’s everywhere. But when it comes to digital identity systems, what does resilience actually mean—and perhaps more critically, who pays for it?

(00:51) Many assume resilience just means flexibility. But building flexible systems isn’t cheap. Flexibility costs money, and lots of it.

Flexibility on Paper vs. Resilience in Practice

(01:13) Most modern identity standards suggest adaptability. For example:

Pluggable trust frameworks Support for multiple issuers Credential revocation paths Selective disclosure mechanisms

(01:41) These sound like flexible, future-ready systems. But in practice, most implementers don’t have the budget, time, or political will to build beyond what’s required today.

(02:10) When deadlines loom or audits approach, resilience features—fallback flows, delegation models—often get cut. They’re seen as luxuries, not priorities.

(02:27) The result? When a major provider goes offline, everyone scrambles to fix what should have been planned for.

Resilience Requires Planning for Change

(02:46) In earlier blog posts on centralization and decentralization, I made the case that resilience isn’t just about choosing one architecture. It’s about adapting between models as conditions shift.

(03:08) But those shifts require governance, testing, and long-term maintenance—and few standards talk about that part.

What Happens When Trust Anchors Fail?

(03:18) Most identity standards assume certain things are stable: DNS, certificate authorities, federation metadata, DID resolvers.

(03:45) And most of the time, that’s a fair assumption. But not always. Trust anchors wobble—frameworks get deprecated, registries go dark, support drops.

(03:56) What happens to the systems that depend on them?

(04:06) Often, nothing is specified. The standard assumes uptime, not failure. Resilience needs to plan for volatility, not just stability.

Real-World Examples of Fragility

(04:24) Consider some common standards:

OpenID Connect Federation: Trust chains fail if any node is unreachable SAML: Metadata URLs are assumed always available Verifiable Credentials: Depend on persistent, resolvable identifiers

(04:59) These aren’t bad standards. They’re doing critical work. But they often lack mechanisms for handling breakage—when, not if, it happens.

Delegation Is a Core Identity Requirement, Still Underserved

(05:06) Delegation is a cornerstone of identity. We’ve known this for years.

(05:11) Parents act for children. Executives delegate to assistants. Spouses share insurance logins. Healthcare proxies access private records.

(05:30) And now, we’re adding AI agents to the mix—bots booking appointments, filling forms, accessing systems.

(05:46) Most identity systems don’t handle this. There’s no consistent model for “on behalf of,” no standardized scoping, and no way to validate consent.

(06:06) UMA (User Managed Access) aimed to solve some of this. But it remains niche—important, yes, but far from mainstream.

(06:21) Now we’re stuck retrofitting delegation into systems that weren’t designed for multi-actor flows or digital intermediaries.

Wallet Diversity: Who Governs the Gate?

(06:45) One of the most timely conversations today is about wallet governance.

(06:55) In the W3C’s Federated Identity Working Group, Issue #246 asks: how should different wallets—government, enterprise, personal—be treated by browsers and platforms?

(07:16) Should a government wallet control its credential usage? Should browsers enforce a uniform model? It’s complicated.

(07:29) Government wallets have strong policies. Social wallets may offer more flexibility—but with lower assurance.

(07:43) So who decides?

(07:49) When browsers mediate everything, they start shaping governance—intentionally or not. That creates platform lock-in and infrastructure fragility.

(08:01) If your wallet only works on Platform A, but not Platform B, we’re undermining interoperability—and resilience.

Supporting Governance Pluralism

(08:18) True resilience means supporting pluralism—multiple governance models, even conflicting ones.

(08:28) Standards can’t just hope it all works out. They need to explicitly support this diversity, or risk failure as soon as conditions shift.

Measuring Adoption vs. Measuring Adaptability

(08:37) In most standards work, success is measured by adoption.

(09:12) But adoption isn’t the same as resilience. A brittle standard can be widely used—and still collapse when a key component fails or use cases evolve.

(09:20) Conversely, a highly adaptable standard that sees no uptake contributes nothing.

(09:28) We need to measure both adoption and adaptability if we want identity systems that can survive real-world conditions.

Toward Risk-Aware Standards

(09:43) So how do we move forward?

(09:46) One answer: bring more people into standards work who understand risk. Not just technical threats, but governance risk, market volatility, and long-term trust dynamics.

(10:04) Resilient standards aren’t paranoid—they’re durable.

The Real Cost of Resilience

(10:18) Digital identity resilience requires:

Flexibility, but not as an afterthought Fallback paths and pluralist design, not idealized assumptions A willingness to acknowledge the cost of preparation—and invest in it A design approach that accepts the world won’t always cooperate

(10:28) We don’t have to throw out everything we’ve built. But we do have to ask what breaks when things shift—and what we’re willing to invest to prevent that.

Final Thoughts

(10:38) Thanks for listening. If this got you thinking, I’d love to hear from you. Reach out on LinkedIn or check out the written version at sphericalcowconsulting.com.

(10:57) And if this helped make identity just a little clearer—or at least more interesting—consider sharing it with a friend or colleague. See you in the next episode.

The post Resilience Isn’t Free: What Standards Can (and Can’t) Prepare Us For appeared first on Spherical Cow Consulting.

June 2025 Real Estate Tokenization Takes Off in Dubai

Dubai’s real estate market is breaking records.

According to data shared by Property Finder, Dubai recorded AED 66.8 billion (~$18.2 billion) in real estate sales across 18,700 transactions in May 2025. That’s a 44% year-on-year surge, driven by both local and international investor demand.

Source: Cointelegraph

Yet for global asset managers, accessing this market remains complex.

The barriers global asset managers still face

While Dubai’s real estate market is booming, it remains difficult for global asset managers to access directly.

Legal complexity. Buying real estate in Dubai often requires setting up a local entity or relying on nominee arrangements. These structures are time-consuming, costly, and raise concerns about transparency and control. Operational inefficiencies. Servicing investors, tracking ownership, handling subscriptions and redemptions, distributing yields, and maintaining compliance, is still highly manual in most setups. This creates friction, especially for cross-border investors onboarding and ongoing fund administration. Limited exit options. Even when fractional shares are available, liquidity is often locked. Without proper secondary market infrastructure, redemption or transfer opportunities are rare, making the asset less attractive for both managers and investors. How tokenization is changing the game

These barriers are now being removed.

Through tokenization and a local, reputational licensed fund administrator like Apex Group, asset managers can offer Dubai real estate exposure in a fully regulated and digital-native format.

Our solutions, which have now been integrated into the Apex Group’s services, allow asset managers to experience a one-stop shop experience and use the permissioned token standard ERC-3643 to enforce investor eligibility, transfer rules, and compliance logic right into their tokens.

Unlock what wasn’t possible before  Multi-platform distribution: List real estate tokens across multiple compliant distribution platforms Improved liquidity: Enable peer-to-peer secondary market transfers under control 24/7 Access: Offer 24/7 subscription and redemption for open-ended real estate funds Real-time tracking: Track all activity in real time for full auditability

For asset managers, this means faster launches, broader investor reach, and the ability to offer modern real estate products that meet today’s expectations for accessibility and liquidity.

Market demands are real

On May 1, MultiBank Group, MAG, and Mavryk announced a $3 billion deal to tokenize MAG’s luxury real estate to democratize access to high-end real estate and enable global investors to participate with full legal certainty. Then, on June 11, Dubai saw its second tokenized apartment sell out in 1 minute and 58 seconds, with 149 investors from 35 countries and over 10,700 waitlisted.

Tokenized real estate has found its product-market fit.

Why it’s working now: Clear rules from VARA

On May 19, Dubai’s Virtual Assets Regulatory Authority (VARA) updated its Rulebook to formally regulate tokenized real-world assets (RWAs) under the new Asset-Referenced Virtual Assets (ARVA) classification.

The regulatory clarity is in place. The infrastructure is proven. The demand is there. The future? Real estate tokens will increasingly plug into broader digital finance ecosystems, including lending, automated market making, and 24/7 liquidity via compliant DeFi.

Dubai is showing the way, and we’re ready to help you lead.

Tokeny Spotlight

Apex Group Acquisition

Apex Group announces the acquisition of a majority stake in Tokeny. A major milestone for tokenized finance.

Read More

NASDAQ TradeTalks

Our Head of Americas, unpacks the real challenge behind institutional adoption of digital assets.

Read More

Press Release

MTCM Securitization Architects partners with Tokeny to launch dual-format issuance framework.

Read More

Tokeny Talent

Learn about Thaddee Bousselin, who has been at the forefront of Tokeny’s implementation team.

Read More

Tokeny & Apex Celebration

Tokeny and Apex Group celebrate the integration of our technology and team into the Apex family.

Read More

Tokenizing Infrastructure

Our partner DitoBanx is bridging the Atlantic and Pacific Oceans with security tokens.

Read More

Tokeny & Apex Celebration

Tokeny and Apex Group celebrate the integration of our technology and team into the Apex family.

Read More

Press Release

KERDO partners with Tokeny to unlock accessibility in private markets for European professional investors.

Read More

Welcome to The Team

 Sergi Roca joined us in December as a Blockchain Developer. We’re thrilled to have you with us.

Read More Tokeny Events

ETHcc
June 30th – July 3rd, 2025 | 🇫🇷 France

Register Now

Real World Asset Summit
July 1st, 2025 | 🇫🇷 France

Register Now ERC3643 Association Recap

The First ERC3643 Podcast is Live

Dennis O’Connell, and Luc Falempin, come together in the first episode to explain ERC-3643 and share behind-the-scenes insights on how the standard was built and where it’s going.

Watch the Podcast here

The ERC3643 Association Proudly Welcomes 24 Selected New Members Building the Future of Onchain Finance With Us

The momentum for RWA tokenization is growing, fast. With backing from major financial institutions and innovative blockchain builders, the collaboration to bring capital markets onchain is more powerful, and more coordinated, than ever.

Read the full press release here

Subscribe Newsletter

A monthly newsletter designed to give you an overview of the key developments across the asset tokenization industry.

Previous Newsletter  Jul1 Real Estate Tokenization Takes Off in Dubai June 2025 Real Estate Tokenization Takes Off in Dubai Dubai’s real estate market is breaking records. According to data shared by Property Finder, Dubai recorded… May13 Is the UAE Taking the Lead in the Tokenization Race? April 2025 Is the UAE Taking the Lead in the Tokenization Race? As you know, the U.S. is now pushing to become the crypto nation.… Apr1 No Yield for Stablecoins, Tokenized MMFs To Take the Lead March 2025 No Yield for Stablecoins, Tokenized MMFs To Take the Lead With MiCA in Europe, and the STABLE draft law in the USA, regulators… Mar3 Memecoins Are Crashing, Hackers Are Cashing In, Where Are Smart Investors Moving Next? February 2025 Memecoins Are Crashing, Hackers Are Cashing In, Where Are Smart Investors Moving Next? Over the past month, we’ve attended key events across the…

The post Real Estate Tokenization Takes Off in Dubai appeared first on Tokeny.

What’s buzzing in Herond recently? This June, we’re unveiling the latest Herond Browser report update, celebrating the epic close of the Heronad community campaign, and highlighting the vibrant Engage Quests on Discord. Ready to jump in?

Product Updates

The newest Herond Browser, Version 2.1.8, is now available, bringing a seamless experience to all your devices!

In the latest Herond Browser V2.1.8 update, we’ve enhanced the core framework to boost speed, stability, and responsiveness, delivering quicker interactions, seamless feature performance, and improved compatibility for future enhancements. Additionally, upgraded bug tracking and error diagnostic tools enable developers to resolve issues faster, ensuring a more dependable experience for all users.

Alongside these core enhancements, we’ve optimized the system to ensure users can enjoy chat applications seamlessly without concerns about being blocked.

Community and Events Heronad campaign

The Heronad campaign has wrapped up, and what an incredible ride it’s been!

Herond dished out over 1,500 $MON in giveaways to our vibrant X and Discord communities, spreading the Monadverse love far and wide.

Over the campaign’s exciting 21-day span, thousands of you dove in, lighting up X and Discord with tons of interactions. We rewarded your passion with over 3,000 $MON shared across our awesome community.

The Heronad campaign also saw over 1,650 users become proud Heronad NFT holders, with 441 earning the coveted Heronad role by the event’s epic conclusion. A huge shoutout to all who joined in and made the Heronad campaign an incredible triumph!

Engage Quests

Action Surge returns with a fresh season, sporting a bold new look, a rebranded name, bigger rewards, revamped game rules, and more thrilling updates!

Throughout the season, we welcomed 332 registered users, with 312 actively participating. On average, each post saw engagement from about 62 users, and the campaign sparked close to 3,000 interactions, including likes, retweets, and comments.

Engage Quests are leveling up with even greater rewards! Keep an eye out for the upcoming Herond Browser update, promising an exceptional experience.

Thank you for being part of the Herond adventure – see you next month

About Herond Browser

Herond Browser is a cutting-edge Web 3.0 browser designed to prioritize user privacy and security. By blocking intrusive ads, harmful trackers, and profiling cookies, Herond creates a safer and faster browsing experience while minimizing data consumption.

To enhance user control over their digital presence, Herond offers two essential tools:

Herond Shield: A robust adblocker and privacy protection suite. Herond Wallet: A secure, multi-chain, non-custodial social wallet.

As a pioneering Web 2.5 solution, Herond is paving the way for mass Web 3.0 adoption by providing a seamless transition for users while upholding the core principles of decentralization and user ownership.

Have any questions or suggestions? Contact us:

On Telegram https://t.me/herond_browser DM our official X @HerondBrowser Technical support topic on https://community.herond.org

The post Herond Browser: June 2025 Report appeared first on Herond Blog.

This Canada Day, we’re sharing a personal look at the people, values, and vision behind iComply. From a Métis founder’s philosophy of stewardship to a Slovak-born tech leader’s passion for building secure, scalable systems. This is the story of how a grass-roots Canadian idea became a global compliance platform.

July 1st means different things to different people. For many of us, it’s fireworks, lake days, and barbecue. For us at iComply, it’s a chance to pause and appreciate where we come from, why we do what we do, and where we’re headed next.

Matthew, our CEO and founder, was raised in a Mennonite German household in the prairies, he later reconnected with his Métis heritage and brought together two powerful worldviews: Indigenous stewardship and immigrant opportunities. “My heritage taught me to value both responsibility and resilience,” Matthew says. “When I founded iComply, I adopted the principle of Seven Generations thinking – not as a cultural reference but as a design philosophy. What we build today should serve the world for generations to come.”

That mindset has shaped every decision we’ve made since day one. iComply wasn’t built to be another checkbox tool for regulators. Our vision is to restore trust in digital identity and regulatory systems. To protect privacy, not exploit it. To empower users, not burden them. And to reflect Canadian values: fairness, integrity, and future-minded responsibility.

Our CTO and co-founder, Matej, brings a complementary perspective. A Slovak immigrant and systems architect, Matej came to Canada with a dream of solving hard problems. When he met Matthew, their shared vision and values on privacy and identity led to the founding of iComply. Together, they built iComply from the ground up: modular, multilingual, and secure by design. “Most platforms in this space are stitched together from third-party APIs and cloud hacks,” Matej says. “We knew that wouldn’t cut it. So we did the hard work ourselves.”

iComply cofounders “The Matts” at Web Summit Vancouver

Today, iComply supports clients in 195 countries, works in over 140 languages, and enables real-time ID verification for more than 14,000 government-issued ID types. And every client we serve still benefits from the same founding principles: keep data sovereign, respect user privacy, and future-proof for generations to come.

So this Canada Day, we’re celebrating the people, ideas, and commitments that built this company and continue to guide it.

Happy Canada Day from all of us at iComply.

How IAM industrial complex sometimes forgets the little guy. Hint, that’s you and me.

Why AI tools deserve the least amount of trust.

Comprehensive blockchain data and monitoring of activity. That's how our investigation started.

ComplyCube, the award-winning KYC and AML leader, has won the “RegTech Partner of the Year” award for the second time at the British Bank Awards 2025. The award underscores ComplyCube’s commitment to excellence in the RegTech field.

The post ComplyCube Wins RegTech Partner of the Year 2025 first appeared on ComplyCube.

Google and Apple were reported by the Tech Transparency Project to have continued hosting free VPN apps linked to Chinese companies in their respective app stores, presenting significant privacy and national security threat to the U.S., months after the TTP disclosed that over a fifth of such apps on the U.S.

Thales Alenia Space to develop SOLiS very-high-throughput laser communications demonstrator tas Mon, 06/30/2025 - 15:07

Cannes, June 30th, 2025 – Thales Alenia Space, the joint venture between Thales (67%) and Leonardo (33%), has been selected by the French space agency CNES, as part of the space component of the France 2030 program launched by the French government, to develop a very-high-throughput laser communications demonstrator.

Called SOLiS — for Service Optique de Liaisons Spatiales Sécurisées (secure optical space link service) — this project aims to demonstrate the technical and economic viability of an optical communications service relying on geostationary satellites.

SOLiS © Thales Alenia Space/ E.Briot

Such a service is designed to make intercontinental networks more resilient at a time when there is a growing number of acts of sabotage targeting land and undersea optical fiber links. Geostationary satellites offer an effective and cost-effective solution for ultra-secure transfers of large amounts of data between two users on Earth, delivering very high data rates of up to one terabit per second despite distances and atmospheric disturbances.

SOLiS harnesses technologies developed through the government-backed Optical Communications (CO-OP) project led by CNES and a group of 17 SMEs and large primes, and draws on the outcomes of demonstrations delivered for the VERTIGO project funded by the European Commission.

Thales Alenia Space will lead the SOLiS project consortium, composed of large industry primes and mid-tier firms (Safran Data Systems, Bertin Technologies, Exail, Keopsys), SMEs (Cedrat Technologies), startups (OGS Technologies, Reuniwatt), and a research center (ONERA), most of which have already worked on the CO-OP project.

SOLiS plans to develop an optical communications payload and a pilot ground station designed to demonstrate very-high-throughput laser communications. In accordance with a memorandum of understanding between Thales Alenia Space and operator Hellas Sat signed in 2024, this payload will be flown on the Hellas Sat 5 geostationary communications satellite, while the pilot ground station will be set up at the operator’s teleport in Cyprus. This station will communicate with CNES’s FROGS station already operating at the Côte d’Azur Observatory on the Mediterranean coast.

Building on the accomplishments of the CO-OP project, SOLiS will put French manufacturers — large primes, mid-tier firms, SMEs, and startups — at the forefront in space communications for the 2030s as they strive to address the challenges of security, resilience, fast data rates, and multi-orbit interoperability (between the ground, constellations, and geostationary satellites).

“We are delighted to be starting development of the payload for the optical communications system, marking a crucial step toward establishing a secure, very-high-throughput optical network,” said Alcino De Sousa, Executive VP, Telecommunications at Thales Alenia Space. “Satellite laser communications projects like SOLiS are set to usher in a new era in telecommunications services, driving development of multi-orbit communications networks.”
 

About free-space optics

Free-space optics (FSO) is fast becoming the standard for data transmission in space, offering far superior transmission speeds on the order of one terabit per second compared to a few tens of gigabits per second with current satellite communications systems. This technology is expected to revolutionize space communications infrastructures, in the same way that optical fiber has transformed communications here on Earth.

The European Commission’s VERTIGO project, and CNES’s CO-OP, DYSCO (Démonstration et sYstème SatCom Optique), and now SOLiS projects are focused on research and development, seeking to demonstrate very-high-data-rate space optical links transmitting through the atmosphere to connect a multitude of users via multiple orbits, ground facilities, and applications.

These developments show that optical communications technology is a good fit for a range of end-to-end applications, including universal Internet access, direct and permanent data transmission from Earth-observation satellites, private links to data centers, and backup for terrestrial optical fiber in the event of a crisis.

By reducing the number of satellites required, free-space optics will help to make orbital infrastructures more sustainable while curbing space clutter.

About Thales Alenia Space 

Drawing on over 40 years of experience and a unique combination of skills, expertise and cultures, Thales Alenia Space delivers cost-effective solutions for telecommunications, navigation, Earth observation, environmental monitoring, exploration, science and orbital infrastructures. Governments and private industry alike count on Thales Alenia Space to design satellite-based systems that provide anytime, anywhere connections and positioning, monitor our planet, enhance management of its resources, and explore our Solar System and beyond. Thales Alenia Space sees space as a new horizon, helping to build a better, more sustainable life on Earth. A joint venture between Thales (67%) and Leonardo (33%), Thales Alenia Space also teams up with Telespazio to form the Space Alliance, which offers a complete range of solutions including services. Thales Alenia Space posted consolidated revenues of €2.23 billion in 2024 and has more than 8,100 employees in 7 countries with 15 sites in Europe.
 

 

/sites/default/files/database/assets/images/2022-10/New_Banner.jpg 30 Jun 2025 Thales Alenia Space Type Press release Structure Space Cannes, June 30th, 2025 – Thales Alenia Space, the joint venture between Thales (67%) and Leonardo (33%), has been selected by the French space agency CNES, as part of the space component of the France 2030 program launched by the French government, to devel... Hide from search engines Off Don’t overwrite with Prezly data Off Canonical url https://www.thalesaleniaspace.com/en/press-releases/thales-alenia-space-develop-solis-very-high-throughput-laser-communications

Iran’s cryptocurrency ecosystem has developed rapidly in recent years – driven by inflationary pressures, economic sanctions, and restricted access to global financial systems. For many users and businesses within the country, digital assets represent a practical alternative for saving, trading, and moving capital.

StateTech Magazine reports that a recent hack of the U.S. Treasury Department involving a compromised API key has spotlighted the growing cybersecurity threat posed by nonhuman identities, according to a new report from Delinea.

As cyber fraud escalates across Australia's real estate sector, experts are calling for a shift to digital identity solutions to enhance transaction security and regulatory compliance, reports Security Brief Australia.

Singapore's Cyber Security Agency and Personal Data Protection Commission have jointly issued a sweeping advisory urging organizations to immediately discontinue the use of National Registration Identity Card numbers as authentication credentials, reports OpenGov Asia.

A new CyberArk report warns that 92% of Hong Kong organizations fail to secure machine identities despite the increasing dominance of AI and cloud-based systems, exposing them to heightened cybersecurity threats, according to FutureCIO.

The identity landscape is undergoing a major transformation and digital credentials are at the center of it.

In a recent live discussion, we explored how digital identity is reshaping Identity and Access Management (IAM) and Identity Governance and Administration (IGA). We were joined by two industry experts: Henrique Teixeira, SVP of Strategy at Saviynt, and Tim Cappalli, Senior Architect of Identity and Standards at Okta.

Together, they unpacked where digital ID credentials can deliver the most value, how to think about ROI, and what it will take to integrate these technologies into existing architectures.

So, you’ve decided to integrate digital signatures into your tech stack, but don’t know where to start. Here we help you understand the difference between an API and PKI, and the importance of a QTSP.

There are many reasons why forward-thinking organizations are choosing to integrate digital signature solutions into their tech stack, but perhaps the most obvious is that digital signatures just work – incredibly well, for businesses and users, across most industries. 

In fact, usage is increasing by the day and will almost certainly continue to climb as per the collective driving forces – and adoption pushes – from eIDAS 2.0 and the upcoming Anti-Money Laundering Regulation. 

For more information on the business and customer benefits of digital signatures in your industry, read ‘Here’s why 95% of businesses are using digital signatures to optimize operations?’

Not all signatures are created equally.

Although the purpose of a digital signature is relatively straightforward (linking a signer to a document), there are different types with different levels of security and legal assurance. Businesses tend to offer one of either Simple Electronic Signatures (SES), Advanced Electronic Signatures (AES) or Qualified Electronic Signatures (QES) depending on the particular use case required. 

But which solution is right for you and your customers? Here we explain everything you need to know about making the most out of digital signatures in 2025.

Digital certificates vs digital signatures. What’s the difference?

The relationship between a digital certificate and a digital signature is fundamental to how trust and authenticity are established in digital transactions. According to eIDAS, a digital signature is defined as “data in electronic form that is attached or logically associated with other data in electronic form, and which is used by the signatory to sign.” A digital signature performs three core functions:

Authenticity: Confirming the identity of the signer.  Integrity: Ensuring the document has not been changed after signing.  Non-repudiation: Preventing the signer from denying they have signed the document.

A digital certificate is an electronic document that links a person’s or entity’s identity with a cryptographic key pair made up of a public key and a private key. It is issued by a trusted entity, such as a Qualified Trust Service Provider (QTSP). 

When someone signs a document digitally, they use their private key to create the signature, and the recipient uses the sender’s public key to verify it. As only the signer has access to their private key, it is almost impossible for someone else to forge the signature or for the signer to claim they did not sign. The digital certificate provides the assurance that the public key belongs to the sender.

Expert guide to digital signatures. As the world shifts from physical to online, digital signatures will be essential in ensuring trust and authenticity in transactions. Check out this handy guide to discover the history of signatures and how digital signatures can be used to unlock valuable business opportunities. Download now Navigating the different types of digital signatures.

IDnow offers a comprehensive suite of digital signature solutions to satisfy whatever the regulatory requirement or industry use case. Our solutions adhere to security and encryption standards, including Public Key Infrastructure (PKI) to a) ensure the signer’s identity and b) enable trust in the signature. They also leverage hashing algorithms to prevent the signed document from being altered without detection.  

Lower levels of digital signature solutions (SES) are easier and faster to use, while higher levels (AES + QES) involve more steps but provide stronger guarantees.

Simple Electronic Signatures (SES).

IDnow’s SES solution is the simplest and quickest form of digital signature we offer. It can be represented by a textual name at the end of an e-mail, a scanned signature, a ticked checkbox, or a click on an “I agree” button. Although legally valid, SES solutions cannot track document changes, or verify the identity of signers, only the ownership and authorization of the sending domain or email address. As such, this signature is best suited for no- to low-risk transactions or informal agreements such as terms & conditions or internal protocols.

Advanced Electronic Signature (AES).

IDnow’s AES solution provides a higher level of security and authentication than SES. As AES links the signature to both the signer and the data in a way that alterations are detectable, it is suitable for medium to high liability risk transactions that require strong identity verification without the full regulatory weight of QES, such as permanent employment contracts, insurance applications, NDAs, powers of attorney, or privacy statements.

Qualified Electronic Signature (QES).

IDnow’s QES represents the highest security standard and is the legal equivalent of a handwritten signature across the EU under eIDAS regulation. Created using a qualified digital certificate from a Qualified Trust Service Provider, such as IDnow Trust Services AB, a QES provides maximum legal certainty for high-stake transactions. It is non-repudiable and equivalent to a handwritten signature on paper. QES is commonly used where the law specifically requires the highest level of assurance, such as life insurance or government contracts.

5 considerations to help you select the right digital signature solution. Regulatory requirements? What level of signature does your industry regulation require for your specific transaction type? 
  What is the transaction value? Higher-value transactions generally warrant stronger signature types (AES or QES). 
  Risk profile? Consider the potential for fraud or dispute in the specific transaction context. While QES comes with an inherent scheme of storing proofs of a transaction, AES and SES require companies to record an audit trail of their own. 
  User experience priorities? What experience do your customers expect? Speed, security or a balance of the two? 
  Budgets and deadlines? Although neither is likely to be the deciding factor as to why organizations would choose one solution over the other, SES and AES can typically be implemented quicker than QES solutions, while SES are considerably cheaper to implement. Here’s how we integrate digital signature solutions.

So, now you have a good idea of which IDnow digital signature solution is right for you. Next let’s explore our different implementation options.  

We understand that implementation flexibility is critical for businesses at different digital maturity stages, which is why we offer multiple integration options. We also offer a hybrid approach, where organizations can embed different integration methods across channels based on specific needs and technical capabilities.

API integration.

For organizations seeking seamless integration with existing systems, IDnow provides comprehensive APIs and SDKs that enable: 

• Direct embedding within existing applications and workflows 
• Customization of the user interface to match brand identity 
• Real-time status updates and event notifications 
• Automated document processing and storage 

Web-based solution.

For rapid deployment without extensive development resources, IDnow offers web-based solutions that provide:

• Quick implementation with minimal IT involvement 
• Secure document transmission and storage 
• Branded customer experience 
• Detailed reporting and analytics 

Mobile SDK.

For businesses prioritizing mobile experiences, IDnow’s mobile SDK enables:

• Native integration within iOS and Android applications 
• Offline signing capabilities 
• Device-based biometric authentication 
• Optimized mobile user experience 

Our digital signature solutions also seamlessly integrate with your Customer Relationship Management, Enterprise Resource Planning, and document management systems to transform digital signing from a standalone feature into a core component of your business processes. This drives efficiency, accuracy and compliance, and provides a superior user experience.

Why IDnow? Trusted, accredited digital signature solutions for the future.

Customers that choose IDnow will benefit from streamlined procurement and contractual simplicity by receiving both identity verification (from automated to video verification and  eID) and trust services from a single, unified process with a trusted vendor. 

As the joint venture partner of IDnow Trust Services AB – a Qualified Trust Service Provider (QTSP), IDnow undergoes rigorous audits and assessments to prove we meet the highest standards for security, data protection, and operational reliability. We are also listed on official trust lists, such as the EU Trusted List, which is a clear commitment that we take our customers’ security and compliance seriously.  

Plus, as accredited vendors are required to stay up to date with the latest legal and technological requirements, IDnow customers can rest assured that their digital signature solution integration will remain compliant whenever laws change, which reduces the burden on their internal teams to constantly monitor and adapt to regulatory shifts. 

Digital signatures are no longer just nice-to-haves, they’re essential for modern business. In fact, recent analysis shows that adopting e-signatures helps businesses close deals 28% faster, cut costs by 26%, and boost revenue by 19%. The real question isn’t if you should integrate digital signatures, but when. 

Ready to take the next step and enable your customers to sign on the digital dotted line? Our team is here to help.

By

Jody Houton
Senior Content Manager at IDnow
Connect with Jody on LinkedIn

Thales 2025 Global Cloud Security Study Reveals Organizations Struggle to Secure Expanding, AI-Driven Cloud Environments prezly Mon, 06/30/2025 - 09:00 52% report AI security spending is displacing traditional security budgets 55% report cloud environments are more complex to secure than on-premises infrastructure Enterprises now use an average of 85 SaaS applications, contributing to security tool sprawl
© Thales

Thales, a global leader in technology and cybersecurity, today released the findings of its 2025 Cloud Security Study conducted by S&P Global Market Intelligence 451 Research, revealing that AI-specific security has rapidly emerged as a top enterprise priority, ranking second only to cloud security. Over half (52%) of respondents said they are prioritizing AI security investments over other security needs, signaling a shift in how organizations are allocating budgets in response to the accelerated adoption of AI. This year’s research captures perspectives on cloud security challenges from nearly 3,200 respondents in 20 countries across a variety of seniority levels.

Cloud remains at the forefront of security considerations

Cloud is now an essential part of modern enterprise infrastructure, but many organizations are still building the skills and strategies needed to secure it effectively. The variability of controls across cloud providers, combined with the distinct mindset required for cloud security, continues to challenge security teams. This pressure is only increasing as AI initiatives drive more sensitive data into cloud environments, amplifying the need for robust, adaptable protections.

This year’s Thales Cloud Security Study confirms that cloud security remains a top concern for enterprises worldwide. Nearly two-thirds (64%) of respondents ranked it among their top five security priorities, with 17% identifying it as their number one. Security for AI, a new addition to the list of spending priorities this year, ranked second overall, highlighting its growing importance. Despite sustained investment, cloud security remains a complex, persistent challenge that goes beyond technology to include staffing, operations, and the evolving threat landscape.

“The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale,” Sebastien Cano, Senior Vice President, Cyber Security Products at Thales, said. “With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it’s clear that security strategies haven’t kept pace with adoption. To remain resilient and competitive, organizations must embed strong data protection into the core of their digital infrastructure.”

The average number of public cloud providers per organization has risen to 2.1, with most also maintaining on-prem infrastructure. This growing complexity is driving security challenges with 55% of respondents reporting that cloud is harder to secure than on-prem, a 4-percentage-point increase from last year. As organizations expand through growth or M&A, they’re also seeing a surge in SaaS usage, now averaging 85 applications per enterprise, complicating access control and data visibility.

This complexity extends to security operations, with many teams struggling to align policies across varied platforms. The study found that 61% of organizations use five or more tools for data discovery, monitoring, or classification, and 57% use five or more encryption key managers.

Attacks target cloud resources with human error remaining a top vulnerability

Cloud infrastructure is a prime target for attackers as organizations continue to struggle with securing increasingly complex environments. According to the 2025 Thales Cloud Security Study, four of the top five most targeted assets in reported attacks are cloud-based. The rise in access-based attacks, as reported by 68% of respondents, underscores growing concerns around stolen credentials and insufficient access controls. Meanwhile, 85% of organizations say at least 40% of their cloud data is sensitive, yet only 66% have implemented multifactor authentication (MFA), leaving critical data exposed. Compounding the issue, human error remains a major contributing factor in cloud security incidents, from misconfigurations to poor credential management.

“A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data,” Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. “Compounding this issue, four of the top five targeted assets in reported attacks are cloud-based. In this environment, strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience.”

For more information, please download the full report and join our webinar hosted by Eric Hanselman, Chief Analyst at S&P Global 451 Research. 

About Thales

Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.

The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.

Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion.

/sites/default/files/prezly/images/Generic%20banner%20option%202%20%282%29_55.png Contacts Cédric Leurquin 30 Jun 2025 Type Press release Structure Defence and Security Security Thales, a global leader in technology and cybersecurity, today released the findings of its 2025 Cloud Security Study conducted by S&P Global Market Intelligence 451 Research, revealing that AI-specific security has rapidly emerged as a top enterprise priority, ranking second only to cloud security. Over half (52%) of respondents said they are prioritizing AI security investments over other security needs, signaling a shift in how organizations are allocating budgets in response to the accelerated adoption of AI. This year’s research captures perspectives on cloud security challenges from nearly 3,200 respondents in 20 countries across a variety of seniority levels. prezly_773232_thumbnail.jpg Hide from search engines Off Prezly ID 773232 Prezly UUID 6b7dc5c0-8b04-4119-a7c6-fd0c45439888 Prezly url https://thales-group.prezly.com/thales-2025-global-cloud-security-study-reveals-organizations-struggle-to-secure-expanding-ai-driven-cloud-environments Mon, 06/30/2025 - 11:00 Don’t overwrite with Prezly data Off

圖靈新聞室

In Step with NATO Summit, Turing Europe Launches in The Hague to Support Europe’s Digital Resilience

2025/06/10

The Hague, Netherlands – 10 June 2025 – Turing Europe, the EU headquarters of a global cybersecurity innovator Turing Space specializing in eID and digital credentials, has officially launched operations in The Hague. This move addresses the accelerating demand for digital trust, self-sovereign identity (SSI), and cross-border verification frameworks essential for today’s interconnected environment. The launch coincides with the 2025 NATO Summit, held in the same city, reflecting Europe’s broader agenda to strengthen cyber resilience, data sovereignty, and critical infrastructure protection. 

Turing Europe delivers tamper-proof, interoperable, and privacy-centric credentialing solutions that empower public institutions and high-stakes sectors across the EU to verify identities, qualifications, and compliance in real–time while maintaining transparency and embedding privacy-by-design principles. 

“As geopolitical tensions rise and cyber threats grow more complex, European nations are under increasing pressure to establish interoperable and sovereign digital ecosystems,” said Jeff Hu, Founder and CEO of Turing Europe. “We are committed to bridging these gaps by partnering with key stakeholders, alliances, and authorities, enabling seamless cross-border cooperation and building a foundation of mutual trust to support the continent’s security, economic resilience, and democratic values.” 

A Seamless Landing in the Netherlands

This European expansion was supported by the Netherlands Foreign Investment Agency (NFIA) and the Invest in Holland network, including Municipality of The Hague, InnovationQuarter, and Security Delta (HSD), guiding Turing Europe’s initial market exploration to support the company’s incorporation. The Netherlands’ standing as a digital innovation gateway combined with its progressive governance frameworks made The Hague the ideal hub for Turing Europe’s continental operations. 

“The Dutch ecosystem warmly embraces trust technology frontrunners like Turing Europe, whose mission aligns with our national priorities of resilience and digital innovation,” commented Hilde van der Meer, Commissioner NFIA.“ 

Advancing NATO-aligned Innovation to Forge Europe’s Trusted Digital Future

As NATO member states continue to elevate priorities around cybersecurity, digital identity, and defense preparedness, Turing Europe is well-positioned to act as a critical enabler in this dynamic context. Its platform supports the secure issuance and instant authentication of academic credentials, personnel records, and transnational certifications, ensuring efficient, safe, and sovereign management of essential data flows. 

Having deployed solutions across sectors such as education, healthcare, finance, and local government authorities, Turing has operated in over a dozen countries and counts prestigious clients including UC Berkeley and the World Health Organization. The company’s European debut underscores its dedication to scalable, decentralised public infrastructure that empowers individuals, organisations, and governments to navigate the digital era with confidence, trust, and inclusivity. 

Share on Facebook Share on Twitter Share on WhatsApp Share on LinkedIn Share by Mail

Media Contact｜marketing@turingspace.co

Hello

The post In Step with NATO Summit, Turing Europe Launches in The Hague to Support Europe’s Digital Resilience first appeared on Turing Space Inc..

Can AI be green? Fastly’s Simon Wistow tackles big questions on AI sustainability, backed by original data from our 2025 AI Energy Pulse Check survey.

Have you ever thought about how digital systems know you’re a real person and not just a photo or deepfake? In a world where passwords are getting replaced by faces, ensuring the “liveness” of that face has become mission-critical.

Enter the face liveness detection SDK, the invisible gatekeeper protecting online platforms from identity spoofing and fraud.

Whether you’re in banking, e-commerce, healthcare, or edtech, real-time identity verification is essential. And that’s exactly where Recognito steps in with its cutting-edge facial liveness detection solutions.

Let’s uncover what this technology is, how it works, and why your business should care.

 

What Is a Face Liveness Detection SDK?

A face liveness detection SDK is a software development kit that lets developers embed anti-spoofing features into their apps, platforms, or websites. Powered by AI and computer vision, it analyzes facial cues to confirm if the person is physically present, eliminating the risk of spoofing with photos, videos, or deepfakes.

This SDK works alongside or as a part of a facial recognition SDK to strengthen biometric authentication by confirming liveness during identity checks.

Key technologies it uses:

AI-based face movement tracking

Skin texture and blood flow analysis

Micro-expression detection

Real-time motion monitoring

 

How Does Face Liveness Detection Work?

Let’s break down the process step by step, no jargon, just clarity.

Step 1: Face Capture

The system uses a front camera to capture live visuals of the user in real time.

Step 2: AI Feature Analysis

It examines fine details like skin patterns, facial depth, light behavior, and subtle movements to verify authenticity

Step 3: Liveness Detection

The face liveness detection SDK determines if the subject is real or spoofed using advanced algorithms.

Step 4: Decision Output

Based on the detection score, the SDK either approves or denies identity verification,  all within seconds.

Types of Liveness Detection

Advanced SDKs like Recognito’s include two main forms of liveness detection:

 

Passive Liveness Detection No user interaction needed.

Identifies minute indicators of liveliness, such as skin texture and natural movement.

Completely seamless and invisible to the user.

Ideal for frictionless onboarding.

Active Liveness Detection Prompts the user to perform an action (blink, turn head, smile).

Helps detect presentation attacks.

Great for high-security scenarios like digital banking and eKYC.

Recognito offers both passive and active liveness checks, providing enhanced security and adaptable integration.

 

Why Use a Face Liveness Detection SDK in 2025?

The stakes are high,  identity fraud is getting smarter. Your defenses should be smarter too.

1. Prevent Spoofing Attacks

Prevents attackers from tricking the system using images, recordings, or 3D replicas.

2. Real-Time ID Verification

Get instant confirmation of user identity, no manual checks required.

3. Seamless Integration

Our SDK supports Android, iOS, and web with robust APIs and developer documentation.

4. Compliance-Ready

Meet global standards like GDPR, KYC, AML with built-in privacy and consent management.

5. Smarter UX

No more CAPTCHA or OTP fatigue. Biometric verification that users don’t even notice.

 

Use Cases Across Industries

A face liveness detection SDK isn’t just for tech giants. It’s powering identity verification across countless sectors:

Banking & Fintech

Authenticate users for account access, payments, and onboarding with zero fraud tolerance.

E-commerce & Marketplaces

Ensure that buyers and sellers are real — prevent impersonation and scam listings.

Healthcare & Telemedicine

Secure access to digital health records and virtual consultations.

Education & Exams

Prevent impersonation during online exams with real-time liveness checks.

Travel & Border Security

Enable fast, secure identity verification for check-ins, kiosks, and immigration processes.

 

Why Choose Recognito?

At Recognito, we’re not just offering another SDK, we’re delivering world-class identity protection backed by NIST FRVT-evaluated algorithms.

What sets us apart: Dual-mode (passive & active) liveness detection

Ultra-fast processing (sub-second results)

Developer-first SDK design with extensive documentation

Trusted across industries

Open-source libraries on GitHub

GDPR & compliance-ready architecture

Try our Face Biometric Playground to see it in action!

Final Thoughts

In an era where identity is everything, knowing if someone is truly “live” is non-negotiable. A face liveness detection SDK ensures you’re not just matching a face, you’re verifying a living person behind it.

With Recognito, you get speed, reliability, and security all wrapped in an easy-to-integrate package.

Ready to level up your identity verification?

Have feedback or a use case to share? We’d love to hear from you

Most businesses struggle with fragmented customer data. 

Across different departments, legacy systems, and even multiple CRM instances, customer records are often incomplete, outdated, or duplicated.

The result? Inefficient operations, frustrating customer experiences, and unnecessary costs.

But what if the customer was the master data record?

In our recent live event with Jamie Smith, he gave a presentation on how digital ID wallets can transform customer engagement by shifting control of verified data to the individual. 

Here are our key takeaways on how digital ID wallets will drive business growth:

Ever dreamt of launching your own cryptocurrency, hitting it big with the next viral sensation, but thought it was only for coding gurus? Think again! The world of meme coins is exploding, and you don’t need to be a blockchain developer to get in on the action. This guide will reveal exactly how to create a meme coin with no coding skills needed, breaking down the process into simple, actionable steps. Get ready to unleash your creativity and potentially build the next Dogecoin or Shiba Inu, all without writing a single line of code!

What is a Meme Coin and Why Create One? Definition

Meme coins are a unique type of cryptocurrency that draws its inspiration from internet memes, popular jokes, or trending pop culture phenomena. Unlike traditional cryptocurrencies that often aim to solve complex technical problems, meme coins are primarily driven by community hype and social media virality. Iconic examples include Dogecoin and Shiba Inu, which gained massive popularity not just from their underlying technology, but from their catchy themes and strong, enthusiastic communities. They are fun, often whimsical, and thrive on collective excitement.

The allure of meme coins goes beyond just a fun internet trend. For many, they represent a unique opportunity in the crypto world.

Tapping into Viral Trends and Social Media Buzz

Meme coins thrive on their ability to go viral. By creating a coin tied to a trending meme, a popular joke, or a cultural moment, you can instantly tap into massive social media buzz. This organic hype can rapidly build awareness and excitement around your project, potentially attracting a large, engaged audience much faster than traditional crypto projects.

Building a Community-Driven Project with Low Entry Barriers

One of the most compelling aspects of meme coins is their strong community focus. They often become rallying points for like-minded individuals who share a common interest in the meme or theme. This makes it easier to build a community-driven project, as people are often eager to participate in something fun and relatable. Crucially, the barriers to entry for creators are now significantly lower than ever before.

Potential for High Returns If Marketed Effectively

While highly volatile, meme coins have demonstrated a unique potential for explosive growth. If your meme coin concept resonates widely and is marketed effectively through community engagement and viral campaigns, it can achieve significant traction and potentially yield high returns for early supporters and creators. This speculative appeal is a major driving force behind their popularity.

Appeal for Non-Coders: Democratizing Crypto Creation

The biggest game-changer is that you no longer need to be a blockchain developer to create a meme coin. Thanks to readily available no-code tools and platforms, meme coin creation has become accessible to everyone. These user-friendly interfaces abstract away the complex smart contract coding, allowing anyone with a great idea and a desire to build a community to launch their own token. This democratizes crypto creation, opening the door for innovation from all walks of life.

Step-by-Step Guide on how to Create a Meme Coin Without Coding Define Your Meme Coin Concept

The first and most crucial step in on how to create a meme coin, especially with no coding skills, is defining its unique identity. This is what will make it stand out and capture the community’s imagination.

Choose a Unique, Catchy Theme or Meme

This is the heart of your meme coin. Think about what’s currently trending online – a popular animal (like a cat or a frog), a well-known internet joke, or a recent viral trend. The more recognizable and inherently shareable your theme, the better. Your coin’s theme should instantly resonate with people and make them smile.

Define the Coin’s Purpose

Even if it’s “just for fun,” clarify its core purpose. Is it purely for entertainment? Do you envision it supporting a charity? Or is it simply a community-driven project meant to bring people together around a shared interest? Having a clear (even if lighthearted) purpose helps guide its development and marketing.

Select a Memorable Name and Ticker

Your coin needs a name that’s easy to remember, spell, and say. The ticker (the short abbreviation like DOGE for Dogecoin or SHIB for Shiba Inu) should also be catchy and unique. A strong name and ticker are essential for branding and virality, making your coin easy to share and recognize across social media.

Tips for How to Create a Meme coin

To give your meme coin the best shot at going viral, you’ve got to hit it big with relevance.

Scout the Digital Landscape

Spend time on platforms like X (formerly Twitter), Reddit, and TikTok. These are the breeding grounds for new memes and viral trends. Pay attention to what’s exploding in popularity, what makes people laugh, and what has strong community engagement.

Identify Resonance

Don’t just pick any meme. Look for one that has broad appeal and a clear, easily understandable concept. The more relatable and shareable it is, the better your chances of tapping into a massive audience. Your meme coin should feel like an inside joke everyone wants to be a part of.

Tools: Use Google Trends or social media analytics to validate your idea.

Choose a No-Code Blockchain Platform Popular Platforms

The good news for non-coders want to know how to create a meme coin is that several platforms have emerged to simplify the token creation process. These tools allow you to launch your meme coin with just a few clicks, abstracting away all the complex blockchain coding.

Token Tool (BSC)

If you’re aiming for the Binance Smart Chain (BSC) due to its lower fees and faster transactions, Token Tool is an excellent choice. It provides a highly simple interface specifically designed for creating tokens on the BSC network. You can easily set up your coin’s supply, name, ticker, and other parameters without needing to understand smart contracts, making it ideal for beginners looking for a straightforward creation process.

MintMe

MintMe offers a more comprehensive platform for launching your token, focusing on built-in community features. Beyond just token creation, MintMe aims to foster engagement directly on its platform. This can be particularly beneficial for meme coins, where community hype and interaction are paramount. It simplifies the technical aspects while providing tools to help you connect with your early supporters and build momentum.

CoinFactory or CreateMyToken

For those looking to launch their meme coins on other popular and robust blockchain networks, CoinFactory and CreateMyToken are excellent user-friendly platforms. These tools typically support token creation on networks like Ethereum (known for its large ecosystem) or Polygon (a scaling solution for Ethereum with lower fees). They guide you through the process step-by-step, allowing you to define your token’s properties and deploy it to your chosen blockchain without writing a single line of code.

Steps

Once you’ve chosen your no-code platform, launching your meme coin is remarkably simple. Here’s how you’ll get your token live:

Sign Up and Connect Your Wallet

Begin by signing up on your chosen platform (like Token Tool or CoinFactory). The first crucial step is to connect a crypto wallet, such as MetaMask. This wallet will be used to pay the small network fees for deploying your token and to receive the newly minted coins. Ensure your wallet has a small amount of the native blockchain’s currency (e.g., BNB for BSC, ETH for Ethereum) for these fees.

Input Token Details

Navigate to the “Create Token” or “Mint Token” section of the platform. Here, you’ll input all your token’s specific details that you defined earlier. This includes your coin’s Name (e.g., “Herond Cat Coin”), its Symbol/Ticker (e.g., “HERONDCAT”), the Total Supply (how many coins will ever exist), and Decimals (how divisible each coin is, usually 18 for most tokens). Follow the platform’s prompts carefully.

Deploy Your Token (Pay Gas Fee)

After confirming all details, the platform will prompt you to deploy the token. This action writes your token’s smart contract onto the blockchain. You’ll need to pay a small gas fee for this transaction, which is the network’s processing fee. Confirm the transaction in your connected wallet, and once it’s processed (which usually takes only a few moments), your meme coin will officially be live on the blockchain!

Note: Compare platform fees and blockchain compatibility (Ethereum, BSC, Solana). Set Up Tokenomics Explanation

Tokenomics is a crucial concept that combines “token” and “economics,” essentially referring to the economic blueprint of your cryptocurrency. It defines the fundamental rules governing your meme coin, encompassing its total supply (how many coins will ever exist), its distribution methods (how coins are released to the public, the team, or for specific purposes), and the incentive mechanisms designed to encourage people to hold, use, or participate in the coin’s ecosystem. In essence, strong tokenomics creates a sustainable model that aims to give your meme coin value and longevity beyond just initial hype.

No-Code Steps

While your meme coin’s theme grabs attention, its tokenomics are what give it potential long-term viability and appeal. This is its economic DNA, defining how it functions and potentially gains value.

Decide Your Total Supply

This is the maximum number of coins that will ever exist. For meme coins, a common strategy is to opt for a very large total supply (e.g., billions or even trillions of tokens). This often creates a psychological effect, making the coin appear more accessible and “cheap” per unit, which can fuel viral appeal and encourage widespread distribution. It’s a key part of the “meme” aspect, contrasting with the scarcity model of Bitcoin.

Allocate Your Tokens Strategically

Once you have a total supply, you need to decide how these tokens will be distributed. Common allocations include a percentage reserved for the community (e.g., airdrops, giveaways), a portion for marketing efforts to spread the word, and some for development to fund future improvements or ecosystem building. Clear allocation plans build trust and show commitment to the project’s growth.

Implement Burn Mechanisms or Rewards

Some no-code platforms offer templates or built-in functionalities to introduce more sophisticated tokenomics. Burn mechanisms involve permanently removing tokens from circulation, reducing supply over time and potentially increasing scarcity and value. Rewards could include mechanisms for staking or holding the token, encouraging long-term engagement. While not all no-code platforms support complex systems, look for options that allow you to set these, as they can add significant depth and incentive for your community.

Tips: Keep tokenomics simple and transparent to attract investors. Build a Community Around Your Meme Coin Strategies

Creating your meme coin is just the first step. To truly succeed, especially without coding, you need a powerful marketing strategy driven by community and virality. Here’s how to generate buzz and attract your “army”:

Establish Your Social Media Presence

Meme coins live and breathe on social media. Your immediate goal is to create official accounts on the platforms where crypto and meme culture thrive. This means setting up a presence on X (formerly Twitter), Telegram, Discord, and Reddit. These platforms are essential for direct communication, community building, and spreading your message. Think of them as your virtual town squares where your coin’s story will unfold.

Share Engaging Content to Build Hype

Content is king, and for meme coins, memes are your crown jewels. Regularly share engaging content that aligns with your coin’s theme, including humorous memes, short videos, GIFs, and exciting updates about your project. The goal is to create content that is highly shareable, sparks conversations, and gets people talking and laughing. Consistency and creativity will be key to building a loyal following and generating continuous hype.

Host Giveaways or Airdrops for Early Adopters

Nothing attracts attention like free stuff! To kickstart your community and gain initial traction, host giveaways or airdrops. This involves distributing a small amount of your meme coin to early supporters for free or in exchange for simple actions like following your social media accounts or retweeting a post. Giveaways and airdrops are powerful tools to attract early adopters, generate excitement, and build a base of initial holders who will then help spread the word about your coin.

Tools

Even without a marketing team, smart use of readily available tools can help you generate significant buzz for your meme coin. These platforms simplify the creation and distribution of engaging content.

Canva for how to create a meme coin

Canva is an incredibly powerful and user-friendly design tool, perfect for those who wants to know how to create a meme coin that capture attention. With its intuitive drag-and-drop interface and vast library of templates, fonts, and stock elements, you can quickly design eye-catching memes, promotional images, and social media banners without any prior design experience. It allows you to transform your coin’s theme into visually appealing content that’s ready to go viral across all your social platforms.

Hootsuite for Scheduling Social Media Posts

Consistency is key in building community hype. Hootsuite is a leading social media management platform that allows you to schedule social media posts across multiple platforms like X, Telegram, and Reddit from a single dashboard. This means you can plan out your content strategy in advance, ensuring a steady stream of engaging memes, updates, and announcements. Hootsuite helps you maintain a consistent presence even when you’re busy, maximizing your coin’s visibility and keeping your community engaged around the clock.

Note: Engage with followers regularly to maintain momentum. List Your Meme Coin on Exchanges Options for Beginners

Once your meme coin is created and its community is buzzing, the next crucial step is making it tradable. This involves listing it on cryptocurrency exchanges.

Decentralized Exchanges (DEXs)

Decentralized Exchanges (DEXs) are often the first stop for new meme coins, offering a permissionless way to list your token. Popular examples include PancakeSwap on Binance Smart Chain (BSC) and Uniswap on Ethereum. DEXs operate without a central authority, allowing users to trade directly from their wallets. The process involves adding liquidity pools – pairing your meme coin with a stablecoin or a major cryptocurrency (like BNB or ETH) using user-friendly no-code DEX interfaces. You then promote this trading pair to your community, encouraging them to buy and sell, which creates a market for your coin. This is generally the easiest and most accessible way to get your coin traded initially.

Centralized Exchanges (CEXs)

For broader reach and easier access for new users, aiming for a Centralized Exchange (CEX) is the next step. CEXs like Binance, Coinbase, or Kraken (though these are typically for more established coins) or smaller, emerging exchanges, operate like traditional stock exchanges. Listing here involves a more formal application process and often requires fees. You might start by applying to platforms like CoinGecko or CoinMarketCap for visibility, as these are aggregators that list virtually all cryptocurrencies. Getting listed on smaller CEXs can significantly boost your coin’s accessibility and legitimacy, though the process is more rigorous than with DEXs.

Note: Ensure your coin has a strong community before applying to larger exchanges. Promote Your Meme Coin Marketing Channels

Creating a meme coin is just the beginning; continuous marketing is essential to maintain momentum and grow your community. Here are key strategies for ongoing promotion:

Leverage Social Media with Trending Hashtags

Staying active on social media is non-negotiable. Regularly post updates, engaging content, and new memes on platforms like X (formerly Twitter). Crucially, always use trending hashtags such as #MemeCoin, #Crypto, #Altcoin, and specific relevant meme tags. This strategy dramatically increases your coin’s visibility, helping it reach new audiences who are actively searching for new crypto projects and viral content. Consistency and smart hashtag usage will keep your coin in the conversation.

Collaborate with Influencers and Meme Creators

To amplify your reach beyond your immediate community, consider collaborating with crypto influencers or popular meme creators. Influencers can introduce your coin to their large, established audiences, lending credibility and generating significant interest. Meme creators can produce original, high-quality content that perfectly aligns with your coin’s theme, making it even more shareable and viral. These partnerships can provide a huge boost in exposure and accelerate your coin’s growth.

Run Targeted Ads on Key Platforms

While organic reach is vital, running targeted ads can provide a significant push. Platforms like Reddit (especially within crypto or meme-related subreddits) and Telegram groups (where crypto communities often gather) allow for highly specific advertising. You can target users based on their interests, demographics, or group memberships. This helps you reach potential holders who are already engaged in the crypto space, efficiently converting interest into participation and boosting your coin’s visibility.

Tips

To build a professional and trustworthy image for your meme coin, even without a development team, you’ll need a few key assets. These tools make it surprisingly easy to establish your online presence.

Create a Website with No-Code Tools

A dedicated website acts as the central hub for your meme coin, providing legitimacy and a place for your community to find all essential information. You can easily create a professional-looking website using no-code tools like Wix or Carrd. These platforms offer intuitive drag-and-drop interfaces and pre-built templates, allowing you to showcase your coin’s theme, tokenomics, roadmap, and social media links without writing any code. A well-designed website lends credibility and helps potential investors or community members learn more about your project.

Publish a Whitepaper (No Coding Needed!)

While traditional whitepapers are highly technical, for a meme coin, it’s more about providing clarity and vision. A simplified whitepaper (or “litepaper”) is crucial for outlining your coin’s purpose, tokenomics, and future plans in an organized document. You don’t need fancy software; you can use templates available in Canva or even Google Docs to create a professional-looking document. This whitepaper serves as a reference point for your community and demonstrates that your project has a thought-out foundation beyond just the meme.

Note: Be transparent to avoid scams or mistrust. Tips for Success Without Coding Skills

Launching a meme coin, even without coding, involves more than just creation and marketing. To ensure its longevity, legitimacy, and your own peace of mind, here are some critical aspects to address:

Leverage Templates for Smart Contracts

While you’re not writing code, the no-code platforms utilize smart contract templates. It’s vital to leverage these pre-built smart contract templates effectively. These templates handle the complex blockchain logic behind your coin. Understanding what each template offers (e.g., standard ERC-20, burn functions, basic reward mechanisms) allows you to choose the right foundation for your tokenomics and ensure it behaves as intended without manual coding.

Outsource Professional Design

A strong visual identity is paramount for a meme coin’s virality. If design isn’t your forte, consider hiring freelancers on platforms like Fiverr or Upwork for professional logos and graphics. A well-designed logo, engaging social media banners, and crisp website visuals can significantly boost your coin’s perceived professionalism and attractiveness, making it more appealing to potential community members and investors. Investing a small amount in good design can yield massive returns in public perception.

Stay Legal and Compliant

The crypto space is evolving, and regulations vary widely. It’s crucial to research local regulations for crypto projects to avoid legal issues. Understand how cryptocurrencies are treated in your jurisdiction regarding taxes, securities laws, and consumer protection. While Vietnam’s legal framework for crypto is still developing (with new laws like the Law on Digital Technology Industry coming into effect in 2026), it’s important to be aware of the current landscape, especially regarding anti-money laundering (AML) and know-your-customer (KYC) requirements, particularly if you plan to interact with exchanges. Consulting with a legal professional specializing in crypto can save you significant headaches down the line.

Monitor Performance with Analytics Tools

Once your meme coin is trading, monitoring its performance is key to understanding its health and making informed decisions. Use tools like DexTools or CoinGecko (after your coin is listed) to track trading volume, price fluctuations, liquidity, and holder count. These analytics provide real-time insights into how your coin is performing in the market, allowing you to gauge the effectiveness of your marketing efforts and identify trends.

Engage and Nurture Your Community

The backbone of any successful meme coin is its community. Beyond just attracting members, you must actively engage your community and respond to feedback on social platforms like Telegram and Discord. Being present, transparent, and responsive builds immense trust and loyalty. A strong, engaged community will become your biggest advocates, driving hype, supporting the coin, and even contributing to its growth, proving that a meme coin is truly a collective effort.

Conclusion

Creating a meme coin no longer requires advanced coding skills. By focusing on a compelling theme, leveraging user-friendly no-code platforms, defining clear tokenomics, and executing a robust marketing strategy, anyone can launch their own digital phenomenon. Remember to prioritize community engagement, utilize smart tools for design and scheduling, and always monitor your coin’s performance. While the crypto world has its risks, following these steps empowers you to dive into the exciting realm of meme coins, transforming a simple idea into a potential viral success. Get ready to innovate, connect, and make your mark in decentralized space!

About Herond

Herond Browser is a cutting-edge Web 3.0 browser designed to prioritize user privacy and security. By blocking intrusive ads, harmful trackers, and profiling cookies, Herond creates a safer and faster browsing experience while minimizing data consumption.

To enhance user control over their digital presence, Herond offers two essential tools:

Herond Shield: A robust adblocker and privacy protection suite. Herond Wallet: A secure, multi-chain, non-custodial social wallet.

As a pioneering Web 2.5 solution, Herond is paving the way for mass Web 3.0 adoption by providing a seamless transition for users while upholding the core principles of decentralization and user ownership.

Have any questions or suggestions? Contact us:

On Telegram https://t.me/herond_browser DM our official X @HerondBrowser Technical support topic on https://community.herond.org

The post How to Create a Meme Coin with No Coding Skills Needed appeared first on Herond Blog.

Is your webpage acting up, displaying old content, or just refusing to load correctly? Before you throw your hands up in frustration, there’s a simple trick that can solve most browser woes in an instant: refreshing! But did you know there’s more than one way to refresh, and some methods are far more powerful than just clicking a button? This step-by-step guide will show you how to refresh your browser in seconds, clearing out glitches and forcing your pages to load the latest, most accurate content, ensuring your online experience is always smooth and up-to-date.

Why Refreshing Your Browser Matters Definition

Refreshing your browser is essentially telling it to reload a webpage from scratch. When you browse, your browser saves temporary files (like images, scripts, and styling) in its “cache” to make pages load faster on subsequent visits. However, sometimes this cached information can become outdated or corrupted, leading to the page displaying old content, appearing broken, or experiencing minor glitches. A simple refresh forces your browser to discard these temporary files for that specific page and re-download all its components from the web server, ensuring you see the latest version and clearing up those annoying display errors. It’s like giving your browser a quick, targeted reset button for a single page.

Benefits Fixes Display Issues and Outdated Content

One of the most immediate benefits of refreshing is its ability to fix display issues or outdated content. Have you ever seen a webpage with broken images, misaligned text, or a news feed that just isn’t updating? This often happens because your browser is showing you an old, cached version of the page. A refresh forces it to discard that stale data and fetch all new information from the server, ensuring you see the latest, correct, and fully rendered version of the website.

Clears Temporary Cache to Improve Loading Speed

Your browser stores temporary files (cache) to speed up loading times for pages you’ve visited before. However, over time, this cache can become cluttered with old, unnecessary, or even corrupted files, paradoxically slowing down your browser. A refresh, especially a “hard refresh”, which we’ll discuss, specifically tells your browser to clear the temporary cache for that page and download everything fresh. This can significantly improve loading speed by eliminating any cached data that might be causing sluggish performance.

Resolves Minor Connectivity or Scripting Errors

Webpages are complex, relying on various scripts and connections to function correctly. Sometimes, a minor hiccup in your internet connection, a script failing to load properly, or a temporary server error can leave a page “stuck” or partially functional. A simple refresh often acts as a quick reset button, resolving minor connectivity or scripting errors by re-initiating the entire communication process between your browser and the website’s server. It’s often the first, and most effective, troubleshooting step for many common browsing frustrations.

Use Cases: Ideal for troubleshooting slow websites, e-commerce checkout issues, or real-time content updates (e.g., news, social media). Step-by-Step Guide on how to Refresh Browser in Seconds Refresh Using Keyboard Shortcuts Standard Refresh: The Quick Fix

This is your go-to for simply reloading a webpage. It tells the browser to check for new content, but it might still use some cached elements to speed things up.

For Windows/Linux users: Just press the F5 key on your keyboard. Alternatively, you can use Ctrl + R. Both commands will reload the current page. For Mac users: Simply press Command + R. This will perform the same standard refresh, bringing the page back to life. Hard Refresh: Bypassing the Cache

Sometimes, a standard refresh isn’t enough because your browser is stubbornly holding onto old cached files. A “hard refresh” forces your browser to completely bypass its cache for that specific page and re-download everything from scratch. This is your secret weapon for fixing broken layouts, outdated content, or persistent glitches.

For Windows/Linux users: Hold down Ctrl and press F5. Another common shortcut is Ctrl + Shift + R. Either of these combinations will tell your browser to ignore its local cache for the current page and pull all fresh data from the server. For Mac users: Press Command + Shift + R. This powerful shortcut will perform a full reload of the page, ensuring you’re seeing the absolute latest version by clearing its specific cache. Supported Browsers: Chrome, Firefox, Safari, Edge, Herond Browser Note: Hard refresh reloads the page without using cached data for a cleaner load. How to Refresh Browser Using Buttons Steps

Beyond keyboard shortcuts, you can also refresh your browser using the familiar buttons right on your screen. This method is often intuitive and easily accessible.

Step 1: Locate the Refresh/Reload Button

Look at your browser’s interface, usually near the address bar where you type website names. You’ll typically find a Refresh or Reload button, which is most commonly represented by a circular arrow icon (often pointing clockwise, sometimes with an arrowhead). This icon is universally recognized across browsers like Chrome, Firefox, Safari, and Herond Browser.

Step 2: Click to Reload the Page

Once you’ve found it, simply click this circular arrow icon. Your browser will immediately begin to reload the current webpage, performing a standard refresh. This is equivalent to pressing F5 (on Windows/Linux) or Command + R (on Mac) and updating the content, often resolving minor display issues.

Step 3: Perform a Hard Refresh (If Available)

For more stubborn problems where a regular refresh isn’t enough, some browsers offer a “hard reload” option directly through the button. In browsers like Chrome, you can right-click the Refresh/Reload button. If available, a context menu will appear, giving you the option to select “Hard Reload” or “Empty Cache and Hard Reload.” Clicking this advanced option forces the browser to completely bypass its local cache for that page and download all resources anew, ensuring you get the absolute freshest version of the site.

Supported Browsers: Chrome, Safari, Firefox, Edge, Opera. Tip: Combine with keyboard shortcuts for faster access. How to Refresh Browser on Mobile Steps

Refreshing a browser on your mobile device is just as easy as on a desktop, ensuring your pages are always up-to-date wherever you are. Here’s how to do it on popular mobile browsers:

Chrome (Android/iOS)

If you’re using Chrome on your Android or iOS device, there are two simple ways to refresh. You can either tap the three-dot menu (usually in the top or bottom right corner) and then select “Reload” from the options that appear. Alternatively, for an even quicker method, simply pull down the screen from the top of the webpage until you see a spinning refresh icon. Releasing your finger will instantly reload the page.

Safari (iOS)

For Safari users on iOS devices, refreshing is just as intuitive. You can tap the circular arrow icon directly within the address bar at the bottom of your screen. This will quickly reload the page. Another convenient way, similar to Chrome, is to pull down the page from the top of the screen. A refresh spinner will appear, and releasing it will reload the content.

Firefox (Android/iOS)

If Firefox is your mobile browser of choice on either Android or iOS, the process is straightforward. Just tap the three-dot menu (typically located in the bottom right corner on iOS or top right on Android). From the menu that pops up, simply select “Reload” to refresh the current webpage and ensure you’re viewing the latest content.

Note: Pulling down to refresh is intuitive for touch-based devices. Tip: Clear cache on mobile if refreshing doesn’t resolve issues (Settings > Privacy). How to Refresh Browser on Specific Devices Smart TVs or Gaming Consoles

On most Smart TVs or gaming consoles (like PlayStation or Xbox), you’ll need to navigate to the browser’s menu using your remote or controller. Look for options like “Reload,” “Refresh,” or a circular arrow icon, then select it. If a direct refresh option isn’t available or if the page remains stuck, a more effective solution is to restart the browser application entirely. Simply close the browser app from the console’s or TV’s main menu, and then relaunch it. This acts as a full refresh, clearing any temporary data and forcing the page to load anew.

Tablets (iPad, Android)

If you’re using a tablet without an external keyboard, simply follow the mobile browser steps as described for Chrome, Safari, or Firefox on mobile. This typically involves pulling down the screen to refresh or accessing the refresh option through the browser’s three-dot or circular arrow menu. However, if you’re using a tablet with an attached keyboard (like an iPad with a Magic Keyboard), you can often utilize the device-specific keyboard shortcuts, such as pressing Command + R on an iPad, just like you would on a Mac. This flexibility ensures you can quickly refresh pages no matter your setup.

Note: Check device manual for browser-specific controls. Troubleshoot with Advanced How to Refresh Browser Options Clear Cache Manually

While a hard refresh targets a single page’s cache, sometimes you need a more comprehensive clean-up to resolve persistent issues across multiple websites or to free up storage. Here’s how to clear your entire browser cache on major browsers:

Google Chrome

To clear your cache in Chrome, navigate to the browser’s settings. Click on the three-dot menu in the top right corner, then go to “Settings”. From there, select “Privacy and Security” and then “Clear Browse Data.” In the pop-up window, ensure that “Cached images and files” is checked (you can also select a time range, like “All time”), then click “Clear data.” This will remove all stored temporary files, giving your browser a fresh start.

Mozilla Firefox

For Firefox users, clearing the cache is just as straightforward. Open Firefox and click on the three-line menu icon in the top right corner, then choose “Options” (or “Settings” on Mac/Linux). In the left sidebar, click on “Privacy & Security.” Scroll down to the “Cookies and Site Data” section and click on “Clear Data.” Make sure “Cached Web Content” is checked, and then click “Clear.” This will wipe out the cached files that might be causing issues.

Apple Safari

On Safari, the process is a bit different as it often bundles cache clearing with all website data. To clear your cache, go to “Safari” in the top menu bar, then select “Settings” (or “Preferences”). Click on the “Privacy” tab. Here, you’ll see a button that says “Remove All Website Data.” Clicking this will clear Safari’s cache, cookies, and other website data, effectively giving you a clean slate.

Restart Browser: Close and reopen the browser to reset connections. Check Internet: Ensure Wi-Fi or data connection is stable before refreshing. Note: Use these steps if standard refresh fails to fix issues. Tips for Faster and Effective on How to Refresh Browser Advanced Tips for a Smooth Browser Experience

While refreshing and clearing cache is powerful, these additional tips can further optimize your browser’s performance and ensure you’re always viewing up-to-date content effortlessly.

Automate Refresh for Dynamic Content

For websites that update frequently (like live sports scores, stock tickers, or news feeds), manually refreshing can be tedious. Consider using browser extensions like “Easy Auto Refresh” for Chrome (or similar extensions for other browsers). These tools allow you to automate refreshing by setting a specific interval (e.g., every 30 seconds, every 5 minutes). This ensures you’re always viewing the absolute latest content without having to lift a finger, perfect for monitoring dynamic information.

Bookmark Key Pages for Quick Reloading

Sometimes the quickest way to get a fresh page is to simply close and reopen it, or jump to it directly. Bookmark your frequently visited pages for quick access. Instead of typing out the URL, a quick click from your bookmarks bar or menu will instantly load the page. This method often triggers a full reload, making it a fast way to quickly reload them and refresh their content without needing specific refresh buttons or shortcuts.

Keep Your Browser Updated

An often-overlooked tip for browser health is simply keeping it current. Ensure your browser is always up-to-date to the latest version. Browser developers constantly release updates that include performance improvements, security patches, and fixes for compatibility issues. An outdated browser can lead to slow loading times, display glitches, and even security vulnerabilities. Regular updates guarantee you’re running the most optimized and secure version available.

Disable Problematic Extensions

While extensions can enhance your Browse experience, they can also sometimes be the culprit behind slow loading pages or display errors. If you’re consistently facing issues on certain websites, try temporarily disabling browser add-ons or extensions. One by one, disable them and re-test the page. This helps you identify if a specific extension is interfering with page loading or causing conflicts, allowing you to remove or manage it effectively.

Monitor Browser Performance

For users experiencing persistent slowdowns, it’s helpful to become your own browser detective. Most modern browsers include built-in tools to monitor performance. For example, Chrome has a Task Manager (accessible via Shift + Esc on Windows/Linux or Window > Task Manager on Mac) that shows you which tabs or extensions are consuming the most CPU and memory. By identifying resource-heavy tabs or problematic extensions, you can close or manage them to significantly improve your browser’s overall responsiveness and speed.

Conclusion

Mastering the art of refreshing your browser is a fundamental skill for a smooth and efficient online experience. From quick keyboard shortcuts to mobile gestures and comprehensive cache clearing, you now have all the step-by-step knowledge to refresh your browser in seconds. By understanding the different refresh methods and leveraging advanced tips like automated refreshing or performance monitoring, you can swiftly resolve display issues, boost loading speeds, and ensure you’re always viewing the most current content. Embrace these simple yet powerful techniques to keep your Browse experience fast, fluid, and frustration-free.

About Herond

Herond Browser is a cutting-edge Web 3.0 browser designed to prioritize user privacy and security. By blocking intrusive ads, harmful trackers, and profiling cookies, Herond creates a safer and faster browsing experience while minimizing data consumption.

To enhance user control over their digital presence, Herond offers two essential tools:

Herond Shield: A robust adblocker and privacy protection suite. Herond Wallet: A secure, multi-chain, non-custodial social wallet.

As a pioneering Web 2.5 solution, Herond is paving the way for mass Web 3.0 adoption by providing a seamless transition for users while upholding the core principles of decentralization and user ownership.

Have any questions or suggestions? Contact us:

On Telegram https://t.me/herond_browser DM our official X @HerondBrowser Technical support topic on https://community.herond.org

The post Step-by-Step guide on how to refresh browser in Seconds appeared first on Herond Blog.

Trying to connect to Telegram but facing issues? A stable VPN connection is often the key to smooth access, especially in regions with restrictions. But how can you be sure your VPN is actually working and providing that secure, consistent link? This article will guide you through simple yet effective ways to check your VPN connection and ensure stable Telegram access, helping you bypass common hurdles and stay connected effortlessly.

Why Checking Your VPN Connection is Essential for Telegram Role of VPN

When you face difficulties accessing Telegram, a Virtual Private Network (VPN) acts as your essential tool. A VPN works by encrypting your internet traffic, making your online activities unreadable to third parties. Crucially, it also changes your IP address, making it appear as if you’re browsing from a different location. This dual functionality allows you to effectively bypass Telegram blocks or censorship, ensuring you maintain seamless and private communication, no matter where you are.

Reasons to Check VPN

When you’re trying to use Telegram, sometimes it just won’t cooperate. Here are the main reasons why it’s a smart move to regularly check your VPN connection:

Bypassing Blocks and Censorship

Telegram can often be inaccessible due to restrictions imposed by internet service providers (ISPs), governments, or even local network administrators, like those found on public Wi-Fi. If Telegram isn’t loading, your VPN might be the key to bypassing these blocks. Checking its connection ensures you’re effectively circumventing these digital barriers and getting seamless access to your messages and groups.

Ensuring Stable Performance

An unstable VPN connection can turn your Telegram experience into a frustrating mess. You might face constant lagging, sudden disconnections, or complete failure to load messages and media. A quick check of your VPN’s stability can pinpoint if it’s the culprit behind these performance issues, helping you troubleshoot and get back to smooth, uninterrupted communication.

Protecting Your Privacy and Preventing Leaks

One of the primary reasons to use a VPN is for privacy. If your VPN connection isn’t solid, it could lead to data leaks, potentially exposing your real IP address and online activities. This defeats the purpose of using a VPN in the first place. Regularly verifying your connection ensures your data remains encrypted and your true location stays hidden, keeping your conversations on Telegram private and secure.

Benefits

Using a stable VPN connection isn’t just about bypassing blocks; it brings a host of advantages that significantly enhance your Telegram experience.

Consistent Access to Telegram

A reliable VPN ensures you get consistent Telegram access, no matter where you are. This means uninterrupted messaging, seamless participation in groups, and smooth browse of channels. You won’t have to worry about sudden disconnections or regional blocks stopping your conversations, keeping you always connected to what matters.

Enhanced Security for Your Communications

Security is paramount, and a stable VPN provides enhanced security during communication on Telegram. By encrypting your internet traffic, your conversations and shared data are protected from snoopers, hackers, and surveillance. It adds a crucial layer of privacy, ensuring your personal and sensitive information remains confidential.

Improved Performance and Reliability

Finally, a strong VPN connection leads to improved performance with minimal disruptions. When your VPN is stable, Telegram loads faster, messages send instantly, and media streams smoothly. You’ll experience less lag, fewer dropped connections, and overall a much more reliable and enjoyable communication experience.

Step-by-Step Guide to Check and Optimize VPN for Telegram Steps to Verify Your VPN Connection for Telegram Access

Here’s how to quickly check if your VPN is working correctly, ensuring you get smooth, stable access to Telegram:

Step 1: Confirm VPN App Status

First, open your VPN application (like NordVPN, ExpressVPN, or ProtonVPN) on your device. Look for a clear indicator that confirms your connection, usually a prominent “Connected” status. This is your initial visual check to ensure the VPN software believes it’s active.

Step 2: Verify Your IP Address

Next, open your web browser and visit a trusted IP checker website, such as whatismyipaddress.com. Once the page loads, confirm that the displayed IP address and location match the VPN server you selected. If it shows your actual location or a different server than intended, your VPN might not be fully functional.

Step 3: Test Telegram Connection

Finally, launch your Telegram application. Observe if it connects without any error messages, loads messages, and allows you to send/receive content smoothly. If Telegram works perfectly, you’ve successfully verified your VPN connection is providing the stable access you need.

Tools

Beyond just checking if your VPN is connected, these tools help you ensure your privacy isn’t leaking, keeping your Telegram access secure and truly private:

DNS Leak Test

Your DNS (Domain Name System) translates website names into IP addresses. A DNS leak happens when your internet requests bypass your VPN and reveal your real ISP. To check this, simply visit dnsleaktest.com. The site will show which DNS servers your device is using. If you see your actual ISP’s servers or any servers not associated with your VPN provider, you have a leak. This means your online activity might still be traceable back to you, even with your VPN on.

WebRTC Leak Test

WebRTC (Web Real-Time Communication) is a technology that allows browsers to communicate directly, often used for video calls. However, it can sometimes reveal your real IP address even when a VPN is active. To test for this, go to browserleaks.com/webrtc. This tool will show if your real IP is being exposed through WebRTC. Ideally, it should show your VPN’s IP or nothing at all. If your actual IP pops up, it means your privacy is compromised, and you should consider disabling WebRTC in your browser settings or using a VPN that specifically offers WebRTC leak protection.

Select the Best VPN Server for Telegram Criteria

Choosing the right VPN settings is crucial for a smooth and secure Telegram experience.

Location Selection

First, select a server location where Telegram is unrestricted. Countries like the Netherlands, Singapore, or Canada are often good choices. This ensures your VPN successfully bypasses any regional blocks or censorship, giving you seamless access to Telegram’s features.

Server Load Considerations

Second, opt for servers with low usage or “low load.” When a server has fewer users connected, there’s less congestion. This directly translates to faster speeds and a more stable connection, preventing lag and disconnections during your Telegram conversations.

Protocol Preference

Finally, prefer robust VPN protocols like OpenVPN or WireGuard. These protocols are highly regarded for their strong balance of reliability, security, and speed. Using them ensures your connection is not only private and stable but also fast enough to handle all your Telegram communications without a hitch.

Steps

Once you understand the key settings, here’s how to put them into practice to optimize your VPN for Telegram:

Step 1: Select Your Server

Open your VPN application and navigate to its server list. You can manually browse through available countries to choose a server in an unrestricted region (like the Netherlands or Singapore). Alternatively, use the “Quick Connect” or “Optimal Location” feature if your VPN offers it. This often automatically picks the fastest, least congested server for you.

Step 2: Test Connection Speed

After connecting to your chosen server, visit a speed test website like speedtest.net (or a similar tool). Run a quick test to measure your download and upload speeds, as well as your ping. If the speeds aren’t satisfactory, or if Telegram still feels slow, switch to a different server (ideally one with lower load) and retest your connection speed until you find an optimal balance for smooth Telegram access.

Optimize VPN Settings for Telegram Steps

Beyond basic setup, these advanced steps can further secure and enhance your Telegram experience when using a VPN:

Step 1: Enable Kill Switch

To ensure your real IP address is never exposed, enable the Kill Switch feature in your VPN app. This critical security setting automatically blocks all internet traffic if your VPN connection unexpectedly drops. It’s a vital safeguard that prevents accidental data leaks and keeps your online activities private, especially when using Telegram.

Step 2: Disable Unnecessary Features

Some VPN apps come with extra features like built-in ad blockers, malware protection, or even split tunneling. While useful, these can sometimes impact performance or create conflicts. For optimal speed and stability with Telegram, consider disabling any unnecessary features within your VPN app’s settings. This allows the VPN to focus solely on providing a fast, secure connection for your messaging.

Step 3: Update Your VPN App

Keeping your VPN software up-to-date is crucial. Regularly update your VPN app to the latest version. Developers frequently release updates that fix bugs, improve compatibility with operating systems and networks, and enhance overall performance and security. An outdated app might suffer from stability issues or even introduce vulnerabilities that could affect your Telegram access.

Step 4: Check Telegram Settings

Finally, after optimizing your VPN, review your Telegram app settings. Ensure there are no proxy settings enabled from previous attempts to bypass blocks, as these can conflict with your VPN. Also, check for any data saving features that might limit connection quality. A clean Telegram setup, combined with a well-optimized VPN, ensures the best possible messaging experience.

Telegram Settings

Once your VPN is set up and optimized, it’s a good idea to fine-tune your Telegram settings to ensure the best possible experience. Go to Settings > Data and Storage within the Telegram app. Here, you’ll find options for “Automatic Media Download.” Make sure these settings are optimized for your current connection speed, especially when using a VPN. If your VPN connection is a bit slower, you might want to set media to download manually or only on Wi-Fi to prevent slow loading times and save data, ensuring your messaging stays smooth and efficient.

Troubleshoot Common VPN Issues Common Problems

Even with a VPN, you might encounter a few issues. One frequent problem is the VPN failing to connect or frequently disconnecting, which immediately disrupts your Telegram access.

Another common hurdle is Telegram loading slowly or messages failing to send/receive, indicating a potential issue with your VPN’s speed or stability.

Lastly, a critical concern is IP/DNS leaks that expose your real location, completely undermining your privacy and the very purpose of using a VPN. Recognizing these issues early helps you troubleshoot effectively and get back to secure, seamless communication.

Solutions

Facing problems with your VPN or Telegram? Don’t worry, here are some quick fixes to get you back online:

First, try the classic tech solution: restart everything. Close and restart your VPN app, then restart Telegram, and finally, reboot your device (phone or computer). This often resolves temporary glitches that might be affecting your connection.

If restarting doesn’t help, consider switching your network connection. If you’re on Wi-Fi, try switching to mobile data, or vice versa. Sometimes, local network restrictions or Wi-Fi interference can prevent your VPN from working effectively.

For persistent issues, clear your VPN app’s cache. Just like any other app, VPNs can accumulate temporary data that might cause conflicts. If clearing the cache doesn’t work, consider reinstalling the VPN app entirely. This ensures you’re running a clean version without any corrupted files.

Finally, if you’re still stuck, don’t hesitate to contact your VPN provider’s support team. They can offer server-specific advice, diagnose complex issues, and provide solutions tailored to your problem. They’re the experts, and they’re there to help!

Ensure VPN Security for Safe Telegram Use Steps

To truly secure your Telegram communications, it’s not just about having a VPN; it’s about making sure your setup is rock-solid. Here’s how:

Step 1: Pick a Privacy-Focused VPN

First, choose a VPN provider with a strict no-logs policy. This means your online activities aren’t recorded, giving you true anonymity. Make sure it also uses strong encryption, like AES-256, which is the industry standard for keeping your data unreadable to snoopers.

Step 2: Confirm Robust Protocols

Next, verify the VPN protocols it offers. Prioritize highly secure and efficient options such as OpenVPN or WireGuard. These protocols provide a solid, reliable foundation for your privacy and help maintain fast speeds for your Telegram messages.

Step 3: Enable Telegram’s 2FA

Finally, go beyond the VPN and add an extra layer of defense directly in Telegram. Enable two-factor authentication (2FA) within the app itself by going to Settings > Privacy and Security. This protects your account even if your password somehow gets compromised.

Best Practices for Stable Telegram Access with VPN Security

Even after setting up your VPN, ongoing vigilance is key. Here’s how to ensure your privacy and security remain intact for the long haul:

Step 1: Regularly Check for Leaks

Your privacy depends on your VPN not leaking your real information. Make it a habit to regularly check for IP/DNS leaks using tools like dnsleaktest.com. This quick check helps maintain your anonymity by confirming your real IP address and location aren’t accidentally exposed, keeping your Telegram activity truly private.

Step 2: Protect Your Credentials

Never let your guard down with sensitive information. Avoid sharing your Telegram login codes or VPN credentials with anyone. These are the keys to your accounts. Sharing them, even with trusted individuals, significantly increases the risk of unauthorized access to your Telegram messages and compromises the security provided by your VPN.

Performance

For a truly seamless and secure Telegram experience, managing your VPN actively makes a big difference. Here are two key steps:

Step 1: Limit Simultaneous VPN Connections

Running too many devices on a single VPN connection can cause bandwidth strain. This often leads to slower speeds and unstable performance, directly impacting your Telegram experience. If your VPN provider allows multiple connections, consider limiting the number of simultaneous VPN connections to just the essential devices you’re actively using for Telegram. This helps ensure each device gets enough bandwidth for a smooth, uninterrupted connection.

Step 2: Schedule VPN Updates During Off-Hours

VPN providers regularly release updates to improve security, performance, and add new features. While important, these updates can sometimes interrupt your connection or require a restart. To avoid disruptions to your Telegram usage, make it a habit to schedule your VPN updates during off-hours – times when you’re less likely to be actively using Telegram or other critical online services. This proactive approach minimizes downtime and keeps your connection running optimally.

Conslusion

Ensuring a stable VPN connection is crucial for uninterrupted and secure Telegram access. By regularly verifying your VPN’s status, checking for IP/DNS leaks, and optimizing its settings, you can overcome common blocking issues and maintain your privacy. Remember to choose a reliable VPN provider, keep your app updated, and practice good digital hygiene by protecting your credentials. With these steps, you’ll enjoy a seamless and secure Telegram experience, always staying connected without compromise.

About Herond

Herond Browser is a cutting-edge Web 3.0 browser designed to prioritize user privacy and security. By blocking intrusive ads, harmful trackers, and profiling cookies, Herond creates a safer and faster browsing experience while minimizing data consumption.

To enhance user control over their digital presence, Herond offers two essential tools:

Herond Shield: A robust adblocker and privacy protection suite. Herond Wallet: A secure, multi-chain, non-custodial social wallet.

As a pioneering Web 2.5 solution, Herond is paving the way for mass Web 3.0 adoption by providing a seamless transition for users while upholding the core principles of decentralization and user ownership.

Have any questions or suggestions? Contact us:

On Telegram https://t.me/herond_browser DM our official X @HerondBrowser Technical support topic on https://community.herond.org

The post How to Check Your VPN Connection for Stable Telegram Access appeared first on Herond Blog.

A Scattered Spider attack exploited systemic service desk flaws and weak privileged access controls. Here’s how to shut the door for good.

When news broke that Marks & Spencer was compromised in a ransomware campaign tied to Scattered Spider, many assumed it was a case of internal failure. But the truth is more complex, and more concerning for retail CISOs everywhere.

M&S, like many retailers, relied on a third-party IT provider to manage service desk operations. According to multiple forensic reports, Scattered Spider deliberately targeted this provider due to systemic weaknesses in their service desk processes, then leveraged privileged access to pivot into client environments — including M&S.

In short: the attackers didn’t hack the retailer. They walked through a door left open by the service provider.

The breach went undetected for months after the initial February compromise, culminating in DragonForce ransomware encrypting VMware ESXi hosts on April 24th. The aftermath has been devastating: more than $400 million in lost profit and more than $1 billion wiped from M&S’s stock market value.

The Supply Chain Identity Problem Is Getting Worse

This isn’t an isolated incident. By early May, luxury department store Harrods and fashion retailer Dior had been targeted in cyberattacks, while Danish food giant Arla Foods was hit mid-May. The M&S, Co-op, and Harrods attacks have been linked to similar tactics, suggesting a coordinated campaign against UK retailers.

What makes these attacks so dangerous isn’t sophisticated malware or zero-day exploits. It’s the abuse of legitimate access and trust relationships. Scattered Spider is believed to be a decentralized network composed largely of native English-speaking young people who coordinate in real-time over Discord, Telegram, and underground forums, using social engineering rather than technical hacking.

The M&S breach follows a predictable pattern: compromise a service provider with weak identity controls, inherit their privileged access to client environments, then move laterally to deploy ransomware. What’s particularly troubling is how the attackers used SIM swapping to bypass traditional forms of multifactor authentication (MFA), then tricked IT help desks to gain deeper access.

Once inside, they exploited M&S’s Microsoft Active Directory to gain broad system access — a classic case of authentication bypass leading to total compromise.

Why This Matters for Retail CISOs

Retail environments are sprawling, fast-moving, and heavily reliant on third-party IT providers. Unlike organizations in financial services or healthcare, retailers often lack the security hardening that comes with heavy regulation.

This breach is a textbook case of supply chain identity compromise — where attackers bypass perimeter defenses by exploiting trust and privilege in the authentication chain. Traditional MFA, VPNs, and endpoint security can’t stop an attacker who already has legitimate vendor access.

The financial impact extends far beyond immediate losses. According to a recent survey, more than 60% of consumers would stop shopping with a brand that suffered a security incident, while IBM estimates the average cost of a data breach is now $4.88 million per incident.

How Modern Identity-Based Authentication Stops These Attacks

As the M&S breach demonstrates, authentication built around credentials, devices, or even basic biometrics isn’t enough. Attackers can steal credentials, compromise devices, and even register fraudulent biometrics if they have administrative access.

The solution requires identity-based authentication that verifies the human behind every login, not just what they possess or know. Here’s how 1Kosmos addresses the three critical vulnerabilities exposed in the M&S breach:

1. Identity-First Authentication — Not Just Credentials

Traditional MFA relies on “something you know, something you have, something you are.” But Scattered Spider has proven they can compromise all three. Anyone with administrative access or successful SIM swap can register things like user biometrics to any device—or set up an alternative identity provider to bypass authentication measures altogether.

1Kosmos takes a different approach. Our platform uses machine-verified identity proofing tied to government-issued credentials, combined with live biometric verification that detects presentation attacks including deepfakes. The private key of a matched public-private pair in the user’s device serves as the possession factor, while a live facial scan provides the inherence element — with 99.9% accuracy in confirming the authorized user’s identity.

2. Verified Privileged Access Controls

In the M&S breach, TCS allegedly handed over privileged access without proper verification processes. With 1Kosmos, privileged access cannot be granted without a re-authenticated, identity-verified session, regardless of the requesting party’s VPN connection or claimed authority.

Our solution integrates with existing privileged access management systems to ensure every high-risk action requires fresh identity verification — not just inherited trust from a service provider.

3. Zero Trust Extended to Vendors

The traditional model of trusting third-party service desks is fundamentally broken. 1Kosmos enforces continuous identity assurance and step-up authentication based on risk, device, location, and behavior — even for trusted service providers.

This approach would have prevented the M&S breach by requiring fresh identity verification for any privileged actions, regardless of TCS’s existing access agreements.

The Bottom Line: Retailers Can’t Afford to Outsource Trust

The M&S breach isn’t just a cautionary tale — it’s a preview of what’s coming for every retailer that hasn’t modernized their identity infrastructure. Google was warning there are signs Scattered Spider may be moving on from UK retailers and pivoting to direct cyber-attacks against retail sector targets in the US.

As these attacks demonstrate, your security is only as strong as your weakest vendor’s identity controls. Traditional authentication methods that rely on credentials, devices, or basic biometrics simply can’t defend against social engineering attacks that compromise the authentication process itself.

1Kosmos provides the only NIST, FIDO2, and FedRAMP High certified platform that combines indisputable digital identity proofing with advanced biometrics and passwordless authentication. Our solution ensures that every access request, whether from employees, contractors, or vendors, is verified against a live human identity, not just inherited trust relationships.

The next supply chain attack is already being planned, and they’re counting on inherited trust to get them in.

Ready to modernize your identity infrastructure? Contact us today to learn more.

The post What the Marks & Spencer Breach Tells Us About the Next Era of Identity Attacks appeared first on 1Kosmos.

Malicious AppleScript distributed via ClickFix exfiltrates Keychain credentials, browser data and more.

At Identiverse 2025, Protect AI CISO Diana Kelley warned that artificial intelligence may be powerful, but it’s not always right. When it comes to identity, hallucinations can be dangerous — and trust must be earned.

Social media is cool for connecting and sharing content, but it’s a high-risk place for being tracked and scammed.

The FTC calls social media “a golden goose for scammers”, and rails against the platforms’ collection and monetization of users’ personal data which “endanger people’s privacy, threaten their freedoms, and expose them to a host of harms, from identity theft to stalking.”

Social Media Day this June 30 is a good time to rethink how you manage your social media safety and privacy—and let MySudo all-in-one privacy app keep you safe on social media even if there’s a data breach.

What are the privacy and safety risks on social media?

Social media presents two massive safety risks: data breaches from malicious actors, and data surveillance from the platforms themselves. From both, you face significant harm to your personal safety, money, and reputation.

Data breaches of social media platforms

Data breaches happen when data troves like those kept by the social media giants are actively stolen and used maliciously for crimes such as identity theft, credit card fraud, phishing schemes, and other unauthorized access to accounts. This is in addition to the social media scams that are already rife: Globally, 30.5% of all phishing attacks were via social media in 2024, and one-quarter of all people who reported losing money to fraud since 2021 said it started on social media.

In the first half of 2024, the number of data breach victims surpassed 1 billion—a 490 per cent increase from the same time in 2023.

Some of the largest data breaches of all time have been via social media and exposed billions of user records, including:

The “mother of all data breaches”—the 2024 discovery of a 12-terabyte database containing 26 billion leaked data records from users of Chinese messaging giant Tencent; social media platform Weibo; platforms and services such as Twitter, Dropbox, LinkedIn, Adobe, Canva and Telegram; and various U.S. and other government organizations
The 2013–2106 breaches of Yahoo which exposed highly sensitive personal information from over 3 billion user accounts and still holds the record for the most people affected by breach of a social media platform
The April 2021 discovery of an earlier attack on Facebook which was one of its largest (Facebook has had data breaches since 2012), which leaked the names, phone numbers, account names, and passwords of over 530 million people
The high-profile Facebook/Cambridge Analytica attack, which saw British consulting firm, Cambridge Analytica, harvest and sell data from 50–90 million user accounts on Facebook
LinkedIn’s April 2021 breach of about 700 million users’ identities or around 93% of the total user base at the time
The March 2020 data breach of one of China’s largest social media platforms, Sina Weibo, in which 538 million user account details were stolen and sold on the dark web
The data breach of early social media platform MySpace, with 360 million compromised accounts.

Data surveillance on social media

But data breaches are only part of the social media risk story. In 2024 the FTC found that all the major social media and video streaming companies “harvest an enormous amount of Americans’ personal data and monetize it to the tune of billions of dollars a year.” This isn’t news, but it’s another credible confirmation of the global data privacy crisis.

Source: FTC, 2024

The FTC found:

Companies collect and indefinitely keep troves of data, including information from data brokers, and about both users and non-users of their platforms.
Many companies share the data, which raises “serious concerns regarding the adequacy of the companies’ data handling controls and oversight”.
Some companies “deployed privacy-invasive tracking technologies, such as pixels” to serve ads to users based on preferences and interests.
Users and non-users had little or no way to opt out of how their data was used by these automated systems.
Companies that “amass significant amounts of user data may be able to achieve market dominance, which may lead to harmful practices with companies prioritizing acquiring data at the expense of user privacy.” 

But it’s not only social media platforms tracking and selling our data or “digital exhaust”: many companies engage in surveillance capitalism, even banks. What’s more, data brokers grease the wheels of this data economy by harvesting, manipulating and even misrepresenting consumer data and sell it to brands to hyper-personalize ads and content.

Of course, these massive data stores are rife with privacy invasions and safety risks including unintentional data exposure, third-party access and data mining, identity theft and social engineering scams, and data breaches, as we’ve covered.Statistics show most people in the world have now had their personal data stolen and it’s getting worse.

This deep dive from TechTarget on all the personal information that social media platforms and third-party apps collect about you and what they can do with it, plus how criminals can easily access all that information, is well worth a read. To stop yourself from falling victim to scams and to limit data surveillance of your life via social media, you really need a way to avoid giving your personal information to the platforms in the first place—and that’s where MySudo can help.

Use MySudo to lock down your privacy and safety on social media

You can use MySudo all-in-one privacy app for social media in two ways:

Create an alternative digital identity called a Sudo just for your social media.
Update your existing social media accounts with your Sudo credentials instead of your personal information.

Create an alternative digital identity just for your social media

MySudo is built around Sudos, secure and customizable digital identities or “personas”, which come with their own alternative contact details like email and phone, and secure communications capabilities like end-to-end encrypted messaging and calling, virtual payment cards, and private browsing.

With MySudo, you can create a unique Sudo email address and phone number solely for signing up to and logging in to your social media accounts and never have to expose your personal email and phone number to the platforms.

You could even go one step further and create a separate Sudo digital identity for your work social media accounts and another Sudo for your personal social media accounts, separating the two for privacy and perhaps professional reputation purposes—whatever suits your real-life privacy needs.

When you do this you harness the power of compartmentalization, a military-style data protection strategy which MySudo makes easy. Platforms will still track you and criminals will still try to scam you, but they’ll only have access to your Sudo information, not your personal information which you probably use for your banking and medical information, for example, and definitely don’t want to risk with your doom scrolling.  

Update your existing social media accounts with your Sudo credentials instead of your personal information

MySudo is a great second chance at digital privacy. Once you have created a dedicated social media Sudo, you could go in and switch out your personal email and phone number for the new Sudo login details. Remember, if your socials are breached, your personal life is safe. The scammers can’t steal your personal information or invade your personal life, and the platforms can’t link your personal email and phone number to your other online activity to build and monetize your social graph.

Get started with MySudo for social media

If you’re ready to put MySudo to work for your social media safety (and for your other online and real-life activity), start by downloading MySudo for iOS or Android, and MySudo desktop and browser extension for convenience, and then create a dedicated “social media Sudo”. Your Sudo will come with:

1 email address – for social media sign-ups and logins, end-to-end encrypted emails between app users, and standard email with everyone else
1 phone number (optional)* – for social media sign-ups and logins, end-to-end encrypted messaging and video, voice and group calls between app users, and standard connections with everyone else; customizable and mutable
1 handle – for end-to-end encrypted messages and video, voice and group calls between app users
1 private browser – for using social media without ads and tracking
1 virtual card (optional)* – for protecting your personal information and your money when you pay online; like a proxy for your credit or debit card or bank account.

Once your have your social media Sudo, you can:

Use the Sudo email to sign up and log in to social media platforms. Almost every social media platform requires at least an email address to set up an account and log in. By using your Sudo email instead of your personal one, the platform – and scammers – don’t have your personal email; they only have your social media Sudo email.
Use the Sudo phone number for verification.Most platforms require a phone number for two-factor authentication and account recovery. By using your Sudo phone number instead of your personal one, the platforms and scammers don’t have your personal phone number, only your Sudo phone number. They can only scam your Sudo phone number and because you know it’s your Sudo number and not your personal one, you limit any damage to only that Sudo.

If you want to go further, you might even think about:

Always accessing your social media accounts through the Sudo private browser. Your Sudo private browser stops ads and tracking by default
Taking your sensitive conversations out of the platforms and into MySudo, where all messaging with other MySudo users is end-to-end encrypted. All calls and emails with other MySudo users are end-to-end encrypted, too.

Use MySudo, but follow these social media safety tips too

MySudo will take you a long way to social media safety, but it’s important you follow some basic safety tips, like these from the FTC:

Limit who can see your posts and information on social media. All platforms collect information about you from your activities on social media, but visit your privacy settings to set some restrictions.
If you get a message from a friend about an opportunity or an urgent need for money, call them. Their account may have been hacked—especially if they ask you to pay by cryptocurrency, gift card, or wire transfer. That’s how scammers ask you to pay.
If someone appears on your social media and rushes you to start a friendship or romance, slow down. Read about romance scams. And never send money to someone you haven’t met in person.
Before you buy, check out the company. Search online for its name plus “scam” or “complaint.”

To learn more about how to spot, avoid, and report scams—and how to recover money if you’ve paid a scammer—visit ftc.gov/scams. If you spot a scam, report it to the FTC at ReportFraud.ftc.gov.

Here are some more tips:

Don’t post sensitive personal information, such as your home address or phone number. Sharing things like the names of your family, pet and school can give scammers the hints they need to guess your passwords or the answers to your account security questions.
Be mindful of your location settings and avoid sharing excessive details about your whereabouts. 
Use strong passwords and enable two-factor authentication on all your social media accounts.
Use private internet connections. MySudo VPN shields your location and IP address.
Be wary of requests from strangers and don’t click on suspicious links. 
Be wary of third-party apps that request access to your social media account. And avoid social login (see more on that below).

If you discover your personal information was exposed in a data breach, quickly change your passwords, add a fraud alert to your credit reports, and place a freeze on your credit reports. More helpful advice is available at the non-profit Identity Theft Resource Centre.

You can also move quickly to download RECLAIM personal data removal service, part of the MySudo app family.

Clearly, it’s more important than ever to scroll and share safely on social media. Download MySudo for iOS or Android and protect yourself on the platforms.

Got questions? Head to MySudo FAQs.

You might also like: The Top 10 Ways Bad Actors Use Your Stolen Personal Information From Yelp to Lyft: 6 Ways to “Do Life” Without Using Your Personal Details What’s the Big Problem with Using Your Personal Identity Online? 4 Steps to Setting Up MySudo to Meet Your Real Life Privacy Needs

*Phone numbers and virtual cards only available on a paid plan. Phone numbers available for US, CA and UK only. Virtual cards for US only.

The post How MySudo Keeps You Safe on Social Media Even in a Data Breach appeared first on Anonyome Labs.

Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage.

Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments.

Here are the main industry highlights of this week impacting identity and fraud, cybersecurity, trust and safety, financial crimes compliance, and privacy and consent management.

🪄Innovation and New Technology Developments

Facial Age Estimation and Produce Recognition Combined in EDEKA Self-Checkout System

Diebold Nixdorf has integrated facial age estimation technology from Yoti with its produce recognition system in self-service checkouts at an EDEKA Beckesepp store in Germany. The system identifies fresh produce without barcodes using camera-based object recognition and performs optional facial age checks for age-restricted purchases. Customers can also use ID cards for store access and purchases outside standard hours. The facial age estimation technology aims to streamline the checkout process and reduce staff dependence, with broader trials already underway in other EDEKA locations and in Lithuania. (Source)

Fiserv Unveils FIUSD Stablecoin to Modernize Digital Finance Infrastructure

Fiserv has announced the upcoming launch of FIUSD, a new stablecoin integrated into its digital asset platform aimed at financial institutions and merchants. Scheduled for release by year-end, FIUSD will be accessible via Fiserv’s extensive banking and payment infrastructure, leveraging technology from Paxos and Circle and operating on the Solana blockchain. The initiative seeks to offer secure, scalable access to blockchain-enabled financial services, with features like 24/7 settlement and programmable payments. Fiserv positions FIUSD as a compliant, capital-efficient solution for banks, supported by existing fraud and risk controls, and part of a broader strategy to modernize digital financial services (Source)

Alipay Unveils Smart Glasses With Voice and QR Payments in Hong Kong Through Meizu Partnership

Alipay has introduced smart glasses that allow users to make payments using QR code scans and voice authentication, marking the company’s first such transaction in Hong Kong via AlipayHK. Developed in partnership with MEIZU, the glasses integrate Alipay’s voiceprint authentication and intent recognition with Meizu’s display and voice capture technology. A similar rollout occurred in China in collaboration with AR glasses maker Rokid. Ant Group, Alipay’s parent company, plans to expand this capability to Alipay+ global partners in 2025, complementing its broader biometric initiatives, including palm recognition and deepfake-resistant eKYC systems. (Source)

UAE Pass Powers 5,000+ Services With Facial Recognition and Drives National Digital Transformation

The UAE Pass, the country’s national digital ID platform, now facilitates access to over 5,000 services across the public and private sectors, with more than 11 million users and 2.6 billion digital transactions recorded. Integrated by 322 service providers, the platform supports secure digital interactions, including document signing and verification, through a single login and facial recognition. The system, which also houses over 20 million verified digital documents, underpins the UAE’s broader digital transformation efforts. Its efficiency and widespread adoption contributed to the UAE’s top-five ranking in the IMD World Competitiveness Ranking. (Source)

💰 Investments and Partnerships

KnowBe4 Partners with Microsoft to Strengthen Email Security Through Integrated Threat Detection

KnowBe4 has partnered with Microsoft to enhance email security through an integration that combines KnowBe4’s AI-powered threat detection with Microsoft 365’s existing protections. As the inaugural member of Microsoft’s ICES vendor ecosystem, KnowBe4’s Defend platform adds advanced inbound threat analysis while preserving organizations’ current Microsoft security investments. The collaboration offers multi-layered threat detection, improved incident response tools, and a unified defense strategy, aiming to deliver more effective protection against email-based threats for joint customers globally. (Source)

Snyk Expands AI Security Capabilities with Acquisition of Invariant Labs

Snyk has acquired Invariant Labs, an AI security research firm, to enhance its AI Trust Platform and bolster protection against emerging threats in AI-native software. The acquisition brings Invariant’s expertise in agentic AI vulnerabilities, including MCP exploits and tool poisoning, into Snyk’s expanding research division, Snyk Labs. This move supports a unified platform for securing both traditional applications and new autonomous AI systems. Invariant Labs’ Guardrails technology offers runtime detection and contextual safeguards, advancing Snyk’s ability to protect against unauthorized AI behavior and novel attack vectors. The deal underscores the growing need for proactive security in AI-driven development environments. (Source)

Vyntra Emerges From NetGuardians and Intix Merger to Tackle Financial Crime and Strengthen Compliance

Financial crime prevention firm NetGuardians and transaction analytics provider Intix have merged to form Vyntra Global, a new company offering integrated services for real-time transaction monitoring, AML compliance, and fraud detection. Vyntra, now serving over 130 institutions across 60+ countries, aims to provide comprehensive transaction observability and enhance operational resilience in financial institutions. The merger responds to rising fraud threats, with 80% of organizations targeted in 2024, and seeks to offer scalable solutions to address the evolving complexities of digital financial crime and compliance demands. (Source)

Fleet Raises $27 Million Series B to Expand Open Device Management Platform

Fleet, an open-source device management company, has raised $27 million in an oversubscribed Series B funding round, bringing its total funding to $52.3 million. The round was led by Ten Eleven Ventures and follows a 6x revenue growth over the past two years. Fleet’s platform allows IT and security teams to manage devices through both self-hosted and cloud-hosted deployment options. The funding will be used to further develop and expand the adoption of Fleet’s open device management technology. Additional backers include CRV, Open Core Ventures, GitLab’s Sid Sijbrandij, and leaders from companies like MobileIron, Vercel, Material Security, and Lookout. (Source)

⚖️ Policy and Regulatory

Meta Wins Copyright Lawsuit Over AI Training with Books by Authors like Sarah Silverman

A federal judge has ruled in favor of Meta in a lawsuit brought by 13 authors, including Sarah Silverman, who alleged their copyrighted books were used illegally to train AI models. Judge Vince Chhabria granted summary judgment, finding Meta’s actions qualified as fair use, noting the AI’s output was transformative and the plaintiffs failed to prove market harm. However, he emphasized the decision’s narrow scope, cautioning that future plaintiffs with stronger arguments could prevail. This follows a similar ruling favoring Anthropic and reflects ongoing legal scrutiny as tech firms face additional lawsuits involving other copyrighted materials. (Source)

UK PESTT Report Highlights Emerging Biometric Technologies and Ethical Challenges in Policing

The UK’s Police Emerging Science and Technology Trends (PESTT) report outlines how law enforcement could soon adopt advanced technologies, including biometrics derived from brainwaves, to enhance policing capabilities. The report, prepared by the Office of the Police Chief Scientific Adviser, identifies future trends such as online biometrics, gait and voice recognition, and analysis of digital behaviors. While these tools could improve suspect identification and forensic investigations, the report also warns of potential misuse, such as biometric spoofing and exploitation of data from personal devices. It emphasizes the importance of ethical frameworks and legislative support, including ongoing efforts like the Crime and Policing Bill and live facial recognition deployments. (Source)

Spain Proposes Groundbreaking Law for Child Online Safety with Focus on Age Verification and Digital Literacy

Spain has proposed a comprehensive law to protect minors online, focusing on age verification, platform accountability, and digital literacy. The draft legislation criminalizes exposing minors to pornography and AI-generated abuse, mandates parental controls on connected devices, and requires anonymous, privacy-focused age checks. It also imposes new duties on influencers and platforms, integrates digital education in schools, and ensures safeguards against grooming and access to mental health support. (Source)

Russian APT28 Targets Ukraine via Signal with BEARDSHELL and COVENANT Malware in Sophisticated Cyber Campaign

CERT-UA uncovered a cyberattack by Russian-linked APT28 targeting Ukrainian entities via Signal, using BEARDSHELL and COVENANT malware. BEARDSHELL enables PowerShell execution and data exfiltration via Icedrive, while COVENANT deploys it in memory. The attack began with macro-laced Word documents and exploited vulnerabilities in Microsoft Word, Windows Registry, and outdated webmail platforms. Over 40 organizations were affected, prompting calls for improved network monitoring and system patching. (Source)

Maldives Launches Consultation on Digital ID Bill to Strengthen Identity Verification and Economic Integration

The Maldives has launched a public consultation on its draft Digital Identity Bill, aimed at establishing the Maldives Digital Identity System (MDIDS) to enhance resident identification for both physical and online transactions. The proposed legislation emphasizes privacy, data security, and economic integration, with plans to link the ID system to a future digital payments platform. Authorities also hope it will assist in regulating migration. The Ministry of Homeland Security and Technology is leading the consultation, welcoming input from various stakeholders. Meanwhile, Taiwan’s digital ID system is under intense scrutiny due to security concerns, with lawmakers and banks questioning its effectiveness after its misuse in financial crimes. (Source)

Paddle Settles FTC Case for $5 Million Over Role in Tech Support Scam Payments and Agrees to Stricter Oversight

Paddle will pay $5 million to the FTC to settle claims it facilitated deceptive tech support scams, including for Restoro-Reimage. The UK-based payments firm is now banned from processing payments for tech support telemarketers and must adopt stricter merchant monitoring and transparency practices. The FTC alleged Paddle helped disguise fraudulent merchants, while Paddle denies wrongdoing and says it had already banned such clients. The case highlights rising concerns over AI-enhanced tech support scams. (Source)

Aflac Thwarts Cyberattack Targeting Insurance Sector and Offers Support Amid Ongoing Investigation

On June 12, 2025, Aflac detected and stopped a cyberattack targeting its U.S. network, with no ransomware impact or service disruption. Believed to be part of a broader campaign against the insurance sector, the attack involved social engineering tactics. Aflac is investigating with cybersecurity experts and reviewing files that may contain sensitive personal and health data. As a precaution, it’s offering 24 months of credit monitoring, identity theft protection, and Medical Shield to affected individuals. (Source)

🔗 More from Liminal

Access Our Intelligence Platform

Stay ahead of market shifts, outperform competitors, and drive growth with real-time intelligence.

Market & Buyer’s Guide for Data Security 2025

Security leaders are replacing point solutions with unified platforms that combine access control, AI data governance and ransomware prevention. This guide reveals what buyers prioritize and where innovation is reshaping data protection.

Link Index for Business and Entity Verification (BEV)

Discover the Top 20 Vendors on the Link Index for BEV and gain an unfair competitive advantage through unparalleled access to expert insights.

The post This Week in Identity appeared first on Liminal.co.

Delve into the specific challenges you may encounter to incorporate your B2B SaaS solution with an enterprise customer’s IT systems.

“Once upon a time, digital systems were built around a beautifully simple idea: one user, one identity, one device, one intent. That model worked, for some value of “worked.” Mostly, it was good enough to solve 80% of the use cases. As always, the remaining 20%, which is where delegation lives, will take the majority of the effort to achieve.”

A Digital Identity Digest Delegation in a Multi-Actor World: It’s Not Just OAuth Anymore Play Episode Pause Episode Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds 00:00 / 00:12:03 Subscribe Share Amazon Apple Podcasts CastBox Listen Notes Overcast Pandora Player.fm PocketCasts Podbean RSS Spotify TuneIn YouTube iHeartRadio RSS Feed Share Link Embed

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

Delegation, especially in the digital world, spans every sector and silo you can think of, from personal issues to business needs. A caregiver needs to manage prescriptions for an incapacitated family member. An executive assistant files expense reports on behalf of a CEO. An AI agent moves money between your bank accounts, ideally without draining your savings in the process. Real life involves multiple actors, multiple roles, and a messy, shifting web of consent and authority.

Unfortunately, most of our digital systems still behave as if we’re playing a single-player game. Delegation, the ability for one party to act clearly and securely on behalf of another, is not a nice-to-have. It never really was; just ask anyone who had to get into someone else’s accounts after that someone else passed away. But agentic AI has turned what was treated as an edge case into a foundational requirement for how we live and interact online.

In my first post on delegation, I wrote about why this matters. Now let’s consider what today’s technical foundations offer and why what we have today isn’t enough.

OAuth: Great for Authorization. Awkward for Delegation.

If you work anywhere near digital identity, you know OAuth 2.0 (I’d like directly to the spec, but there are SO MANY SPECS in the OAuth family. It’s crazypants.). OAuth 2.0 is the backbone of how we let one service act on behalf of a user. It’s how you click “Sign in with Google” or allow a fitness app to access your calendar.

For basic authorization, OAuth is brilliant. But for complex, human-centric delegation? Not so much.

In most OAuth implementations, delegation looks like “Alice-to-Alice” sharing. Alice authorizes a service, and when that service acts, it looks like Alice herself is taking the action. There’s no clear, auditable distinction between actions initiated directly by Alice and actions performed on her behalf.

When the stakes are low, that’s fine. When delegation needs to be explicit, limited, and verifiable, you know, in healthcare, finance, or enterprise environments, it starts to fall apart.

RFC 8693: Token Exchange – Helpful, but Not Plug-and-Play

There is important work happening inside OAuth to handle more sophisticated delegation patterns.

RFC 8693 (OAuth 2.0 Token Exchange) defines a way to trade one token for another. It creates the foundation for services acting “on behalf of” a user and enables more traceable chains of authorization.

This is real progress. It opens the door to:

Services that act as authorized intermediaries, Audit trails that reflect delegated authority, Clearer boundaries between who initiated which actions.

But it has its own issues.

As shared by engineers working with these standards today, RFC 8693 is a framework, not a turnkey solution. It’s incredibly useful if someone does the heavy work of designing the exact policies, constraints, and usage patterns that fit a specific environment.

There are no general-purpose, plug-and-play implementations. To put it another way, RFC 8693 gives you the ingredients. It doesn’t bake the gluten-and-dairy-free-but-still-tasty cake.

OAuth 2.1: Important Cleanup, Not a Delegation Revolution

OAuth 2.1 is currently moving through the IETF process; that means it is still a draft, and you shouldn’t think of it as a stable specification. It consolidates best practices from OAuth 2.0 and improves security by:

Requiring Proof Key for Code Exchange (PKCE) for all clients, Removing risky flows like the Implicit and Resource Owner Password Credentials grants, Tightening rules around redirect URIs to prevent common attacks.

These are much-needed improvements to make OAuth deployments more secure and consistent.

However, OAuth 2.1 does not introduce major new delegation capabilities. If you were hoping for a seamless way to model multi-actor delegation as a standard feature, OAuth 2.1 will disappoint you. It’s a maintenance and modernization release, not a redesign of delegation models.

What’s Still Missing?

When people talk about “richer delegation models,” they are typically looking for capabilities that OAuth alone doesn’t fully deliver today:

Contextual constraints: Delegating narrowly, following the model of “only access this resource, only for this task, only during this window.” Clear actor chains: Recording “Bob is acting for Alice” rather than obscuring delegation behind a generic authorization. Lifecycle management: Ensuring delegation expires automatically when the situation changes (e.g., a role change or time limit). Auditability: Maintaining reliable logs that show exactly who acted, when, and under what authority. Transitivity control: Defining whether and how a delegated authority can be further delegated to others.

OAuth, with extensions like Token Exchange and Rich Authorization Requests (RAR), can enable some of this when carefully implemented. (Those last three words should fill you with trepidation, just sayin’.) But it doesn’t guarantee it, and it leaves much of the structure up to each deployment. (What could possibly go wrong?)

That gap matters, especially as systems get more complex, regulatory scrutiny increases, and agentic AI becomes more common.

Exploring Other Delegation Models

Recognizing these gaps, others in the identity community are exploring additional models beyond pure OAuth:

User-Managed Access (UMA): Built on top of OAuth 2.0, UMA allows resource owners to define fine-grained sharing policies. It offers strong concepts for delegation but has seen limited real-world adoption due to its complexity. Verifiable Credentials and Decentralized Identifiers (VCs and DIDs): These technologies allow an agent to present cryptographically verifiable proof of delegated authority. They are still maturing but hold significant promise for trusted delegation between humans, organizations, and AI agents. Enterprise Mission Profiles: Some organizations are developing tailored delegation frameworks for specific industries, building on OAuth or PKI to meet regulated needs without relying on consumer-grade assumptions.

Each approach recognizes the same fundamental reality: digital systems must become much better at supporting explicit, constrained, auditable delegation.

Why I’m Writing About This

To be clear, I’m not one of the people writing these specifications. I’m not here to offer a new protocol or propose another working group. No, seriously, we do not need another working group. My goal is to build a bridge between people who have resources to throw at this problem and the groups working on the problem now. .

There is a growing group of implementers, architects, and security leads who are starting to notice the cracks:

Delegation models are messy. AI agents are bumping into walls. Critical systems are relying on brittle workarounds.

At the same time, important, thoughtful work is happening in standards bodies like the OpenID Foundation and the IETF to address delegation challenges, but those efforts aren’t widely understood yet.

If you’re feeling frustrated that “surely OAuth already handles this,” or worried that your project’s AI agent has no clean path to delegated authority, you’re not wrong.

The people working on these specs know there’s a gap. They’re working hard to close it. They are amazing. But building better delegation models will take time, feedback, and collaboration from across the industry, not just inside the standards track.

Delegation Isn’t Solved Yet, But It’s Solvable

Delegation today is a patchwork of partial solutions. But it doesn’t have to stay that way.

With better tools and more attention to what real-world delegation actually requires, we can build systems that reflect the complex, messy, multi-actor world we live in. It’s not going to change quickly, but that doesn’t mean we shouldn’t be focusing our attention on fixing the problems.

If you enjoyed this post, you might find a few other posts on my blog of interest:

Agentic AI and Authentication: Exploring Some Unanswered Questions Understanding NHIs: Key Differences Between Human and Non-Human Identities Unlock the Secrets of OAuth 2.0 Tokens (and Have Fun Doing It!)

Want to stay updated? I write about digital identity and related standards—because someone has to keep track of all this! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

[00:00]
Welcome to A Digital Identity Digest, the audio companion to the blog at Spherical Cow Consulting. I’m Heather Flanagan, and every week I break down interesting topics in the field of digital identity—from credentials and standards to browser weirdness and policy twists.

If you work with digital identity but don’t have time to follow every specification or hype cycle, you’re in the right place.

Let’s get into it.

Why Are We Talking About Delegation Again?

[00:00:26]
Welcome back. Today, we’re revisiting the topic of delegation, but this time we’re diving into the technical side—what today’s systems offer, why it’s not enough, and where the real gaps lie.

[00:00:41]
If you’re familiar with OAuth, hang in for 30 seconds. If not, no worries—here’s the short version:

[00:00:50]
OAuth is a protocol that lets you authorize one service to access something you control without handing over your password.

[00:00:57]
It’s why you can “Sign in with Google” or allow a calendar app to sync your schedule—without giving up full control of your account.

OAuth: The Backbone of Modern Delegation

[00:01:04]
OAuth is the underlying plumbing for online access delegation. When it works well, it’s great. But when it falls short (and spoiler alert: it does), it results in messy workarounds and real security gaps.

[00:01:25]
Originally, digital systems were built around a clean model: one user, one identity, one device, one intent. And while that worked for about 80% of use cases, the remaining 20%—where delegation lives—takes the most effort to get right.

Real Life Is Messy: The Rise of Multi-Actor Systems

[00:01:47]
Fast forward to today: real life is messy, with overlapping authority and complex actors.

[00:02:00]
Think about it:

A caregiver managing a family member’s medical appointments An executive assistant filing expenses for a CEO An AI agent managing your bank accounts (ideally without buying a Tesla)

[00:02:15]
Delegation has never been a “nice-to-have” feature. It’s always been critical—just ask anyone who’s had to manage a deceased relative’s online accounts.

[00:02:25]
Now, with AI entering the picture, delegation has gone from edge case to foundational design problem—and most systems aren’t ready.

What OAuth Gets Right (and Where It Breaks)

[00:02:39]
OAuth 2.0 is well-known in identity circles. It’s a powerful authorization protocol, especially for simple use cases like:

Signing in with Google Granting apps access to calendar or contacts

[00:03:17]
But for complex, human-centered delegation, things start to fall apart. Here’s what typically happens:

Alice authorizes a service The service acts Logs show Alice did it—even though it was the service

[00:03:41]
That’s okay when the stakes are low. But when it’s an AI agent booking travel, paying bills, or managing healthcare? Not so much.

[00:03:52]
You don’t want to give your AI or family member unlimited, untraceable access.

[00:04:03]
But you also don’t want it blocked at every turn. Systems need to recognize that it’s acting with limited, delegated authority.

The Need for Rich, Constrained Delegation

[00:04:12]
Without rich, constrained delegation, you either:

Grant too much access and lose control Or block useful actions completely

[00:04:22]
Neither option is ideal. And OAuth—at least as widely implemented—wasn’t designed for this kind of nuanced delegation.

RFC 8693: Token Exchange to the Rescue?

[00:04:32]
OAuth isn’t standing still. One key development is RFC 8693—the token exchange spec. It enables services to act on a user’s behalf with audit trails and chains of authority.

[00:05:06]
Sounds promising, right?

[00:05:06]
But here’s the catch: RFC 8693 is a framework, not a turnkey solution. It gives you the ingredients, not the cake.

[00:05:31]
If your project assumes token exchange will “just work” for delegation—good luck. You’ll need to profile it properly, define scopes, and create policies tailored to your environment.

What About OAuth 2.1?

[00:05:40]
OAuth 2.1 is in the works. It tightens up security and standardizes key improvements:

PKCE is now mandatory Risky flows (like resource owner passwords) are removed Redirect rules are stricter

[00:06:13]
These are great changes. But let’s be clear: OAuth 2.1 is a maintenance release. It’s not a new model for delegation.

What We Actually Need for Delegation

[00:06:39]
When people say we need “richer” delegation, they mean:

Contextual constraints
(e.g., access this resource for this purpose within this timeframe) Clear actor chains
(e.g., Bob is acting for Alice—and the system knows it) Lifecycle management
(e.g., permissions expire automatically with role changes) Auditability
(e.g., logs that track who did what, when, and on whose behalf) Transitivity control
(e.g., delegate-of-a-delegate rules with tight boundaries)

[00:07:59]
Especially with AI, you may want a delegate (human or agent) to be able to re-delegate—but only for specific purposes and within strict limits.

The Problem with Current Systems

[00:08:08]
Without fine-grained control, delegation chains either collapse into chaos or simply don’t work.

And right now, very few systems—or standards—can handle controlled, conditional re-delegation well.

Other Delegation Models to Watch

[00:08:42]
Outside of OAuth, some promising models include:

User Managed Access (UMA)
Fine-grained sharing policies—but limited adoption Verifiable Credentials & DIDs (Decentralized Identifiers)
Let agents cryptographically prove they’re authorized—but still maturing Enterprise Mission Profiles
Customized frameworks tuned for high-compliance environments like banking

[00:09:31]
All of these agree on one thing: one user, one device, one intent no longer reflects the real world (if it ever did).

Why This Matters

[00:09:44]
I’m not writing OAuth specs, and I’m not proposing another working group (please, no more working groups).

[00:09:53]
What I am trying to do—through this podcast and blog—is build a bridge.

Because:

More architects and implementers are realizing delegation is messy AI agents are bumping into walls Critical systems are relying on brittle workarounds So, Where Do We Go from Here?

[00:10:14]
Standards bodies like the OpenID Foundation and IETF are doing excellent, thoughtful work. But that work isn’t always widely understood or accessible.

[00:10:45]
If you’re frustrated that “surely OAuth handles this”—you’re not alone. It doesn’t. Yet.

[00:11:04]
Delegation isn’t solved—but it is solvable. With better tools and more attention to real-world needs, we can build systems that reflect the messy, beautiful, multi-actor world we live in.

And while it won’t happen overnight (hello, technical debt), it’s absolutely worth doing.

Thanks for Listening

[00:11:27]
That’s it for this episode of A Digital Identity Digest.

If this helped make things clearer—or at least more interesting—share it with a friend or colleague. You can connect with me on LinkedIn @hlflanagan.

If you enjoyed the show, don’t forget to subscribe and leave a review on Apple Podcasts or wherever you listen.

You can also read the full post at sphericalcowconsulting.com.

Stay curious. Stay engaged. Let’s get these conversations going.

The post Delegation in a Multi-Actor World: It’s Not Just OAuth Anymore appeared first on Spherical Cow Consulting.

Aergo Talks returned for its 13th episode with a content-rich discussion hosted by Ben Rogers and Raf, delving into key updates around HPP, the emerging AI layer Noösphere, token market dynamics, and the highly anticipated due diligence platform W3DB. Here’s everything you need to know from the session.

Noösphere: A Foundation for AI-Native Web3

The first topic addressed was Noösphere, a new initiative under development as part of the HPP ecosystem. Positioned as one of the foundational tools for the AI-powered blockchain narrative, Noösphere was described as an upcoming product already featured on the Living Roadmap. While specific features were not disclosed, the tone was clear: this is a strategic building block for the ecosystem’s next phase.

“Expect to see more details soon. It’s a strong sign that both the mainnet and broader vision are well on track.”

Noösphere is expected to launch in tandem with other AI-focused modules that support decentralized applications demanding scalable, intelligent infrastructure.

Token Dynamics: Price, Hype, and the Role of Marketing

A multi-part question addressed one of the most common concerns in crypto communities: How to influence the price of a token?

Ben began with a simple truth: price is determined by the market. Unlike loyalty points controlled by issuers, tokens are valued by what people are willing to pay.

He noted that while the altcoin market has been shaky, Aergo is holding relatively strong, which suggests latent confidence. However, expectations for a quick return to all-time highs should be tempered.

Ben then shifted to the bigger picture: marketing. He presented findings from internal research that revealed most traditional Web3 marketing strategies are ineffective:

A six-month study of over 1,400 press releases showed the average viewership was zero after filtering out six anomalies. Crypto press releases rarely appear in search engines or AI model indexes. AMA and KOL campaigns show no statistically significant effect on token performance.

Ben advocated for a long-term view:

“The product is the marketing. Brand is not a logo or a color; it’s the experience users have.”

He concluded that HPP’s strategy is to build utility first and communicate value in a targeted, data-backed way.

W3DB: IMDb Meets Crunchbase for Web3

Raf then brought up W3DB, which Ben described as a revolutionary due diligence platform co-developed with Fastblock and powered by HPP.

W3DB aims to be the most comprehensive, AI-powered discovery and validation hub for Web3:

Combines project-level data with identity-level insights Features community verification mechanisms that reward contributors with HPP tokens Built for both users and developers seeking transparency in the space

“We chose to build on HPP not just because of the tech, but because of the token’s day-one value and infrastructure.”

On Futures Trading and Ecosystem Expansion

A community question was raised about the ability to trade futures on the Aergo token while maintaining custody. The answer was straightforward: no decentralized futures platform currently supports it. However, the infrastructure is available for someone to build it.

Stay tuned for more insights to come in the next Aergo Talks!

Visit the Living Roadmap for updates.

[Aergo Talks #13]AMA Recap was originally published in Aergo (HPP) on Medium, where people are continuing the conversation by highlighting and responding to this story.

Thales and KONGSBERG to establish new major Defence communications joint venture in Norway prezly Fri, 06/27/2025 - 10:00 Thales, a global high-tech leader, and Kongsberg Defence & Aerospace, part of the Kongsberg group and a premier supplier of defence products and systems, have signed an agreement to set up a joint venture company in secure communications. The new company will consolidate Thales’ crypto and secure communications business in Norway and KONGSBERG’s communications business, which includes software-defined military radios. This collaboration aims to better address the current and future needs of armed forces in Norway, NATO and internationally, employing approximatively 350 people. The merger will create a new key player with a strong and comprehensive secure communications portfolio, particularly relevant in the context of accelerating defence spending across Europe.

 

Thales and Kongsberg Defence & Aerospace have agreed to combine two of their businesses – KONGSBERG’s secure communications unit and Thales’ crypto and secure communications business in Norway – in a joint venture designed to meet the growing connectivity needs of defence forces in Norway, NATO countries and other nations. This new company is a response to European armed forces’ call for greater interoperability, sovereignty, and the urgent need for large-scale equipment delivery.

The new company will be jointly owned 50/50 by Thales and Kongsberg Defence & Aerospace with approximatively 350 strong workforce based across Oslo, Trondheim and Asker, Norway.

These two businesses had combined revenues of about NOK 1.5 billion (130 million euros) in 2024. The venture anticipates continued growth, projecting that the combined businesses will achieve NOK 3 billion (254 million euros) in revenue by end of the decade driven by substantial market opportunities and product synergies.

It will have a broader product mix with powerful and advanced systems. Thales in Norway provides high-grade crypto networks and voice communication systems to NATO and other nations. KONGSBERG delivers tactical radio systems for the land domain (combat vehicles and soldiers) and tactical networks for many systems, including NASAMS air defence. Both companies have a strong history in their respective domestic defence and secure communications markets, with significant export potential. ​

“By consolidating KONGSBERG’s secure communications and Thales' crypto expertise, we will create a comprehensive, robust communications offering and be better positioned to deliver and develop current and future technologies and services to the armed forces,” said Eirik Lie, President of Kongsberg Defence & Aerospace. “Together, we can develop and sustain a broader and stronger product portfolio and domain expertise to create a solid partner for the Norwegian customer, while also gaining access to better market channels internationally, particularly with the support of Thales’ global distribution network,” said Lie.

“Through this jointly owned company, we will be able to strengthen collaboration and leverage synergies between KONGSBERG and Thales, creating a new key player ​ in secure communications that supports bilateral cooperation between Norway and France. The new company will be also particularly well-positioned to address markets where there are complementarities between Thales and KONGSBERG’s portfolio and geographical footprint,” said Christophe Salomon, Executive Vice President of Thales, Secure Communications & Information Systems.

The completion of the transaction is subject to customary regulatory approvals.

 

About Thales

Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.

The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.

Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion.

About Thales in Norway

Thales in Norway is a significant technology supplier for Defence, Space, Avionics and Digital Identity & Security. Thales is a trusted partner in developing and delivering world leading, high-grade secure communication systems for extreme challenges within the defence and security markets in Norway and its allies. Thales Norway AS operates under the Norwegian Safety Act and is an integrated part of the total defence concept in Norway. Furthermore, Thales operates a helicopter Training & Simulation centre in Stavanger.

About Kongsberg Defence & Aerospace

Kongsberg Defence & Aerospace is Norway’s premier supplier of defence products and systems for command and control, surveillance, space, tactical communications, remote weapon stations and missiles systems. In addition, we have extensive capabilities within advanced composite manufacturing and maintenance, repair and overhaul within the aircraft and helicopter market.

Kongsberg Defence & Aerospace AS is a wholly owned subsidiary of Kongsberg Gruppen ASA and consists of three divisions, each with a world-class product portfolio and a proven track record. Its 4,500 employees strive to develop and offer innovative and reliable solutions for extreme conditions worldwide.

 

 

 

 

 

 

 

/sites/default/files/prezly/images/Generic%20banner%20option%203_1.png Contacts Cédric Leurquin 27 Jun 2025 Type Press release Structure Defence and Security Defence Investors Group Norway Thales and Kongsberg Defence & Aerospace have agreed to combine two of their businesses – KONGSBERG’s secure communications unit and Thales’ crypto and secure communications business in Norway – in a joint venture designed to meet the growing connectivity needs of defence forces in Norway, NATO countries and other nations. This new company is a response to European armed forces’ call for greater interoperability, sovereignty, and the urgent need for large-scale equipment delivery. prezly_773542_thumbnail.jpg Hide from search engines Off Prezly ID 773542 Prezly UUID 4c326d36-64ab-4ea9-9943-88a489ec49a7 Prezly url https://thales-group.prezly.com/thales-and-kongsberg-to-establish-new-major-defence-communications-joint-venture-in-norway Fri, 06/27/2025 - 12:00 Don’t overwrite with Prezly data Off

Canadian credit unions face increasing pressure to modernize KYC and AML practices while respecting member privacy and regional data laws. This article explores how edge computing and modular compliance solutions like iComply can help credit unions deliver secure, effective onboarding and continuous monitoring without driving up costs or complexity.

Credit unions play a vital role in Canada’s financial landscape, offering personalized, community-focused alternatives to large financial institutions. But they face the same or higher regulatory scrutiny as big banks when it comes to anti-money laundering (AML) and know your customer (KYC) compliance. As of 2025, that scrutiny is only growing, with increased audits, tighter expectations around beneficial ownership and transaction monitoring, and evolving guidance from FINTRAC and OSFI.

The challenge? Unlike the Big Five banks, most credit unions operate with lean compliance teams, modest IT budgets, and a strong cultural emphasis on privacy and trust. That makes the question of how to modernize KYC and AML workflows without compromising member experience – or exposing the organization to regulatory risk – more urgent than ever.

Why Now: The Shifting Regulatory Landscape

In 2024, FINTRAC signalled a shift toward more robust enforcement, especially targeting smaller financial institutions that rely heavily on manual processes or outdated vendor stacks. This trend is expected to continue in 2025 and beyond, with Canadian credit unions expected to:

Validate and periodically reverify natural person identity (members, directors, beneficial owners) Maintain accurate KYB records for business accounts, including UBO checks Perform risk-based AML screening and reporting Comply with provincial privacy and data residency obligations

Adding to the complexity, credit unions in BC, Ontario, and Quebec must align with provincial regulatory bodies (like BCFSA) while also complying with federal AML obligations.

Key Compliance Challenges for Credit Unions

1. Manual Onboarding Processes
Most credit unions still rely on paper forms or fragmented digital intake processes that result in delays, errors, and member frustration.

2. Legacy Vendor Ecosystems
It’s not uncommon for credit unions to patch together four to six vendors for ID verification, AML screening, document collection, and reporting—creating siloed workflows and duplicated costs.

3. Data Privacy & Sovereignty Concerns
Many compliance tools rely on international cloud providers or offshore processors, making it difficult to meet Canadian data localization and privacy requirements.

4. Staff Bandwidth and Training
Lean compliance teams must juggle onboarding, investigations, reporting, and audits, leaving little time for process improvement or technology migration.

How iComply Solves These Problems

iComply’s platform was built with credit unions in mind—specifically their need for secure, efficient, and locally compliant solutions. Here’s how:

1. Edge-Based Identity Verification
iComply uses proprietary edge computing technology to process sensitive KYC data on the member’s device, not in the cloud. That means:

PII never leaves the device until it’s encrypted Credit unions retain full control over where and how data is stored Compliance with PIPEDA, BCFSA, and GDPR standards is built-in

2. Modular Platform with Full Coverage
Whether you need KYC for natural persons, KYB for business accounts, or full AML monitoring, iComply’s modules work independently or together to streamline your compliance lifecycle.

3. Automated Workflows and Triggers
Automate identity checks, document collection, and AML screening based on risk levels, client type, or regulatory timelines. Eliminate manual follow-ups while enhancing audit readiness.

4. Canadian Data Residency and Localization
Choose from deployment options that ensure your data stays in Canada, including on-premise or private cloud configurations tailored to provincial regulations.

5. White-Label Portals that Respect the Member Experience
Deliver a seamless digital onboarding experience with your brand front and centre—while ensuring security and compliance in the background.

Real-World Results

One Ontario-based credit union using iComply’s platform reduced average onboarding time from 45 minutes to under 8 minutes, while eliminating three third-party vendors from their stack. The result: improved compliance confidence, member satisfaction, and cost efficiency.

Another institution in British Columbia used iComply to automate UBO discovery and PEP screening for business accounts, significantly reducing staff hours spent on complex onboarding cases.

What to Watch in 2025 Provincial Regulator Expectations: BCFSA and FSRA are expected to release enhanced AML guidelines specific to credit unions, with more emphasis on continuous screening and data traceability. E-Signature and ID Verification Standards: New frameworks for verifying digital identity and electronic consent may further accelerate the move away from paper-based compliance. Cooperative AML Risk Pools: Some provinces are exploring shared-service models for smaller credit unions to pool compliance resources—modular platforms like iComply are well suited to support such models. Take Action

Credit unions can no longer afford to delay modernization of their KYC and AML systems. The cost of non-compliance—financial, operational, reputational—is rising. But so is the opportunity to lead with a privacy-first, efficiency-driven approach that earns member trust and regulatory goodwill.

Ready to future-proof your compliance program?

Talk to our team about how iComply helps credit unions simplify compliance, reduce overhead, and stay ahead of shifting regulations—without compromising privacy, performance, or member experience.

HPP SOONER THAN EXPECTED!

TL;DR: The HPP Private Mainnet is ahead of schedule, which means the rollout of the HPP ecosystem will come sooner. Major infrastructure milestones are now complete, and development on AI services like ArenAI and Noösphere is accelerating with the establishment of new designated teams and partners. Upcoming participation events will reward early supporters and onboard new users.

Thanks to consistent progress and successful internal testing, the HPP Private Mainnet is now ahead of schedule. We’re moving faster than planned, and the next big milestones are already within reach!

This acceleration isn’t just about timing. It’s a reflection of focused execution, quiet confidence, and real momentum.

Key milestones achieved Infrastructure tested under pressure Bigger updates already in progress

And that’s not all. AI-powered services like ArenAI and Noösphere are progressing rapidly. Dedicated development teams are being built around them, and we’re working closely with key industry partners to bring these systems to life. These products will enable decentralized intelligence, verifiable off-chain compute, and smarter coordination across the HPP ecosystem.

New partnership announcements are also on the horizon.

To mark this next phase, we’ll be rolling out a series of participation events designed to reward early supporters and welcome new users into what’s quickly becoming one of the most exciting evolutions in Web3.

🎁 If you’ve been with us from the start, we appreciate you. If you’re joining, this is the perfect time to get involved.

More details coming soon. This is just the beginning.

The Countdown Just Got Shorter was originally published in Aergo (HPP) on Medium, where people are continuing the conversation by highlighting and responding to this story.

Vulnerability allows an attacker to take over a targeted account with a target’s email address.

How Private Key JWT Client Authentication on OIDC and Okta Enterprise Connections does away with client secrets.

Attacks leveraging the Microsoft Entra ID cross-tenant vulnerability nOAuth were discovered by Semperis to potentially compromise 9% of Entra ID software-as-a-service applications two years after the initial disclosure of the security issue, The Hacker News reports.

The European Space Agency awards Thales Alenia Space the study of the SIRIUS mission to monitor Urban Heat Islands from space tas Thu, 06/26/2025 - 14:08

Madrid, June 26, 2025 – The European Space Agency (ESA) has awarded a contract to Thales Alenia Space, a joint venture between Thales (67%) and Leonardo (33%), to perform the mission consolidation study of the SIRIUS mission (Space Based Infra-Red Imager for Urban Sustainability), in the frame of the Scout missions, part of ESA's Earth Observation FutureEO programme. The SIRIUS mission aims to observe European cities from space using thermal infrared (TIR) data products, which allow the measurement of the temperature of objects from a distance. The objective is to understand how Urban Heat Islands modify the local climate. Urban Heat Islands are areas in cities where higher temperatures are recorded than in the surrounding rural areas, as a result of heat accumulation on impermeable surfaces, sparse vegetation, and human activity.

SIRIUS © Thales Alenia Space/ Briot 

Fostering urban sustainability

In a global context marked by climate change and the accelerated growth of cities, urgent challenges arise for urban resilience and environmental sustainability. Of the 8.2 billion people currently inhabiting the planet, more than half live in urban environments, and this figure is expected to rise to 6.5 billion by 2050, reaching two-thirds of the population. Rapid urban expansion can exacerbate existing vulnerabilities and generate new threats to health, the environment, and well-being, especially when it occurs without adequate planning.

One of the most problematic consequences of accelerated urbanization is the increase in Urban Heat Islands. Generally, cities register higher temperatures than rural areas, especially at night, when the difference can be as much as 12°C. This phenomenon, intensified by the effects of climate change, not only impacts physical health and psychological well-being but also influences daily habits and economic dynamics. Additionally, it can lead to a significant increase in morbidity and mortality rates, as well as a notable rise in energy consumption in urban areas.

Having accurate information about surface temperature in urban environments through heat maps obtained frequently and sustained over time is key to understanding the phenomenon of Urban Heat Islands. This data becomes an essential tool for guiding decisions in urban planning and the development of effective climate policies.

Signature Ceremony at the Living Planet Symposium in Vienna - Simonetta Cheli, ESA Director of Earth Observation Programmes and Ismael López, CEO of Thales Alenia Space in Spain © Thales Alenia Space

An innovative approach to Urban Heat Island monitoring from space

ESA's Scout missions are intended as an agile, fast and low-cost approach to prove new concepts in Earth observation, with a scientific research focus. Their total value is limited to 35 million euros, including launch, and their development must be completed within a maximum period of 3 years, from the start of implementation to flight acceptance.

The SIRIUS mission is designed to provide night-time observations of several European cities on a daily basis for a period of three or more years, with a native resolution of 64 meters, perfectly suited to the needs of Urban Heat Islands monitoring. Its rapid development, high resolution, scalable and cost-effective approach relies on the Smart-TIRI instrument developed by Thales Alenia Space. This miniaturized thermal infrared imaging instrument uses an innovative microbolometer-based detection solution, which avoids the need for expensive cooling systems. A prototype of the Smart-TIRI instrument was developed within the framework of the MORERA  project with outstanding results. 

Ismael López, CEO of Thales Alenia Space in Spain, said: “We are very pleased to receive ESA’s support to carry out the consolidation study of the SIRIUS mission, based on our Smart-TIRI instrument, an innovative, compact, high-performance technology, with very competitive cost. This solution led by Thales Alenia Space in Spain is very well suited for different applications of great environmental and sustainability interest, such as monitoring Urban Heat Islands, a growing phenomenon with significant health, environmental, and socioeconomic implications.”

About the SIRIUS industrial consortium

Besides being responsible for the development of the Smart-TIRI instrument, Thales Alenia Space in Spain is the prime contractor of the SIRIUS mission and leads a consortium of various partners, including the University of Valencia (Spain), whose professor José Antonio Sobrino acts as the scientific lead of the project, playing a crucial role in defining and refining the scientific objectives of the mission and addressing priority scientific questions. Also participating are Kongsberg Nano Avionics (Lithuania), responsible for the small satellite platform based on their flight-proven Nano Avionics MP42H model and its Flight Operations Segment; Thales Alenia Space in France, which will perform mission analysis, support the development of the end-to-end simulator and carry out image quality activities; and the National Institute for Aerospace Technology, INTA (Spain), responsible for the definition of the end-to-end performance simulator.

ABOUT THALES ALENIA SPACE

Drawing on over 40 years of experience and a unique combination of skills, expertise and cultures, Thales Alenia Space delivers cost-effective solutions for telecommunications, navigation, Earth observation, environmental monitoring, exploration, science and orbital infrastructures. Governments and private industry alike count on Thales Alenia Space to design satellite-based systems that provide anytime, anywhere connections and positioning, monitor our planet, enhance management of its resources, and explore our Solar System and beyond. Thales Alenia Space sees space as a new horizon, helping to build a better, more sustainable life on Earth. A joint venture between Thales (67%) and Leonardo (33%), Thales Alenia Space also teams up with Telespazio to form the Space Alliance, which offers a complete range of solutions including services. Thales Alenia Space posted consolidated revenues of €2.23 billion in 2024 and has more than 8,100 employees in 7 countries with 15 sites in Europe. 

 

/sites/default/files/database/assets/images/2022-10/New_Banner.jpg 26 Jun 2025 Thales Alenia Space Type Press release Structure Space Madrid, June 26, 2025 – The European Space Agency (ESA) has awarded a contract to Thales Alenia Space, a joint venture between Thales (67%) and Leonardo (33%), to perform the mission consolidation study of the SIRIUS mission (Space Based Infra-Red Imager for... Hide from search engines Off Don’t overwrite with Prezly data Off Canonical url https://www.thalesaleniaspace.com/en/press-releases/european-space-agency-awards-thales-alenia-space-study-sirius-mission-monitor-urban

The post Market and Buyer’s Guide for Data Security appeared first on Liminal.co.

Thales successfully completes the first phase of the EDA’s DARC contract Language English stephanie.bionaz Thu, 06/26/2025 - 11:04

In March 2025, Thales successfully completed the SC1 (Specific Contract 1) of the DARC (Data Centric Security and Zero Trust Architecture Technologies) Framework Contract, a major initiative launched by the European Defence Agency (EDA) in February 2024.

This DARC contract aims to explore the most advanced cybersecurity technologies in the field of Defence, with a strong focus on Data Centric Security (DCS) and Zero Trust Architecture (ZTA). These approaches are crucial for securing data across hybrid environments, where data flows between on-premises and cloud infrastructures.

 

During the first phase (SC1), entrusted to Thales from March 2024 to March 2025, the study:
•    defined a Defence-specific maturity model,
•    developed a tool for evaluating the maturity of DCS/ZTA solutions and systems
•    explored the current maturity of European DCS/ZTA solutions,
•    Identified technology gaps preventing widespread adoption.

This milestone showcases Thales’ expertise in supporting European armed forces with sovereign, modular, and operationally aligned cybersecurity architectures fit for the threats of tomorrow. In February 2025, the EDA renewed its confidence in Thales to continue this study within the framework of SC2 until March 2026.
 

/sites/default/files/prezly/images/Wallpaper-V2_1920x1080_0.jpg 26 Jun 2025 Defence and Security In March 2025, Thales successfully completed the SC1 (Specific Contract 1) of the DARC (Data Centric Security and Zero Trust Architecture Technologies) Framework Contract, a major initiative launched by the European Defence Agency (EDA) in February 2024. Type News Hide from search engines Off

Predictoor DF147 rewards available. DF148 runs June 26th — July 3rd, 2025 1. Overview

Data Farming (DF) is an incentives program initiated by ASI Alliance member, Ocean Protocol. In DF, you can earn OCEAN rewards by making predictions via ASI Predictoor.

Data Farming Round 147 (DF147) has completed.

DF148 is live today, June 26th. It concludes on July 3rd. For this DF round, Predictoor DF has 3,750 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF148 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF148

Budget. Predictoor DF: 3.75K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and ASI Predictoor

Ocean Protocol was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF147 Completes and DF148 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

Rapid7 finds flaws in printers from Brother Industries, Fujifilm, Ricoh, Toshiba, and Konica Minolta.

Fastly’s 2025 AI Pulse Check reveals how sustainability and infrastructure leaders are tracking AI energy use, cutting redundant queries, and navigating the edge vs cloud debate.

Getting started with TypeScript on Fastly Compute is simple! Learn how to add static typing to your JavaScript projects for robust development.

Learn about the new classification of MCP servers as OAuth Resource Servers, implementing Resource Indicators to prevent token misuse, and the clearer security best practices designed to help you build more robust and secure MCP applications

Flaws in Identity Services Engine (ISE) platform could allows remote code execution.

While we chased the future, the bad guys found the present.

Indicio has appointed Ajay Srivastava as Strategic Advisor to support global expansion and accelerate enterprise adoption of its decentralized identity technology. Ajay brings deep expertise in scaling mission-driven solutions across complex markets.

June 25, 2025 — Indicio is delighted to welcome Ajay Srivastava as a Strategic Advisor. With a career built at the intersection of technology, transformation, and investment, Ajay brings deep expertise in scaling mission-driven technology across complex markets. His leadership experience at PwC, KPMG, and Lockheed Martin, combined with his work as a founder and investor, and education from UMD College Park and Harvard Business School, make him a valuable addition as Indicio continues its global, multi-sector expansion.

Ajay has led large-scale transformation initiatives, advised government and enterprise clients, and invested in multiple startups that have gone on to become category leaders. His career reflects a consistent focus on turning emerging technologies into scalable solutions that deliver real business value.

“What stood out about Indicio is its mission to build secure, privacy-first digital identity through open, ledger and ledger-less infrastructure,” said Srivastava. “It’s a rare mix of mission, execution, and timing that’s hard to ignore.”

This focus is reflected in Indicio Proven®, the company’s end-to-end Verifiable Credential solution designed to reduce identity verification costs, simplify operations, and improve efficiency. Proven uses portable digital credentials stored in a secure mobile wallet, allowing organizations to issue, hold, and verify information across systems and use cases. It is the first solution to embed biometrics directly into the credential, removing the need to store sensitive personal data for verification. This approach reduces risk, supports compliance, and aligns with global digital identity and wallet specifications and standards such as the European Digital Identity Wallet (EUDI)I and International Civil Aviation Organization (ICAO) Digital Travel Credentials.

With Indicio Proven and a suite of solutions in use across travel, financial services, healthcare, and education, Indicio is helping organizations build secure, interoperable identity systems that enable seamless processes, improve user experience, and reduce costs, all while meeting rising privacy, compliance, and security demands. Ajay’s role will focus on expanding Indicio’s work with enterprise customers, particularly in emerging markets such as India, where demand for secure, decentralized identity solutions has grown rapidly over the past 18 months. His experience navigating regulatory landscapes, building strategic partnerships, and executing go-to-market will help accelerate enterprise adoption and extend Indicio’s global reach.

“Indicio isn’t just a tech platform; it’s a foundational layer for the next phase of digital civilization,” said Srivastava. “The world hasn’t fully realized how Verifiable Credentials can reshape trust infrastructure across sectors.”

Ajay’s appointment reflects Indicio’s continued growth and success and reinforces the company’s position as an emerging leader in interoperable digital identity and seamless data authentication. . His guidance will help Indicio scale into new markets, build strategic alliances, and accelerate the real-world impact of Verifiable Credential technology.

Contact us for a demonstration of our technology, including our latest biometric identity solutions for financial services, digital assets, and decentralized finance.

###

The post Indicio welcomes Ajay Srivastava as strategic advisor appeared first on Indicio.

Attacks with the Redline information-stealing malware have facilitated the theft of data from Paraguay's entire population, which was exposed on June 13 after the country refused to pay the demanded ransom, according to The Record, a news site by cybersecurity firm Recorded Future.

SonicWall has warned of ongoing intrusions leveraging a trojanized installer of its NetExtender SSL VPN application to pilfer VPN credentials, The Register reports.

Internet-exposed Microsoft Exchange servers belonging to 65 organizations around the world have been compromised with two different types of keyloggers enabling credential exfiltration, according to The Hacker News.

The post Mythics, LLC Appoints James Toole as Senior Vice President, Consulting Services Sales, to Drive Strategic Growth appeared first on Mythics.

Let’s get one thing clear: Scattered Spider isn’t “back” – they never left. You’ve seen the headlines. MGM, Marks & Spencer, and others all fell victim to their schemes. Now, this relentless cybercrime collective has a new target in its crosshairs: the U.S. insurance industry. With recent cyberattacks rattling major providers like Aflac, Erie Insurance, and Philadelphia Insurance Companies, the threat isn't just looming; it's here. As it always has been.

As Google Threat Intelligence Group's Chief Analyst puts it, "the threat I lose sleep over is Scattered Spider.” For defenders, it’s time to cut through the noise and face the hard truth. These attackers aren’t deploying zero-day exploits or groundbreaking malware. They’re walking right through the front door using valid credentials.

They win by mastering the art of social engineering and exploiting the soft spots most enterprises still rely on: MFA push fatigue, help desk fraud, and phishable credentials. If your security posture hinges on the idea that "our MFA is good enough," it might be time for a stark reality check on current adversarial techniques. This guide will break down their playbook and give you a definitive strategy to fight back.

Meet the Apex Predator: Who is Scattered Spider?

Before you can build a defense, you need to know your enemy. Scattered Spider is not a typical state-sponsored group. They are a nimble and amorphous collective of young, English-speaking cybercriminals, reportedly affiliated with a larger network known as "The Com." Their defining characteristic is their methodical approach. They focus their expertise on one industry at a time, learning the sector's unique processes, lingo, and technology stacks. This allows them to craft attacks with terrifying precision and efficiency.

After a string of successful extortion campaigns against major retailers, Google's Threat Intelligence Group has warned that Scattered Spider has pivoted. Their new hunting ground is the insurance sector, and it's a target rich with opportunity. Think about the data insurance companies hold: a treasure trove of claims information, sensitive health records, Social Security numbers, and other personally identifiable information (PII). For cybercriminals, this data is gold, whether for extortion or sale on the dark web

The Scattered Spider Playbook: Anatomy of a Credential-Based Attack

To understand the threat Scattered Spider poses, you have to dissect their Tactics, Techniques, and Procedures (TTPs). Their success isn't magic; it's a repeatable, three-act play designed to dismantle traditional security controls by targeting the most vulnerable asset: people.

The Weapon of Choice: Hyper-Personalized Social Engineering

At its core, social engineering is the art of psychological manipulation to trick people into divulging confidential information or bypassing security protocols. But Scattered Spider has taken this to a new level, especially with the "turbo boost" provided by Generative AI.

Gone are the days of poorly worded emails with suspicious links. Today's phishing/social engineering attacks are masterpieces of deception. By mining public data about employees from sources like LinkedIn, company websites, and social media, attackers can craft highly convincing and customized phishing lures within minutes. These messages use the right tone, contain local context, and are largely indistinguishable from legitimate communications.

The Weakest Link: Exploiting Help Desks and Credential Resets

Scattered Spider knows that the fastest way around a fortified wall is to find someone to open the gate for you. Their prime target for this is the IT service desk. These teams are often the unsung heroes of an organization, but they are also understaffed, overwhelmed with requests, and fundamentally trained to be helpful – a perfect storm for exploitation.

The scenario plays out like this: An attacker, armed with a dossier of personal information scraped from the internet, calls the help desk. They might pose as a high-ranking executive with an urgent request or an employee who has lost their phone and is locked out of their account. They leverage this information to sound credible, create a sense of urgency, and deceive the service agent into resetting the legitimate employee’s password or MFA device. Just like that, the attacker is handed the keys to the kingdom, bypassing layers of security without triggering a single alert.

The Final Blow: Bypassing Legacy MFA with Adversary-in-the-Middle (AitM) Attacks

"But we have MFA!" This is the common refrain from organizations that believe they are protected. The chilling reality is that most traditional MFA methods, passwords, SMS one-time passcodes (OTPs), and even push notifications, are fundamentally phishable. Attackers can trick users into giving up OTP codes or exploit "push fatigue" by spamming a user's device with approval requests until one is accepted by mistake.

This is where easily accessible tools like Evilginx come into play.

 

What is Evilginx? Think of it as the ultimate digital eavesdropper. It’s a phishing framework that operates as an Adversary-in-the-Middle (AitM). Here’s how it works:

The attacker sends a phishing link that directs the victim to the Evilginx server, which hosts a pixel-perfect replica of the real login page (e.g., your Microsoft Entra ID portal). The Evilginx server acts as a reverse proxy, transparently passing all traffic back and forth between the victim and the legitimate service. The user sees the familiar login screen, complete with a valid TLS lock icon. The user enters their username and password, which Evilginx captures. The legitimate service then prompts for MFA. The user enters their OTP or approves the push notification, which Evilginx also intercepts and forwards. Here’s the knockout blow: Once the user is successfully authenticated, the real service sends back a session cookie to authorize the user's browser session. Evilginx snatches this cookie.

With this stolen session cookie, the attacker can now directly access the user's account, completely bypassing the need for credentials or MFA. They have full control, and the victim may not realize it until it's too late.

The Modern Defense: A Three-Pronged Strategy to Neuter Scattered Spider

Fighting an adversary that targets identity requires a defense built on strong identity assurance. The probabilistic security controls of the past, which can only guess if a user is legitimate, are failing. You need a deterministic approach that proves with certainty that a person is who they claim to be. This modern defense is built on three core principles.

Principle 1: Make Credentials Un-stealable with Phishing-Resistant MFA

The single most effective way to stop Scattered Spider’s primary attack vector is to adopt a simple philosophy: if a credential can't be moved, it can't be stolen. This is the foundation of true phishing-resistant, multi-factor authentication.

The Solution: HYPR's phishing-resistant authentication is built on the FIDO standards, the gold standard for secure authentication, and leverages passwordless technology like passkeys.

How it Defeats Credential Theft:

Public-Private Key Cryptography: When a user enrolls with HYPR, their device creates a unique public-private key pair. The private key is stored securely in the device's hardware and never leaves. To authenticate, the device simply proves it possesses this secret key without ever revealing it, making it impossible for an attacker to intercept. No Phishable Fallbacks: HYPR eliminates vulnerable, phishable factors. It only uses phishing-resistant FIDO methods and never falls back to easily compromised shared secrets like OTPs or knowledge-based questions. Principle 2: Eliminate Help Desk Social Engineering Attacks with True Identity Verification

Securing the front door with phishing-resistant MFA is crucial, but what about the back door? Credential recovery and reset processes are a glaring vulnerability that Scattered Spider ruthlessly exploits. Relying on knowledge-based authentication (KBA), "What was the name of your first pet?", is a recipe for disaster in an era where AI can scrape the internet for answers in seconds.

The Solution: You must verify the person, not the information they know. HYPR Affirm provides Multi-Factor Verification (MFV), a modern approach to identity proofing that makes adaptive, risk-based verification a core part of the identity lifecycle.

How it Secures Recovery: Instead of asking flimsy questions, HYPR Affirm uses a layered, deterministic process to verify a user’s identity with high assurance before allowing a credential reset:

Document Verification: The user is prompted to scan a government-issued ID (like a driver's license or passport) with their smartphone. Biometric Matching & Liveness: The user then takes a selfie, which is biometrically matched against the photo on the ID. A "liveness" check ensures it's a real person and not a photo or deepfake. Configurable Steps: For high-risk scenarios, additional factors like a live video chat with a manager or service desk agent can be required.

This process ensures that only the legitimate account owner can ever perform a reset, turning the help desk from a vulnerability into a fortified checkpoint.

Principle 3: Guarantee Endpoint Integrity with Continuous Device Trust

A user's identity is only one part of the security equation. The health and integrity of the device they are using to authenticate is the other. A legitimate user on a compromised device is still a massive risk.

The Solution: HYPR Adapt adds an intelligent, continuous layer of risk analysis to every authentication event.

How it Adds Protection:

Real-Time Risk Signals: HYPR Adapt is a powerful risk engine that continuously analyzes a wide array of signals from the user's device, their behavior, and the broader threat landscape. Adaptive Response: It checks if the device is managed or unmanaged, if its security posture is up to date, and if the user's behavior is unusual. If it detects a high-risk signal, like an authentication attempt from a jailbroken device or an impossible travel scenario, it can automatically step up authentication requirements or block the attempt entirely. This provides an essential layer of protection that ensures the entire access journey, from user to device to application, is secure. Your Go-Forward Strategy: A Modern Defense Against Scattered Spider

Scattered Spider’s assault on the insurance industry is a clear signal that the old ways of security are no longer sufficient. Their strategy isn't revolutionary; it's a methodical exploitation of the trust we place in outdated and phishable identity technologies. Relying on legacy MFA and weak, KBA-based recovery processes is leaving your organization dangerously exposed.

The path forward is not about adding more layers of complexity; it's about shifting to a foundation of certainty. By implementing a modern identity assurance strategy built on three pillars, phishing-resistant MFA, true identity verification, and continuous device trust, you can move from a reactive defensive posture to a position of dominance. You can build a fortress that doesn't just deter attackers like Scattered Spider but makes their entire playbook obsolete.

Ready to build a defense against Scattered Spider? Subscribe to our updates for the latest insights on identity assurance and cybersecurity.

 

AI agents are rapidly being integrated into modern enterprises, yet their activities and interconnections are often unmonitored and unmanaged. Here's how that could endanger your organization, and what's being done about it.

Blog 25 June 2025 What Institutions Need to Know About the Stablecoin GENIUS Act to Accelerate Their Tokenization Strategy

On June 18, the U.S. Senate Banking Committee passed the Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025, or GENIUS Act (S.919). If enacted, it would mark a foundational shift in U.S. financial policy: for the first time in the U.S., stablecoins would be regulated under a dedicated and bipartisan federal framework, distinct from digital securities or unregulated digital assets.

What is the GENIUS Act?

The GENIUS Act defines payment stablecoins as digital assets:

issued for the purpose of payment or settlement (including margin/collateral), redeemable at a fixed value (e.g., $1), and backed 1:1 by permitted reserve assets. does not offer a payment of yield or interest.

The bill outlines detailed requirements for issuers, including:

Reserve Composition: Only highly liquid and safe instruments are permitted, which include: coins and currency, insured deposits held at banks and credit unions, short-dated Treasury bills, repurchase agreements (“repos”), reverse repos backed by Treasury bills, money market funds invested in certain of these assets, central bank reserves, and any other similar government-issued asset approved by regulators. Reserve usage restriction: Issuers would be restricted to using reserve assets for certain activities, including to redeem stablecoins and serve as collateral in repos and reverse repos. Redemption and disclosure: Issuers must maintain public redemption policies and report regularly on outstanding supply and reserve composition. Risk oversight: Issuers above $10B must submit audited financial statements, and all are subject to Bank Secrecy Act compliance and risk management tailored by federal/state regulators. Issuers under $10B may be supervised at the state level, provided the regime is “substantially similar” to the federal one. Who can issue stablecoins?

Under the proposed text, stablecoins may be issued by:

Subsidiaries of insured depository institutions (IDIs), OCC-regulated nonbank entities, and State-regulated entities under $10 billion in issuance.

Nonbank issuers can start under state law, but must graduate to federal oversight once they exceed the $10 billion threshold.

If a foreign-issued stablecoin is not licensed in the US, it can still be traded on US secondary markets, but only if:

The foreign stablecoins have the technological capacity to freeze transactions, and They can comply with lawful orders from the U.S. Treasury Department (e.g., sanctions, asset freezes, law enforcement actions).

These definitions ensure any proposed issuer knows exactly which rules and supervisors apply.

Are permissioned stablecoins the answer to compliance requirements?

As mentioned in Myth vs. Fact: The GENIUS Act by the U.S. Senate Committee: “The GENIUS Act requires all stablecoin issuers, including foreign issuers, to have the technological capability to freeze and seize stablecoins and also comply with lawful orders. It also requires all permitted payment stablecoin issuers to comply with U.S. anti-money laundering (AML) and sanctions requirements, including implementing AML and sanctions programs and annually certify compliance with the bill’s AML provisions. This is a higher reporting obligation than what banks are currently subject to.”

This means stablecoin smart contracts and infrastructure must support:

Transfer freezes or reversals, under compliance or court orders. AML/sanctions screening and reporting capabilities. Annual certifications confirming they meet AML program standards. This legislation effectively requires stablecoin issuers to consider deploying permissioned tokens, using frameworks like ERC-3643, to sophisticatedly meet obligations such as AML compliance, transaction freezing, and holder traceability. This legislation effectively requires stablecoin issuers to consider deploying permissioned tokens, using frameworks like ERC-3643, to sophisticatedly meet obligations such as AML compliance, transaction freezing, and holder traceability.

While this may contrast with the open-access ethos of Web3, it reflects what institutional players need to safely and legally engage with stablecoins in regulated environments. For banks, custodians, and asset managers, having granular control over who can hold and transfer stablecoins is not optional, it’s essential for satisfying legal, operational, and reputational obligations.

ERC-3643, the market technical standard for permissioned tokens, with its identity-linked permissioning and built-in compliance logic, offers a proven path forward for stablecoin issuers who want to meet GENIUS Act requirements while preserving blockchain-based efficiency and interoperability.

Why This Is a Major Development

While stablecoins have been widely used by crypto users in the Web3 space for trading, institutional players have been reluctant to accept stablecoins as a payment method for tokenized securities, primarily due to regulatory uncertainty and unfavorable accounting treatment (e.g., SAB121).

As a result, true atomic settlement, where both securities and cash move instantly onchain, has faced slow adoption. In many cases, traditional bank transfers are still used, introducing friction, delays, and manual reconciliation steps.

Together, the GENIUS Act and SAB 122 lay the foundation for institutional adoption of stablecoins in the United States. The GENIUS Act establishes a federal framework for issuing compliant, fully backed stablecoins, while SAB 122 (which reverses SAB 121) enables banks to custody digital assets without classifying them as on-balance-sheet liabilities. With these regulatory clarifications, stablecoins can serve as the onchain cash leg for financial institutions, unlocking real-time settlement, composable services, and broader integration with capital markets and DeFi services.

As these frameworks take effect, we expect to see:

More banks issuing stablecoins under federal or state-regulated regimes in the U.S.. U.S. institutions accepting stablecoins for subscription, redemption, and settlement of tokenized securities. Accelerated institutional adoption of tokenized securities, driven not only by the ability to enable atomic settlement, but also by the opportunity to introduce innovative onchain features, such as Delivery-vs-Payment (DvP) transfers between qualified investors to improve liquidity, or integrating DeFi-based services These developments allow institutions to offer smarter and more competitive products and position themselves at the forefront of onchain finance. These developments allow institutions to offer smarter and more competitive products and position themselves at the forefront of onchain finance. From Tokenized Cash to Tokenized Securities

As trusted digital dollars become more widely available, the focus will naturally shift toward the transparency and composition of the reserves backing them. To enable real-time proof of reserves and redemption, these reserve assets themselves should be tokenized and made verifiable onchain.

At the same time, since payment stablecoins are prohibited from offering yield under the GENIUS Act, stablecoin holders will increasingly look for onchain and yield-generating alternatives.

This makes the tokenization of money market funds (MMFs) and other short-duration instruments especially timely, serving a dual purpose:

as onchain compliant reserve assets for stablecoin issuers, and as onchain savings products for stablecoin holders seeking yield in a secure and regulated way.

A recent example we supported is the tokenized MMF by Fasanara Capital, a London-based asset manager overseeing $5 billion in assets. The project was delivered in collaboration with Apex Group, Chainlink, Fireblocks, and Polygon. Seeking to comply with regulations while ensuring open interoperability, it leverages the ERC-3643 market standard via our T-REX Platform.

The fund was launched with onchain compliance controls, integrated cap table management, real-time redemption capabilities, and real-time NAV feeds, demonstrating how tokenized funds can operate efficiently, transparently, and securely within a regulated framework.

There are a few key benefits of tokenized funds:

Instant and 24/7 subscription and redemption
Real-time collateral deployment (e.g., in repo markets) Reduced operational risk through smart contract automation Seamless integration with DeFi protocols and traditional financial infrastructure A Call to Action

Adopting onchain finance shouldn’t require institutions to become blockchain engineers. As the legal and technical frameworks mature, the challenge is no longer “why” but “how”.

Standards like ERC-3643 and orchestrated platforms make it possible to move fast while remaining fully compliant. Institutions can focus on what they do best, designing and distributing financial products, instead of investing years and millions into reinventing the infrastructure.

With the GENIUS Act nearing final approval, and with tokenization infrastructure now enterprise-ready, this is the moment for institutions to take action.

The financial system is evolving, not through disruption, but through strategic integration. Those who lead early will shape the future of capital markets.

Subscribe to our insights Real Estate Tokenization Takes Off in Dubai 1 July 2025 What Institutions Need to Know About the Stablecoin GENIUS Act to Accelerate Their Tokenization Strategy 25 June 2025 Is the UAE Taking the Lead in the Tokenization Race? 13 May 2025 How Tokeny Powers Fasanara’s Tokenized Money Market Funds 8 April 2025 No Yield for Stablecoins, Tokenized MMFs To Take the Lead 1 April 2025 Memecoins Are Crashing, Hackers Are Cashing In, Where Are Smart Investors Moving Next? 3 March 2025 Breaking the Silos: The Path to Shared Liquidity with ERC-3643 19 February 2025 Trump Administration’s Impact on Tokenization: Is the Golden Age Upon Us? 3 February 2025 Bitcoin Hits $100K: The Tokenization Tipping Point? 9 December 2024 Institutional Tokenization 3.0: Break Silos 21 October 2024

The post What Institutions Need to Know About the Stablecoin GENIUS Act to Accelerate Their Tokenization Strategy appeared first on Tokeny.

In today’s fast-evolving digital asset landscape, law enforcement agencies, intelligence teams, and compliance departments face unprecedented challenges. The surge in crypto adoption is matched by escalating regulatory pressure, increasingly complex risk vectors, and adversaries operating seamlessly across borders, blockchains, and platforms.

To keep up with this evolution, organizations need scalable, high-fidelity intelligence that can move as fast as the threats they’re targeting.

Today we are launching Elliptic Data Fabric - plug-in blockchain data and intelligence for any workflow - built to meet the needs of modern investigations and regulatory environments. Elliptic Data Fabric represents a generational shift in digital asset decisioning, giving government and compliance teams the opportunity to inject the world’s richest blockchain intelligence data directly into internal pipelines, powering custom or AI-enabled workflows while slashing integration time, cost, and risk.

This means that organizations no longer need to rely solely on pre-built applications - Elliptic’s raw data can fuel AI-driven risk models, investigative tools, and real-time decisions at the point of need.

Seamless Infrastructure Delivery for Scalable Innovation

Aergo is working with Conduit to simplify how we launch and manage our AI-focused Layer 2 network. With Conduit’s help, we’ve been able to move quickly, iterate fast, and keep things stable without having to build everything from scratch.

House Party Protocol (HPP) runs on a fully-featured testnet using Conduit’s blockchain infrastructure. It’s built on top of Arbitrum’s stack and gives us a clean, reliable environment to build and test in.

Why Conduit?

Conduit provides a production-grade DevOps and infrastructure pipeline, enabling Aergo to:

Launch and upgrade testnets quickly and reliably Maintain uptime and performance during rapid iteration Access the latest innovations from the Arbitrum ecosystem Seamlessly transition from testnet to mainnet-ready deployments

Conduit ensures the developer experience around HPP remains smooth, up-to-date, and scalable.

What This Enables

With Conduit, Aergo is free to focus on what matters most: building the coordination layer for decentralized AI. Builders can deploy, test, and validate intelligent systems in a production-grade sandbox that mirrors real-world execution conditions.

For developers and enterprises alike, Conduit allows HPP to deliver confidence at every stage of the development lifecycle.

Looking Ahead

Working with Conduit has allowed us to streamline development and accelerate delivery. Their infrastructure powers the HPP testnet, enabling fast iteration and a smooth developer experience without compromising reliability.

We’re excited to keep evolving. Follow Aergo and Conduit on X for the latest HPP and infrastructure updates.

About Aergo(HPP) and Conduit

Aergo is a hybrid blockchain platform built to support secure, scalable, and intelligent applications. It’s been used across government and enterprise sectors and is now evolving into a Layer 2 network focused on AI, verifiable logic, and decentralized coordination.

Conduit provides blockchain infrastructure for teams building on Arbitrum, OP Stack, and more. Their platform makes launching and managing custom chains easier, helping developers bring new decentralized applications to life without heavy operational complexity.

Streamlining Layer 2 Innovation: Aergo x Conduit was originally published in Aergo (HPP) on Medium, where people are continuing the conversation by highlighting and responding to this story.

Edgee and Fastly team up to replace client-side JavaScript SDKs with WebAssembly at the edge, improving performance, security, and data collection.

Real estate companies lost about $500 million to fraud attacks in 2024, according to Certifid.

Mistral’s Le Chat was ranked most privacy-friendly, followed by OpenAI’s ChatGPT.

The post Identity Verification (IDV) Market & Technology Analysis & Forecasts 2025-2030 appeared first on Indicio.

As cyberattacks grow more complex and damaging, enterprises must adopt a multi-layered approach to data security, with a renewed focus on automating certificate lifecycle management, implementing zero trust frameworks, and improving real-time threat monitoring, according to Security Boulevard.

Krispy Kreme has confirmed that over 160,000 individuals were affected by a ransomware attack in late 2024, in which hackers accessed and leaked highly sensitive personal and financial information, according to GBHackers News.

Spain is advancing its digital sovereignty with the launch of Quantix, a 40 million public-private initiative focused on cybersecurity and microelectronics, centered in the region of Murcia, according to Biometric Update.

WebProNews reports that hackers have claimed responsibility for a massive breach involving data from 64 million T-Mobile customers, raising serious concerns across the cybersecurity and telecom sectors.

Thales celebrates American Airlines 1st 787-9 aircraft flying with AVANT Up Inflight Entertainment System prezly Tue, 06/24/2025 - 14:00 The American Airlines 787-9 takes flight with Thales’ AVANT Up Inflight Entertainment (IFE) system, the first in the carrier’s order of 30 new aircraft. The IFE system features the best picture quality on any aircraft, with stunning 4K HDR ultra-responsive touchscreens for seamless navigation, along with 60W USB-C and USB-A fast charging for customer devices, and the ability to pair a Bluetooth device. American is the first carrier in the Americas to fly with Thales’ award-winning user interface for passengers with vision assistance needs.

On 5 June 2025, American’s premium Boeing 787-9 aircraft, equipped with Thales' AVANT Up inflight entertainment (IFE) system, made its debut on its inaugural flight from Chicago O’Hare to Los Angeles followed by its inaugural Flagship Suite® service from Chicago O’Hare to London Heathrow. American Airlines, the first oneworld alliance member to introduce this IFE system, expects a total of 30 of these premium aircraft to join its fleet by 2029.

Premium onboard passenger experience

American has introduced a premium passenger experience for customers travelling on their new aircraft equipped with Thales’ AVANT Up IFE. This is the first premium Boeing 787-9 featuring spectacular 4K QLED HDR displays that deliver a cinematic experience at every seat. Navigating American’s vast catalogue of entertainment options is easy with Thales’ ultra-responsive touchscreens.

Thales’ seatback displays feature a Bluetooth connection for passengers to pair a device. The system is equipped with Thales’ power management solution with USB-C and USB-A fast charging that supports up to 60W of in-screen charging capacity, ensuring passengers’ devices arrive at their destination fully charged.

Unique passenger experiences at every seat

AVANT Up provides a wide range of digital services and applications, enabling American to provide a premium entertainment experience to all customers flying on the new 787-9. Passengers can enjoy more, such as an interactive Watch Party, a Picture-in-Picture viewing experience, and action-packed console gaming.

Accessible travel for all

American is the first carrier in the Americas to fly with Thales’ award-winning user interface for passengers with vision assistance needs. The user interface supports audio-cue navigation assistance, voice metadata feedback, touch and swipe gesture controls, and a large selection of audio-descriptive content to create a more inclusive and accessible travel experience for all.

“Every aspect of our new 787-9 is designed to feel premium in nature,” said Heather Garboden, American’s Chief Customer Officer. “Everything our customers see on board was designed with customers in mind — from the design details to Bluetooth connectivity and state-of-the-art entertainment.”

“For nearly 15 years, American Airlines has trusted Thales as their inflight entertainment provider. This enduring partnership reflects our shared commitment to create extraordinary inflight experiences, and we are thrilled to power American’s premium travel with the cutting-edge AVANT Up.” Niels Steenstrup, Chief Eexecutive Officer, Thales InFlyt Experience

/sites/default/files/prezly/images/Generic%20banner%20option%204_20.png Documents [Prezly] PR - Thales Celebrates American Airlines 1st 787-9 Aircraft Flying with AVANT Up Inflight Entertainment System.pdf Contacts Cédric Leurquin 24 Jun 2025 Type Press release Structure Aerospace On 5 June 2025, American’s premium Boeing 787-9 aircraft, equipped with Thales' AVANT Up inflight entertainment (IFE) system, made its debut on its inaugural flight from Chicago O’Hare to Los Angeles followed by its inaugural Flagship Suite® service from Chicago O’Hare to London Heathrow. American Airlines, the first oneworld alliance member to introduce this IFE system, expects a total of 30 of these premium aircraft to join its fleet by 2029. prezly_772419_thumbnail.jpg Hide from search engines Off Prezly ID 772419 Prezly UUID 5b3e89c1-a77d-4318-a4bb-25c6e1a1f92f Prezly url https://thales-group.prezly.com/thales-celebrates-american-airlines-1st-787-9-aircraft-flying-with-avant-up-inflight-entertainment-system Tue, 06/24/2025 - 16:00 Don’t overwrite with Prezly data Off

On June 17, the United States Senate voted to pass the GENIUS Act, legislation that aims to create a regulatory framework for the oversight of stablecoins, by a comfortable margin of 68-30. With a number of Senate Democrats joining the majority Republican party in voting for the bill, attention now turns to efforts in the House of Representatives.

“Since I wrote last week about MCP and the need for a more structured standards development process, this week I feel like diving into what it really means to build an open standard.“

Unfortunately, “open standard” is one of those terms that gets thrown around a lot and often means entirely too many different things. For some, it just means the spec is readable online. For others, it’s about process transparency or whether the license is royalty-free. Depending on who you ask, “open” might refer to access, governance, IP rights, implementation freedom, or all of the above.

This fuzziness isn’t just academic. In the world of digital identity, especially as we build wallets, verifiable credentials, and cross-border trust frameworks, how we define and implement open standards will directly shape who gets to participate, how systems interoperate, and whether anyone can avoid vendor lock-in.

So, let’s unpack it. What is an open standard? And why does it matter so much right now?

A Digital Identity Digest Rethinking Digital Identity: What ARE Open Standards? Play Episode Pause Episode Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds 00:00 / 00:12:59 Subscribe Share Amazon Apple Podcasts CastBox Listen Notes Overcast Pandora Player.fm PocketCasts Podbean RSS Spotify TuneIn YouTube iHeartRadio RSS Feed Share Link Embed

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

What does “open standard” actually mean?

Ask five people what makes a standard “open,” and you might get five different answers.

Some will say it’s all about access: It’s open if you can download and read the spec without paying. Others will focus on governance: It’s open if the development process is public and inclusive. Still others might zero in on intellectual property: If you can implement it without navigating a minefield of patents, it qualifies.

The ITU-T’s Definition

The ITU-T, a United Nations-recognized standards body, offers a fairly comprehensive definition. According to them, open standards are:

“Made available to the general public and developed (or approved) and maintained via a collaborative and consensus-driven process. They facilitate interoperability and data exchange among different products or services and are intended for widespread adoption.”

They expand this definition to include concepts like transparent development, due process, balanced input, fair access to intellectual property, and long-term maintenance. It’s a solid framework, widely used in international policy discussions.

But there’s another approach that resonates more strongly with how the Internet itself was built and continues to evolve.

The OpenStand Principles

In 2012, five key organizations—the IEEE, IETF, IAB, W3C, and the Internet Society—affirmed a shared set of values known as the OpenStand Principles. These principles describe the processes that gave us the web, email, DNS, and secure communications protocols. In other words, they’re battle-tested.

The OpenStand Principles emphasize five core commitments:

Cooperation – Standards organizations should respect each other’s autonomy and work together. Adherence to core development principles – Including due process, broad consensus, transparency, balance, and openness. Collective empowerment – Standards should support innovation, interoperability, scalability, and benefit humanity. Availability – Specifications must be accessible and implementable under fair terms, from royalty-free to FRAND. Voluntary adoption – No mandates, no lock-in. Market success is determined by the quality of the work, not regulatory decree.

These principles prioritize practical interoperability, technical merit, and inclusive participation, not just public availability.

And yes, I’ll admit I’m biased. My work and the ecosystems I care about have benefited enormously from the OpenStand model. It’s one of the reasons the Internet scaled globally. Go, team Internet!

So, while the ITU-T definition is solid, OpenStand captures something deeper: a living, working model of how open collaboration can shape resilient, scalable infrastructure.

That model, of open, resilient collaboration, is directly relevant to digital identity.

Why this matters for digital identity

Digital identity isn’t just another software problem. It is critical infrastructure that sits at the intersection of public services, private platforms, and individual autonomy. It needs to work across borders, industries, and decades (there are so many dimensions) and do so securely, ethically, and interoperably.

Open standards are the only viable foundation for that kind of future. And I doubt many people would argue that point. Of course, that is only true until you ask what “open” means.

As our systems evolve, it’s clear that not all “open” is created equal. The technical community frequently uses the term, but how it plays out in practice depends heavily on the organization behind the spec, its governance structure, and who gets a say.

Let’s look at a few examples from the current identity landscape:

ISO/IEC standards are authoritative but not always accessible

The ISO standards process is generally respected and deeply formal. Specifications like ISO/IEC 18013-5, which governs mobile driver’s licenses (mDLs), influence national legislation and industry roadmaps. In some countries, these specs are published for free if required by law. Others adopt them by reference without making the actual text available. In most cases, you’ll need to pay to read the document.

Participation isn’t open in the way many expect from Internet standards. To shape an ISO spec, you need to be part of your country’s official delegation or aligned with a recognized partner organization. It’s possible, but it’s gated. And that makes it harder for smaller implementers, civil society groups, or under-resourced countries to engage meaningfully.

FIDO2: open specs from a closed process

The FIDO Alliance, whose work underpins passkeys and other strong authentication technologies, operates with a “pay-to-play” model. To participate in discussions and vote on specifications, you must be a paying member of the FIDO Alliance.

However, once published, the specifications are free, publicly available, and widely adopted. In that sense, FIDO hits an important open standards benchmark: interoperability is possible without licensing barriers or paywalls. But governance remains closed to non-members, raising questions about transparency and balance.

OpenID4VC: open contributions, gated decisions

The OpenID Foundation is producing specifications for verifiable credentials and decentralized identity (e.g., OpenID4VC). Their process is somewhat hybrid: anyone can join the mailing lists, submit proposals, and contribute to discussions. However, only members can vote on final decisions, and membership requires payment.

This model blends inclusivity with formal governance. It’s more open than ISO but still includes structural limitations that can shape who ultimately steers the spec.

W3C Digital Credentials API: public input, but participation friction

Then there’s the W3C, where the Digital Credentials API is currently under development. It started in a Community Group, a setting where anyone could join calls, propose changes, and contribute. But Community Groups can’t produce official W3C Recommendations. The work had to move to a formal Working Group to do that.

In a W3C Working Group, you either need to be:

A member of a W3C Member organization (which usually involves a fee), Or an invited expert (which requires an application and approval).

The general public can still file GitHub issues and read the documents. That’s more openness than many standards bodies offer, but it’s not full participation. There’s friction between visibility and influence, especially for newcomers or smaller players.

So… what counts as “open”?

With so many variations on “open,” it’s easy to fall into a purity trap where only the most idealistic, frictionless processes count. But that’s not realistic or fair.

Creating standards—real, robust, production-ready standards—takes work. Not just from the people writing specs or implementing test suites but also from the organizations that host the mailing lists, convene the calls, maintain the repositories, manage intellectual property frameworks, and, yes, pay the legal bills.

All of that takes resources. And as much as we’d like to imagine that open standards are forged purely through the goodwill of the global community, the truth is that most standards efforts today rely on a mix of volunteer labor, organizational backing, and structured funding models, some of which include paid memberships.

A new balance test

So no, we can’t simply demand that every standard be written by volunteers and hosted for free. That’s not how sustainable infrastructure gets built. But we can and should ask hard questions about transparency, participation, and accessibility.

Is the spec publicly available without a paywall? Can you implement it without having to negotiate a license? Are diverse voices meaningfully represented in its development? Do the outcomes reflect shared infrastructure goals or just strategic product roadmaps?

We don’t need to shut down funding models. But we need to ensure those models don’t shut people out.

The goal isn’t to achieve some idealized version of openness. It’s to build systems that are accountable, adaptable, and inclusive. Standards that reflect a common foundation, not a competitive moat. And that’s a goal we can work toward, even in a world where time and money are very real constraints.

Open-ish is still better than closed

As much as we can and should debate the limits of openness in today’s standards processes, it’s worth remembering that things could be a lot worse. While many digital identity specifications land somewhere in the middle, open to read, semi-open to influence, gated in terms of governance, that’s still miles ahead of truly closed standards.

And yes, closed standards still exist, even in 2025.

Some of the world’s most critical systems rely on technical specifications that aren’t publicly available, freely implementable, or open to broad contribution.

Closed doors in standards

For example:

National identity systems in some countries are developed behind closed doors. Portions of India’s Aadhaar system or certain Gulf nation digital IDs may be guided by specifications that are either not published or only accessible to government contractors. That makes transparency, auditability, and public trust harder to achieve. Vendor-specific federation protocols have a long history in enterprise environments. Before the rise of open federated identity standards like SAML or OIDC, systems like Microsoft’s WS-Federation created tightly coupled, proprietary identity flows. While still in use in some legacy contexts, these are controlled by the vendor, not a neutral standards body. Biometric matching algorithms and data formats are another example. Many face or iris recognition technologies rely on proprietary encodings that are patented, licensed, or simply undisclosed. Even when governments use them, the standards involved may not be publicly accessible, let alone reviewable. Even account provisioning APIs between enterprise SaaS providers can resemble closed standards. If your identity team has ever tried to automate user provisioning without access to well-documented SCIM endpoints, you’ve probably run into a “standard” that’s really just a private interface.

In that light, the “open-ish” systems start to look less like compromise and more like progress.

Schrödinger’s standards, both open and closed?

Yes, it can be frustrating that you need to be a member to vote at the OpenID Foundation. Yes, it’s not ideal that the FIDO Alliance limits participation to paying organizations. And yes, W3C Working Groups aren’t truly open in the democratic sense once you leave the Community Group stage.

But in all these cases, the resulting specifications are:

Freely available, Implementable without proprietary dependencies, and Increasingly shaped by diverse, global input.

That’s not perfect openness, but it’s a long way from closed. And it’s a path we can keep improving.

Want to stay updated? I write about digital identity and related standards—because someone has to keep track of all this! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

[00:00:00]
Welcome to the Digital Identity Digest, the audio companion to the blog at Spherical Cow Consulting. I’m Heather Flanagan, and every week I break down the evolving world of digital identity — from credentials and standards to browser quirks and policy challenges.
If you work with digital identity but don’t have time to follow every specification or hype cycle, you’re in the right place.

What Is an Open Standard?

[00:00:26]
Last week, I explored the Model Context Protocol (MCP) and why we need a better approach to standards development. Today, let’s dive deeper and ask a foundational question: what does it mean to build an open standard?

The phrase “open standard” is used often — and differently — by many:

Some say it simply means a spec is publicly readable. Others emphasize transparency, royalty-free licensing, or governance processes. Still others point to access, IP rights, or implementation freedom.

[00:01:17]
And this isn’t just a philosophical debate — it affects real-world outcomes in digital identity systems, from wallets and credentials to international trust frameworks. Open standards define who participates, how systems interoperate, and whether we avoid vendor lock-in.

Defining “Open” — Multiple Perspectives

[00:01:41]
Ask five experts, and you’ll get five different definitions:

Access-focused: If the standard is free to read, it’s open. Process-focused: If it’s developed publicly and inclusively, it’s open. IP-focused: If anyone can implement it without licensing hurdles, it’s open.

[00:02:10]
The ITU-T, a UN-recognized standards body, defines an open standard as:

“Made available to the general public, developed via a collaborative, consensus-driven process, facilitates interoperability, and intended for widespread adoption.”

They also stress:

Transparent development Due process Balanced input Fair IP access Long-term support The OpenStand Principles: Internet DNA

[00:03:01]
Another influential model comes from the OpenStand Principles, endorsed in 2012 by:

IEEE IETF Internet Architecture Board W3C Internet Society

These organizations helped build the foundational architecture of the internet.

[00:03:31]
OpenStand emphasizes:

Cooperation between standards bodies Foundational principles: transparency, consensus, balance Collective empowerment: interoperability, innovation, benefit to humanity Availability: fair access, voluntary adoption Success through utility, not mandates

[00:04:14]
This model values technical merit, global scale, and inclusive participation — not just a downloadable PDF.

Why It Matters for Digital Identity

[00:04:35]
Digital identity isn’t “just software.” It’s infrastructure at the crossroads of:

Public services Private platforms Personal autonomy

It must work across borders, industries, and time, and do so securely, ethically, and interoperably.
And for that, open standards are non-negotiable.

Examining the Standards Bodies

[00:05:14]
Let’s look at how open actually plays out in the real world:

ISO

[00:05:17]
The ISO/IEC standards process is formal and respected. Specs like ISO 18013‑5 (for mobile driver’s licenses) guide legislation and roadmaps.

Pros: Highly structured; impactful. Cons: Often behind a paywall. Participation requires national delegation or official channels — not easy for small players. FIDO Alliance

[00:06:12]
Known for passkeys and strong authentication, FIDO uses a pay-to-play model.

Participation requires paid membership. Specs are free to access and implement once published. No licensing restrictions = a big plus for developers. OpenID Foundation

[00:06:52]
Behind OpenID Connect and now working on OpenID for Verifiable Credentials.

Mailing lists are open. Only paying members can vote. All specs are freely available, making this model more inclusive than ISO, though still tilted toward funded voices. W3C

[00:07:34]
W3C’s Digital Credentials API is a good case study.

Community groups are fully open — but cannot produce official standards. To become a W3C Recommendation, work must move to a Working Group. Working Group participation requires either: Organizational membership (with dues), or Invitation as an expert

Public input is welcome, but influence is limited.

Balancing Idealism and Practicality

[00:08:32]
So, what really counts as open?
There’s a danger in idealism — assuming only frictionless, volunteer-driven models are acceptable.

[00:08:59]
In reality, standards require:

Legal review Infrastructure support Paid staff Long-term maintenance

We can’t demand “free everything” — but we can demand fairness in access and influence.

Ask these questions:

Can you read and implement the spec without legal or financial barriers? Are diverse voices represented? Does the result serve shared infrastructure, or just a vendor’s agenda? When Standards Aren’t Open

[00:09:35]
Not all standards are even partially open:

Some national ID systems are built on unpublished specs. Many biometric formats are proprietary and patented. Even SaaS provisioning APIs are often undocumented and closed.

[00:10:09]
So yes — some open processes have flaws. But compared to that? Even “imperfect open” is progress.

A Positive Example: The Cyrus Foundation

[00:10:46]
A good example of a modern, open-leaning approach is the Cyrus Foundation:

Building an open‑source digital identity wallet Prioritizes public standards like: OpenID for Verifiable Credentials FIDO2 ISO 18013‑5

[00:11:31]
Their code and process are public and transparent, with contributions welcomed from across the ecosystem.

Full disclosure: I serve as an advisor to Cyrus — but only because they’re getting it right.

[00:11:47]
The point isn’t that Cyrus is unique. What matters is their model — balancing practicality with open values, avoiding reinvented cryptography, and treating identity infrastructure as a shared foundation.

The Path Forward

[00:12:08]
And the good news? This future is already happening. We just need to keep showing up for it.

Wrapping Up

[00:12:23]
Thanks for listening to this episode of the Digital Identity Digest. If this helped clarify or spark interest, consider:

Sharing it with a colleague Connecting with me on LinkedIn Subscribing and rating the podcast Visiting the full post at sphericalcowconsulting.com

[00:12:42]
Stay curious. Stay engaged. And let’s keep these conversations going.

The post Rethinking Digital Identity: What ARE Open Standards? appeared first on Spherical Cow Consulting.

The post OCR Technology in Identity Verification: How It Works and Why It Matters appeared first on uqudo.

Imperva Application Security Integrates API Detection and Response, Setting A New Standard in API Security prezly Tue, 06/24/2025 - 09:00 First unified, single-pane-of-glass platform to deliver real-time detection and mitigation of API threats, including Broken Object Level Authorization (BOLA) and other advanced business logic threats Offers flexible deployment across cloud and on-premise environments, with a privacy-forward design to secure APIs at scale.
© Thales

Thales today announced new detection and response capabilities in the Imperva Application Security platform to protect against business logic attacks, such as Broken Object Level Authorization (BOLA) - the leading threat in the OWASP API Security Top 10. By integrating real-time detection with automated mitigation of risky APIs, BOLA attacks, unauthenticated APIs, and deprecated APIs, Imperva Application Security platform delivers comprehensive protection against unauthorized data exposure and other complex business logic vulnerabilities across cloud and on-premises environments.

APIs have become the backbone of modern applications, enabling businesses to seamlessly connect services, optimize operations, and deliver personalized experiences at scale. According to Imperva Threat Research, APIs accounted for 71% of all web traffic. More recently, the team observed a sharp rise in API-directed attacks, with 44% of advanced bot traffic targeting APIs, compared to just 10% targeting web applications. This shift underscores how attackers are increasingly exploiting API endpoints that manage sensitive and high-value data.

Why BOLA is a Critical Business Risk

BOLA occurs when APIs fail to properly verify whether users are authorized to access specific data objects. This allows attackers to manipulate requests and gain unauthorized access to sensitive information. As the leading OWASP Top 10 API threat, BOLA exposes businesses to significant risks, including data breaches, compliance failures, and loss of customer trust.

“API security is no longer optional - it’s fundamental to maintaining business continuity and trust,” said Tim Chang, Global Vice President and General Manager of Application Security at Thales. “Imperva Application Security bridges the gap by delivering a fully unified platform that identifies business logic threats and actively blocks malicious sessions, setting a new benchmark for API protection.”

Empowering Enterprises with a Unified, Flexible, and Privacy-First Solution

Imperva Application Security integrates advanced threat detection engines with automated inline responses and flexible deployment options, enabling security teams to detect and respond to API attacks like BOLA without slowing development or disrupting the user experience. For customers who want to protect their API infrastructure, Imperva Application Security delivers the following benefits:

Unified Platform Architecture: Manage API discovery, risk assessment, detection, and mitigation in a single console, eliminating tool sprawl and operational friction across cloud and on-premises environments. Real-Time BOLA Detection: Hybrid behavioral and rule-based engines analyze API request patterns, scoring anomalies, and flagging endpoints for immediate action. Automated Response and Remediation: Integration with Imperva Cloud WAF and WAF Gateway enables a variety of response actions, including inline mitigation actions such as automatically blocking malicious API traffic in real-time. Integration with security automation tools ensures rapid incident orchestration.

Advancing the Imperva Security Anywhere Vision

The integration of API detection and response into Imperva Application Security is foundational to the Imperva Security Anywhere vision, which provides scalable, end-to-end protection for applications and APIs across any environment. This unified solution provides enterprises with a comprehensive view of automated threats targeting APIs and the necessary tools to protect those APIs.

Detection and response to deprecated APIs, unauthenticated APIs, and BOLA attacks are now available as part of Imperva Application Security.

About Thales

Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.

The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.

Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion.

/sites/default/files/prezly/images/11.jpg Contacts Cédric Leurquin 24 Jun 2025 Type Press release Structure Defence and Security Security Thales today announced new detection and response capabilities in the Imperva Application Security platform to protect against business logic attacks, such as Broken Object Level Authorization (BOLA) - the leading threat in the OWASP API Security Top 10. By integrating real-time detection with automated mitigation of risky APIs, BOLA attacks, unauthenticated APIs, and deprecated APIs, Imperva Application Security platform delivers comprehensive protection against unauthorized data exposure and other complex business logic vulnerabilities across cloud and on-premises environments. prezly_772234_thumbnail.jpg Hide from search engines Off Prezly ID 772234 Prezly UUID dde6fd22-2b40-4689-abef-f58b092ad0f2 Prezly url https://thales-group.prezly.com/imperva-application-security-integrates-api-detection-and-response-setting-a-new-standard-in-api-security Tue, 06/24/2025 - 11:00 Don’t overwrite with Prezly data Off

Thales Launches File Activity Monitoring (FAM) to Strengthen Real-Time Visibility and Control Over Unstructured Data prezly Tue, 06/24/2025 - 09:00 New capability gives instant visibility to detect misuse, enforce compliance, and strengthen data protection across on-premises, hybrid, and multicloud environments. Continuous data discovery, classification, and monitoring forms the foundation of effective Data Security Posture Management, while simplifying compliance and flagging unauthorized activities that lead to data exposure. ​ FAM’s built-in GenAI tools and centralized management streamlines audit reporting, accelerates threat response, reduces operational complexity across enterprise data lifecycle.

Thales today announced the launch of Thales File Activity Monitoring, a powerful new capability within the Thales CipherTrust Data Security Platform that enhances enterprise visibility and control over unstructured data, enabling organizations to monitor file activity in real time, detect misuse, and ensure regulatory compliance across their entire data estate. As the only integrated platform provider that secures structured and unstructured data, Thales provides comprehensive monitoring and auditability for data types that were previously difficult to track.

In today’s evolving threat landscape, organizations must gain tighter control over unauthorized access and misuse of unstructured data, which according to IDC represents 90% of all worldwide data. File Activity Monitoring enables security teams to analyze and monitor the activity of unstructured data, including unexpected copying, downloading, and sharing of files such as emails, chat logs, media files, and application logs that can contain sensitive data. Real-time alerts, analytics, and encryption tracking further accelerate threat insights and protect sensitive data across the enterprise. This reduces exposure risks, supports compliance with standards like GDPR, HIPAA, and PCI DSS, and strengthens organizations’ overall data security posture.

“Thales’ innovative approach to File Activity Monitoring tackles key challenges like blind spots in hybrid environments, offering real-time visibility and smart anomaly detection — a potential game-changer for teams overwhelmed by false positives. By striking the right balance of depth and simplicity, FAM shows promise in helping us strengthen the SOC without added complexity. With tighter SIEM integration, it can sharpen response and let teams focus on what matters most. We’re excited to see how FAM evolves and enhances our data security.” Leila KUNTAR, Principal Information Security Engineer, Amadeus, said.

“As unstructured data grows rapidly across distributed environments, organizations need more integrated ways to track and safeguard their most sensitive information,” Todd Moore, Vice President of Data Security Products at Thales, said. “With File Activity Monitoring, Thales reinforces its leadership in enterprise data security by delivering real-time insight, intelligent automation, and unified visibility through a single, powerful platform.”

Thales has been a leader in digital security for decades in structured database activity. Building on this extensive expertise, customers can expect the same world-class experience that they’ve had with Thales, now extended to encompass unstructured data protection.

File Activity Monitoring strengthens DSPM by enabling security teams to:

Discover, classify, observe, and control sensitive data across on-premises, hybrid, and multicloud environments Pinpoint where sensitive data resides, who has access, and whether it's properly secured, in real time, allowing detection of suspicious behavior including unauthorized copying, downloading, or sharing Transform static classification into dynamic risk intelligence through behavioral context Apply strong encryption and other remediation techniques, including reconstruction of incidents quickly with audit logs in the event of a breach or policy violation and enabling strong encryption, to protect compromised or at-risk data

Built-in GenAI tools simplify audits, boost response, and cut complexity

To further simplify compliance and security operations, File Activity Monitoring includes a Generative AI-powered Data Security Assistant. This integrated chatbot helps teams query audit data, generate custom reports, and streamline compliance workflows, reducing the burden on IT and security professionals and making it easier to meet regulatory obligations.

“As technology evolves rapidly, our controls must be flexible enough to keep pace without adding complexity,” Moore said. “Automation and intelligence help overwhelmed security teams scale operations and focus on what matters most. With tools like our chatbot, they can ask natural language questions and get instant, actionable answers, accelerating response times and improving operational efficiency.”

About Thales

Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.

The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.

Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion.

/sites/default/files/prezly/images/10.jpg Contacts Cédric Leurquin 24 Jun 2025 Type Press release Structure Defence and Security Security Thales today announced the launch of Thales File Activity Monitoring, a powerful new capability within the Thales CipherTrust Data Security Platform that enhances enterprise visibility and control over unstructured data, enabling organizations to monitor file activity in real time, detect misuse, and ensure regulatory compliance across their entire data estate. As the only integrated platform provider that secures structured and unstructured data, Thales provides comprehensive monitoring and auditability for data types that were previously difficult to track. prezly_772229_thumbnail.jpg Hide from search engines Off Prezly ID 772229 Prezly UUID d134f4e3-89a1-4ebd-955a-17e2ca53c5cf Prezly url https://thales-group.prezly.com/thales-launches-file-activity-monitoring-fam-to-strengthen-real-time-visibility-and-control-over-unstructured-data-djkws2 Tue, 06/24/2025 - 11:00 Don’t overwrite with Prezly data Off

As regulatory scrutiny rises across the UK capital markets sector, firms must implement more robust AML screening protocols. This article explains the evolving expectations of the FCA and implications of MiCA for UK intermediaries, offering actionable insights on how iComply can help automate ongoing monitoring, meet PEP and sanctions requirements, and demonstrate audit-ready compliance.

Capital markets firms in the United Kingdom—from investment banks to securities dealers and private wealth managers—operate under one of the most stringent regulatory frameworks in the world. In 2025, this framework is expanding again, and firms face increased expectations for anti-money laundering (AML) screening, politically exposed person (PEP) monitoring, and transaction risk management.

The UK’s Financial Conduct Authority (FCA) has made it clear: compliance isn’t just about onboarding—it’s about continuous monitoring, proactive alert management, and having defensible audit trails.

At the same time, the European Markets in Crypto-Assets Regulation (MiCA), while not directly applicable in post-Brexit UK, is setting a high bar across the continent. UK regulators are watching closely and signalling similar expectations, particularly for firms interacting with cryptoassets, cross-border flows, and high-risk jurisdictions.

New AML Challenges for UK Capital Markets in 2025

1. Increased Regulatory Scrutiny The FCA’s updated financial crime guide and Dear CEO letters in 2024 emphasized that firms must:

Demonstrate effective AML policies in practice, not just on paper Screen customers and counterparties against updated sanctions and PEP lists Have systems in place for continuous monitoring and adverse media alerts

2. Cross-Border Exposure and MiCA Influence While MiCA is EU law, its implementation is reshaping expectations globally:

Crypto custody, exchange, and tokenization platforms must adopt bank-grade AML processes UK firms with EU branches or EU clients must match or exceed MiCA standards Regulatory equivalency will be increasingly important for cross-border capital flows

3. Data Management and Audit-ability Legacy systems often lack clear audit trails, slowing down internal reviews and exposing firms to enforcement risk.

What the FCA Expects

From 2025 onward, UK capital markets firms are expected to:

Conduct real-time sanctions screening across all client relationships Implement PEP and adverse media monitoring for ongoing due diligence Automate AML escalation and disposition processes Maintain complete records of screening decisions and risk scoring logic

Firms that rely on outdated or manual processes will struggle to meet these expectations and may face increased supervisory pressure.

How iComply Helps Firms Stay Ahead

1. Real-Time Global Screening iComply integrates with leading global watchlists to screen entities and individuals for:

Sanctions (UN, OFSI, EU, US, etc.) Politically Exposed Persons (PEPs) Adverse media and criminal proceedings

2. Risk-Based Workflow Automation Risk scoring and escalation logic can be customized per firm policy, allowing for:

Differentiated workflows by client type or geography Automated alerts for matches, updates, or changes in status

3. Audit-Ready Reports and Logs All screening activity is logged with timestamps, actions taken, match details, and reviewer notes. These can be exported for internal audits, regulatory exams, or board reporting.

4. Flexible Integration and Deployment Whether firms prefer cloud, on-premise, or hybrid environments, iComply supports secure deployment with UK data residency options and edge encryption.

5. Consolidated Case Management Investigate alerts, assign actions, and document decisions in a unified AML dashboard—streamlining team workflows and reducing missed red flags.

Case Insight: Private Brokerage in London

A London-based investment firm implemented iComply’s AML screening and case management tools across its brokerage and custody divisions. Within 3 months:

Screening false positives dropped by 38% Review time per flagged entity fell from 2 hours to 15 minutes The firm passed its next FCA review with zero material findings What to Watch in 2025 OFSI Sanctions List Expansions: New regimes tied to geopolitical risk will increase screening demands Crypto-Market Intersections: UK regulators are expected to introduce MiCA-equivalent standards for crypto exchanges and custody providers Supervisory Tech Expectations: The FCA is pushing for greater use of RegTech to support ongoing compliance Take Action

Firms operating in UK capital markets can no longer rely on static screening or reactive compliance strategies. The cost of falling behind is not just reputational – it’s regulatory.

Speak with our team to learn how iComply’s AML platform can help you reduce false positives, streamline ongoing monitoring, and prepare for tomorrow’s audit – today.

The post Nippon RAD begins full-scale rollout of Indicio’s next-generation personal authentication solution “Proven Auth” appeared first on Indicio.

While many business owners recognize the importance of maintaining their Cybersecurity Hygiene and protecting their Intellectual Property (“IP”), they are often too pressed for time and money to implement any serious plans of action.  There are ways to improve your cybersecurity and IP postures without breaking the bank or ignoring revenue goals. Be proactive and … Continue reading CHIP Away Risk and Grow Your Business →

Huione Guarantee, the largest illicit marketplace to have ever existed, was shut down by Telegram in May, in response to information provided by Elliptic. Elliptic’s on-chain data shows that the marketplace’s activity has now ceased, with merchants being encouraged to switch to another market: Tudou Guarantee. Tudou Guarantee marketplace has been the primary winner following Huione Guarantee’s closure, capturing much of its transaction volume. Several other Telegram-based Guarantee marketplaces have also seen user numbers increase. Other Huione Group businesses, including Huione Pay, continue to transact in cryptocurrency, however this activity does not relate to the operation of a marketplace.

 

Join 1Kosmos CSO Mike Engle and CMO Michael Cichon as they break down what it means to earn a perfect score in the iBeta Presentation Attack Detection (PAD) Level 2 certification, the gold standard for detecting advanced identity-based attacks.

They’ll explore the key differences between PAD Level 1 and Level 2, why liveness detection is critical to stopping fraud, and how the 1Kosmos platform, also certified to NIST 800-63-3 and FIDO2 standards, delivers comprehensive protection against today’s most sophisticated threats.

Michael Cichon:

Hello everybody, this is Michael Cichon, I’m the Chief Marketing Officer here at 1Kosmos. I’m joined today by Mike Engle, our Chief Strategy Officer. 1Kosmos recently announced presentation attack detection level two. What does this mean?

 

Mike Engle:

Yeah, no, great to be here, Michael. Good to see you again. PAD, as you mentioned, presentation attack detection is just like it sounds. When you are using online services and verifying your identity, you’re typically presenting yourself by scanning a face, or a document, a driver’s license to a requesting service, right, signing up for a new bank account. So I’m presenting it. A presentation attack is when I’m presenting something that’s false, or faked, fabricated, deep faked, et cetera. So the term, presentation attack detection, is the art of stopping that type of attack. So PAD is really a simple term for trying to stop bad guys that are faking images or videos, et cetera.

 

Michael Cichon:

Okay. So as companies are moving to biometrics for authentication, no big surprise, the cybersecurity attackers, the threat actors, whether they’re following this trend or whether they’re ahead of this trend is, I guess, depends on your point of view. The key is that attempts are being made to hack the biometrics, so. What, I mean, let alone PAD 2, what is PAD 1? There’s apparently different levels to this.

 

Mike Engle:

There is, yeah. So there’s a simpler version of presentation attack detection, PAD 1, we’ve had that for a few years. Pad level 2 is a whole nother level of testing, and it’s a much more sophisticated set of attacks that are done on the testing algorithms, for example. So to give you actually a couple of concrete examples, the lab we use is called iBeta. They’ve been around for like 25 years, they’re recognized by NIST, the government agency, for standards, and they’re also recognized by FIDO. So they’re very well accredited. And we’ve been tested by them for both levels, PAD 1 and PAD 2.

For PAD 1, iBeta will spend about $30 per attack. So how much time, effort, money do you spend creating a fake thing? $30. For PAD level 2, it’s up to $300 per attack. So big difference, you’re talking 10 times the spend. And you also need much more sophisticated equipment, you spend a lot more time on it as well. So instead of spending eight hours on a particular type of attack, they could spend up to four days, so much more stringent.

 

Michael Cichon:

I see. So a PAD 1 would be something like a paper mask or something like that, and a PAD 2 would be more advanced, potentially even using AI?

 

Mike Engle:

Yeah, using AI. I mean, typically it’s presenting something in the physical world. AI is certainly something we spend a lot of time focusing on, but, you know Tom Cruise, right? Of course you do, Mission Impossible, they put the rubber masks over their head and you cannot tell the difference. That’s the type of testing that iBeta would do. Latex masks, they do deep fakes and synthetic, the other types of materials as well.

 

Michael Cichon:

Okay. All right. So along with the announcement, we announced that the 1Kosmos platform achieved a perfect score. This was a 0% imposter attack presentation attempt rate, or accept rate. Any details, context around what that means?

 

Mike Engle:

Well, yeah, so 0%, I mean, that’s the gold standard. If you have 1% and you have millions of customers coming in, that ends up being quite a number. So 0% is, you can’t get much better than that.

 

Michael Cichon:

Okay. Now, we’ve had for a while, liveness detection. How does 1Kosmos’ liveness detection then stand out from other solutions in the market?

 

Mike Engle:

Some companies just don’t use it. If you see on LinkedIn, there’s all kinds of posts where people have gotten past identity verification company tech. If they do some basic liveness, they will typically stop basic attacks. And so, you can tell who’s certified and who’s not, it’s actually very easy to do. And so, many times when you check those companies that have been bypassed and you go to iBeta, they’re not on there. When you go to NIST, 800-63-3 certifying company, like Kantara, they’re not on there either, and they’re not on the NIST FRVT or FRVE, which is the independent testing that NIST does as well. So it’s easy to tell who’s certified and who’s not. I haven’t seen a post that’s gotten 500 comments on LinkedIn from an iBeta PAD 2 certified company, so it really is the gold standard.

 

Michael Cichon:

Okay. So this certification that we’ve announced, it proves our ability to stop even some of the most sophisticated identity-based attacks. In reality, day-to-day reality, what kind of threats are organizations facing today and how does this help them mitigate those threats?

 

Mike Engle:

Yeah, there’s a couple. So if you’re doing document verification, you scan the front and back of a driver’s license, check all the security features, there’s an attack on that. Is this a live document? So document liveness is a whole thing that’s different from my face. There’s document liveness and there’s face liveness, we test both of them. So imagine if you’re scanning the front and back of a license and you don’t bother checking to see if that’s a live driver’s license. That’s really important and could be skipped by a vendor, or your provider. Or if you’re doing that, but you’re not doing the live face part. Where live face gets really important, is when you’re injecting into a live video feed. So you’re scanning my face, this could be a deep fake injection right now that we’re doing and there’s ways to detect. There’s the positioning of the eyes and the way the artifacts render around my head, et cetera, et cetera. So those are the two types of liveness that we keep an eye on and they’re both very important.

 

Michael Cichon:

Okay. All right. So the iBeta PAD 2 certification, it’s the latest in a long list of certifications for the 1Kosmos platform. You mentioned, I think, the NIST 800-63-3, of course, we’re also certified to FIDO2. How do all these work together to ensure a high level of security?

 

Mike Engle:

No, that’s really important. So iBETA PAD 2, amazing. We got it, it takes a lot of elbow grease to get that done. But the bad guys are not going to stop, we’ll probably need PAD 3 someday, it doesn’t exist yet. So there’s an arms race between bad actors and the good guys, like 1Kosmos. One of the compensating controls is, do I have proof that I proved my identity as an individual, right? So imagine if you could ask me for proof of my plastic driver’s license or my passport every time I go and log in. That’s game changing. You don’t even need to check the video feed when that happens. So if you knew right now that I had my driver’s license and it was legit, do you care about the video feed anymore? Not really, right? Well-

 

Michael Cichon:

Right.

 

Mike Engle:

You do, because yeah, you’re a professional. But so what I’m saying is it’s really a digital signature that can be combined with whatever it is you’re trying to accomplish. Digital signatures are backed by cryptography, not how I look on the screen. So what we do with the whole NIST 800-63-3 thing and a digital wallet, is give the user a certificate that can be trusted in perpetuity. So now you don’t have to rely quite as much on all the liveness and deep fake stuff. So those two go hand in hand. And again, the companies that just scan an image or a face, do they deal with wallets and certificates? Probably not, we do, and that’s a real game changer, I think, for addressing this in the future.

 

Michael Cichon:

Okay, cool. So we have the digital wallet, which is certified to the rigorous NIST standards and the FIDO2 standards. We’ve got the presentation attack level 2 defense. What do you say to businesses that are still hesitant to adopt biometric authentication?

 

Mike Engle:

Well, don’t be scared, it’s okay. Just like any technology, you need to get your feet wet with it, A/B tested on a population of users and stay on top of the current attacks. So there’s all these things and acronyms and false acceptance rates and false rejection rates. There’s testing to give some level of assurance that the tech itself and the user experience will stand up to a business’s risk and the requirements for how much pain or ease of use you want to give your customers. So it’s a balancing act, but it’s here to stay. When you go to the airport now, you are using your biometrics all the time, right.

 

Michael Cichon:

Right.

 

Mike Engle:

And we create a very delightful experience online, which is what customers want. So it’s coming whether companies want to embrace it or not. I think companies that don’t embrace it, are going to be bypassed by the ones that do.

 

Michael Cichon:

Right. Well, yes, if it’s good enough for the TSA, it should be good enough for regular business, if you’ve got the right technologies and the certifications behind them. So Mike, appreciate your time this morning. It’s a very exciting development, one that hardens the 1Kosmos solution against some of the most advanced presentation attacks. So, very happy with this development and very much appreciate your time today.

 

Mike Engle:

Great to be here. I’ll see you soon.

The post Vlog: 1Kosmos Achieves Perfect Score in Level 2 PAD Certification appeared first on 1Kosmos.

BleepingComputer reports that ongoing intrusions leveraging the critical privilege escalation flaw in the WordPress "Motors" theme, tracked as CVE-2025-4322, to compromise admin accounts and facilitate site takeovers commenced on May 20 before surging on June 7.

MTCM, a Luxembourg-based securitization platform serving clients across Europe, the Americas, MENA, and Asia, has entered into a strategic partnership with Tokeny, the leading onchain operating system, to enable the issuance of both traditional and digital securities through a unified workflow. 

This collaboration marks the launch of the first dual-format issuance framework in Luxembourg, where an ISIN-listed note and a permissioned security token are minted simultaneously from the same legal compartment, ensuring full fungibility and compliance across both formats.

The partnership with Tokeny allows us to industrialize a dual-issuance model that was previously not possible. We now produce a fungible twin issuance: one leg as an ISIN-listed note settled via a leading international CSD, the other as ERC-3643-based permissioned tokenized notes onchain. This structure enables investors and arrangers to choose between blockchain or traditional settlement, without compromising on compliance, operational efficiency, or investor protections. Pedro HerranzManaging Partner at MTCM The dual issuance model is a practical way to help traditional investors get familiar with the onchain format. Once they try these assets, which are faster to settle, easier to access, and enhanced with features that weren’t possible before, they will naturally prefer the modernized and better way to access, manage, and transfer securities. This would definitely accelerate the demands from buy sides and drive the adoption. Luc FalempinCEO Tokeny

Under a white-label integration, Tokeny’s T-REX tokenization platform has been embedded into MTCM’s comprehensive end-to-end solutions. While MTCM acts as structurer, administrator and calculation agent, Tokeny provides easy-to-use interfaces to all stakeholders.

The integration is now live and supports the full lifecycle of a digital issuance, from onboarding and KYC to subscription and secondary solutions, within MTCM’s white-labeled investor portal. Tokeny’s technology simplifies complex workflows, embedding digital identity, AML/KYC verification, wallet integration, and cap table management into a single interface, reducing onboarding friction and improving transparency for all stakeholders.

This model significantly improves access, speed, and cost efficiency in structured finance. Institutional and professional investors can now self-custody digital securities, bypassing the high distribution and custodian costs typically associated with structured notes. For arrangers, this hybrid issuance opens up a wider distribution universe, combining reach through the traditional investors with new and blockchain-native investor segments.

With over €2.5 billion in assets under service and a 400% increase in AUS over the past two years, MTCM continues to expand its global footprint and lead innovation in hybrid financial structuring.

By merging the benefits of capital markets infrastructure with onchain efficiency, MTCM and Tokeny are redefining how structured investments are issued, distributed, and managed in a multi-rail financial future.

About MTCM

About MTCM Founded in 2010, MTCM is a leading global securitization group with offices in Switzerland, Luxembourg, Spain, Panama, and Dubai. The firm specializes in structuring and delivering end-to-end, tailor-made securitization solutions under Luxembourg’s Securitization Law. By making virtually any asset bankable and streamlining the relationship between investors and underlying exposures, MTCM empowers clients to access efficient, compliant, and scalable financing structures. The firm combines legal precision, operational agility, and deep structuring expertise to issue and manage complex financial instruments across both traditional and digital rails.

As a pioneer of hybrid issuances, MTCM consistently seeks to deliver the most efficient and agile solutions by combining the strengths of traditional capital markets infrastructure with the advantages of digital technologies—offering clients seamless access to both conventional and tokenized financial instruments. At MTCM, we don’t just design structures—we make things happen.

About Tokeny

Tokeny is a leading onchain finance platform and part of Apex Group, a global financial services provider with over 13,000 people across 112 offices in 52 countries. With seven years of proven experience, Tokeny provides financial institutions with the technical tools to represent assets on the blockchain securely and compliantly without facing complex technical hurdles. Institutions can issue, manage, and distribute securities fully onchain, benefiting from faster transfers, lower costs, and broader distribution. Investors enjoy instant settlement, peer-to-peer transferability, and access to a growing ecosystem of tokenized assets and DeFi services. From opening new distribution channels to reducing operational friction, Tokeny enables institutions to modernize how assets move and go to market faster, without needing to be blockchain experts.

Website | LinkedIn | X/Twitter

The post MTCM Securitization Architects Partners with Tokeny to Launch Dual-Format Issuance Framework Bridging Traditional and Digital Securities appeared first on Tokeny.

Not too long ago, crypto was a niche concern for a handful of crypto-forward institutions. Not anymore. Banks are no longer asking whether they should engage with digital assets, but how they can do so in a safe and compliant way. Many financial institutions are moving from "crypto tentative" to actively exploring how they can safely integrate digital assets into their service offerings. 

Have you ever wondered how banks, healthcare apps, or even e-commerce platforms verify your face in seconds? No passwords. No OTPs. Just a camera and some futuristic software. Welcome to the world of face authentication SDKs!

In today’s fast-paced digital environment, verifying real users instantly and securely has become critical. Whether it’s protecting sensitive financial data, simplifying access control in educational platforms, or preventing identity fraud in government systems, face authentication SDKs are the magic wand making it all possible.

This blog will walk you through everything you need to know about face authentication SDKs, including how they work, why they matter, and how Recognito is delivering best-in-class solutions in this space. Let’s dive in.

 

What Is a Face Authentication SDK?

An SDK (Software Development Kit) is a set of tools that helps developers build and add features to their apps. A face authentication SDK is a toolkit that allows developers to add face recognition-based login or verification features to their apps, websites, or systems.

This SDK leverages:

Real-time facial recognition AI-driven biometric analysis Facial liveness detection Match scoring and identity validation algorithms

In essence, it helps applications detect and confirm whether the person on screen is not only a match for a stored image but also a real, live human being. It’s the backbone of modern biometric security systems.

But wait, isn’t it the same as a face recognition SDK? Not quite.

While both SDKs use facial biometrics, face authentication SDKs go a step further by integrating liveness detection for face recognition, making them more suitable for high-security scenarios like banking, KYC processes, and digital onboarding.

 

How Does a Face Authentication SDK Work?

Let’s break this down step by step in the simplest way possible:

Step 1: Face Capture

The camera captures a live video or image of the user.

Step 2: Feature Extraction

Facial features like the distance between the eyes, jawline shape, cheekbone curvature, and skin texture are mapped using AI.

Step 3: Database Match

The captured data is compared against stored images or documents like driver’s licenses and passports.

Step 4: Liveness Detection

Face liveness detection SDK makes sure the person is really there and not using a photo or a fake video.

Step 5: Authentication Result

The system delivers a decision in real time, whether the identity is verified or not.

Types of Liveness Detection: Passive vs Active

Both active and passive liveness detection methods are crucial components of a robust facial liveness detection system.

Active Liveness Detection: Users are asked to do simple actions like blink, smile, or turn their head. These gestures are hard to mimic with static images or deepfake videos.

Passive Liveness Detection: The system checks for life signs without user interaction, such as skin texture, micro-expressions, or subtle movements in blood flow. This technique adds a frictionless layer of verification that’s completely invisible to users.

Recognito supports both, making it one of the most advanced face liveness detection SDK offerings in the market.

 

Why Is a Face Authentication SDK Essential in 2025 and Beyond?

 

1. Cybersecurity First

Online fraud is at an all-time high. With face authentication SDKs, businesses can prevent spoofing, account takeovers, and unauthorized access more effectively than ever.

2. Frictionless User Experience

Say goodbye to forgotten passwords and long login forms. With biometric login, users can access services in under 5 seconds. This makes onboarding fast, easy, and secure.

3. Real-Time Identity Verification

With liveness detection for face recognition, verification becomes instant and reliable 24/7, without manual checks.

4. Easy Integration

Modern face recognition SDKs like Recognito’s offer detailed API documentation and support for Android, iOS, and web platforms.

5. Regulatory Compliance

Industries like banking, fintech, and healthcare require strict KYC and AML compliance. Biometric authentication ensures businesses remain compliant while minimizing operational overhead.

6. Scalable and Cost-Effective

Automated identity checks help save time and money by reducing the need for manual verification.

Recognito: Your Trusted Partner in Face Authentication

Recognito believes in technology that protects and empowers. Our face authentication SDK is built using AI and machine learning models recognized by NIST FRVT, ensuring top-tier accuracy and reliability.

What sets our SDK apart:

Real-time identity verification Passive & active facial liveness detection Seamless integration with any platform Ultra-fast processing GDPR and compliance-ready

Whether you’re building a fintech app, an education portal, or a healthcare system, our SDK adapts to your security needs while keeping the user experience smooth.

You can also explore our open-source libraries and developer guides on GitHub.

Use Cases Across Industries

 

1. Banking & Fintech

Enable secure logins, KYC processes, and transaction approvals without PINs or passwords.

2. E-commerce & Marketplaces

Verify sellers and buyers during onboarding to prevent scams and impersonations.

3. Healthcare

Ensure that only real patients access confidential telehealth platforms.

4. Education & Exams

Use face authentication to secure online exams, courses, and student portals.

5. Travel & Border Control

Automate identity checks during self-service check-ins or digital visa verification.

 

Final Thoughts

In a world where security breaches are getting smarter, your systems need to be even smarter. A face authentication SDK is not just a piece of technology; it’s your front-line defender against digital fraud.

When powered by facial liveness detection, enhanced with AI, and designed to integrate easily, it becomes a complete solution for identity verification in any digital experience.

Recognito is proud to offer one of the most robust and developer-friendly face recognition SDKs available today. With our cutting-edge face liveness detection SDK, your business can deliver speed, accuracy, and trust all in one seamless experience.

Are you ready to upgrade your digital identity verification process?

Connect with us. Your feedback, questions, or use cases are always welcome.

👋Hey there,

It’s been two weeks already - we almost didn’t notice.

Ever since our revamp of Journaling, we’ve been hard at work bringing the rest of the app up to the same level.

New improvements. New features. All coming soon.

Chief among them being multi-language support - which you can get involved in later on in this email.

Alongside that, though, here are the tangible changes - with the usual Super Prompt at the end.

What’s new with Kin🚀

Save multi-language support looming closer, most of our updates are unglamorous.

It’s all small improvements and bug fixes, that we’ve squeezed in between the big stuff.

But, let’s get the biggest thing out of the way first…

Hola, je m'appelle Kin. Wie geht’s?

We’re very excited to be making progress on Kin’s much-requested multi-language support.

What we need next, as usual, is help from you.

We want to hear from those of you who are excited speak to Kin in other languages, so we can make sure this feature is everything you need it to be.

If that’s you, you can head over here to get your email in the list of people we’ll be contacting for feedback and testing.

Sweating the small stuff:

For everything that’s entered the app since our last update, these are the highlights:

Reminder rescheduling now works like it should - even if you switch behavior goals

Notifications are smarter (and way more accurate) through lots of small technical changes

The Intro process got the start of many copy and logic upgrades for a smoother start

Memory deletion UI has been tweaked to be easier and clearer to use

Working on big stuff

The Journaling revamp has inspired us a lot.

You told us what’s working. And more importantly, what’s getting in your way.

So we’ve been looking at everything again - not just Journals.

Every corner of the app. Every friction point.

Even features we haven’t even finished yet.

We’re looking for every way to make Kin faster, easier, and more natural to use.

And every point of feedback is instrumental to that.

So, the bigger updates are coming soon.

Our current reads📚

Tools - a16z’s Apps Unwrapped
READ - dasmer.com

Article - Clothing brand Lululemon potentially planning to replace some workers with AI systems
READ - The Daily Mail

Article - Apple planning to use AI to support chip development
READ - AI News

Article - Microsoft opposes Trump’s plan to ban AI regulation in US states
READ - The Guardian

Our online vibe ✨

Once again, we have another guest article discussing the tech requirements behind Kin’s memory.

This time, Volodymyr covers what ‘Retireval-Augmented Generation’ is, and why Kin’s memory requires a more complex solution than it can offer.

You can read the article below!

Read article

The next Super Prompt 🤖

“How do I stay motivated?”

If you have Kin installed and up to date, you can tap the link below (on mobile!) to immediately jump into discussing how to build motivation with your Kin, using Self-Determination Theory.

As a reminder, you can do this on both iOS and Android.

Open prompt in Kin

Don’t be a stranger

Though we say it every time, thank you.

Your feedback’s not just heard. It’s the guiding light to us building something better.

So please, don’t be a stranger - to us or your Kin.

You can always reply to this email, shake or screenshot your app, or just join our Discord server to get your feedback in front of us.

Until then, we’re excited to show you the next stage of Kin.

With love (and lots of squashed bugs),

The KIN team

4i Digital, a leading Latin American provider of ID verification and biometrics solutions, announced the integration of Dock Labs' verifiable credential technology. With this integration, 4i Digital will enable its clients to reduce onboarding friction, drop-offs and costs by allowing verified ID data to be securely reused across services while creating ecosystems of trust and unlocking new revenue streams.

SaaS apps not only have to meet the rigorous demands of managing users at an enterprise level but must also be secure and resilient by design.

In “An Open Letter to Third-party Suppliers”, Patrick Opet, Chief Information Security Officer of JPMorgan Chase, writes:

“Modern integration patterns, however, dismantle these essential boundaries, relying heavily on modern identity protocols (e.g., OAuth) to create direct, often unchecked interactions between third-party services and firms’ sensitive internal resources.”

Modern identity secure standards can help with user lifecycle maintenance of SaaS apps, e.g., provisioning and deactivating employees, and everything else in between. These solutions include adhering to protocols that facilitate single sign-on (SSO), user lifecycle management, entitlements, and full session logout across all applications. On top of managing user and non-human identities, e.g., service apps, adding AI access to work applications will bring unprecedented complexity. We don’t have a way to manage these AI tools, but there is a standard solution that aims to solve this problem. First, let’s go over how AI is currently set up to integrate across work applications.

OAuth for Enterprise AI

More AI tools are using protocols like Model Context Protocol (MCP) to connect their AI learning models to make external requests to relevant data and apps within the enterprise. With growing demand and popularity for adopting AI in the workplace, how can we safely integrate AI into the enterprise?

Solution: There is no need to reinvent how we authenticate and authorize AI to protected resources. With recent updates to the MCP authorization spec, we can continue to rely on OAuth and authorization servers from external providers like Auth0, separate from MCP servers, to authenticate/authorize non-human identities, including AI.

Enterprise AI connecting to external apps

Right now, app-to-app connections require interactive user consent and happen invisibly to the enterprise IdP. Naturally, AI-to-app connections follow the same setup, which is not ideal because we need a way to move the connections between the applications, including non-human identities, into the IdP, where they can be visible and managed by the enterprise admin. How can we make this possible?

Solution: By combining new and in-progress OAuth extensions called “Identity and Authorization Chaining Across Domains” and “Identity Assertion Authorization Grant”, which we’ll refer to as “Cross-App Access” for short. These extensions enable the enterprise IdP to sit in the middle of the OAuth exchange between the two apps or AI-to-app.

A brief intro to Cross-App Access

In this example, we’ll use Agent0 (a hypothetical MCP client) as the Enterprise AI application trying to connect to a resource application called Todo0 and its (hypothetical) MCP server. We’ll start with a high-level overview of the flow and later go over the detailed protocol.

First, the user logs in to Agent0 through the IdP as normal. This results in Agent0 getting either an ID token or SAML assertion from the IdP, which tells Agent0 who the user is. (This works the same for SAML assertions or ID tokens, so we’ll use ID tokens in the example from here out.) This is no different than what the user would do today when signing in to Agent0.

Then, instead of prompting the user to connect to Todo0, Agent0 takes the ID token back to the IdP in a request that says, “Agent0 is requesting access to this user’s Todo0 account.” The IdP validates the ID token, sees that it was issued to Agent0, and verifies that the admin has allowed Agent0 to access Todo0 on behalf of the given user. Assuming everything checks out, the IdP issues a new token back to Agent0.

Agent0 takes the intermediate token from the IdP to Todo0, saying, “Hi, I would like an access token for the Todo0 MCP server. The IdP gave me this token with the details of the user to issue the access token for.” Todo0 validates the token the same way it would have validated an ID token. (Remember, Todo0 is already configured for SSO to the IdP for this customer as well, so it already has a way to validate these tokens.) Todo0 is able to issue an access token giving Agent0 access to this user’s resources in its MCP server.

This solves the two big problems:

The exchange happens entirely without user interaction, so the user never sees prompts or OAuth consent screens.

Since the IdP sits between the exchange, the enterprise admin can configure the policies to determine which applications are allowed to use this direct connection. The other nice side effect of this is that since no user interaction is required, the first time a new user logs in to Agent0, all their enterprise apps will be automatically connected without them having to click any buttons!

OAuth’s Cross-App Access protocol

Now let’s look at what this looks like in the actual protocol. This is based on the adopted in-progress OAuth specification “Identity and Authorization Chaining Across Domains”. This spec is actually a combination of two RFCs: Token Exchange (RFC 8693) and JWT Profile for Authorization Grants (RFC 7523). Both RFCs, as well as the “Identity and Authorization Chaining Across Domains” spec, are very flexible. While this means it is possible to apply this to many different use cases, it does mean we need to be a bit more specific in how to use it for this use case. For that purpose, Aaron Parecki has co-authored a profile of the Identity Chaining draft called “Identity Assertion Authorization Grant” to fill in the missing pieces for the specific use case detailed here.

Let’s go through it step by step. For this example, we’ll use the following entities:

Agent0 - the “Requesting Application”, which is attempting to access Todo0 Todo0 - the “Resource Application”, which has the resources being accessed through MCP Okta - the enterprise identity provider that users at the example company can use to sign in to both apps

Single Sign-On

First, Agent0 gets the user to sign in using a standard OpenID Connect (or SAML) flow in order to obtain an ID token. There isn’t anything unique to this spec regarding this first stage, so we will skip the details of the OpenID Connect flow, and we’ll start with the ID token as the input to the next step.

Token exchange

Agent0, the requesting application, then makes a Token Exchange request (RFC 8693) to the IdP’s token endpoint with the following parameters:

requested_token_type: The value urn:ietf:params:oauth:token-type:id-jag indicates that an ID Assertion JWT is being requested. resource: The Issuer URL of the Resource Application’s authorization server. subject_token: The identity assertion (e.g., the OpenID Connect ID Token or SAML assertion) for the target end-user. subject_token_type: Either urn:ietf:params:oauth:token-type:id_token or urn:ietf:params:oauth:token-type:saml2 as defined by RFC 8693.

This request will also include the client credentials that Agent0 would use in a traditional OAuth token request, which could be a client secret or a JWT Bearer Assertion.

POST /oauth2/token HTTP/1.1 Host: acme.okta.com Content-Type: application/x-www-form-urlencoded grant_type=urn:ietf:params:oauth:grant-type:token-exchange &requested_token_type=urn:ietf:params:oauth:token-type:id-jag &resource=https://mcp.todo0.com/ &subject_token=eyJraWQiOiJzMTZ0cVNtODhwREo4VGZCXzdrSEtQ... &subject_token_type=urn:ietf:params:oauth:token-type:id_token &client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer &client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6IjIyIn0... ID assertion validation and policy evaluation

At this point, the IdP evaluates the request and decides whether to issue the requested “ID Assertion JWT.” The request will be evaluated based on the validity of the arguments and the customer’s configured policy.

For example, the IdP validates that the ID token in this request was issued to the same client that matches the provided client authentication. It evaluates that the user still exists and is active, and that the user is assigned the Resource Application. Other policies can be evaluated at the discretion of the IdP, just as it can during a single sign-on flow. If the IdP agrees that the requesting app should be authorized to access the given user’s data in the resource app’s MCP server, it will respond with a Token Exchange response to issue the token:

HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store { "issued_token_type": "urn:ietf:params:oauth:token-type:id-jag", "access_token": "eyJhbGciOiJIUzI1NiIsI...", "token_type": "N_A", "expires_in": 300 }

The claims in the issued JWT are defined in the “Identity Assertion Authorization Grant.” The JWT is signed using the same key that the IdP uses to sign ID tokens. This is a critical aspect that makes this work, since again, we assumed that both apps would already be configured for SSO to the IdP and would already be aware of the signing key for that purpose.

At this point, Agent0 is ready to request a token for the Resource App’s MCP server.

Access token request

The JWT received in the previous request can now be used as a “JWT Authorization Grant” as described by RFC 7523. To do this, Agent0 makes a request to the MCP authorization server’s

token endpoint with the following parameters: grant_type: urn:ietf:params:oauth:grant-type:jwt-bearer assertion: The Identity Assertion Authorization Grant JWT obtained in the previous token exchange step

For example:

POST /oauth2/token HTTP/1.1 Host: auth.todo0.com Authorization: Basic yZS1yYW5kb20tc2VjcmV0v3JOkF0XG5Qx2 grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer assertion=eyJhbGciOiJIUzI1NiIsI...

Todo0’s authorization server can now evaluate this request to determine whether to issue an access token. The authorization server can validate the JWT by checking the issuer (iss) in the JWT to determine which enterprise IdP the token is from and then checking the signature using the public key discovered at that server. Other claims must also be validated, as described in Section 6.1 of the Identity Assertion Authorization Grant. Assuming all the validations pass, Todo0 is ready to issue an access token to Agent0 in the token response:

HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store { "token_type": "Bearer", "access_token": "2YotnFZFEjr1zCsicMWpAA", "expires_in": 86400 }

This token response is the same format that Todo0’s authorization server would respond to a traditional OAuth flow. That’s another key aspect of this design that makes it scalable. We don’t need the resource app to use any particular access token format, since only that server is responsible for validating those tokens. Now that Agent0 has the access token, it can request the (hypothetical) Todo0 MCP server using the bearer token the same way it would have received the token using the traditional redirect-based OAuth flow.

“Note: Eventually, we’ll need to define the specific behavior of when to return a refresh token in this token response. The goal is to ensure the client goes through the IdP often enough for the IdP to enforce its access policies. A refresh token could potentially undermine that if the refresh token lifetime is too long. It follows that ultimately, the IdP should enforce the refresh token lifetime, so we will need to define a way for the IdP to communicate to the authorization server whether and how long to issue refresh tokens. This would enable the authorization server to make its own decision on access token lifetime, while still respecting the enterprise IdP policy.

Cross-App Access sequence diagram

Here’s the flow again, this time as a sequence diagram.

The client initiates a login request The user’s browser is redirected to the IdP The user logs in at the IdP The IdP returns an OAuth authorization code to the user’s browser The user’s browser delivers the authorization code to the client The client exchanges the authorization code for an ID token at the IdP The IdP returns an ID token to the client At this point, the user is logged in to the MCP client. Everything up until this point has been a standard OpenID Connect flow. The client makes a direct Token Exchange request to the IdP to exchange the ID token for a cross-domain “ID Assertion JWT” The IdP validates the request and checks the internal policy The IdP returns the ID-JAG to the client The client makes a token request using the ID-JAG to the MCP authorization server The authorization server validates the token using the signing key it also uses for its OpenID Connect flow with the IdP The authorization server returns an access token The client makes a request with the access token to the MCP server The MCP server returns the response Next steps

So, with stringent expectations set for buying SaaS apps, this also applies to AI tools accessing these SaaS apps now more than ever. Cross-App Access aims to help manage ALL identity access, including AI, especially in the workplace. You can read more about how Cross-App Access plays a key role in securing AI agents on this blog by Okta’s Chief Product Officer Arnab Bose. And for a more detailed step-by-step explanation of the flow, see Appendix A.3 of the Identity Assertion Authorization Grant. Interested in integrating your Cross App Access with Okta? You can apply to our early access offering!

Follow us on OktaDev on X and subscribe to our YouTube channel to learn about additional enterprise-ready AI resources as soon as they’re available. We also want to hear from you about topics you want to see and questions you may have. Leave us a comment below!

AI is reshaping the internet. 

From hyper-realistic deepfakes to AI-generated content, synthetic identities, and automated agents, we’re entering an era where it’s harder than ever to know what or who is real.

This rapid change raises a critical question:

How do we maintain trust in digital interactions when AI can generate convincing people, content, and behavior on demand?

During a recent live conversation with Charles Walton (former SVP of Identity at Avast and Mastercard) and Martin Kuppinger (Founder at KuppingerCole), this issue took center stage, and a clear insight emerged:

Decentralized identity technology provides the trust infrastructure necessary for an AI-powered internet.

YouTube collects data like search history, watch history, and interactions to personalize recommendations and ads, but this can compromise privacy by profiling user behavior. Regularly clearing history via YouTube’s settings or enabling auto-delete enhances privacy and minimizes data misuse risks, especially on shared devices.

Why You Should Clear Your YouTube Search History How YouTube Uses Search History

YouTube leverages your search history to personalize ads and video recommendations, tailoring content to your interests based on what you’ve searched and watched. This data helps the platform deliver relevant suggestions but also feeds into algorithms that create detailed user profiles for targeted advertising. While this can enhance your viewing experience, it raises concerns about how much personal information is being tracked and stored. Learning how to clear all YouTube search history allows you to reset this personalization, limiting the platform’s ability to use your past searches to influence ads and recommendations, giving you greater control over your data.

Privacy Risks of YouTube Search History

The privacy risks associated with YouTube search history are significant, as this data can be shared with advertisers to deliver targeted ads or exposed on shared devices, compromising your personal information. Advertisers may use your search patterns to build detailed profiles, potentially leading to intrusive marketing or, in worst cases, data breaches if security is lax. On shared or public devices, others could access your search history, revealing sensitive interests or activities. By understanding how to clear all YouTube search history, you can mitigate these risks, preventing unwanted data sharing and ensuring your browsing habits remain private, especially in shared environments.

Benefits of Clearing YouTube Search History

Clearing your YouTube search history offers multiple benefits, including enhanced privacy, reduced targeted ads, and a cleaner user experience. By removing your search data, you limit YouTube’s ability to profile your behavior, resulting in fewer personalized ads that may feel intrusive. Additionally, clearing history prevents old or irrelevant searches from cluttering your recommendations, creating a fresh and streamlined interface. Knowing it empowers you to take charge of your digital footprint, enjoy a less cluttered platform. Anh you also browse with greater peace of mind, particularly when using shared devices.

On Desktop (Web Browser)

Learning how to clear all YouTube search history on a desktop web browser is straightforward and helps protect your privacy. To begin, open YouTube.com in your preferred browser (e.g., Chrome, Firefox, or Safari) and sign into your Google account. Click the hamburger menu (three horizontal lines) in the top-left corner, then select “History” from the sidebar. In the right pane, under “History type,” choose “Search History.” Click “Clear All Search History” and confirm by selecting “Clear Search History” in the pop-up. To verify the history is cleared, refresh the page; the search history list should be empty. To disable search history tracking, go to “Manage all history”, click “Controls,” and toggle “YouTube History” to “Pause.” This prevents YouTube from saving future searches, enhancing your privacy across all devices linked to your account.

On Android Devices

Knowing it on Android devices is essential for maintaining privacy on mobile platforms. Open the YouTube app on your Android device and ensure you’re signed into your Google account. Tap your profile picture in the top-right corner, then select “Settings” from the menu. Navigate to “History & Privacy” and tap “Clear Search History.” Confirm the action by selecting “Clear” or “Delete” in the prompt. To verify, check the search bar; past searches should no longer appear as suggestions. For additional control, you can enable “Pause Search History” in the same “History & Privacy” menu to stop YouTube from tracking future searches. This process ensures your search history is wiped across all devices linked to your account, providing a seamless way to manage your data.

On iOS Devices (iPhone/iPad)

Understanding how to do it on iOS devices like iPhones or iPads is key to managing your digital footprint. Launch the YouTube app and sign into your Google account. Tap your profile picture in the top-right corner, then select “Settings” from the dropdown menu. Scroll to “History & Privacy” and tap “Clear Search History,” confirming the action by selecting “Clear” in the pop-up. The iOS interface is similar to Android but may feature slight layout differences, such as larger icons or a more streamlined menu. To enhance privacy, you can also toggle “Pause Search History” in the same menu to prevent future tracking. Additionally, iOS users can access “Manage all history” to set auto-delete options (e.g., every 3, 18, or 36 months), offering more granular control over data retention compared to Android.

On Smart TVs or Streaming Devices

Figuring out how to clear it on Smart TVs or streaming devices like Roku, Fire TV, or Apple TV is slightly different due to their app-based interfaces. Open the YouTube app on your device and sign into your Google account. Navigate to the “Settings” menu, typically found by selecting your profile icon or the gear icon in the app’s sidebar. Look for “Privacy” or “History & Privacy,” then select “Clear Search History” and confirm the action. Some devices, like older Smart TVs, may not offer direct options to clear search history within the app, requiring you to sign out and sign back in to refresh data or use a web browser on another device to clear history via YouTube.com. Limitations include inconsistent menu layouts across platforms, but clearing history through a browser ensures the change applies to all devices linked to your account.

Additional Steps to Manage Your YouTube Data Safely Deleting Watch History Alongside Search History

Understanding it often goes hand-in-hand with clearing watch history to achieve a complete data reset and enhance privacy. To delete both, open YouTube on your browser or app and sign into your Google account. Navigate to the “History” section via the sidebar (on desktop) or profile settings (on mobile). Select “Watch History” under “History type” to view videos you’ve watched, then click “Clear All Watch History” and confirm. To also clear search history, switch to “Search History” in the same menu, click “Clear All Search History,” and confirm. This dual action resets YouTube’s personalization algorithms, removing traces of your viewing and search activities across all devices linked to your account, ensuring a fresh and private user experience.

Accessing Google My Activity to Remove YouTube-Related Data

To fully manage your YouTube data, learning it through Google My Activity provides a comprehensive way to remove all related activity. Visit myactivity.google.com on your browser and sign into your Google account. You’ll see a log of your YouTube activities, such as searches, watched videos, and comments. To delete specific entries, use the search bar to filter “YouTube,” select the items, and click the trash icon to remove. For a complete reset, click “Delete” at the top, choose “All time” and select “YouTube” as the service, then confirm. You can also set up auto-delete by selecting “Auto-delete” and choosing a time frame (e.g., 3, 18, or 36 months). This method ensures all YouTube-related data is cleared, enhancing privacy and giving you greater control over your digital footprint.

Pause Search and Watch History

Pausing YouTube history tracking is a crucial step to prevent future data collection and complements search history for enhanced privacy. To pause history tracking, sign into your Google account and visit YouTube.com on a browser or open the YouTube app. On a browser, click the hamburger menu, select “History,” then click “Manage all history” to access Google’s Activity Controls. On the app, tap your profile picture, go to “Settings” > “History & Privacy,” and select “Manage all history.” In Activity Controls, find “YouTube History” and toggle it to “Pause,” confirming the action. This stops YouTube from saving future searches and watching activities across all devices linked to your account. By pausing tracking after clearing your history, you ensure minimal data collection, maintaining a private and clutter-free YouTube experience.

Benefits of pausing vs. clearing history periodically AspectPausing History TrackingClearing History PeriodicallyPrivacy ControlPrevents YouTube from collecting future searches and watching data, ensuring no new activity is stored. This complements how to clear all YouTube search history by stopping data accumulation altogether.Removes existing search and watch history, reducing the risk of data exposure on shared devices or to advertisers. Learning how to clear all YouTube search history is key to resetting your digital footprint.Personalization ImpactStops personalized recommendations based on new activity, leading to more generic suggestions. Useful for users who prefer a neutral experience after learning how to clear all YouTube search history.Resets personalization by deleting past data, temporarily disrupting tailored ads and recommendations until new activity is recorded. Regularly applying how to clear all YouTube search history keeps personalization minimal.Ease of UseOne-time setup via Google Activity Controls (toggle “Pause” under YouTube History). Requires minimal maintenance after initial action, enhancing the benefits of how to clear all YouTube search history.Requires manual deletion through YouTube’s settings or Google My Activity, or setting auto-delete intervals (e.g., 3 months). Knowing how to clear all YouTube search history involves periodic effort or automation.Data RetentionNo new data is saved, providing ongoing privacy without deleting past records unless combined with how to clear all YouTube search history.Deletes past data but allows new data to accumulate unless paused. Regularly using how to clear all YouTube search history ensures past activity is consistently removed.Use CaseIdeal for users wanting to stop tracking long-term, especially after mastering how to clear all YouTube search history for a clean slate.Best for users on shared devices or those seeking periodic resets to limit ad targeting. Understanding how to clear all YouTube search history is essential for frequent privacy maintenance. Adjusting Google’s Ad Settings to Limit Targeted Ads

Managing ads personalization is a key step in controlling your online privacy, and it complements learning how to clear all YouTube search history to reduce targeted advertising. To limit targeted ads, visit myadcenter.google.com and sign into your Google account. Navigate to the “Customize ads” section, where you’ll see categories like interests or demographics inferred from your YouTube search and watch history. Click “Manage your ad settings” and toggle off “Personalized ads” or remove specific interest categories that you don’t want influencing. You can also review and delete ad-related data tied to your activity. By adjusting these settings, you minimize the use of your YouTube data for ad targeting, enhancing privacy without needing to repeatedly clear your history, though knowing how to clear all YouTube search history remains useful for a complete reset.

Opting Out of Personalized Ads Without Affecting YouTube Functionality

Opting out of personalized ads allows you to maintain YouTube’s core functionality while reducing intrusive ad targeting, making it a great companion to how to clear all YouTube search history. To opt out, go to myadcenter.google.com, sign into your Google account, and select “My Ad Center.” Click on “Personalization” and toggle off “Ads personalization” to stop Google from using your YouTube search history, watch history, or other activities to tailor ads. This action won’t affect YouTube’s video playback, subscriptions, or recommendations, ensuring you still enjoy a seamless experience. For added privacy, you can combine this with pausing YouTube history tracking or regularly applying how to clear all YouTube search history to prevent data accumulation, giving you greater control over your online presence while keeping YouTube fully functional.

Tips for Safe Data Management Beyond YouTube Use a Privacy-Focused Browser to Reduce Tracking

Using a privacy-focused browser like Firefox or Brave is an effective way to minimize tracking while browsing YouTube, complementing efforts to learn how to clear all YouTube search history. These browsers block trackers, ads, and scripts by default, reducing the amount of data YouTube and third parties can collect about your online activities. For instance, Brave’s built-in Shields feature blocks invasive ads, while Firefox offers Enhanced Tracking Protection to limit cookie-based tracking. To set up, download Firefox or Brave from their official websites, configure privacy settings to the highest level, and use them to access YouTube. Combining a privacy-focused browser with regularly clearing your search history ensures that your YouTube activity leaves a minimal digital footprint, enhancing overall online privacy.

Enable Two-Factor Authentication on Your Google Account

Enabling two-factor authentication (2FA) on your Google account adds a critical layer of security, protecting your YouTube data even after mastering how to clear all YouTube search history. 2FA requires a second verification step, such as a code sent to your phone or generated by an authenticator app, in addition to your password. To enable 2FA, go to myaccount.google.com, sign in, and navigate to “Security” -> “2-Step Verification.” Follow the prompts to set up a phone number or an app like Google Authenticator. This ensures that even if someone gains access to your password, they cannot access your YouTube account without the second factor.

Combine with VPNs or DNS for Enhanced Privacy

Using tools like VPNs (e.g., Proton VPN) or secure DNS services (e.g., Cloudflare 1.1.1.1) alongside how to clear all YouTube search history provides enhanced privacy by masking your online activity. A VPN encrypts your internet connection and hides your IP address, preventing YouTube or third parties from tracking your location or browsing habits. Download Proton VPN, sign up (free or paid plans available), and connect to a secure server before accessing YouTube. Similarly, switching to Cloudflare’s 1.1.1.1 DNS, configured in your device’s network settings, improves speed and blocks malicious sites. These tools reduce data collection beyond what YouTube’s history tracks, ensuring a more private browsing experience when combined with regular search history clearing.

Regularly Review Connected Apps and Revoke Access

Regularly reviewing and revoking access to connected apps that link to your Google account is a vital privacy measure, complementing how to clear all YouTube search history. Third-party apps or services connected to your Google account may access your YouTube data, including search and watch history, even after clearing it. To manage this, visit myaccount.google.com, sign in, and go to “Security” -> “Third-party apps with account access.” Review the list of apps, checking their permissions, and click “Remove Access” for any unused or suspicious services. Performing this check monthly ensures that only trusted apps can access your YouTube data. By revoking unnecessary access and clearing your search history, you maintain tighter control over your personal information and reduce potential privacy risks.

Conclusion

Mastering how to clear all YouTube search history is a critical step in safeguarding your online privacy and controlling your digital footprint. By regularly clearing search and watch history, pausing data tracking, and managing ad personalization through Google’s settings, you can minimize targeted ads and protect sensitive information, especially on shared devices. These measures not only enhance your privacy but also create a cleaner, more personalized YouTube experience, allowing you to browse with confidence and peace of mind.

About Herond

Herond Browser is a cutting-edge Web 3.0 browser designed to prioritize user privacy and security. By blocking intrusive ads, harmful trackers, and profiling cookies, Herond creates a safer and faster browsing experience while minimizing data consumption.

To enhance user control over their digital presence, Herond offers two essential tools:

Herond Shield: A robust adblocker and privacy protection suite. Herond Wallet: A secure, multi-chain, non-custodial social wallet.

As a pioneering Web 2.5 solution, Herond is paving the way for mass Web 3.0 adoption by providing a seamless transition for users while upholding the core principles of decentralization and user ownership.

Have any questions or suggestions? Contact us:

On Telegram https://t.me/herond_browser DM our official X @HerondBrowser Technical support topic on https://community.herond.org

The post How to Clear All YouTube Search History and Manage Your Data appeared first on Herond Blog.

In 2025, online privacy is crucial, making the Android browser for privacy essential for protecting user data on Android devices. With increasing tracking and data breaches, browsers with features like tracker blocking and encryption, safeguard against invasive practices. Choosing the best Android browser for privacy empowers users to control their digital footprint and browse securely.

Why Privacy Matters on Android Browsers How Browsers Collect Data and Privacy Risks

Browsers collect data to enhance functionality and personalize ads, but this poses significant privacy invasion risks. Cookies store user preferences and login details, trackers monitor browsing behavior across sites, and IP addresses reveal location, enabling detailed user profiling by advertisers or potential misuse by hackers. On Android devices, these risks are amplified due to the open ecosystem, where unchecked data collection can lead to identity theft or unauthorized access. Choosing the suitable browser helps mitigate these threats by blocking trackers and limiting data retention, ensuring your online activities remain private and secure.

Specific Privacy Concerns on Android Devices

Android devices face unique privacy challenges, including excessive app permissions, aggressive ad tracking, and vulnerabilities when using public Wi-Fi, making it a critical tool for protection. Many apps request access to sensitive data like contacts or location, which can be shared with advertisers, while ad trackers follow users across apps and websites to build detailed profiles. Public Wi-Fi networks are particularly risky, as they expose data to interception without proper encryption. Privacy-focused browsers address these concerns by restricting app permissions, blocking ad trackers, and encrypting connections, safeguarding your data even on unsecured networks.

Benefits of Using the Best Android Browser for Privacy

Using the best Android browser for privacy offers significant advantages, including reduced tracking, enhanced security, and faster browsing. Browsers automatically block trackers and ads, minimizing data collection by websites and advertisers, which enhances user privacy. They also employ robust encryption and anti-fingerprinting techniques to protect against hacking attempts, particularly on vulnerable networks. By eliminating ad-heavy content, these browsers reduce page load times, providing a smoother and more efficient browsing experience. Adopting the browser empowers users to take control of their digital footprint, ensuring a safer and more streamlined online experience.

Criteria for Choosing the Best Android Browser for Privacy Privacy Features of the Best Android Browser for Privacy

When selecting the browser, robust privacy features are paramount to protect user data from invasive tracking and potential breaches. Leading browsers offer built-in ad and tracker blockers that prevent websites and advertisers from collecting data through cookies or fingerprinting techniques. Private browsing modes, ensure no search history or cookies are stored, enhancing anonymity. Encrypted connections, like HTTPS Everywhere in Firefox, secure data transmission, especially on public Wi-Fi. These features make essential for safeguarding your online activities against unwanted surveillance and data collection.

Performance of the Best Android Browser for Privacy

The best Android browser for privacy must balance strong privacy protections with high performance, including speed, low resource usage, and compatibility across Android devices. Browsers block resource-heavy ads and trackers, resulting in faster page load times and reduced battery consumption compared to mainstream browsers. Firefox offers efficient resource management with customizable add-ons, ensuring smooth performance even on older Android devices. Compatibility is also key, as these browsers are optimized for various Android versions, from budget phones to high-end tablets.

User Experience in the Best Android Browser for Privacy

A seamless user experience is a critical factor when choosing the best Android browser for privacy, combining ease of use, customization, and cross-platform syncing for a tailored browsing experience. Browsers like Firefox provide intuitive interfaces with customizable toolbars and themes, making navigation straightforward for all users. Brave offers a clean, ad-free interface with options to adjust privacy settings easily. Cross-platform syncing allows users to synchronize bookmarks, passwords, and settings across Android devices and desktops. By prioritizing user-friendly design and flexibility, the best Android browser for privacy delivers a convenient and personalized experience while maintaining robust data protection.

Open-Source Status and Transparency in the Best Android Browser for Privacy

Open-source status and transparency are vital for the best Android browser for privacy, as they ensure trust through audited code and clear privacy policies. Browsers like Firefox and Brave are open-source, allowing independent developers to review their code for vulnerabilities or hidden tracking, fostering accountability. Tor Browser, built on open-source principles, provides maximum anonymity with transparent operations. These browsers also publish clear privacy policies detailing minimal data collection and no sharing with third parties, unlike some proprietary browsers. By choosing the best Android browser for privacy with open-source credentials, users can trust that their data is handled securely and transparently, reducing privacy risks.

Top 5 Picks for the Best Android Browser for Privacy Brave Browser Key Features of Brave

Brave stands out as the best Android browser for privacy due to its robust features designed to protect user data while delivering a seamless browsing experience. It offers automatic ads and tracker blocking through its Shields feature, which prevents invasive scripts and cookies from collecting user information, ensuring minimal data exposure. Brave also enforces HTTPS Everywhere, automatically upgrading connections to secure, encrypted protocols to safeguard against threats on public Wi-Fi. Additionally, its fast performance is driven by blocking resource-heavy ads, resulting in quicker page loads and lower battery usage. These features make Brave a top choice for users prioritizing privacy without sacrificing speed.

Pros & Cons of Brave ProsConsBuilt-in Crypto Wallet: Securely manages cryptocurrencies within the browser, ideal for privacy-conscious blockchain users.Limited Extension Support: Smaller extension library compared to Chrome, restricting users needing specific add-ons for productivity or customization.Unique Rewards Program: Earns Basic Attention Tokens (BAT) for viewing privacy-respecting ads, supporting content creators or redeeming rewards without compromising data.Enhanced Privacy and Performance: Complements practices like clearing YouTube search history, offering a balance of privacy and functionality. Best for Specific Users

Brave is the best Android browser for privacy for users seeking a balance of robust privacy protections and high-speed performances. Its automatic ad and tracker blocking, combined with fast page loading, makes it ideal for those who want a streamlined browsing experience without intrusive ads or data collection. The browser’s crypto wallet and rewards program particularly appeal to tech-savvy users interested in cryptocurrency or those who value privacy-respecting monetization models. Whether you’re learning or aiming to minimize your digital footprint, Brave is perfectly suited for privacy-conscious Android users who prioritize speed and security.

Firefox Browser Key Features of Firefox

Firefox is widely regarded as the best Android browser for privacy due to its robust privacy features, including Enhanced Tracking Protection, which blocks third-party trackers, cookies, and fingerprinting attempts by default, ensuring minimal data collection. As an open-source browser, its code is publicly audited, providing transparency and trust for privacy-conscious users. Additionally, Firefox offers an extensive library of add-ons, such as uBlock Origin or Privacy Badger, allowing users to further customize their privacy and security settings. These features make Firefox a top contender for those seeking a secure and flexible browsing experience on Android devices.

Pros & Cons of Firefox ProsConsHighly Customizable Privacy: Enhanced Tracking Protection allows blocking specific trackers and adjusting cookie settings for tailored data privacy.Higher Resource Usage: Consumes more battery and memory than Brave, potentially slowing performance on older or low-end Android devices.Seamless Cross-Platform Syncing: Synchronizes bookmarks, passwords, and settings across devices for a consistent experience.Robust Privacy Strategy: Complements practices like clearing YouTube search history, ideal for users prioritizing flexibility and security. Best for Specific Users

Firefox is the best Android browser for privacy for users who value open-source software and flexibility in their browsing experience. Its transparent, audited code appeals to those who prioritize trust and accountability in their tools, while its extensive add-on ecosystem allows for tailored privacy and functionality enhancements. This makes Firefox ideal for tech-savvy users or those who frequently customize their browsing environment. Whether you’re applying or seeking a browser that syncs seamlessly with desktop, Firefox offers a versatile, privacy-focused solution for Android users.

Tor Browser Key Features of Tor Browser

Tor Browser stands out as the best Android browser for privacy due to its advanced anonymity features, primarily its onion routing system, which routes internet traffic through multiple encrypted layers across global servers to mask user identity and location. It blocks trackers, cookies, and fingerprinting scripts by default, ensuring minimal data collection and protection against surveillance. Available on Android via the Google Play Store or direct APK download from the Tor Project. It also integrates NoScript to disable potentially harmful scripts, making it a powerful tool for users seeking to safeguard their online activities from prying eyes.

Pros & Cons of Tor Browser ProsConsUnparalleled Anonymity: Onion routing ensures websites and ISPs cannot trace IP addresses or browsing habits.Slower Speeds: Multi-layer encryption via onion routing increases page load times, less suitable for casual browsing or streaming.Ideal for Sensitive Tasks: Perfect for accessing restricted content or protecting against surveillance, valuable for journalists and activists.Robust Privacy Solution: Paired with actions like clearing YouTube search history, it maintains a private digital presence on Android. Best for Specific Users

Tor Browser is the best Android browser for privacy for users who need near-complete anonymity, such as journalists, activists, or individuals in regions with heavy internet censorship. Its onion routing and default tracker blocking make it ideal for sensitive tasks where avoiding surveillance or data tracking is critical. While slower speeds may limit its use for everyday browsing, Tor excels for those prioritizing security over convenience. For users, Tor Browser enhances their ability to maintain a low digital profile, ensuring maximum privacy on Android devices in.

Herond Browser Key Features of Herond Browser

Herond Browser stands out as the best Android browser for privacy with its advanced privacy and security features, including the Herond Shield for blocking ads and trackers, SSL certificate integration for secure connections, and the upcoming Tor feature for enhanced anonymity. Its Advanced Security Alert System (ASAS) proactively detects and mitigates potential threats, ensuring a safe browsing environment. Additionally, Herond offers lightning-fast performance, with page load times up to three times faster than standard browsers, alongside an integrated ecosystem featuring Herond Wallet for secure digital asset management. Herond ID is for decentralized identity control, making it a comprehensive privacy-focused solution for Android users.

Pros & Cons of Herond Browser ProsConsRobust Privacy Protection: Herond Shield blocks ads and trackers, safeguarding personal data and complementing actions like clearing YouTube search history.Unclear Resource Usage: Potential performance impact on low-end Android devices.Built-in Herond Wallet: Securely manages cryptocurrencies, ideal for users in digital finance.Herond ID: Decentralized identity management enhances user control over personal data. Best for Specific Users

Herond Browser is the best Android browser for privacy for users who value a balance of cutting-edge privacy, high-speed performance, and an integrated digital ecosystem. It’s ideal for tech-savvy individuals, particularly those involved in cryptocurrency or decentralized technologies

DuckDuck Go Key Features of DuckDuckGo

DuckDuckGo stands out as a privacy-first browser and search engine, offering robust features to protect user data on Android devices. Its core strength lies in its no-tracking search engine, ensuring anonymous searches free from personalized ads. The browser includes built-in tracker blocking, displaying a Privacy Grade (A-F) for each website based on detected tracking attempts. Also, its App Tracking Protection feature extends this protection to block third-party trackers in other apps.

Pros and Cons of DuckDuck Go ProsConsNo Tracking Search: Does not store search queries, IP addresses, or browsing history, ensuring anonymous searches without personalized ads.No Browser Extensions: Lacks support for add-ons, limiting customization compared to Firefox or Chrome.Fire Button: One-tap clearing of tabs, cookies, and browsing data, with “fireproof” options for trusted sites, ideal for quick privacy resets.Limited Service Integration: Lacks deep integration with services like Google Maps or YouTube, reducing functionality for users reliant on these ecosystems.Smarter Encryption and Cookie Management: Forces HTTPS connections and auto-handles cookie pop-ups to opt out of non-essential cookies, enhancing security and convenience. Best for Specific Users

DuckDuckGo is ideal for privacy-conscious Android users who prioritize anonymity and minimal data collection over personalized search results or extensive customization. It’s particularly suited for those seeking to avoid targeted ads, making it perfect for users frustrated by trackers following them.

How to Set Up and Optimize Your Privacy Browser Step-by-Step Guide to Installing and Configuring the Best Android Browser for Privacy

Installing and configuring the best Android browser for privacy is straightforward and significantly enhances your online security.

Tips for Maximizing Privacy with the Best Android Browser for Privacy

Maximizing privacy with the browser involves proactive steps like disabling JavaScript when possible and clearing the cache regularly. JavaScript, while essential for many websites, can be exploited for tracking; in Brave, toggle “Block Scripts” in Shields’ Advanced Controls, or in Firefox, use add-ons like NoScript (via about:config adjustments) to disable it selectively, enabling it only for trusted sites. Regularly clearing the cache prevents stored data from being used to track you – set Brave to “Clear data on exit” in Settings -> Brave Shields & Privacy, or in Firefox, go to Settings -> Privacy & Security -> Clear Browsing Data and select “Cache” for periodic deletion. These practices, combined with the robust features of Brave or Firefox, ensure to keep your online activity secure and private.

Combining with Other Tools for Enhanced Privacy

Pairing the best Android browser for privacy with tools like VPNs or secure DNS services significantly boosts your online security. Proton VPN encrypts your internet traffic and masks your IP address, preventing ISPs or websites from tracking your location; download it from the Play Store, sign up (free or paid plans), and connect to a server before browsing with Brave or Firefox. Alternatively, configure Cloudflare’s 1.1.1.1 DNS by going to Android Settings -> Wi-Fi -> Modify Network -> Advanced -> DNS, and entering 1.1.1.1 to encrypt DNS queries. In Firefox, enable DNS-over-HTTPS (DoH) under Settings -> Privacy & Security -> Enable secure DNS, selecting Cloudflare. These tools complement the privacy features of the browser, creating a comprehensive shield against tracking and data leaks, especially on public Wi-Fi.

Additional Tips for Secure Browsing on Android Regularly Update Browsers to Patch Security Vulnerabilities

Keeping the browser updated is crucial for addressing security vulnerabilities and ensuring robust protection against emerging threats. Browser updates often include patches for exploits that hackers could use to access your data or compromise your device. To update, visit the Google Play Store, search for Brave or Firefox, and tap “Update” if a new version is available, or enable auto-updates in Play Store. Alternatively, check for updates within the browser’s settings—Brave under Settings > About Brave, or Firefox under Settings > About Firefox. Regularly updating the safeguards of your browsing experience, complementing practices to maintain a secure and private online presence.

Use Strong, Unique Passwords Managed by a Password Manager

Using strong, unique passwords managed by a password manager is essential when leveraging to secure accounts linked to browsers. Weak or reused passwords can expose synced data, such as bookmarks or saved logins, to breaches. A password manager like Bitwarden or LastPass generates and stores complex passwords, ensuring each account has a unique, secure credential. Download a trusted password manager from the Google Play Store, set it up with a master password, and integrate it with your browser—Firefox supports password manager extensions, while Brave has built-in password management. By securing accounts with a password manager, the best Android browser for privacy enhances your overall security, aligning with steps to protect your digital footprint.

Avoid Downloading Apps or Extensions from Unverified Sources

To maintain the integrity of the best Android browser for privacy, it’s critical to avoid downloading apps or extensions from unverified sources, which may contain malware or trackers that undermine privacy. Stick to the Google Play Store or official browser extension stores to ensure safety. Before installing, check developer credentials and user reviews for legitimacy. For instance, downloading Brave or Firefox from unofficial APKs risks installing compromised versions that could collect data.

Enable Two-Factor Authentication for Synced Browser Accounts

Enabling two-factor authentication (2FA) for accounts synced with the best Android browser for privacy, adds a vital layer of security to protect your browsing data. 2FA requires a second verification step, like a code sent to your phone or generated by an authenticator app, alongside your password. To enable 2FA, go to your Google account (for Brave sync) or Firefox account settings at accounts.firefox.com, navigate to “Security” or “Two-Step Verification,” and set up a method like Google Authenticator or SMS. This ensures that even if your password is compromised, synced data like bookmarks or history remains secure.

Conclusion

Selecting the best Android browser for privacy to safeguard your data against invasive tracking and security threats. By leveraging features like ad and tracker blocking, encrypted connections, and open-source transparency, these browsers offer robust protection while maintaining fast performance and user-friendly customization.

About Herond

Herond Browser is a cutting-edge Web 3.0 browser designed to prioritize user privacy and security. By blocking intrusive ads, harmful trackers, and profiling cookies, Herond creates a safer and faster browsing experience while minimizing data consumption.

To enhance user control over their digital presence, Herond offers two essential tools:

Herond Shield: A robust adblocker and privacy protection suite. Herond Wallet: A secure, multi-chain, non-custodial social wallet.

As a pioneering Web 2.5 solution, Herond is paving the way for mass Web 3.0 adoption by providing a seamless transition for users while upholding the core principles of decentralization and user ownership.

Have any questions or suggestions? Contact us:

On Telegram https://t.me/herond_browser DM our official X @HerondBrowser Technical support topic on https://community.herond.org

The post Best Android Browser for Privacy: Top 5 Picks for Secure Browsing appeared first on Herond Blog.

The post Architecting a Data-Centric Identity Security Infrastructure appeared first on Radiant Logic.

As the transition period for PCI DSS 4.0 draws to a close on March 31, 2025, PCI DSS 4.0.1 stands as the current version of the standard. More importantly, the March 31, 2025 deadline for full compliance with all new and customized PCI DSS 4.0 requirements is live. 

What's New in PCI DSS 4.0.1?

PCI DSS 4.0.1 represents a limited but important revision to version 4.0. While it doesn't introduce new requirements, it provides crucial clarifications that impact how organizations implement security controls, particularly around multi-factor authentication and payment page security. 

Key Clarifications in 4.0.1:

Phishing-Resistant Authentication Emphasis: 4.0.1 strengthens language around phishing-resistant authentication factors, providing clearer guidance on when they can substitute for traditional MFA requirements.

Enhanced iframe Responsibility Framework: The update clarifies that merchants are responsible for scripts running only on their own payment pages, and provides guidance on how to manage the security of payment page scripts when third-party elements are involved. This distinction is critical for organizations maintaining the security of their payment processing infrastructure, particularly concerning Requirement 6.4.3.

Refined Payment Page Script Management: Requirement 6.4.3 receives important refinements around how organizations monitor and secure payment page scripts, emphasizing supply chain security and the integrity of these scripts. 

The Universal MFA Mandate: What Changes on March 31, 2025

The universal MFA requirement under Requirement 8.4.2, introduced in PCI DSS 4.0, represents the most significant change coming into full effect with the March 31, 2025 deadline.

From Administrative to Universal Access Control

Previous Requirement (PCI DSS 3.2.1): MFA was required only for administrators accessing the cardholder data environment (CDE).

New Requirement (PCI DSS 4.0.1): MFA must be implemented for ALL access to the CDE, regardless of user role or access level

This expansion affects:

Cloud-based applications and services On-premises systems and applications Network security devices Workstations and endpoints Servers and databases Administrative consoles The Scope Challenge

Organizations are discovering that their CDE scope is broader than initially anticipated. The universal MFA requirement applies to:

Direct CDE Access: Any system that stores, processes, or transmits cardholder data System Components: All components that support CDE operations Network Infrastructure: Devices that route or control CDE traffic Management Systems: Platforms used to administer CDE components Practical Exceptions

Practical Considerations: PCI DSS 4.0.1 includes specific guidance regarding Requirement 8.4.2, acknowledging that MFA may not be feasible or necessary for every single transaction when cardholder data is accessed as part of a real-time process for a single transaction. Organizations must carefully review the nuances of this requirement to determine applicability, as the broader universal MFA mandate still applies to all CDE access. 

The Phishing-Resistant Authentication Advantage

A key clarification in PCI DSS 4.0.1 addresses phishing-resistant authentication. The standard now explicitly states that a phishing-resistant authentication factor can substitute for traditional MFA for non-administrative access in the CDE.

What Makes Authentication "Phishing-Resistant"?

Phishing-resistant authentication methods are designed to prevent credential theft even when users interact with malicious websites or applications. Key characteristics include:

Cryptographic binding: Authentication is cryptographically bound to the specific service No shared secrets: No passwords, SMS codes, or other interceptable credentials Origin verification: The authentication method verifies it's communicating with the legitimate service FIDO2 and Passkeys: The Gold Standard

PCI DSS 4.0.1's guidance continues to reference FIDO (Fast IDentity Online) standards, particularly FIDO2 and passkeys, as preferred authentication methods. These technologies offer:

Hardware-backed security: Credentials stored in secure hardware elements Built-in phishing resistance: Automatic verification of service authenticity Simplified user experience: Often requiring just a biometric gesture or device interaction The Hidden Costs of Traditional MFA at Scale

While organizations rush to implement universal MFA, many are discovering the hidden costs of scaling traditional authentication methods:

Operational Overhead Help Desk Burden: Forrester research indicates help desk calls average $42.50 per incident Token Management: Physical tokens require distribution, replacement, and lifecycle management User Productivity: Complex authentication processes can reduce worker efficiency by 10-15% Security Gaps  SMS Vulnerabilities: Text-based codes remain susceptible to SIM swapping and interception App-Based Weaknesses: TOTP applications can be compromised through malware or social engineering Bypass Risks: Complex MFA systems often include bypass mechanisms that create security holes Passwordless Authentication: The Strategic Advantage

Organizations implementing passwordless authentication solutions are finding significant advantages in meeting PCI DSS 4.0.1 requirements:

Simplified Compliance Single-Factor Phishing Resistance: Passwordless methods can meet MFA requirements with a single, strong authentication factor Unified Access Control: One solution for all CDE access points Reduced Complexity: Fewer authentication systems to manage and audit Enhanced Security Elimination of Shared Secrets: No passwords to steal, guess, or intercept Hardware-Backed Protection: Credentials stored in secure hardware elements Automatic Phishing Protection: Built-in verification of service authenticity Improved User Experience Streamlined Authentication: Often requiring just a biometric gesture Reduced Friction: No passwords to remember or tokens to carry Consistent Experience: Same authentication method across all systems Beyond Compliance: Building Long-Term Security

While meeting the March 31, 2025 deadline is critical, organizations should view PCI DSS 4.0.1 compliance as part of a broader security modernization effort.

Zero Trust Alignment

PCI DSS 4.0.1's authentication requirements align closely with Zero Trust architecture principles:

Never Trust, Always Verify: MFA for all access, regardless of location or user role Least Privilege Access: Strong authentication supports granular access controls Continuous Verification: Dynamic risk assessment and adaptive authentication Future-Proofing Authentication

The evolution from PCI DSS 4.0 to 4.0.1 demonstrates the ongoing refinement of security standards. Organizations investing in modern, phishing-resistant authentication are better positioned for future requirements.

The Universal MFA Requirements

With PCI DSS 4.0.1 representing the current version of the standard, the universal MFA requirement represents the most significant authentication change in PCI DSS history, affecting every user who accesses cardholder data environments.

Success requires more than just deploying MFA technology—it demands a strategic approach that considers user experience, operational efficiency, and long-term security objectives. Organizations that embrace modern, phishing-resistant authentication methods will not only achieve compliance but also establish a stronger security foundation for the future.

The question now isn't whether your organization will implement universal MFA—it's whether you'll do it in a way that enhances or hinders your business operations while meeting the evolving demands of payment card security.

PCI DSS 4.0.1 MFA FAQ

Q: What happens if we don't meet the March 31, 2025 deadline? A: Non-compliance can result in fines ranging from $5,000 to $100,000 per month, loss of payment processing privileges, and potential legal liability. More importantly, it leaves your organization vulnerable to data breaches and associated costs.

Q: Can we still use our existing MFA solution? A: Existing solutions may work if they can be extended to all CDE access points and meet the security requirements in PCI DSS 4.0.1. However, many legacy MFA systems lack the scalability and security features needed for universal deployment.

Q: What's the difference between phishing-resistant authentication and traditional MFA? A: Phishing-resistant authentication is cryptographically bound to specific services and cannot be intercepted or replayed, even if users interact with malicious sites. Traditional MFA methods like SMS or TOTP apps can be compromised through various attack techniques.

Q: How does PCI DSS 4.0.1 affect our cloud-based payment processing? A: The universal MFA requirement applies to all system components, including cloud-based applications and services. The 4.0.1 clarifications around iframe responsibilities help define specific obligations for different aspects of cloud-based payment processing.

Q: Is passwordless authentication required for PCI DSS 4.0.1 compliance? A: While not explicitly required, passwordless authentication using phishing-resistant methods can simplify compliance and provide stronger security than traditional MFA approaches. The standard's emphasis on FIDO-based authentication suggests a clear preference for these modern methods.

 

In today’s competitive job market, a university degree is no longer the only indicator of a graduate’s readiness for the workforce. Employers are looking for candidates who can demonstrate specific skills and achievements that go beyond a traditional transcript. This shift has led to a growing focus on graduate employability and how institutions can better prepare students to succeed after graduation. 

Overall, transcripts and diplomas don’t always tell the full story. That’s where verifiable credentials come in.  

These credentials give students a modern way to highlight their real-world skills and learning achievements. By providing a way for students to showcase their skills to potential employers, universities dramatically improve graduate employability outcomes. 

What Is graduate employability? 

Graduate employability refers to the skills, knowledge, and personal attributes that make graduates more likely to be employed and succeed in their chosen careers. Universities are under growing pressure to not only deliver academic content but also equip students with practical, real-world capabilities. Also, employers want greater insight into what a graduate can actually do, not just what degree they hold. 

Here is an example for the persistent gap between academic qualifications and labor market alignment:  

In 2021, the Federal Reserve Bank of New York found that 41% of recent college graduates (ages 22 to 27) were underemployed, meaning they were working in jobs that don’t require a college degree. That’s notably higher than the 34% underemployment rate for all college graduates.  

The role of verifiable credentials 

Verifiable credentials are digital representations of learning achievements that can be easily shared, displayed, and authenticated. Unlike a traditional diploma or certificate, a verifiable credential contains detailed metadata about what was learned, how it was assessed, who issued it, and when. 

These verifiable credentials are built using open standards, such as the Open Badges 3.0 specification and the W3C Verifiable Credentials framework. That means they are cryptographically secure, tamper-resistant, and can be verified instantly without the need to contact the issuing institution. 

How verifiable credentials enhance graduate employability

Here are a few ways credentials can directly support graduate employability: 

Make skills visible 

Verifiable credentials allow universities to highlight specific skills and competencies that may not appear on a transcript. From soft skills like communication and leadership to technical proficiencies like data analysis or project management, credentials give employers a clearer picture of a graduate’s capabilities. 

Support lifelong learning 

Employers value candidates who show a commitment to ongoing professional development. Verifiable credentials can be earned for microcredentials, workshops, internships, and extracurricular achievements to help graduates build a lifelong portfolio of verified learning experiences. 

Improve trust and transparency 

Verifiable credentials are secure and can’t be faked. Employers can instantly validate the issuer, criteria, and evidence behind a credential. This builds trust in the credential and in the graduate presenting it.  

Enable more equitable hiring 

Verifiable credentials help level the playing field by focusing on competencies rather than pedigree. A student from a smaller or lesser-known institution can stand out based on what they’ve actually learned and achieved, not just the name on their degree. 

Increase student motivation and engagement

Students are more likely to engage in skill-building activities when they know their efforts will be recognized in a way that’s useful after graduation. Digital credentials offer immediate, meaningful recognition that students can carry with them into the job market. 

Implementing verifiable credentials at your institution 

To effectively use verifiable credentials to boost graduate employability, universities should: 

Align credentials offerings with in-demand job skills and industry frameworks. 
Allow students to collect and manage their credentials in secure digital wallets. 
Promote employer awareness and acceptance of digital credentials. 
Embed credentials pathways into existing academic and co-curricular programs. 

At Anonyome Labs, our technology helps universities issue secure, tamper-proof credentials that students can easily share with employers without sacrificing data privacy or requiring ongoing verification support from your institution. 

Whether you’re launching a digital credentials program for the first time or upgrading your current system, Anonyome Labs can help you align with the latest standards and best practices for graduate employability. 

Book a demo today!

The post How universities can boost graduate employability with verifiable credentials  appeared first on Anonyome Labs.

Let's continue to delve into the issues of Identity support in implementing Business-to-Business (B2B) Software-as-a-Service (SaaS) applications by exploring access control.

Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage.

Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments.

Here are the main industry highlights of this week impacting identity and fraud, cybersecurity, trust and safety, financial crimes compliance, and privacy and consent management.

🪄Innovation and New Technology Developments

Facebook Adds Passkey Login Option to Boost Mobile App Security

Facebook is introducing passkey support on its mobile app, enabling users to log in using biometric authentication or device PINs instead of passwords. This move aims to enhance account security by reducing the risk of phishing attacks and password leaks. Passkeys link authentication to specific domains, preventing their use on fake websites. Meta plans to extend this feature to the Messenger app and Meta Pay, though no exact launch date has been announced. Users will still be able to use passwords or other login methods like two-factor authentication and security keys alongside passkeys. (Source)

Hopae Launches hConnect to Simplify Global eID Verification via Wallet-Based Authentication

Hopae has launched hConnect, a global electronic ID (eID) verification platform designed to streamline digital identity verification through indirect integration with government-issued eIDs. Unlike traditional document-based identity verification, hConnect leverages the growing adoption of digital identity wallets, particularly in the EU under eIDAS 2.0, to enable faster, more secure, and compliant user authentication. By acting as an intermediary, hConnect bypasses the complexity of direct integration with multiple national systems, offering access to over 100 eIDs, 99% wallet compatibility, and customizable user experiences. The platform is compliant with major standards including eIDAS 2.0, GDPR, and ISO 27001. (Source)

💰 Investments and Partnerships

Bitdefender Strengthens MSP Cybersecurity Portfolio with Acquisition of Mesh Security

Bitdefender has announced its acquisition of Mesh Security, an Israeli startup specializing in advanced email protection solutions tailored for managed service providers (MSPs). Mesh offers a dual-layered defense system that includes both secure email gateway filtering and API-based inbox protection for platforms like Office 365 and Google Workspace. Its technology addresses threats such as phishing, ransomware, and business email compromise through machine learning and threat intelligence. Bitdefender plans to integrate Mesh’s capabilities into its GravityZone platform, enhancing its appeal to MSPs and reinforcing its position in the global cybersecurity market. (Source)

Hypernative Raises $40 Million to Expand AI Threat Prevention Across Web3 and Blockchain Ecosystems

Hypernative has raised $40 million in a Series B funding round co-led by Ten Eleven Ventures and Ballistic Ventures, with participation from StepStone Group and existing backers. The company specializes in real-time, AI-powered threat prevention for Web3, serving over 200 clients and securing more than $100 billion in assets. Hypernative recently expanded its coverage to over 60 blockchain networks and introduced Guardian, a tool for simulating transactions to prevent blind signing. The funding will support expansion into fraud prevention, wallet-level transaction protection, and AI model enhancement. In 2024 alone, Hypernative identified over $2.2 billion in Web3-related security losses, underscoring the urgency of its mission. (Source)

Coralogix Reaches Unicorn Status with $115 Million Raise and Launch of AI Agent Olly for Observability Data

Coralogix has achieved unicorn status with a new $115 million funding round led by NewView Capital, along with CPPIB and NextEquity Partners, pushing its valuation above $1 billion. Despite not yet being profitable, the Israeli data analytics firm has seen a sevenfold revenue increase since its 2022 raise, largely due to continued heavy investment in R&D. As part of its growth, Coralogix launched “Olly,” an AI agent that allows users to query complex observability data through natural language, aiming to make system insights accessible across teams. The move aligns with broader trends in SaaS and AI adoption, as financial and tech sectors increasingly turn to agentic AI systems to manage data complexity and regulatory risk. Read the full article

Stripe Acquires Privy to Strengthen Digital Asset Management and Bridge Fiat-Crypto Systems

Stripe has acquired Privy, a crypto wallet infrastructure company, to enhance its capabilities in digital asset management. Privy, which provides APIs for secure wallet creation and transaction signing, supports over 75 million accounts and facilitates billions in transactions across more than 1,000 developer teams. The acquisition aligns with Stripe’s broader strategy to bridge fiat and crypto systems, following its recent expansion of international money movement tools and support for new payment methods like UPI and Pix. Stripe Co-founder John Collison highlighted the growing importance of stablecoins and AI in transforming online commerce, noting increased interest from banks in integrating stablecoins into their offerings. (Source)

LevelBlue Acquires Aon’s Cybersecurity Units to Build Unified Global MSSP Platform

LevelBlue, a Dallas-based managed security services provider formerly known as AT&T Cybersecurity, is acquiring Aon’s Cybersecurity and IP Litigation consulting groups—including Stroz Friedberg and Elysium Digital—to expand its global cybersecurity offerings. This strategic acquisition brings LevelBlue a team of 300 professionals with deep expertise in incident response, digital forensics, and IP litigation, significantly strengthening its consulting and technical capabilities. The integration aims to create a unified cybersecurity services platform that combines LevelBlue’s AI-driven detection and response with proactive consulting to deliver faster, more comprehensive cyber resilience solutions. The deal also establishes a strategic partnership between LevelBlue and Aon, enabling joint client services and enhancing LevelBlue’s presence among Fortune 500 companies and top law firms. Analysts view the acquisition as a pivotal move that positions LevelBlue as a leading global independent MSSP and boosts its standing with cyber insurers and enterprise clients. (Source)

Securonix Acquires ThreatQuotient to Deliver Unified AI-Driven Threat Detection and Response

Securonix, a Plano-based security analytics platform, has acquired Virginia-based ThreatQuotient to create a unified, AI-driven system for advanced threat detection, investigation, and response. The integration combines Securonix’s Agentic AI capabilities with ThreatQuotient’s curated external threat intelligence to reduce false positives by up to 90% and accelerate incident response by up to 70%. This comprehensive platform aims to modernize security operations by offering real-time analytics, automated workflows, and deeper context, helping teams respond faster and more effectively to evolving cyber threats. Customers and partners will benefit from enhanced scalability, flexible deployment options, and accelerated innovation through the merged R&D efforts. ThreatQuotient will continue as a standalone product while gaining access to Securonix’s broader infrastructure and ecosystem, promising seamless service and expanded value for both enterprise and government clients. (Source)

⚖️ Policy and Regulatory

World Accelerates Thai Expansion Amid Indonesian Suspension Over Biometric Violations

World, the digital identity platform operated by Tools of Humanity, is expanding rapidly in Thailand through partnerships with 11 local firms, including National Telecom and digital asset exchanges such as Bitazza and Binance TH. Since introducing its iris-scanning Orb devices in March, over 100,000 users have submitted biometric data, with plans to reach 2 million users by year’s end. However, in contrast, Indonesia has suspended World’s services due to regulatory violations related to biometric data collection and inadequate protections for vulnerable populations. Authorities have ordered the deletion of collected data and imposed new compliance conditions. Meanwhile, World has launched its first U.S. ad campaign and expanded its Orb rollout and blockchain integration with stablecoin issuer Circle. (Source)

23andMe Fined £2.31 Million by UK ICO for Major Data Breach Exposing Sensitive User Information

The UK Information Commissioner’s Office (ICO) has fined DNA testing company 23andMe £2.31 million for a significant 2023 data breach that exposed sensitive information from over 155,000 UK users. The breach occurred through a credential stuffing attack, leveraging reused passwords from other breaches to access 14,000 accounts, ultimately compromising data related to 6.9 million individuals. While DNA records were not accessed, exposed details included ethnicity, health information, and family histories. The ICO found 23andMe lacked adequate security measures, such as mandatory multi-factor authentication. Amid ongoing bankruptcy proceedings, the firm’s assets are set to be sold to TTAM Research Institute for $305 million, with new commitments to improve data protections and give users greater control over their data. (Source)

Louisiana Faces Backlash Over Bills Mandating Online Age Verification and Parental Consent for Minors

Louisiana is at the center of a legislative clash over online age verification, as two major bills—HB 570 and SB162—provoke controversy from tech companies and civil liberties advocates. HB 570, awaiting gubernatorial approval, would require app stores and developers to implement age assurance for apps with adult content, raising concerns from groups like the CCIA and Google about user privacy and disproportionate burdens on developers. Meanwhile, SB162 mandates parental consent for social media accounts created by minors under 16 and restricts targeted advertising and messaging, but is currently on hold due to a legal challenge from industry group NetChoice, which argues the law is unconstitutional and inconsistently applied. (Source)

DOJ Antitrust Review of Google’s $32 Billion Wiz Acquisition Signals Scrutiny of Cloud Expansion

The U.S. Department of Justice is reviewing Google’s proposed $32 billion acquisition of cybersecurity firm Wiz Inc. to assess potential antitrust concerns. The deal, announced in March, is part of Google’s effort to strengthen its cloud computing services, following a similar move with its 2022 acquisition of Mandiant. The review is in its early stages and could extend for several months, examining whether the merger could unfairly restrict competition. Google has prepared for possible regulatory hurdles by agreeing to a $3.2 billion breakup fee. This scrutiny comes amid broader antitrust actions against Google, including rulings that found the company maintained monopolies in online search and advertising technology markets. (Source)

🔗 More from Liminal

Access Our Intelligence Platform

Stay ahead of market shifts, outperform competitors, and drive growth with real-time intelligence.

Link Index for Business and Entity Verification (BEV)

Discover the Top 20 Vendors on the Link Index for BEV and gain an unfair competitive advantage through unparalleled access to expert insights.

Liminal Demo Day: Combating AI Threats

Learn how leading teams are tackling the rise of deepfakes, bots, and identity fraud in 15-minute demos—no fluff, no marketing buzzwords.

The post This Week in Identity appeared first on Liminal.co.

U.S. community banks are under pressure to improve KYB (Know Your Business) compliance for small business accounts, especially in light of evolving FinCEN and OCC guidelines. This article explores how KYB modernization using iComply can help banks uncover risk, automate beneficial ownership discovery, and streamline business account onboarding—without increasing compliance headcou

Community banks are the backbone of American Main Street. They finance local businesses, support job creation, and deliver personalized service in ways that larger institutions often can’t. But in 2025, these same banks face increasing pressure from regulators to modernize their approach to KYB—Know Your Business—especially when onboarding and monitoring small and medium-sized business (SMB) accounts.

The Bank Secrecy Act (BSA), the Corporate Transparency Act (CTA), and updated FinCEN guidance are reshaping expectations around business verification, beneficial ownership identification, and AML due diligence. For community banks, this means a new era of regulatory scrutiny—with limited resources to meet it.

The Compliance Challenge

Unlike large banks with dedicated compliance divisions and automation budgets, most community banks operate with tight teams and resource constraints. Yet the burden of compliance is growing:

FinCEN’s Beneficial Ownership Information (BOI) Rule now requires detailed UBO disclosures from most business clients OCC guidelines emphasize continuous monitoring and risk-based segmentation of commercial clients SMB clients often have opaque structures—LLCs, trusts, layered ownership—that require more intensive due diligence

Without the right tools, community banks may face:

Slowed onboarding and increased abandonment Gaps in beneficial ownership data Difficulty proving compliance during audits Higher costs and staff burnout Where Traditional KYB Falls Short

Manual Processes: Many banks still rely on PDFs, in-branch document scans, or email back-and-forths to collect business documents and ownership information. This is time-consuming and error-prone.

Fragmented Vendor Stacks: It’s common to see a mishmash of ID verification tools, AML screeners, and reporting systems that don’t talk to each other.

Reactive Risk Management: Without automated triggers, compliance teams may only discover red flags during periodic reviews or when alerted by third parties.

How iComply Modernizes KYB

iComply’s modular platform enables community banks to take a smarter, proactive approach to KYB with tools designed for the complexity of modern SMB verification.

1. UBO Discovery & Corporate Structure Mapping

Automated workflows parse corporate filings, shareholder data, and registry sources to:

Identify direct and indirect beneficial owners Connect ownership chains and nominee relationships Flag high-risk jurisdictions and complex structures 2. Smart Document Collection

Customizable white-label portals guide businesses through document uploads (e.g., Articles of Incorporation, licenses, shareholder agreements) using a risk-based logic tree.

3. Ongoing Risk Monitoring

Integrate AML watchlists, PEP screening, and adverse media scanning into the KYB lifecycle. Set triggers based on changes in ownership, risk score, or business activity.

4. Edge Computing for Privacy Compliance

Sensitive data—like passports or ID documents of directors—is processed locally on the user’s device before encryption and transfer, supporting data sovereignty and reducing breach risk.

5. Ready-to-Audit Records

Every onboarding and refresh event is logged with full audit trails, timestamps, and linked source documents—streamlining exam prep and reducing regulatory friction.

Case Study: Midwestern Community Bank

A regional bank serving agricultural and construction businesses implemented iComply’s KYB module to address onboarding delays and incomplete BO data. The result:

Reduced average onboarding time from 5 days to less than 24 hours Increased accuracy of UBO records by 60% Passed a FinCEN audit with zero deficiencies Regulatory Outlook for 2025 CTA Enforcement: As FinCEN begins enforcing penalties for BOI non-compliance, banks will need stronger controls to validate and monitor client-provided data. OCC AML Exam Priorities: Community banks should expect increased examiner focus on KYB workflows, documentation, and UBO verification methods. Technology Standards: There’s growing regulatory support for adopting centralized platforms that reduce fragmentation in compliance operations. Recommendations

Community banks should:

Review and update KYB policies to reflect CTA and FinCEN rule changes Replace manual and fragmented vendor processes with centralized, automated workflows Prioritize edge-secure solutions that support privacy, security, and audit readiness Talk to Our Team

Is your KYB process ready for 2025? iComply helps U.S. community banks modernize onboarding, uncover hidden risk, and comply with BOI rules—without growing your team.

Connect with us today to learn how we can help you simplify small business compliance and stay ahead of regulatory change.

Metadium Developer Joins the Digital Identity Technology Standard Forum(DITS) to Advance Korea’s DID Standardization and Ecosystem Metadium Developer Joins the Digital Identity Technology Standard Forum to Advance Korea’s DID Standardization and Ecosystem

Hello from the Metadium Team,
We are pleased to announce that CPLABS, the developer of the Metadium mainnet and a leader in Decentralized Identity (DID) technology, has officially joined the Digital Identity Technology Standard Forum (DITSF) — Korea’s core consortium for digital identity standardization.

This move goes beyond a formal membership. By combining Metadium’s differentiated DID technology with the forum’s national standardization strategy, we anticipate generating powerful synergies that will accelerate the advancement of Korea’s digital identity ecosystem.

🛡 Metadium: Technology Innovation for Realizing Self-Sovereign Identity

Since launching its Genesis Block on March 18, 2019, Metadium has been committed to developing a Self-Sovereign Identity (SSI) infrastructure that securely connects real-world and digital identities.

Our key innovations include:

Development of Meta ID, based on DID and Verifiable Credentials (VC) Integration of Decentralized Public Key Infrastructure (DPKI) Privacy-first, consent-based authentication mechanisms

Without relying on third-party certifying authorities, Metadium enables individuals to verify their identity autonomously. Through extensive real-world deployment of our DID services, we have demonstrated both the practicality and security of our platform.

📈 Looking Ahead: Opening a New Era for DID Technology with Metadium

DID technologies are rapidly expanding across various industries, including privacy protection, Know Your Customer (KYC), authentication, and access control. The global DID market is projected to grow from USD 694.37 million in 2024 to over USD 10.66 billion by 2030. Standardization is critical to this expansion.

Metadium will continue to:

Proactively contribute to the standardization of Korea’s DID technology Lead efforts in achieving interoperability across blockchain ecosystems Strengthen technical and policy foundations for global market entry Collaborate with ecosystem participants to share knowledge and solutions

This forum participation marks a meaningful step in connecting Metadium to both domestic and international DID standardization ecosystems — and in realizing a future society based on decentralized digital identity.

📢 Stay Updated — Join the Metadium Community

We’ll continue sharing real-world DID use cases, AI-powered service launches, and partnership news every week.

Website | https://metadium.com Discord | https://discord.gg/ZnaCfYbXw2 Telegram(EN) | http://t.me/metadiumofficial Twitter | https://twitter.com/MetadiumK Medium | https://medium.com/metadium

Thank you.

Metadium team.

메타디움 개발사, 디지털신원기술표준포럼 합류로 대한민국 디지털 신원 표준화 및 생태계 고도화에 기여

안녕하세요, 메타디움 팀입니다.

메타디움 블록체인 메인넷 개발사이자 DID 기술 선도 기업인 (주)씨피랩스가, 국내 디지털 신원 표준화 분야의 핵심 협의체인 디지털신원기술표준포럼(Digital Identity Technology Standard Forum)에 정식 회원사로 참여하게 되었음을 알려드립니다.

이 합류는 단순한 회원 등록을 넘어, **메타디움이 보유한 차별화된 탈중앙화 신원 기술(DID)**과 포럼이 추진하는 국가 DID 표준화 전략이 결합하여, 대한민국 디지털 신원 기술 생태계에 강력한 시너지를 창출할 것으로 기대됩니다.

🛡 메타디움: 자기주권 신원의 실현을 위한 기술 혁신

메타디움은 2019년 3월 18일 제네시스 블록을 시작으로, 현실 세계와 가상 세계의 신원을 안전하게 연결하는 Self-Sovereign Identity(SSI) 비전을 추구해 왔습니다.

DID와 Verifiable Credentials(VC)에 기반한 ‘메타 ID(Meta ID)’ 시스템 개발 Decentralized Public Key Infrastructure(DPKI) 기술 도입 개인 데이터의 프라이버시 보호와 사용자 동의 기반의 인증 구조 실현

메타디움은 제3의 기관 없이도 개인이 스스로 신원을 증명할 수 있는 완전한 탈중앙화 신원 시스템을 구축해왔으며, 다수의 상용 DID 서비스 경험을 통해 실효성과 보안성 모두를 입증했습니다.

🤝 표준 포럼 합류: 국내외 DID 기술 조율과 국제화의 교두보

디지털신원기술표준포럼은 국내 DID 및 SSI 기술의 국제 표준 연계를 목표로 하는 협의체로, 산업계, 학계, 연구기관, 정부기관과 국제 표준기구(DIF, OIDF, ToIP, IETF 등) 간의 기술 정합성과 확산을 이끄는 중추 역할을 수행합니다.

메타디움은 다음과 같은 방식으로 기여할 예정입니다:

W3C DID 기반 상용 서비스의 실무 경험 공유 이종 블록체인 간 상호운용성 확보를 위한 기술 제안 표준화 위원회 및 분과 활동을 통한 정책·기술 제안 최신 글로벌 표준 동향 반영 및 기술 개발 로드맵 통합

특히 메타디움이 전략적으로 추진 중인 ‘Universal ID(유니버설 ID)’ 비전은, 다양한 블록체인 간의 DID 연계와 통합을 지향하며 포럼의 국제화 전략과도 긴밀히 연결됩니다.

📈 미래 전망: 메타디움과 함께 여는 디지털 신원 기술의 새 시대

DID 기술은 개인정보 보호, KYC, 인증, 접근제어 등 다양한 산업에서 빠르게 확산되고 있으며, 2024년 약 6억 9,437만 달러에서 2030년 106억 6,000만 달러까지 급성장이 예측됩니다. 이 가운데, 기술 표준화는 산업 확장의 핵심입니다.

메타디움은 다음을 수행합니다:

대한민국 DID 기술 표준화에 적극 기여 블록체인 기반 신원 기술의 상호운용성 확보 주도 글로벌 시장 진출을 위한 기술 및 정책적 기반 강화 DID 생태계 참여자들과의 지속적 협력 및 기술 공유

이번 표준 포럼 참여를 계기로, 메타디움은 국내외 기술 생태계에 연결되는 실용적 DID 표준화를 추진하고, DID 기반 사회를 실현하는 데 앞장설 것입니다.

📢 매주 발표되는 소식을 받기 위해 메타디움 커뮤니티를 구독하세요

다양한 분야에서 DID의 적용과 AI 기술 활용 사례, 협업 소식이 매주 이어집니다.

Website | https://metadium.com Discord | https://discord.gg/ZnaCfYbXw2 Telegram(EN) | http://t.me/metadiumofficial Twitter | https://twitter.com/MetadiumK Medium | https://medium.com/metadium

감사합니다.

메타디움 팀.

Metadium Developer Joins the Digital Identity Technology Standard Forum(DITS) to Advance Korea’s… was originally published in Metadium on Medium, where people are continuing the conversation by highlighting and responding to this story.

Discovery lies at the heart of research, but without solid data management, even the best datasets risk becoming unusable. Whether you're working solo or on a global team, good RDM keeps data organized, secure, and reusable—long after a project ends. Tools like myLaminin simplify this by supporting key practices like structured file naming, standardized metadata, and secure backups. As funder and journal expectations grow, effective data management is no longer optional - it’s essential.

 

Predictoor DF146 rewards available. DF147 runs June 19th — June 26th, 2025 1. Overview

Data Farming (DF) is an incentives program initiated by ASI Alliance member, Ocean Protocol. In DF, you can earn OCEAN rewards by making predictions via ASI Predictoor.

Data Farming Round 146 (DF146) has completed.

DF147 is live today, June 19th. It concludes on June 26th. For this DF round, Predictoor DF has 3,750 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF147 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF147

Budget. Predictoor DF: 3.75K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and ASI Predictoor

Ocean Protocol was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF146 Completes and DF147 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

By: Helen Garneau

In March 2025, online brokerage firms in Japan were hit by a massive wave of account takeovers. Criminal groups used phishing sites to steal login credentials from investors, then logged in and executed trades—sometimes worth millions of yen—without the account holders’ knowledge. More than 100 stocks are believed to have been manipulated in the process.

The attack followed a familiar pattern: attackers built fake websites mimicking legitimate brokerage login pages. Unsuspecting investors entered their credentials, which were then used to log in as if they were the real account holders. In one case, a man lost over ¥2 million (about $14,700 USD) in minutes; in another, an account was accessed from an unfamiliar region and drained of nearly ¥10 million (about $70,000) in assets.

No compensation

Because these attacks used valid usernames and passwords, brokerages argued they weren’t at fault and denied compensation to the victims. From the system’s perspective, it looked like the real user had initiated all the trades. 

No protection

Weak authentication that puts all the risk on the customer undermines trust in the entire trading ecosystem. And it’s an unsustainable security position when AI-tools and biometric identity fraud are added to the attacks on user accounts. 

Are brokerages really going to take the position that a fake biometric was “real” as far as their system was concerned — and it’s the customer’s responsibility for their biometric data being faked or stolen?

A better and more powerful way to authenticate account holders

Step 1: Replace usernames and passwords for customer accounts with Verifiable Credentials

A Verifiable Credential is a tamper-proof digital credential that a customer holds in a digital wallet on a mobile device. 

It’s verified by cryptography so authentication is seamless and doesn’t involve the process of inputting personal data that can be phished or stolen. 

The credential can’t be shared or stolen because of the way it is bound to the customer and their device.

Step 2: Add a verified biometric to the credential

This can be done when a customer is onboarded, or it can be derived from a government issued ID during and combined with a liveness check to ensure the image on the ID matches the real, live person.

Now you have a way to cross check a liveness check in real time, mitigating biometric identity fraud and the risk of generative AI deepfakes. The customer has a way of proving that they are really who they present as.

Mutual trust, built in

With this setup, the customer and the brokerage verify each other before any data is shared. Customers can be sure they’re dealing with the real brokerage. Brokerages can be sure they’re dealing with the real customer. And phishing attempts are detected and blocked before they begin.

Built for compliance and trust

Verifiable transactions: Your customer holds and controls their data from their device and you can cryptographically verify their identity and data without having to check it against information held in the cloud or by a third-party identity provider. Simplified compliance: Since biometric data never leaves the user’s device and doesn’t need to be stored by the brokerage or a third party to be verified, brokerages aren’t burdened with the responsibility of storing or managing that sensitive information. This reduces liability and makes it easier to align with strict data protection regulations. Consumer trust: When customers know that no trade can be executed without their personal, biometric consent, they feel secure. Brokerages can point to real safeguards—not just promises—when reassuring their customers that their investments are protected by the latest in identity security technology. Indicio Proven makes all this simple

Indicio Proven makes it easy to issue and verify these credentials, radically simplifying identity assurance and data sharing — and at significantly lower cost than conventional identity providers.

This is why Money2020 selected Indicio as one of one of the key startups in 2025 “transforming the future of money.”

Take the first step to streamlined, secure, globally interoperable digital identity

Book a demo of Indicio Proven Auth and discover how to bring powerful, portable, privacy-preserving digital identity to your platform—reducing risk, lowering costs, and building the foundation for trusted, seamless services.

###

The post Use Case: How Indicio Proven can help to stop account takeovers in securities trading appeared first on Indicio.

Publishing in peer-reviewed journals is more than tradition—it’s a strategic step in advancing careers, meeting funder mandates, and fueling scientific progress. In today’s data-driven world, platforms like myLaminin support researchers at every stage, from managing metadata and version control to ensuring compliance and transparency. With myLaminin, publishing becomes not only easier but also more impactful, aligning with modern research demands.

Nobitex, Iran’s largest cryptocurrency exchange, suffered a major hack on 18 June. Elliptic has so far identified over $90 million sent from Nobitex wallets to hacker addresses. 

 

Fastly earns "Deployed on AWS" status, enhancing procurement and savings for AWS Marketplace users. Explore our cloud-optimized CDN and security solutions today.

When a learner earns a credential, whether it's a workforce certificate, micro-credential, or degree, they deserve to share it with the same trust, control, and clarity that we expect in any other critical verification process.

As Learning and Employment Records (LERs) gain traction across education, training, and workforce systems, we're facing a pivotal challenge: Why aren't these credentials built on the same principles of transparency, consent, and interoperability as other verified information in our digital lives? If LERs continue to rely on fragmented standards, formats, and verification practices, learners are left navigating a maze while employers and institutions struggle to interpret records consistently and securely.

To build trust in the LER ecosystem, we need credentialing infrastructure that meets users where they are: portable, verifiable, and understandable across contexts.

The Existing Model: Simple but Limited

In many implementations, the credential is uploaded to a central service after issuance. The learner shares a static URL or QR code, and anyone with access can view the full contents and verification status, no wallet or special tools are needed on the verifier's side. This ease of access is a clear benefit.

However, the model is generally more centralized than might be desired, which comes with some challenges. First is control of and access to data. The verification experience relies on the availability and integrity of a third-party service (or, commonly, services tied to the issuer) that holds the credential data. If the user is removed from that system, they lose the badge information stored in that system. This makes the holder dependent on the issuer to maintain the service and credential info for them. Next is reliability - if the badge-holding system goes offline or is compromised, the verification capabilities are also lost. Lastly, there is the question of privacy. If the verifier must visit a central service, particularly one managed by the issuer, then the issuer knows who is verifying what information about every badge. That is a powerful set of tracking data.

When the entire credential is shared and made broadly available for verification at a public or semi-public address, there's no opportunity for selective disclosure, either to choose not to share certain information or to give consent per verification request. Even when this type of badge sharing is revocable, these links generally are “all or nothing” and lead to overexposure. 

We want to evolve these solutions as we move towards a more privacy-preserving, user-controlled world of digital data sharing. 

A New Approach: Privacy-Preserving, Standards-Based Verification

At SpruceID, we’ve taken a new approach to building Learning and Employment Record (LER) credentials, one that gives learners more control and privacy. We use the Open Badges 3.0 standard, which defines a common way to describe learning achievements so they can be recognized across different platforms. Open Badges 3.0 specifies the Verifiable Credentials Data Model (VCDM) 2.0 for structuring these credentials, enabling cryptographic security, portability, and tamper resistance. This approach gives learners more control over how their credentials are shared and verified while aligning with emerging ecosystem standards.

For issuing and presenting credentials, we use OID4VC (OpenID for Verifiable Credentials) and OID4VP (OpenID for Verifiable Presentations), which allow credentials to be securely shared in real-time, with the holder’s consent rather than stored on a central server. To support selective disclosure, we package the credential using SD-JWT VC, a format that lets the holder reveal only specific pieces of information rather than the entire credential.

Altogether, this approach lets learners store credentials in their secure digital wallet and decide exactly what they share, when, and with whom, providing stronger privacy, less reliance on intermediaries, and better alignment with data protection laws.

In this model:

Credentials live with the holder, not on a hosted server Verification is interactive, happening in real time between the holder and verifier Only necessary information is shared, thanks to selective disclosure and user consent flows Standards like GDPR and FERPA are easier to support by design

This approach preserves portability: learners can use their credentials across platforms and systems, even if the original issuer or platform disappears. It's also designed for longevity, supporting lifelong learning records that the holder truly owns and controls.

Why This Matters

We believe credential holders deserve the same control over their achievements that they are learning to expect from their identity data. That means user consent, data minimization, and resilience against vendor lock-in.

For issuers, this means credentials that are portable and can be used across systems and platforms.

For verifiers, it means a more secure, tamper-resistant way to confirm qualifications, with standards-based integrations that can plug into existing HR or admissions workflows.

For learners, this means credentials they truly own, not just access to a link but full control over how their accomplishments are shared and seen.

A Familiar Yet More Secure UX

Although this model introduces more real-time interactions, the user experience remains intuitive. For example, when an employer wants a job applicant to verify their appropriate credential, they can embed a QR code for the learner to scan with their credential wallet. This allows the learner to review the request, simply scan the QR code, and tap “approve” when prompted. As more systems begin to use open standards, any compliant wallet or verifier would be able to participate in building out or adopting these solutions. Broad compatibility is critical for long-term ecosystem success.

Verifiers will likely need to adapt their existing processes to a small extent. Instead of reviewing a credential on a webpage, a recruiter or admissions officer might need to share an OID4VP QR code and save the results from that request instead. Although this is a shift, it offers more security and reduces fraud, and simple integrations with verifier products will evolve over time.

Supporting Optionality

We also recognize that one size doesn't fit all. Some credentials are meant to be widely shared and carry less sensitive data. For some use cases, public links will always make sense. These scenarios can still support individuals by adding short-lived presentation tokens or creating one-time verification experiences that can be shared with a key or code. 

Our goal is to offer institutions and holders flexibility to choose between high-trust, high-control models and simpler, open-sharing options depending on what’s appropriate for their business needs.

Building LER Credentials for the Future

As digital credentials become a foundational layer of how we recognize learning and achievement, it's time to evolve the way we verify them. Static links and centralized systems have their place, and have been a baseline and necessary first step, but there are exciting improvements to these expectations that we are beginning to see around privacy, control, and interoperability. 

At SpruceID, we believe that by embracing open standards, centering learner privacy and consent in these processes, and empowering users with modern, secure digital credential wallets, we can create a verification experience that is simultaneously intuitive, resilient, and trustworthy.

Learn More

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.

Indicio, through its partnership with SITA, will participate in the European Union’s APTITUDE Consortium to develop digital travel credentials for the EU Digital Identity Wallet. Indicio and SITA developed the world’s first Digital Passport Credential based on International Civil Aviation Organization (ICAO) standards for Digital Travel Credentials and successfully combined it with digital credentials following European Union digital identity specifications for seamless international travel.

DUBLIN — June 17, 2025 — Indicio, the global leader in Verifiable Credential technology and decentralized identity infrastructure, is excited to  announce that it will participate in APTITUDE, the latest official  European Digital Identity Wallet (EUDI Wallet) Large Scale Pilot. APTITUDE will focus specifically on travel and payment within the European Digital Identity Framework. 

Through its partnership with SITA, Indicio will contribute to the development of government-issued digital travel credentials based on International Civil Aviation Organization (ICAO) specifications (DTC Type 2). These credentials will serve as digital passports, enabling preauthorized travel and seamless border crossing. 

Working with SITA and Aruba, Indicio previously developed and successfully implemented the world’s first Digital Passport Credential based on ICAO’s DTC Type 1 standard, which involved a passenger deriving a digital credential from their passport and authenticating the biometric image in the passport chip with a liveness check of the passenger.

“The ability to combine authenticated biometrics in a tamper-proof Verifiable Credential is the foundation of  “government-grade” digital identity,”  said Heather Dahl, CEO of Indicio. “It’s an inflection point where digital identity can be universally trusted. So it’s a really critical step for governments to be able to issue these kinds of credentials directly. As longtime champions of this technology, we are deeply grateful to be able to participate in this world-changing trial through our European partner, SITA. The APTITUDE trial has the potential to help everyone advance to secure, privacy-preserving digital identity and to make travel seamless.”

The world is becoming verifiable

With Gartner Research forecasting that “at least 500 million smartphone users will be regularly making verifiable claims using a digital identity wallet” by 2026, Europe’s implementation of digital wallets and Verifiable Credentials is accelerating global adoption.

The technology is sector spanning, with seamless, secure applications in aviation, hospitality, border security, education, banking and finance, and government services. With Indicio Proven, enterprises and governments have the widest range of credential formats and protocols, a digital wallet SDK, powerful governance software, and ledger and ledgerless support to rapidly implement interoperable Verifiable Credential solutions for seamless data sharing and identity verification.   

About Indicio

Indicio is a global leader in Verifiable Credentials, decentralized identity, and digital trust infrastructure. From powering national identity pilots to enabling seamless travel, Indicio helps governments and businesses build data and identity systems that are secure, privacy-preserving, and interoperable across borders and industries.

Contact us today for a demonstration of Indicio’s authenticated biometric identity credentials and to workshop their use for your digital travel or customer account authentication.
###

The post Indicio to help develop digital travel credential in European Union digital wallet trial appeared first on Indicio.

Back in 2018, our conversations revolved around how India’s UPI is picking up, and similarly why document verification is still so time consuming. We were discussing mainly usecases like VISA processing, Higher education across the border, and dreaded Government office visits in India, where every time you visit, there will be one more document missing between us and what we want to get. That is where we focused on solving for ‘trust’ in digital transactions, leading us to dive deep into something called Verifiable Credentials (VC). 

Fast forward five years, and many usecases spanning from nation scale (ONDC, NPCI etc), and small apartment usecases (for the likes of certificates for cultural programs, sports events etc), we’ve gathered some insights we’d love to share.

Understanding Verifiable Credentials (VC)

VC is a w3c standard for how to share information/credentials. At its core, VC aims to:

Confirm that the credential hasn’t changed since it was issued.
Verify the issuer’s identity.
Check if the credential is still valid (not expired).
Determine if the credential has been revoked.

VCs are a powerful way to manage credentials, helping machines quickly verify digital documents and boosting trust. It also focuses on providing the user the much needed ownership of her/his data. But, alas widespread adoption hasn’t fully taken off yet. The reasons for it are many, and valid when you think from the lens of the adopters. Lets list some.

It is an ecosystem story: You need all 3 parties (Issuer, Holder, and Verifiers) to use it to make it meaningful Interoperability: Even though standard is flexible and provides options to interoperability, majority of the solutions use custom proof section, and ZK (ZeroKnowledge) system, making the issuer data, not easily verifiable from the service providers. Government is a major stakeholder: In many scenarios, and usecases, the ball stops at the government. Because the Government’s adoption is a key blocker to build ‘trust’ in solutions. Changes to existing software products: For many private companies we spoke to, the economics of making changes to existing software stacks was not feasible, and VC standards needed that change to even get started. Who pays? As it is an ecosystem play, the question in mind of for-profit companies is, who should pay? Why should I pay if I am issuing VC, because the service providers are benefiting from ‘Verifiable’ data. For non-profits, it is not sustainable to keep funding the efforts repeatedly For Govt and Executives, the ‘perk’ is not very clear. If people don’t come to offices, how do they ‘exercise’ their power? Few of the visionaries wanted it, but bureaucracy is such that the very few startups in this space can never work with the government because of stricter tender norms.

But someone has to break this huge blocker, and here is how we approached the problem and designed the solution stack.

Data Tokenization by Dhiway

This is where data tokenization comes into play—think of it as adding a powerful new capability of verification without changing your existing data. Here’s what makes it valuable:

Integrity Checks: Easily verify if content remains unchanged by comparing hashes.
Issuer Verification: Use digital signatures (private/public keys) to confirm who issued the document.
Validity Checks: Include expiry directly within your data to manage validity effortlessly.
Revocation Control: The issuer can dynamically manage document status through tokens.

But that’s just the beginning. Data tokenization offers even more advantages than traditional VCs:

Easy Integration: Seamlessly connect with your current systems without additional changes.
Universal Compatibility: Tokenize any document type, not just JSON-based VCs.
Enhanced Trust: Transparent, decentralized logging ensures complete trustworthiness.
Time-series Verification: See document changes over time, not just single-point verification.

Sounds Ideal, What’s the Catch?

The primary limitation is that unlike VCs, which may be verified offline, data tokenization requires internet connectivity to interact with network nodes for verification. Beyond this, data tokenization is remarkably versatile and simple to implement.

More Benefits You Should Know About Compliance Ready: Fully aligns with data privacy standards like DPDP and GDPR.
Flexible Security: Easily rotate keys for added security.
Empowerment: Delegate issuance powers, enabling broader participation.
Enhanced VC (VC++): Even VC JSON data (without embedded proof) can be tokenized for convenient use, much like a digital wallet.
Enhanced mDoc (mDoc++): Supports modern credential formats like mobile Driver Licenses (mDL).
Simplified Storage: Store tokenized data flexibly across various platforms like Google Drive, WhatsApp, local folders, or FTP servers, eliminating the need for dedicated wallets.

One may ask, “ ‘Tokenization’ is the word which is loosely used with web3 and blockchain technologies, isn’t it for ‘Transaction’ only?”. We always say, tokenization is a key word that came to highlight, because more people are using it. It is already being done. The STOCK MARKET works on tokenized shares today. The Bankers Cheque (Demand Draft/DD) is another such example. We are talking about ‘Data’ here, which is surely a superset of every thing we talk about Tokenization.

Does Tokenization solve all the things mentioned above?

Common Standard. Simple API to access.  NO (major) CHANGES to existing software products, they continue to generate documents as is, with a new API added to it.  The government can integrate without concern of sovereignty concerns. Who pays? : This will be explained in a separate blog, many interesting pointers here, and we believe you will come back to read about it It is an ecosystem story: Decentralized networks are designed for ecosystems. With CORD’s OnChain Governance, an option to run an enterprise network, the ecosystem should be able to benefit out.

All good? Let’s see how Dhiway can help.

What does Dhiway do? Simply put, we’re amplifying trust to find and fulfill opportunities. 

Now, our vision is, there would never be ‘one chain to rule them all’, hence providing the document / data creators an option to choose what they need. Public, private, consortium led tokenization network/stack is the right way to make people consume these features faster. Keep customer’s needs, their regulations, and their compliance requirements in mind when we propose a solution.

With that, Dhiway’s CORD based platform allows people to get started quickly on this, and start your journey with ‘Verifiability’.

The post Unlocking the Future with Data Tokenization: Getting the Most from Decentralized Ledgers appeared first on Dhiway.

“I’ve been thinking a bit about the whole Model Context Protocol (MCP) thing.“

According to its documentation, MCP is ‘an open protocol that standardizes how applications provide context to LLMs.’ Given the growing dependence on large language models (LLMs), this is a big deal (remembering that all LLMs are a type of AI, but not all AIs depend on LLMs). If we’re moving toward a world where AIs are expected to do All The Things, interfacing with our applications and services, then having a universal adapter that lets AIs talk to everything is undeniably powerful.

But, me being me, as soon as I saw someone describe MCP as an “open standard,” I immediately had questions.

A Digital Identity Digest The MCP Bandwagon Play Episode Pause Episode Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds 00:00 / 00:10:02 Subscribe Share Amazon Apple Podcasts CastBox Listen Notes Overcast Pandora Player.fm PocketCasts Podbean RSS Spotify TuneIn YouTube iHeartRadio RSS Feed Share Link Embed

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

I’m not a developer; I can’t speak to MCP’s utility from a coding perspective. I’m not an architect, either; I can’t tell you where this fits best in your environment. But I am a standards person. So if you tell me something is an open standard, I’m going to want to know: who is standardizing it? What process are they following? Who’s doing the review? What are the intellectual property considerations?

What a standards organization does

Let’s back up for a moment. What does a standards development organization (SDO) actually do?

If you’ve never looked into it, you might joke that SDOs exist to slow things down under the weight of process. OK, fair. But let me ask: why is that always a bad thing?

That process guarantees broader review across multiple dimensions. For example, the IETF requires a security considerations section in every draft submitted for publication. They also mandate cross-area review, requiring input from the different areas: Internet, Web and Internet Transport, Applications and Real Time, Routing, and Security.

Over at the W3C, every spec is subject to privacy, internationalization, accessibility, and architectural review, often more than once during its lifecycle. And all the formal SDOs I’ve worked with have some kind of Intellectual Property Rights (IPR) policy, which goes beyond an open-source license to include licensing terms for essential patent claims.

You have to start somewhere

To be clear, most SDOs didn’t emerge fully formed. They started with a handful of people who weren’t satisfied with the existing processes or the politics. That’s how the WHATWG began, opting for a living-document model and less procedural overhead than the W3C. (Though in my opinion, they eventually ended up with just as much process, just differently shaped.)

So maybe MCP is on its way to becoming its own kind of SDO, at least for this protocol. That’s fine. You have to start somewhere. But if that’s what’s happening, I don’t know where those conversations are taking place. Is there a governance plan? An IPR framework? A mailing list that isn’t just announcements?

So, back to MCP

Anthropic, the company behind Claude, announced MCP late last year to address a real problem they’ve faced as an AI vendor: how to standardize context exchange between apps and LLMs—doing so openly and transparently. That’s great. I genuinely appreciate the transparency, and I understand the desire to move fast in an area evolving as rapidly as AI. However, when people hear ‘open,’ they often assume peer-reviewed, widely adopted, and safely maintained. But an open GitHub repo doesn’t guarantee any of that.

By publishing the spec openly and encouraging others to use it, they’re aiming for what’s often called a “de facto standard”, something widely adopted even in the absence of formal standardization. Go team!

But I’m still worried.

I like the structure of a formal review process. I also like being able to point to exactly who reviewed a spec for security, privacy, and accessibility, and knowing that those reviews weren’t optional. Knowing that if you implement something before those reviews are done, you’re doing so at your own risk is critical.

Will adding a process slow things down? Yes, but I don’t think that’s a bad thing. It’s better to go slower than to trip over a hazard that could’ve been avoided with just a bit more thoughtfulness.

Just look at what’s happened in other areas of tech when we skipped due diligence: poor API scoping, security vulnerabilities, and consent models that collapsed under legal scrutiny. A good standards process helps us catch those kinds of mistakes before they happen. I’ve been in those three-hour meetings. It’s not glamorous. But you know what happens in those meetings? Someone catches the thing no one saw coming.

What happens if MCP becomes the default, without structure?

Let’s talk about the future we might be sliding into without realizing it.

If MCP gets widely adopted without formal structure—no shared governance, no multi-stakeholder review, no clear IPR policy—we don’t get a win for open standards. We get a de facto protocol that locks in early design assumptions, possibly shaped by a single vendor’s priorities, and leaves little room for dissenting use cases or evolving needs.

That might sound fine in the short term. After all, it’s solving a real problem! But over time, we run into real consequences.

What if MCP bakes in patterns that work well for consumer apps but break down in healthcare or financial services, where regulatory audits and fine-grained access controls are non-negotiable? Or, what if it assumes context is something you pull from a user, rather than something the user pushes or consents to, reinforcing an architecture that sidesteps agency and privacy?

What if an entire ecosystem of tooling gets built around early versions of the spec, and then a major vulnerability or design flaw gets discovered, but there’s no defined process or authority to fix it in a way that maintains trust?

If MCP becomes the default before it’s ready, we risk not just technical debt but governance debt, which is harder to see but far more expensive to repay.

Call to action

None of this means MCP is flawed or untrustworthy. It’s solving a real problem, and it’s doing it more openly than many. But openness isn’t the same as structure. So here’s my CTA: does anyone want to help this protocol grow up a bit?

Maybe that means finding a home for MCP within an existing SDO or spinning up something new and bespoke. Either way, the structure needs to happen.

I don’t have any contacts in the project, so this is mostly a wish on my part. But if you have any ideas (and if you agree this is a concern), let’s chat!

Want to stay updated? I write about digital identity and related standards—because someone has to keep track of all this! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

[00:00:00]
Welcome to the Digital Identity Digest, the audio companion to the blog at Spherical Cow Consulting. I’m Heather Flanagan, and every week I break down key topics in the world of digital identity—from credentials and standards to browser behavior and policy shifts.

If you work with digital identity but don’t have the time to follow every new specification or hype cycle, you’re in the right place.

What is MCP, and Why Is It a Big Deal?

[00:00:26]
Let’s get into it. I’ve been thinking about the Model Context Protocol (MCP)—a trending topic in the tech world.

[00:00:38]
According to its documentation, MCP is an open protocol that standardizes how applications provide context to large language models (LLMs).

[00:00:48]
And with the rise of LLMs as a dominant type of AI, this protocol could prove essential.

[00:00:56]
If we’re truly heading into a world where AI can:

Summarize documents Write and review code Manage complex schedules Coordinate across digital systems

…then having a universal adapter like MCP is a pretty compelling idea.

[00:01:14]
So I get the excitement—really, I do.

But What Does “Open Standard” Really Mean?

[00:01:16]
Me being me, the moment I saw MCP described as an “open standard,” I had questions.

[00:01:26]
Now, I’m not a developer or a systems architect. But I am a standards person. And when I hear open standard, I ask:

Who’s maintaining it? What’s the review process? Are there intellectual property rights (IPR) concerns? Who decides how and when it changes?

[00:02:00]
Because open can mean very different things.

[00:02:06]
For example:

Open source: The code is public Open access: No login needed to read documentation Open to contribution: Community can propose changes

[00:02:20]
But a true open standard means much more. It implies:

Governance Transparency Neutrality Stability Shared ownership Zooming Out: What Do SDOs Actually Do?

[00:02:44]
Before diving further into MCP, let’s look at Standards Development Organizations (SDOs).

[00:02:54]
If you’ve never worked within one, you might think SDOs are where good ideas go to die—buried under mountains of email and bureaucracy.

[00:03:03]
And yes, it can feel like that some days.

[00:03:08]
But that process exists for good reason.

[00:03:10]
Take the IETF (Internet Engineering Task Force), for example. Every draft must include:

A security considerations section Review across multiple technical areas: transport, application, security, routing Checks that prevent major issues at scale

[00:03:43]
Or consider the W3C (World Wide Web Consortium). They require:

Privacy and accessibility reviews Internationalization checks Architectural coherence assessments

[00:03:57]
These aren’t easy. But they force critical thinking, which ultimately strengthens the standard.

Why Governance Matters

[00:04:27]
When a standard is finally published, developers, vendors, and even regulators rely on it. That trust only exists because of rigorous review and intellectual property safeguards.

[00:04:45]
Because with foundational tech, you really don’t want legal issues popping up years later.

[00:04:57]
All SDOs start small. For instance:

The WHATWG formed because W3C felt too slow W3C itself branched from IETF for the same reason

[00:05:22]
Eventually, though, governance always returns—just with different flavors and speeds.

[00:05:31]
Lesson? You can’t escape governance. If your idea scales, governance will find you.

Where Does MCP Stand Today?

[00:05:55]
Let’s come back to MCP.

[00:06:09]
Anthropic—the creators of Claude AI—released MCP in late 2024 to address a real challenge: how to standardize context exchange for LLMs.

[00:06:25]
They’ve done a commendable job being transparent. The spec is published, and adoption is encouraged. That’s what we’d call a de facto standard—it gains traction because it simply works.

[00:06:48]
But there’s risk here. If MCP becomes the norm without governance or formal review:

We’re embedding one vendor’s assumptions There’s no accountability or shared maintenance Critical decisions become hard to challenge

[00:07:07]
For example:

It may work for consumer apps but fail in regulated industries It might prioritize AI-driven “pull” models, ignoring consent-based “push” models Future changes could break everything, with no obligation to maintain compatibility

[00:07:19]
In short:

What starts fast becomes fragile. What feels open becomes proprietary.

We’ve Seen This Before

[00:07:33]
Consider:

OAuth2: Took years to retrofit its security model after early, chaotic adoption HTML5: W3C and WHATWG had to reconcile major differences just to move forward

[00:07:43]
These were not technical failures—they were governance failures. And they’re costly to fix.

[00:08:19]
This is what I mean by governance debt. It’s invisible—until suddenly, it’s not.

A Call to Action: Help Build the Foundation

[00:08:29]
To be clear: MCP is not broken. It’s solving a real problem, and it’s already more open than many other AI protocols.

[00:08:35]
But openness ≠ structure. A GitHub repo ≠ a standards body.

[00:08:37]
So here’s my question:

Who wants to help give MCP a real foundation?

[00:08:45]
That might mean:

Finding a home for MCP within an existing standards body Forming a lightweight, transparent working group Agreeing on a proper review process (including privacy, security, and accessibility)

[00:08:58]
I don’t care about the venue—IETF, W3C, something new. I care that we do something.

[00:09:06]
Because if this protocol is going to power the AI systems that touch every corner of our lives, we can’t afford to be careless.

Want to Help? Let’s Talk

[00:09:15]
If this interests you, or you want to know more, check out the full blog post.

[00:09:21]
Coming up next: a deep dive into what open standards really mean. I hope you’ll stick around.

Thanks for Listening

[00:09:33]
That’s it for this episode of Digital Identity Digest. If it helped clarify things—or at least made them more interesting—please:

Share it with a friend or colleague Connect with me on LinkedIn @hlflanagan Subscribe and leave a rating on your favorite podcast platform

You can always find the full written post at sphericalcowconsulting.com.

Stay curious. Stay engaged. Let’s keep these conversations going.

The post The MCP Bandwagon appeared first on Spherical Cow Consulting.

Presentation attacks and deepfakes pose more than just technological threats — they challenge the very foundation of trust that powers every online interaction. Thankfully, IDnow remains dedicated to offering the industry’s most dynamic defense system against AI-generated attacks.

Although face verification has become an affordable and efficient way to authenticate user identities, it remains a vulnerable part of the identity verification process and highly susceptible to fraud attacks.  

Businesses that wish to protect themselves – and their customers – from the increasingly tech-savvy fraudster must ensure they leverage the latest technologies, including liveness detection, to stay one step ahead. If they don’t, they run the risk of joining the growing list of European companies that lose millions in attacks every year.  

IDnow continually enhances its face verification and liveness detection capabilities — not as isolated features, but as integral components of our comprehensive trust ecosystem.  

Interested in how IDnow has been working to mitigate skin tone bias in face verification systems? Read our blog, ‘A synthetic solution? Facing up to identity verification bias.’

What is liveness detection?

Liveness detection leverages biometric characteristics, such as facial features or fingerprints, to detect whether the presented subject is a living person. In the case of remote face verification, it ensures the captured digital image features a real face.  

Liveness detection also flags so-called ‘unreal faces’, which fraudsters present during the selfie submission stage of face verification. In these presentation attacks, fraudsters present printed photos, videos on monitors, or even t-shirts or personalized hygienic masks in front of the recording device. 

Liveness detection should also protect against new attack vectors, including those that use invisible noise and patterns to camouflage the attack. The attacker may also choose to exploit capture conditions, such as backlighting, to make detection more difficult. 

While presentation attacks have been known to unlock mobile devices, they also pose significant risk during the face verification steps of identity verification and KYC processes. It is for this reason that businesses must ensure they have a robust identity verification process that includes liveness detection, presentation attack detection (PAD), injection detection, and deepfake detection.

How does presentation attack detection (PAD) work?

Thankfully, presentation attacks do leave clues that can be identified by liveness experts, such as moiré patterns (interference patterns that can be subtle and take many forms, such as color alteration, face deformation, or unnatural motion) that appear when recording a screen.  

Well-crafted attacks can be difficult to identify by the human eye, but thanks to the rise of deep learning-based AI, PAD is becoming more effective. Trained on massive volumes of data, those models can detect subtle clues and anomalies. Some can point out invisible patterns, while others can detect unusual textures in image patches. Researchers have also managed to detect infinitesimal face color variations due to blood pulsation.  

PAD has improved dramatically in both usage and accuracy over the years and remains an incredibly important area for online fraud prevention. To keep up to date with industry developments and reinforce our detection capabilities, IDnow regularly participates in initiatives like the SOTERIA project and research papers like the ‘A Novel and Responsible Dataset for Face Presentation Attack Detection on Mobile Devices,’ which was presented at the IJCB 2024 conference.

Nathan Ramoly shows how easy it is to create a deepfake. Deepfakes and the double edge sword of AI.

While artificial intelligence has enabled new fraud detection capabilities, it has also proven a powerful tool for attacking KYC systems using deepfakes (AI-generated or heavily modified faces).  

In the not-too-distant past, the creation of deepfakes was only able to be done by experts, but now, thanks to easy-to-use multiple websites and apps, even those with little technological expertise can generate deepfakes in just a few seconds. 

There are three main categories of deepfakes: 

Generated faces: Using Generative AI, the attacker creates a face to resemble the target or creates a whole new fake identity.   Face reenactment: The attacker acquires a picture of a target’s face, typically from social media, and uses AI to animate the image; adding motion to a static picture to create a fake video from a single photo.  Face swap: Here, the attacker acquires a picture of the target’s face and performs a capture of themself. They then upload both images to a deepfake tool that will extract the biometric traits of the target and modify the attacker’s face in a new capture that resembles the target. 

Once generated, fraudsters inject deepfakes into the KYC process through ‘virtual cameras,’ where images are presented as regular selfies. Sophisticated deepfakes mimic actual capture sessions, with natural motion, lighting and texture that does not deform the face. As such, deepfakes can bypass both face verification and PAD, which makes the business case for implementing robust liveness detection even more compelling. 

To address the complexity of threats posed by deepfakes, we combine our proprietary AI-based detection technologies, including liveness detection, with solutions from our trusted partners. This hybrid approach enables us to offer a powerful and adaptive fraud prevention system that complies with European regulations, without compromising the user experience and appetite for smooth and secure onboarding experiences.

How IDnow’s liveness detection works.

Our liveness detection technology features three separate checks: 

Presentation attack detection to flag when living faces are replaced by other media, such as pictures or masks.  Injection attack detection to prevent the injection of harmful code or commands into an application, database, or other system.   Deepfake detection to detect face alteration crafted by advanced AI. Facing up to the future of liveness attacks.

As the ability to detect deepfakes improves, we can expect new types of attacks to emerge, especially adversarial attacks, which aim to exploit new-found weaknesses in AI models.  

By seamlessly integrating our proprietary AI-driven liveness detection with complementary technologies from our trusted partner network, we’ve created a dynamic defense system that anticipates and neutralizes emerging threats before they can compromise security. 

Plus, our commitment extends beyond our current capabilities. We’ve positioned our platform to evolve continuously, ensuring that as deepfake technologies advance, our detection and prevention mechanisms remain at the forefront of innovation. In doing so, we enable businesses to build lasting customer relationships founded on unshakeable trust, regardless of how the threat landscape transforms. 

In this new era where digital identity verification faces unprecedented challenges, IDnow stands as the trusted European leader in identity verification technology, empowering businesses to turn potential vulnerabilities into competitive advantages through intelligent, adaptive and continuous trust management.

By

Nathan Ramoly
Research Scientist, Biometrics Team
Connect with Nathan on LinkedIn

Who Really Owns This Company?

The more complex the structure, the easier it is to hide who’s in control. From nested entities and trusts to nominees and offshore links, beneficial ownership is where compliance gets messy. This article explains how to cut through that complexity, meet global regulatory standards, and build workflows that make your team faster, sharper, and more confident.

The Real Risk Behind the Org Chart

Modern corporate structures are designed to move fast, limit liability, and optimise tax exposure. But those same benefits make them ideal for obscuring ownership and enabling financial crime. As regulators around the world increase scrutiny of shell companies and hidden controllers, firms that rely on spreadsheets or static PDFs for corporate due diligence are falling behind.

The question is no longer whether you must uncover beneficial ownership. It’s whether you can do it in time to avoid regulatory exposure, lost business, or reputational damage.

What Makes Ownership Discovery Difficult Layers and Loopholes

Multi-layered structures that span several jurisdictions are intentionally difficult to trace. Every additional holding company, foreign registration, or nominee creates another barrier between the customer you see and the individual actually in control.

Jurisdictional Differences

Not all countries define beneficial ownership the same way. A 25% threshold might apply in one region, but a different one somewhere else. Some registries are publicly accessible. Others are not. Some are updated in real time. Others take months. If your system isn’t built to handle these differences, your compliance is already compromised.

Control Without Ownership

Ownership isn’t the only thing that matters. The person signing on behalf of the company, exercising control through voting shares, or directing funds through another entity may not technically own anything on paper—but they still pose a risk. Real beneficial ownership discovery requires uncovering both ownership and control.

What Regulators Expect

AUSTRAC requires clear identification and verification of beneficial owners, with an emphasis on transparency for high-risk and international clients.

FCA mandates that firms understand who exercises control and why, and apply enhanced due diligence where ownership is unclear.

FINCEN under the Corporate Transparency Act obligates reporting of beneficial ownership data for nearly every U.S. registered company.

FINRA requires broker-dealers to collect and maintain beneficial ownership data for all legal entity customers.

EU AMLA enforces harmonised rules for beneficial ownership registers and sets higher standards for ownership verification and oversight.

In short, no matter where you operate, ownership is something you need to prove – and document your process of doing so.

Your Advantage: Do It Better Than Your Competitors 1. Use KYB as a Differentiator

If your clients feel interrogated every time they submit corporate documents, they’ll walk. If your sales team delays deals while waiting on compliance, they’ll get blocked. But when you can verify directors, shareholders, and UBOs in minutes with zero back-and-forth, you make onboarding frictionless. That builds trust. It shortens sales cycles. And it gives you a competitive edge.

2. Improve Client Confidence

Automated data collection and verification makes your team look sharp. Clients get a professional experience. You reduce repetitive requests and deliver faster decisions. That improves client confidence, reinforces brand trust, and reduces dropout.

3. Eliminate Manual Workflows

Stop chasing documents and cross-referencing multiple databases manually. Automate beneficial ownership mapping. Use real-time screening tools that flag suspicious individuals or connections. Pre-fill forms using public registries. Create an end-to-end audit trail that proves your process was complete, defensible, and regulator-ready.

iComply’s Answer to Ownership Complexity

iComply’s KYB engine was built for global coverage and high-stakes compliance. Our platform:

Maps beneficial ownership across jurisdictions using official registries and custom workflows

Automates control structure diagrams and shareholder breakdowns

Identifies and screens UBOs, directors, nominees, and signatories

Flags risk indicators across sanctions, PEP, fraud, and adverse media databases

Logs every decision, match, and review into an audit-ready report

You get visibility across any structure. Your team gets clarity and control. Your clients get onboarded faster.

Every time you ask, “Who owns this company?” you are really asking, “Can I trust this client?” The faster and more confidently you can answer that question, the safer your business becomes.

With iComply, beneficial ownership is no longer a blind spot. It’s your edge.

Start your free trial today.Vanquish the busy-work. Focus on what matters.

Why Centralized Systems Like Gov.UK’s One Login, India’s Aadhaar, and Singapore’s Singpass Raise Global Privacy Alarms

Centralized digital identity systems—such as the UK’s One Login, India’s Aadhaar, and Singapore’s Singpass—are facing mounting scrutiny over risks to user privacy, system security, and surveillance overreach. These platforms often rely on architectures that report back to central authorities every time an identity is used—a phenomenon now widely referred to as “ID phone home.” In contrast, privacy-first identity verification solutions like iComply enable secure, compliant onboarding while keeping individuals in control of their data.

Understanding the “ID Phone Home” Phenomenon

The term “ID phone home” describes a systemic flaw in many centralized identity verification solutions: every time you use your ID—whether to log in, verify age, or sign a contract—your interaction is logged and relayed back to a centralized server, often a government authority or state-approved vendor. Over time, these interactions form a persistent behavioural profile: where you were, what you accessed, when, and how often.

This model creates a digital paper trail of your identity across services, locations, and platforms—often without explicit consent or meaningful control. It shifts identity from something you own into something you borrow from a system that watches while you use it.

Global Case Studies: The Privacy Risks of Centralized Identity Systems 🇬🇧 United Kingdom: One Login’s Security Shortcomings

The UK government’s One Login platform was designed to streamline access to more than 50 public services with a single verified digital identity. But in May 2025, the platform lost its Digital Identity and Attributes Trust Framework (DIATF) certification after its biometric vendor, iProov, failed to meet compliance standards.

This lapse followed a series of security warnings:

A red teaming exercise revealed that privileged system access could be compromised without triggering monitoring alerts.

One Login meets just 21 of 39 outcomes in the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework.

As of today, One Login remains uncertified, raising questions about its reliability as the government’s “gold standard” for digital ID.

Privacy advocates are particularly concerned that One Login enables real-time tracking of users whenever their ID is used to access services, submit filings, or verify identity—making it an archetype of the “ID phone home” problem.

🇮🇳 India: Aadhaar’s Surveillance Legacy

Aadhaar, the world’s largest biometric ID system, was rolled out to bring universal digital identity access to more than a billion people. But over the past decade, Aadhaar has been plagued by controversy:

Data breaches have exposed the personal information of millions, with unauthorized access being sold online for pennies.

The Supreme Court of India ruled that linking Aadhaar to every service, from SIM cards to bank accounts, posed an unacceptable risk of state surveillance.

India’s digital privacy laws remain fragmented, with weak enforcement mechanisms for data misuse.

Aadhaar is often cited by digital rights groups as a case study in how centralized digital identity, when deployed at scale, can unintentionally lead to systemic risk.

🇸🇬 Singapore: Singpass and Consent Concerns

Singpass, Singapore’s national digital identity platform, is widely used to access both government and commercial services. Its integration with facial recognition and passive verification has raised serious concerns:

Leaked Singpass credentials have been found on the dark web, increasing fraud and impersonation risks.

Critics argue that consent mechanisms are insufficient, as users are forced to interact with a platform that tracks behaviour but lacks transparent opt-outs.

Privacy International and other watchdogs warn that Singpass enables “continuous, ambient surveillance” across multiple service channels.

The Singpass model underscores the trade-off between convenience and control—one that many users may not fully understand until their data is compromised

mDLs: Mobile Convenience, Structural Risk

The rise of mobile driver’s licenses (mDLs) has been positioned as the next leap in digital identity verification. Apple’s big announcement last week will allow users to store and present official ID from their phones. However, most mDL implementations rely on proprietary apps that phone home to validate identity with issuing authorities or third-party servers. Given Apple’s historical posture on privacy, it will be worth watching how the navigate the security concerns surrounding mDLs.

This means:

Each time you prove your age, sign a rental agreement, or board a flight, your identity data may be pinged and stored centrally.

Even metadata—such as location, timestamp, or IP address—can be enough to build a user profile.

Unlike a physical ID, most mDLs offer no real-time visibility into how, where, or when your identity is being logged.

In practice, mDLs risk turning your phone into a live identity beacon – with few safeguards and little recourse.

Take Action: No Phone Home Petition

A rapidly growing global movement call “No Phone Home” has raised concerns over surveillance risks and single points of failure/control within each of the above solutions. The truth of the matter is that “Phone Home” identity systems are built to protect the interests of the legacy verification service providers. As a signatory on the No Phone Home Petition, we invite you to also sign the petition by clicking here: https://nophonehome.com/ 

The Case for Decentralized, Privacy-First Identity Verification

Decentralizing the very act of ID verification and authentication avoids these pitfalls entirely. Instead of requiring cloud-based validation every time an ID is used, these systems process and encrypt sensitive data on the user’s device, using edge computing and zero-knowledge architecture.

Key Benefits of a Privacy-First Approach

User control: You decide who sees your data, for how long, and under what conditions.

No surveillance trail: No unnecessary data transmission to centralized servers.

Compliance without compromise: Fully meets emerging regulations such as the UK Companies House requirements for director identity verification, KYC, and KYB – without trading away privacy.

Audit-ready transparency: Every verification step is logged locally and reportable without exposing the user.

Why iComply Stands Apart

At iComply, we don’t believe trust should be demanded—it should be earned. Our identity verification solution is purpose-built to comply with the UK’s 2025 Companies House reforms, support global KYC/KYB workflows, and protect the one thing no regulation can replace: your identity.

We process:

Document authentication with template matching, OCR extraction, and full spectrum security feature review

Concurrent biometric face match (powered by secure, AI-powered, 3D video sessions)

Hybrid (active and passive) liveness detection

Capturing clear, informed, and revocable consent

All without phoning home or compromising your client’s trust, privacy, or security.

Own Your Identity, Don’t Lease It

The digital identity systems of 2025 are a fork in the road. One path leads to more centralized control, less transparency, and growing behavioural surveillance – and potential for severe government overreach.

The other leads to dignity, discretion, and individual sovereignty.

With iComply, your customer’s identity is more protected than any API or “App-store” based solution can ever deliver.

Start your free trial. Stay compliant. Stay in control.

Everything you do online forms data that’s tracked, mapped, shared and sold (oh yeah, and oftentimes stolen).

A lot of this data turns up in digital graphs called social graphs and interest graphs, which social media platforms build and use to analyze user behavior, personalize user experience, recommend content, and sell advertising and the data itself.

A social graph maps who you know—all your relationships within a social network such as friends, family, coworkers, etc.

An interest graph maps what you like—all your connections to other people based on shared interests, hobbies and topics.

Social media platforms like Facebook, X, Instagram, and YouTube, and short form video and content discovery platforms like TikTok and Snapchat, own and control their users’ data graphs, and monetize them by selling targeted advertising based on user connections and interests, selling the data to third parties (e.g. data brokers) for marketing and other purposes, and aggregating the data for other revenue streams.

Social and interest graphs exist for every platform you’re on and for many of the services you’re using (even banking apps). They’re how Netflix knows what shows to recommend and LinkedIn knows which job vacancies to highlight, but also what garden tool or luxury holiday ads will turn up in your feed and browser, for example.

As you can imagine, these graphs contain masses of personal information about you and therefore reveal an awful lot of personal information about you. And while these graphs have some upsides in terms of tailored content, their downsides for privacy and security are far greater.

Here are 7 privacy and security risks of social and interest graphs:

Unintentional data exposure – Your connections, interactions, and interests may reveal more than you realize, even if you haven’t explicitly shared certain details. We’ve all heard how Facebook can predict whether you’ll fall in love or break up, and could know you’re pregnant before you’ve even told your partner.
Third-party access and data mining – Social graphs are pots of gold to advertisers, governments, and cybercriminals. Social network data can be mined to gather sensitive information, including location data, health information, religious identity, sexual orientation, and private messages, which can be used for malicious purposes and surveillance. 
Identity theft and social engineering – Bad actors can exploit social graphs to steal your identity and impersonate you for financial fraud, impersonate your trusted contacts, craft convincing phishing scams, and guess answers to your accounts’ security questions.
Algorithmic bias and manipulation – Social graphs help curate content, but they can also reinforce echo chambers, control narratives, and manipulate user behavior.
Data breaches – If a platform storing your social graph data is breached, your relationships, habits and other sensitive information could be exposed. 2024 was the biggest year on record for data breaches, and statistics show most people in the world have now had their personal data stolen.
Data brokers: Social graph data can be sold to data brokers, who can then use the data for targeted advertising, profiling, and other purposes without user consent. 
Cyberbullying and online harassment: Social network data can be used for cyberbullying and online harassment, such as doxing, which can cause emotional distress and psychological harm.

So, what’s the 1 quick fix for all these privacy and security risks?

Use the Sudo digital identities in MySudo all-in-one privacy app to break your data trail. Use MySudo to control who sees your personal information online and in real life:

Use the end-to-end encrypted messaging within each Sudo in MySudo to keep your conversations private.
Use the private browser within each Sudo in MySudo to search the internet free of ads and trackers.
Use the virtual card within each Sudo in MySudo to hide your transaction history from your bank and those they sell your data to. (Yes, they do!)

But don’t stop there. Take even greater control of your data privacy by using the full suite of Anonyome Labs’ personal information protection tools, including RECLAIM, which lets you reclaim your personal data from companies that store and sell it.

You’ll find other advice for managing the privacy and security risks of social and interest graphs here.

Remember, you can’t control what platforms do with your information, but you can control what information they get in the first place. Download MySudo for iOS or Android.

New to MySudo? Start here.

You might also like:

What Constitutes Personally Identifiable Information or PII? 14 Real-Life Examples of Personal Data You Definitely Want to Keep Private (Plus, How to Do It) The Privacy Pitfalls of Personalized Advertising What is Digital Exhaust and Why Does it Matter?

The post 7 Privacy and Security Risks of Social Graphs and 1 Quick Fix appeared first on Anonyome Labs.

Learn about Relationship-Based Access Control (ReBAC): how it works, its benefits for flexible authorization, and how Auth0 FGA helps implement it effectively.

Traditional banking operates within well-established risk management frameworks. Banks conduct due diligence on their immediate counterparties and work with information available through standard reporting channels. This approach has served the industry well, but it operates within inherent limitations about what can be seen and verified.

The Internet of Medical Things (IoMT) is transforming healthcare by enabling real-time data collection from connected devices like heart monitors and inhalers. But to unlock its full potential, healthcare organizations need a secure and scalable Research Data Management (RDM) platform. myLaminin provides that foundation—ensuring data integrity, standardization, and compliance—empowering institutions to deliver smarter, faster, and safer care.

Recently, the Data Protection and Digital Information (DPDI) Bill passed through the House of Lords in the United Kingdom. 

This bill lays the legal foundation for the country’s Digital Identity Trust Framework and paves the way for the rollout of a UK digital ID wallet and mobile driving licences.

We asked Robin Tombs, CEO of Yoti, and Richard Oliphant, legal consultant at RO Legal Consulting, about the implications of the bill and whether the government wallet could help or hinder the thriving ecosystem of private identity providers.

Here’s what they had to say:

“Sometimes, all it takes is a spark of curiosity to ignite a lifelong journey.” - Unknown

Hello OktaDev community 👋! Let me tell you a story – a story of dreams, passion, and the continuous pursuit of curiosity. My name is Sohail Pathan, and I’m thrilled to join Okta as a Senior Developer Advocate.

It all started in Nagpur, a quaint city nestled in central India. As a child, I eagerly peered through my window, convinced superheroes were real and that someday Superman himself would swing by. While superheroes never appeared, another hero soon took their place – technology.

School never captivated me much, but the computer lab was a magical place. Recognizing this spark, my parents gifted me my first desktop computer – a moment that forever changed my life. A formal education in Computer Science followed, where I fell in love with Java and the vibrant Android ecosystem. When Google introduced Kotlin support in 2017, weekends turned into coding marathons, building Android apps for everyday use.

My professional journey: from an app developer to a developer advocate

My professional path started at an EdTech startup. Here, my first role as an Android developer unfolded with both excitement and nervous anticipation. I vividly remember my early days, meticulously building and refining app features, driven by the genuine joy of seeing students interact with the app. On the go, my involvement quickly expanded beyond just coding. I found myself drawn to answering student queries on forums and guiding them through their learning journeys.

Image: Post meetup group photo with attendees (I’m the one in black blazer 🕴️).

One fine afternoon, the founders approached me. They said – You have a gift for connecting with our users. We’d like you to be our first Developer Community Manager. That moment changed everything. I started organizing meetups where we taught about open-source opportunities like GSOC and Hacktoberfest. I used to spend most of my time answering questions on our forums, helping learners one-on-one, and cheering them on as they built their first projects.

I didn’t realize it then, but I was doing the heart of a Developer Relations job – talking to upcoming developers, understanding their struggles, and sharing my own code. The community started growing, and I loved it so much that I decided to make community work my fulltime role without giving up my passion for coding. It was a win-win for me 🎉.

Adventures in developer relations

The DevRel adventure deepened when I joined a deeptech startup that aimed to solve a big pain point: making it easier to run Android Studio on the cloud, which could help people with machines that have limited processing power (similar to Google’s Firebase Studio today). As the Head of Developer Relations, my mission was clear – build and grow a community of Android developers who could test, give feedback, and shape our product.

So, it was time to roll up my sleeves. I organized virtual and inperson meetups where developers could share their struggles and ideas. We even hosted hackathons, challenging participants to push the tool’s limits and tell us what worked and what didn’t. Week after week, I collected feedback, sifting through every comment and suggestion.

Image:Live session on building the Disco Diwane app during an Android Study Jam in Nagpur.

For four intense months, we listened, iterated, and tried to find product market fit. Unfortunately, despite our best efforts, technical roadblocks and limited demand meant we couldn’t go forward. The founders made the tough call to shut down the company. While it wasn’t the happy ending I’d hoped for, this chapter taught me lessons money can’t buy: the value of listening closely to your community, the courage to make hard decisions, and the resilience to keep moving forward.

With these lessons etched in my mind, I was ready for whatever came next.

Crafting the API universe at Apyhub

My next stop was ApyHub, where I joined as the Developer Advocate (early team). ApyHub was building an API Marketplace for both developers and no-code builders – a place where anyone could discover, consume, and Monetize APIs.

I still remember the excitement of helping the team prepare for very first public launch on Product Hunt. Working side by side with Engineering and Marketing, I helped create sample apps, write tutorials in Go and Node.js, and craft blog posts to spread the word. Single-handedly, I produced code examples that developers could copy, tweak, and run immediately.

Every week brought new adventures: I delivered talks on API design, cataloged hundreds of APIs, and explained API specifications in simple terms. We sponsored hackathon tracks that challenged participants to build real projects using our APIs, and rewarded the best ideas.

Image: Delivered session at Google Cloud Community Days in Kolkata, 2023, to an audience of 3,500 developers.

Living in a startup meant wearing many hats. One moment, I was designing microservices used by over 40,000+ developers; the next, I was learning the ins and outs of API gateway, containers, and load balancing – things that require a backend to run smoothly. This hands-on experience deepened my expertise in REST architecture and DevOps practices.

But the heart of my role was listening. Eventually, I became the first responder for our users (paid and free), collecting feedback, identifying what mattered most, and working with the team to make it happen. There’s nothing like seeing a user’s face light up when a tricky bug is fixed, or a feature is added based on their own suggestion.

Through APIs, I also discovered the power of OAuth and identity management. I saw how a few lines of code could secure entire apps and protect user data. It was a revelation that pointed me straight to Okta.

With every sample app, tutorial, and user conversation, my passion for APIs grew stronger. And now, here I am, ready to bring all of that to Okta.

Why Okta?

I’m beyond excited to be at Okta, a place where security isn’t just a department – it’s part of our DNA. Our customers come first, and every decision we make is guided by a single goal: to give people safe, seamless access to the tools they love. Whether you’re a startup building your first app or an enterprise rolling out AI solutions, Okta’s mission is to keep you secure without slowing you down.

Ready to dive in! I’m excited to share my knowledge of APIs and identity, and even more so to learn from this amazing community. Our collective efforts can build a future where technology empowers everyone – securely, effortlessly, and intelligently.

Image: A photo captured on my first day at the Okta Campus in Bengaluru, near my workstation.

A little fun fact about me

Beyond tech, I’m an enthusiastic foodie – especially when it comes to biryani (a mixed rice dish made with rice, meat, and spices). I’ve explored almost every regional variety in India and, according to my friends, I’m quite the cook myself! Connect with me on LinkedIn, and perhaps we can discover the best biryani spots together 🍗🎉.

I’m eager to engage with you all, learn your stories, and build amazing things together at Okta!

“Welcome to this detailed guide! If you’re wondering what a facial recognition SDK is and how it plays a key role in today’s ID verification world, you’re in the right place.”

In today’s digital-first world, protecting identities has become more important than ever. From online banking to remote healthcare, verifying real users quickly and securely is a challenge every organization is facing.

One breakthrough solution is the facial recognition SDK, a powerful tool for real-time, AI-driven identity verification.

If you’re new to this term, don’t worry! We’re here to break it down in a very simple and engaging way, just like we always do.

Let’s dive in!

 

What Is a Facial Recognition SDK?

A facial recognition SDK (Software Development Kit) allows developers to add real-time facial verification into their own mobile apps, websites, or security systems.

It’s powered by artificial intelligence and advanced machine learning models that map facial geometry, like jawlines, eye spacing, skin tone, and compare it with a reference image to confirm a match.

Most importantly, modern SDKs include facial liveness detection, which ensures that the person in front of the camera is physically present, not a photo, deepfake, or video.

This is the core of modern digital identity systems, and Recognito is leading this evolution with our high-performance SDKs.

 

How Does a Facial Recognition SDK Work?

Let us explain this process in a way that feels easy and logical, step by step.

Step 1: Face Capture

Using a webcam or phone camera, the system captures a clear facial image in real time.

Step 2: Feature Mapping

An AI-powered engine analyzes facial features and measurements. This is the brain of the face recognition SDK.

Step 3: Comparison & Match

The image is matched against a stored photo, ID document, or database for identity confirmation.

Step 4: Liveness Detection

Here’s where liveness detection for face recognition plays a crucial role. It detects whether the user is real, using face liveness detection SDK techniques like skin texture analysis, blinking, motion detection, or even blood flow monitoring.

Step 5: Result Generation

If everything checks out, the system confirms the identity in seconds. Fast, simple, secure.

Why Is Facial Recognition SDK Important?

This tool has become essential for companies across various industries. Let’s explore why:

1. Stronger Security

Using facial recognition and facial liveness detection, organizations can stop identity fraud, spoofing, and deepfake-based attacks.

2. Smoother User Experience

Users no longer need to remember passwords or go through long verification forms. With a few seconds of scanning, the job is done.

3. Easy to Integrate

Modern face recognition SDKs like Recognito’s are developer-friendly with full documentation, APIs, and support for mobile and desktop platforms.

4. Regulatory Compliance

If you’re in finance, health, or telecom, compliance with KYC and AML rules is critical. Facial ID systems ensure your process is secure and regulation-friendly.

5. Cost Efficiency

The automation reduces dependency on manual reviewers, helping organizations scale without hiring extra verification staff.

 

Recognito’s Face Liveness Detection SDK

At Recognito, we offer a cutting-edge face liveness detection SDK trusted by clients globally and backed by NIST FRVT-evaluated algorithms for top-tier performance.

Our SDK includes:

Real-time identity verification

Passive & active liveness detection

Seamless integration with mobile/web apps

High accuracy & ultra-fast results

Recognito is being used in banking, eCommerce, education, healthcare, and even marketplaces where fraud prevention is a top priority.

You can also explore our GitHub for full SDK documentation and technical guides Recognito GitHub

Final Thoughts

Facial recognition SDKs are reshaping the way digital identity is verified. With features like facial liveness detection, AI-powered matching, and lightning-fast processing, these tools are essential for any organization aiming to protect users and build trust.

In this guide, we’ve shown you:

What a facial recognition SDK is

How it works step by step

The power of liveness detection for face recognition

How Recognito can help you integrate this technology into your workflow

So, are you ready to take your security and user experience to the next level?

Tell us what you think. Your feedback is always welcome

Whenever you’re ready, Recognito will be here to support you as your reliable partner in identity verification.

A Wake-Up Call for HR in the Age of Deepfakes and Remote Work

In 2025, HR leaders are facing a new kind of threat: highly convincing fake applicants, AI-powered resume fraud, and deepfake interview proxies. What used to be fringe or far-fetched is now a weekly reality for talent teams.

From fake IT workers linked to nation-states to deepfake-driven interview fraud, the threats have never been more diverse, or more advanced. According to HYPR's 2025 State of Passwordless Identity Assurance report, 95% of organizations experienced a deepfake incident in the last year, and nearly 40% had a GenAI-related security breach.

This field-ready guide outlines 10 bottom-of-funnel actions to equip HR teams with real-world tactics, tools, and strategies to detect, prevent, and respond to identity fraud in recruiting and onboarding. Each step is designed to be immediately implementable and mapped to core tools HR professionals already use.

1. Clarify Cross-Functional Ownership of Hiring Fraud

Fraudulent hires affect HR, Security, and IT,  yet ownership is often murky:

Align stakeholders using this guidance from HYPR’s CIO/CISO blog. Establish a joint fraud prevention task force. Toolkit Tip: Assign an executive sponsor (e.g., CHRO or CISO) for hiring fraud oversight.
2. Assume Everyone is Fake, and Build From There

This isn’t just about paranoia. It’s about readiness. HR teams should establish a fraud-first mindset:

Normalize candidate fraud as a standard risk category. Create consistent internal workflows to flag, escalate, and investigate suspicious applications. Adopt peer-driven validation: use teams like security, compliance, and legal to review flagged applicants. Toolkit Tip: Standardize your screening process with a short “authenticity check” script for recruiters to follow during early conversations.
3. Adapt Screening Depth by Role Sensitivity

Not every role requires the same rigor:

Segment roles into low, medium, and high trust tiers. Apply adaptive screening (e.g., basic IDV for marketing coordinator; full IDV and continuity checks for engineering lead). Toolkit Tip: Build screening tiers into your job requisition templates.
4. Add AI Forgery Resilience to Your Hiring Workflow

As synthetic candidates and deepfakes become more sophisticated, relying on human intuition alone isn’t enough. Instead, build process-level defenses:

Use examples from HYPR’s AI Forgery Epidemic blog to train teams on the problems. Integrate AI forgery testing into your hiring tech stack to flag suspicious video, voice, or document inputs automatically. Standardize workflows that include automated pre-screening and digital identity checks – not just résumé reviews. Toolkit Tip: Rehearse your response plan by running “fraud injection” simulations in your onboarding or interview funnel to see how your systems respond – not just your people.
5. Use Digital Footprint Signals to Automate Resume Validation

AI-generated resumes and fake work history are on the rise. Don’t rely on gut instinct, use scalable signals to flag inconsistencies early:

Automate LinkedIn-to-resume cross-checks using screening tools or browser plug-ins. Look for verified links to real portfolios (e.g., GitHub, Behance) and active digital histories, not static PDF claims. Flag mismatches between claimed employers and suspicious email domains (e.g., Gmail addresses for C-level roles).

Toolkit Tip: Use pre-screening software that incorporates digital footprint analysis to identify high-risk applicants before interviews.

6. Verify Identity Before the Interview

Don’t wait until you like the candidate. Use multi-factor identity verification before they enter your hiring funnel:

Require biometric and document verification at application or pre-interview stage. Validate location using IP and device fingerprinting.

Toolkit Tip: Integrate HYPR Affirm into your ATS (e.g., Greenhouse, Lever) to automate fraud screening.

7. Screen for Location Spoofing and Jurisdiction Risks

Remote applicants frequently lie about location:

Use real-time geolocation checks to confirm physical presence. Apply filters to block non-compliant jurisdictions (e.g., embargoed nations, unsupported states).

Toolkit Tip: Leverage Affirm’s geolocation feature to automate this process and reduce liability.

Read About How HYPR Unmasks a Fake IT Worker

8. Require Live Video Interviews With Consent-Based Checks

To prevent interview fraud and proxies, implement lightweight but effective checks—with transparency and candidate consent:

Ask candidates to briefly display a government-issued ID on camera and perform a unique gesture or phrase. Require cameras to remain on during interviews to ensure real-time presence. Clearly notify candidates if interviews will be recorded, and obtain their consent beforehand.

Toolkit Tip: Record interviews and retain them for internal verification if inconsistencies arise.

9. Confirm Continuity with Biometric Re-Verification

Proxies often disappear after early interviews. Enforce re-verification:

Trigger biometric liveness detection at final interview or offer stage. Ensure the same person shows up across all touchpoints.

Toolkit Tip: Deploy Affirm to automate re-verification workflows tied to hiring stage transitions.

10. Make Identity Verification an Ongoing Process

The hiring process is only the beginning. Maintaining workforce integrity means:

Periodic re-verification of identities, especially for high-risk or privileged roles. Applying identity verification during role changes, contractor onboarding, or access escalation.

Toolkit Tip: Consider implementing continuous or lifecycle IDV strategies to stay ahead of evolving threats.

HYPR's Candidate Verification Solution for HR Teams 

In today’s remote and hybrid hiring environments, verifying a candidate’s identity is more critical—and more challenging—than ever. HYPR Affirm empowers HR and talent teams to securely validate candidate identities before day one, reducing risk while accelerating onboarding.

HYPR Affirm offers key capabilities tailored for HR use cases, including:
Government ID Verification: Validate passports and driver’s licenses with advanced fraud detection. Location & Device Checks: Confirm login attempts originate from trusted geographies and endpoints. Liveness Detection & Facial Matching: Ensure the person behind the screen is present and matches their ID. Frictionless Remote Workflows: Eliminate the need for in-person ID checks and speed up time-to-hire.

To see how leading organizations use HYPR to secure candidate verification and streamline onboarding, visit our Candidate Verification and Onboarding page.

Start with an Identity Verification Audit

HR is no longer just a gatekeeper for talent - it’s a key stakeholder in enterprise security. These 10 tactics empower HR professionals to detect deception, prevent fraud, and collaborate with Security and IT to ensure your workforce is who they say they are.

But the best place to start? Your current workforce. A comprehensive identity verification audit helps baseline your team and uncover hidden risk quickly, without integrations.

Request Your HYPR Identity Verification Audit → 

Key Takeaways: HR teams must treat identity fraud as a core risk area, not a rare occurrence. Tactical solutions like biometric verification, location screening, and digital footprint analysis can dramatically reduce onboarding fraud. Collaboration with security and IT is essential for assigning ownership and creating fraud-resistant hiring workflows. Deepfake and AI-powered applicant fraud isn’t a future risk; it’s happening now. Organizations must shift from reactive to proactive identity assurance.

 

Let’s explore the typical identity challenges developers face when they build B2B SaaS applications and how Auth0 helps in overcoming them.

Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage.

Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments.

Here are the main industry highlights of this week impacting identity and fraud, cybersecurity, trust and safety, financial crimes compliance, and privacy and consent management.

🪄Innovation and New Technology Developments

Plaid Launches Protect to Combat Early-Stage Fraud with Real-Time Intelligence and Adaptive Risk Scoring

Plaid has launched Plaid Protect, a real-time fraud intelligence system powered by its new machine learning engine, the Trust Index (Ti). Using over 10,000 high-signal attributes from a network of a billion devices and thousands of apps, it detects fraud early by analyzing cross-app behavior, device history, and account risk signals. It targets threats like synthetic identities and account takeovers. Features include real-time risk scoring, a semantic search dashboard for investigations, and adaptive onboarding that evolves as users share more data. Currently in beta, Plaid Protect aims to improve fraud detection while maximizing user conversion with smarter, risk-based onboarding. (Source)

💰 Investments and Partnerships

Genpact Acquires XponentL Data to Accelerate AI-First Strategy and Strengthen Industry Solutions

Genpact has acquired XponentL Data, a data products and AI solutions company, to enhance its capabilities in data strategy, engineering, and AI transformation. The acquisition supports Genpact’s shift toward AI-first services, leveraging XponentL’s expertise and partnerships with platforms like Databricks, AWS, and Microsoft. This move aims to strengthen Genpact’s offerings in sectors such as Life Sciences and Healthcare and bolster initiatives like the Genpact AI Gigafactory. XponentL’s team, including CEO Tom Johnstone, will join Genpact, with the acquisition expected to accelerate innovation and help clients scale AI solutions more effectively. Financial terms were not disclosed. (Source)

Philippines Invests Additional PHP1.3B to Expand Biometric E-Gates and Modernize Border Control

The Philippines has allocated an additional PHP1.347B ($24.1M) to expand its biometric e-gates program at major airports and seaports, following PHP1.976B ($35.4M) in Phase 1. The goal is to replace half of the manual immigration counters with facial recognition to reduce congestion and boost security. E-gates are active at Manila’s NAIA, now managed by the New NAIA Infrastructure Corp. (NNIC), a consortium including San Miguel Holdings and Incheon International Airport Corp. The broader modernization includes partnerships with Collins Aerospace and a pilot digital ID project with UltraPass and the Department of Transportation. Full deployment across 11 hubs is expected by December 15, 2025. (Source)

Multiverse Raises €189M to Scale Quantum-Inspired AI That Shrinks LLMs by 95%

Spanish startup Multiverse Computing has raised €189M ($215M) in Series B funding to scale CompactifAI, its quantum-inspired AI compression tool. CompactifAI reduces the size of large language models (LLMs) by up to 95% without performance loss, cutting inference time and costs by up to 80%. The tool supports compressed versions of open-source models like Llama and Mistral, optimized for deployment across cloud, mobile, and edge devices like Raspberry Pi. Founded by Román Orús and Enrique Lizaso Olmos, Multiverse holds a strong patent portfolio and serves clients such as Bosch and the Bank of Canada. The round, led by Bullhound Capital, brings total funding to around $250M. (Source)

Lemonway Acquires PayGreen to Strengthen E-commerce Presence and Bolster European Payment Capabilities

Lemonway, a European payment institution specializing in marketplaces and crowdfunding platforms, has acquired French e-commerce payments firm PayGreen to expand its footprint in the e-commerce sector. The deal, whose financial terms were not disclosed, adds a client base, €20 million in transaction volume, and a team of 11- including PayGreen’s co-founders who will lead Lemonway’s e-commerce division. PayGreen brings niche capabilities such as meal vouchers, carbon calculators, and donation features. The move aligns with Lemonway’s goal of becoming a sovereign European payment champion, and enhances its offerings for e-merchants across Europe. (Source)

23andMe Faces Scrutiny as 1.9 Million Users Delete Data Amid Bankruptcy and Controversial Sale to Regeneron

About 1.9 million 23andMe users, approximately 15% of its customer base, have requested deletion of their genetic data following the company’s bankruptcy filing in March. Interim CEO Joseph Selsavage disclosed the figure during a House Oversight Committee hearing, where lawmakers expressed concern over the privacy implications of the company’s sale to Regeneron for $256 million. Regeneron, which plans to use the data for drug discovery, has pledged to uphold 23andMe’s existing privacy policies. The sale is under legal scrutiny, with over two dozen states suing to prevent the transfer of genetic data without explicit customer consent. The controversy follows a major data breach in 2024 that exposed sensitive data of nearly 7 million users. (Source)

Liongard Acquires Cyio to Strengthen Cybersecurity Capabilities for MSPs

Liongard has acquired Darklight’s Cyio platform to enhance its cybersecurity offerings for managed service providers (MSPs). The integration brings AI-powered vulnerability prioritization into Liongard’s attack surface management platform, allowing MSPs to focus on the most critical threats based on real-time intelligence and business impact. Cyio’s capabilities include always-on risk scoring, standards-aligned reporting (e.g., NIST, FedRAMP), and contextual analysis, helping partners streamline remediation, simplify compliance reporting, and reduce operational overhead. The move positions Liongard as a more comprehensive security platform provider, enabling MSPs to scale efficiently by automating threat prioritization and empowering less experienced technicians to perform complex security tasks. (Source)

OneSpan Acquires Nok Nok Labs to Expand Passwordless Authentication Capabilities

OneSpan Inc. has acquired Nok Nok Labs, a leader in FIDO passwordless authentication, to expand its capabilities in secure, flexible authentication solutions. The acquisition enhances OneSpan’s portfolio, combining its FIDO2 security keys with Nok Nok’s software to offer a broad range of authentication methods for both cloud and on-premises environments. CEO Victor Limongelli emphasized the strategic shift toward passwordless authentication and greater customer choice. Nok Nok, a founding member of the FIDO Alliance, brings deep expertise and a global customer base, strengthening OneSpan’s position in regulatory-compliant, scalable solutions. The integration aims to deliver a unified authentication platform that benefits banking and enterprise customers worldwide. (Source)

MIND Raises $30M to Redefine AI-Native Data Loss Prevention for the Enterprise

MIND, an AI-native data loss prevention (DLP) platform, has raised $30M in Series A funding, led by Paladin Capital Group and Crosspoint Capital Partners, bringing total funding to over $40M. In just seven months post-stealth, MIND achieved 500% customer growth and gained adoption among Fortune 1000 companies, securing sensitive data across hundreds of thousands of endpoints. Its platform integrates real-time data security posture and AI-driven threat prevention, reducing false positives and automating response. Addressing challenges like unstructured data and insider risk, MIND stands out in a market burdened by legacy DLP tools. The company was also recognized at RSAC 2025. (Source)

Circle Surges in $1.05B IPO as Investor Demand Boosts Stablecoin Leader’s Market Debut

Circle Internet Group, issuer of the USDC stablecoin, priced its IPO at $31 per share, above expectations, raising $1.05 billion and reaching a $6.8 billion valuation. Strong investor demand led to an expanded share offering and gave underwriters the option to sell more. As one of the most prominent crypto firms to go public, Circle focuses solely on stablecoins, with USDC as the market’s second-largest. The IPO comes amid renewed enthusiasm for tech and crypto listings, driven by favorable regulatory signals under the Trump administration and rising institutional interest in stablecoins. With a strong compliance record, Circle is well positioned as a trusted leader in a sector poised for exponential growth. (Source)

⚖️ Policy and Regulatory

Apple Expands Digital ID in Wallet for TSA Use but Not for International Travel

Apple has announced that a TSA-approved version of its Digital ID will be available in Apple Wallet this fall, allowing iPhone users to use it for domestic travel at supported TSA checkpoints. However, contrary to some online speculation, the Digital ID will not serve as a replacement for a physical passport, especially for international travel. The rollout reflects a broader trend toward the digitalization of government IDs, though it raises privacy concerns. Users are cautioned against handing over unlocked phones to TSA officers, as doing so could be interpreted as consent for a search. The feature will also enable autofill identity verification in airline apps, providing convenience but also necessitating vigilance regarding data privacy. (Source)

Trump Executive Order Reshapes U.S. Cybersecurity by Cutting Digital ID Programs and Softening Vendor Compliance

President Trump has signed a sweeping Executive Order overhauling U.S. cybersecurity policy, dismantling key Biden-era initiatives. The directive eliminates federal support for digital identity programs, citing concerns over potential entitlement fraud, despite no mandates for digital ID issuance to immigrants. It also rescinds secure software development attestations, favoring a public-private approach aligned with NIST’s framework. AI cybersecurity efforts are refocused on managing vulnerabilities rather than advancing secure AI research, and the urgency in adopting post-quantum cryptography is delayed. While standards for IoT devices and encryption modernization are retained, critics argue the order politicizes cybersecurity by linking it to immigration and election policies, and by removing tools like cyber sanctions for domestic threats. The administration frames the shift as a move toward technical neutrality, though experts warn it may weaken U.S. cyber defenses amid escalating threats. (Source)

Liberia Seeks Funding to Expand National ID Amid High Demand and Low Enrollment

Liberia’s National Identification Registry (NIR) is facing significant financial hurdles in expanding national ID coverage, despite strong political support and public interest. Executive Director Andrew Peters emphasized that while citizens are eager to enroll, the cost of registration remains a key barrier, prompting the government to explore funding options to make the process free. Currently, only 14 percent of Liberia’s five million citizens are enrolled, and efforts are underway—including a presidential executive order mandating ID enrollment and a UNICEF-supported child registration pilot—to boost adoption. The NIR aims to secure further international partnerships to meet its 2030 target under UN SDG 16.9 and accelerate digital transformation efforts launched with recent World Bank funding. (Source)

U.S. Department of Education Introduces Live ID Verification for FAFSA Applicants Amid Fraud Surge

The U.S. Department of Education is implementing enhanced identity verification protocols for federal student aid applicants starting summer and fall 2025 to curb rising identity fraud. In response to a spike in fraudulent FAFSA submissions—approximately 150,000 recently flagged—the department will mandate temporary identity validation for select applicants this summer, followed by permanent checks for all applicants in the fall. These checks will require valid government-issued photo IDs and must be conducted live, either in person or via video. This move addresses vulnerabilities worsened by remote learning and relaxed verification during the pandemic, with notable fraud cases in states like California and Minnesota, including a $7.4 million loss at the College of Southern Nevada. (Source)

EU Launches International Strategy to Expand EUDI Wallet and Digital Identity Standards Globally

The European Union has introduced its International Digital Strategy to extend the influence of its European Digital Identity (EUDI) Wallet and associated trust services globally. The strategy emphasizes the adoption of EU-based digital identity frameworks as legal and interoperable digital infrastructure in partner nations. It aligns with the EU’s broader goals of enhancing technological sovereignty, promoting security, and setting global digital governance standards. The plan includes collaboration with neighboring and strategic countries such as Ukraine, Moldova, India, and Brazil, focusing on interoperability, e-signatures, and digital public infrastructure. The EU also aims to promote its European Interoperability Framework to facilitate cross-border digital integration. (Source)

🔗 More from Liminal

Access Our Intelligence Platform

Stay ahead of market shifts, outperform competitors, and drive growth with real-time intelligence.

Link Index for Business and Entity Verification (BEV)

Discover the Top 20 Vendors on the Link Index for BEV and gain an unfair competitive advantage through unparalleled access to expert insights.

Liminal Demo Day: Combating AI Threats

Learn how leading teams are tackling the rise of deepfakes, bots, and identity fraud in 15-minute demos—no fluff, no marketing buzzwords.

The post This Week in Identity appeared first on Liminal.co.

The post Enhanced Security in a Digital Age: The Importance of Document Verification appeared first on uqudo.

For those who joined me at Identiverse 2025 and had a chance to hear my keynote, you know it wasn’t just a presentation—it was a rallying cry. In a world increasingly flooded with misinformation, deepfakes, and impersonations, I urged identity professionals to embrace a new mantra: We Are the Guardians of Authenticity.

 

But Identiverse was much more than a single moment on stage. It was an inspiring week of connection, collaboration, and momentum. Ping Identity was proud to play a major role at the event, with an impactful presence that reflected our deep commitment to innovation and partnership.

 

MCP Integration: A New Blockchain Development Paradigm Powered by AI and Metadium

Dear Metadium community,

Today, we’re excited to introduce web2x-mcp, a seamless integration of Metadium’s blockchain with Claude AI’s MCP protocol, designed to make blockchain development easier than ever.

Metadium continues to adopt the latest AI technologies to support smoother integration of Web3 into real-world applications.

🌠 From Web2 to Web3

As over 60% of Fortune 500 companies are now exploring blockchain projects, the demand for Web3 integration continues to rise.

However, blockchain adoption remains challenging due to its complex requirements, including multi-step API calls, transaction signing, wallet management, and more.

web2x solves this challenge.
It enables traditional Web2 developers to integrate with the Metadium blockchain using intuitive REST APIs — no prior knowledge of blockchain is required.

🌟 MCP Integration: Build Blockchain Services Using Natural Language

Metadium takes this one step further with web2x-mcp, now integrated with MCP (Model Context Protocol) — one of the most promising standards in AI-driven automation.
This integration enables LLMs like Claude and ChatGPT to directly interact with Metadium’s blockchain infrastructure.

With simple commands like:

“Create a wallet” → Wallet generation “Issue an NFT” → Contract deployment and NFT minting “Burn the first NFT” → NFT burn transaction

AI can handle the complexity of blockchain in the background, allowing the user to interact through plain language.

🚀 How to Integrate — In 3 Simple Steps Get your API key at https://web2x.io Install web2x-mcp from the Metadium GitHub repository and configure the settings file. Connect Claude or another AI model using MCP — then start issuing natural language commands.

No more complicated API documentation. No more manual blockchain calls. Just speak, and it builds.

🧠 Why This Matters for the Future of Web3

AI is one of the most transformative technologies today — and Metadium is leading the way by combining AI, Decentralized Identity (DID), and Web3.

This MCP-powered integration empowers companies to adopt blockchain effortlessly and positions Metadium as a key infrastructure layer in the AI-first Web3 era.

📢 Stay Updated — Join the Metadium Community

We’ll continue sharing real-world DID use cases, AI-powered service launches, and partnership news every week.

Website | https://metadium.com Discord | https://discord.gg/ZnaCfYbXw2 Telegram(EN) | http://t.me/metadiumofficial Twitter | https://twitter.com/MetadiumK Medium | https://medium.com/metadium

Thank you.

Metadium team.

MCP 통합. AI를 통해 메타디움이 제시하는 새로운 블록체인 개발 패러다임

안녕하세요, 메타디움 팀입니다.

오늘은 메타디움 블록체인을 더욱 손쉽게 활용할 수 있는 개발 환경인 web2x와 클로드 AI MCP를 통합한 web2x-mcp에 대해 소개드리고자 합니다.

메타디움은 최신 AI 기술 표준을 도입하여 더 쉬운 Web3 블록체인 통합을 지원하고 있습니다.

🌠 기존 Web2 서비스를 Web3로!

포춘 500대 기업의 60%가 블록체인 프로젝트를 진행(기사)할 정도로, 기업들의 블록체인 도입 관심은 더욱 높아지고 있습니다.

하지만, 블록체인은 다양한 API 호출, 트랜잭션 서명, 지갑 관리 등 높은 기술 이해도가 요구되어 많은 기업들이 도입의 어려움을 겪어왔습니다.

web2x는 바로 이 문제를 해결합니다.

기존의 Web2 개발자가 별도의 블록체인 전문 지식 없이도 REST API 방식으로 쉽게 메타디움 블록체인을 연동할 수 있도록 돕는 혁신적인 개발 플랫폼입니다.

🌟 MCP 통합: 자연어 명령만으로 블록체인을 구축

메타디움은 AI 최신 기술 MCP가 결합된 web2x-mcp로 한 단계 더 나아간 혁신을 선보입니다. MCP는 현재 AI 분야에서 가장 주목받는 외부 데이터 통신 표준입니다. 이제 Claude, ChatGPT 등 LLM에서 메타디움 블록체인을 더 쉽게 통합할 수 있습니다.

클로드, 챗지피티 등 대형 AI 모델에 다음과 같은 자연어 명령만으로 블록체인을 쉽게 구축할 수 있습니다.

“지갑을 만들어줘” → 지갑 생성 “NFT를 발행해줘” → NFT 컨트랙트 배포 및 발행 “첫 번째 NFT를 소각해줘” → 소각 트랜잭션 실행 🚀 간단한 통합 방법 https://web2x.io/ 에서 API 키를 발급합니다. GITHUB에 있는 Metadium의 web2x-mcp 저장소에서 web2x-mcp를 설치하고 설정 파일을 구성합니다. Claude(또는 지원되는 AI 모델)에 연결된 MCP를 통해 자연어 명령으로 블록체인 작업을 실행합니다.

AI는 오늘날 가장 혁신적인 기술 중 하나이며, 메타디움은 AI, 탈중앙 신원(DID), 그리고 Web3를 결합함으로써 그 흐름을 선도하고 있습니다.

MCP 기반의 이 통합은 기업들이 블록체인을 손쉽게 도입할 수 있도록 지원하며, 메타디움을 AI 중심 Web3 시대의 핵심 인프라로 자리매김하게 합니다.

📢 매주 발표되는 소식을 받기 위해 메타디움 커뮤니티를 구독하세요

다양한 분야에서 DID의 적용과 AI 기술 활용 사례, 협업 소식이 매주 이어집니다.

Website | https://metadium.com Discord | https://discord.gg/ZnaCfYbXw2 Telegram(EN) | http://t.me/metadiumofficial Twitter | https://twitter.com/MetadiumK Medium | https://medium.com/metadium

감사합니다.

메타디움 팀.

MCP Integration: A New Blockchain Development Paradigm Powered by AI and Metadium was originally published in Metadium on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Migrating to Data-Centric ISPM appeared first on Radiant Logic.

The post Identity as a Big Data Problem appeared first on Radiant Logic.

The post Radiant Logic Unveils Its Next-Generation Chatbot appeared first on Radiant Logic.

The post Modernizing Healthcare IAM: From Legacy Pain Points to Unified Identity appeared first on Radiant Logic.

Holochain 0.5 is recommended for use.

We’re now recommending Holochain 0.5.2 for general development. The upgrade guide tells you everything you need to know to get your hApp updated and running.

Holochain 0.5 is already in the hands of early adopters, and the feedback so far is that it’s much more consistent, which makes it feels faster. Here’s a message we got from the lead dev of a project:

Initial test feedback on Holochain 0.5.1 is that gossip is performant. We've noticed that time to reach full DHT sync is approximately 1 minute down from 30+ minutes.

A 30× speedup is a big leap. The dev explained that with Holochain 0.4, synchronization would sometimes be fast, but other times it could be extremely slow or not complete at all. Now, new data shows up reliably — it takes up to a minute to appear for new peers and is almost immediate for already synced peers.

Interestingly, performance wasn’t the focus of 0.5 — it was about making peer networking more reliable.

Let’s look at that one-minute delay for new peers, because it’s important for developers and users to understand.

With Kitsune2, Holochain 0.5’s new networking implementation, the behavior for newcomer nodes has changed somewhat. Initially, most DHT data won’t be visible, and they won’t immediately receive new data from other peers — this is the time when their node is trying to discover other peers and sync data with them, and hasn’t yet advertised that they’re storing and serving data (so they won’t receive publish messages for new data).

At the beginning, the gossip loop happens every minute instead of the default five minutes, in order to get this initial sync completed sooner. After this stage — one, two, or a few gossip rounds depending on the number of peers and amount of data — the newcomer has a full peer table and a full DHT shard*, so they drop the gossip frequency to five minutes. Now all data lookups are local (so they’re fast). They’re also getting new data directly from authors via publish rather than gossip (so that’s fast too).

Known issues:

We’re working on an 0.5.3 release to address feedback from early testers. Here’s what we plan to tackle:

When an agent goes offline, other agents may keep trying to connect to them for up to 20 minutes, which will cause network errors and slow data synchronization. We’re tracking this (Holochain #4978, #4999, #5000, #5017). (Note: this is a long-standing problem that has become more visible now that networking as a whole is working better.) We’ve received feedback that the new initial syncing behavior creates a feeling of unresponsiveness for new users, so we’re looking at strategies to help initial sync complete sooner (kitsune2 #220).

These will be addressed in the 0.6 dev release series and backported to 0.5.

In development

In the Holochain 0.6-dev line, work is being done on SQL query performance. I reported some good progress in last Dev Pulse, and since then, general query execution time has been cut by 25% across the board.

This release series will also address the feedback on 0.5:

Agents will fetch data from multiple peers in parallel to get a response faster, and in case one happens to be offline (Holochain #5000). Unresponsive peers will be tracked (kitsune2 #221) and filtered from gossip rounds until they come back online (kitsune2 #222). Existing agents will permit bursts of gossip from newcomers, to help them get synced quickly, while newcomers will attempt new gossip rounds as soon as they’ve fetched the content they discovered during the last round, until they’re in sync (kitsune #220).

Most of this is already complete and ready to be backported to 0.5.3.

In 0.6 we’re also planning to work on:

Read access gating via membrane proofs Coordinator zome updates More state management reviews

Along with various bug fixes and maintenance tasks.

In a later release we’ll focus on building more test scenarios and reporting on test metrics from Wind Tunnel.

Behind every great social media platform sits a digital representation of who you know and what you like.

The digital mapping of who you know is called your social graph, and the map of what you like is called your interest graph.

Every platform tracks and maps your activity into these two types of “spiderweb” graph and every action you take adds a bit more “web” each time.

Creepy, right?

Well, it’s especially creepy when you discover these graphs exist even if you’re not on social media, since companies like Google, Apple and even banking apps build interest graphs based on your contacts, emails, purchases, and browsing history.

So, to be clear:

A social graph is about who you know—it maps your relationships within a social network: your friends, family, coworkers, etc.

An interest graph is about what you like—it connects you to other people based on shared interests, hobbies and topics, rather than personal relationships.

Every social media platform including the short-form video and content discovery platforms like YouTube and TikTok build and use these graphs about their users. And, surprise, surprise, they use them to analyze user behavior, personalize user experience, recommend content, and sell ads and the data itself.

But they’re not the only ones:

Online retailers use interest graphs to recommend products based on your browsing history and past purchases.
Streaming services like Netflix and Spotify use interest graphs to suggest content based on your viewing or listening habits.
News aggregation platforms like Google News and Apple News use interest graphs to personalize news feeds and recommend articles based on your interests.
Many other apps and services, such as dating apps, job boards, and travel booking platforms, use interest graphs to personalize user experiences. 

But while social graphs and interest graphs improve user experience, they also raise privacy and security concerns. The more data collected, the more companies—and bad actors—know about you, so it’s crucial to manage your privacy settings and take other proactive privacy steps.

You can control your social graph and interest graph, to an extent

While you can’t completely opt out of having social graphs and interest graphs, you can take steps to control what information is collected and shared:

Review your privacy settings on platforms like Facebook, Twitter, and LinkedIn to limit data collection.
Be choosy about accepting friend requests and connections to limit the amount of your personal data that others can access.
Limit app permissions to stop third-party services from accessing your social graph data.
Regularly audit your online activity to remove old or inactive connections, unfollow accounts, and mute topics you’re not interested in.

While that’s the standard advice, you can do more to protect yourself:

Use Sudo digital identities in MySudo all-in-one privacy app to break your data trail. MySudo lets you control who sees your personal information online and in real life.
Use the end-to-end encrypted messaging within each Sudo in MySudo to keep your conversations private.
Use the private browser within each Sudo in MySudo to search the internet free of ads and trackers.
Use the virtual card within each Sudo in MySudo to hide your transaction history from your bank and those they sell your data to. (Yes, they do!)
Take even greater control of your data privacy with all Anonyome Labs’ personal information protection tools in easy-to-use apps, including RECLAIM, which lets you reclaim your personal data from companies that store and sell it.

You can’t control whether platforms build social and interest graphs about you, but you can control a lot of what they see, with MySudo. Download MySudo for iOS or Android.

New to MySudo? Start here.

The post What are Social Graphs and Interest Graphs, and Do I Have Them? appeared first on Anonyome Labs.

A big step for travel, a giant step for digital credentials: Apple will enable the mdoc credential format in its next software release for identity authentication in domestic US travel. With the aviation and travel sectors embracing multiple forms of decentralized identity and verifiable credentials for interoperable global travel, there’s little doubt that the transformation of digital identity is under way.

By Trevor Butterworth

In a signal that digital credentials are going to be the norm for travel and authentication in the near future, Apple announced a WWDC25, its annual Worldwide Developers Conference,, that the upcoming version of its iOS 26 software will allow a person to derive a digital credential from their passport using the mdoc credential format and store it in their Apple Wallets to prove their identity for domestic travel in the U.S.

In a second, related announcement on its developer page, Apple announced the availability of an Apple Identity Document Provider API, which allows websites to receive presentations of mdoc-based documents as a way to authenticate identity.

While not the headline news at WWDC25, these developments represent a significant move forward in the global adoption of seamless, secure, and privacy-preserving digital identity and authentication. 

For now, Apple has confined itself to credentials based on the  the mdoc (mobile document) standard — ISO18013-5 — which is typically used for mobile driver’s licences (mDL). 

The global aviation sector is currently focused on  credential formats and protocols that enable international travel and interoperability between the European Union digital identity specifications and the rest of the world.

As of now, Apple’s digital wallets do not offer full support for Europe’s digital identity and wallet specifications (e.g., support for OID4VC and SD-JWT VC is not yet included) and do not appear to utilize the full International Civil Aviation Organization’s Digital Travel Credential (DTC) specifications, which establish global standards for creating digital passports.

Because Apple is deriving credentials from existing physical IDs, this also means that the Apple Wallet announcement doesn’t apply to government-issued digital passports based on an upcoming global standard — DTC Type 2 Credentials — which Indicio is working on through its global partnership with SITA as part of the European Union’s Aptitude Trial. 

Yet Apple’s experience in successfully implementing new technology and its skill at delivering effortless user experience is a “lift-all-boats” moment, as it will catalyze the administrative and infrastructural transformation needed for the successful global adoption of verifiable credential technology. 

An incremental approach makes sense. The big wallet providers like Apple and Google will learn from the furious pace of innovation around verifiable credentials in the global aviation sector with all the sector and government specific operational and regulatory requirements.  

One observation from Indicio’s role in this innovation race: As different countries and geographic regions have already adopted different specifications, interoperability and governance will be the key to usability and seamless travel.

This announcement shows we are all headed toward the same goal — seamless, secure, digital interaction using digital credentials — and that is going to benefit everyone.

Indicio, digital credentials, and travel

As a global market leader in verifiable digital credentials for travel, finance, education, government services, and logistics, Indicio’s decentralized identity solution — Indicio Proven — enables customers to choose from credential representations including mdoc/mDL, ensuring compatibility with Apple, along with SD-JWT VCs, W3C Verifiable Credentials, AnonCreds, Open Badges 3.0, and protocols including DIDComm and OID4VC so that they can best meet their use case and regulatory or geographic requirements. 

The variety of use cases for digital credentials means that the future (which is already here) is one where different credentials are used for different purposes but can also interoperate and be combined for maximum flexibility. Indicio recently showed in a trial with Delta Air Lines  that multiple credential formats can be used in a seamless workflow for international travel. Our goal is to enable trusted identity and data to go from anywhere to everywhere in the world with travelers consent.

To find out which credential supports your use case best or how to leverage interoperability between credential formats, contact us here.

For more information on the applications, benefits, and limitations of the mdoc/mDL credential format, see this recent Indicio explainer.

The post Signs of the times: Apple Wallet Opens to Digital Credentials for Travel appeared first on Indicio.

Top-rated KYC providers balances technological innovation while adhering to strict regulatory obligations. The right KYC provider can significantly influence a company's reputation, operational efficiency, and bottom line.

The post Defining Features of the Top-Rated KYC Providers first appeared on ComplyCube.

The post Link Index for Business and Entity Verification appeared first on Liminal.co.

After three years of intense collaboration, innovation, and field testing, the moveID project—part of the Gaia‑X 4 Future Mobility initiative—has made significant strides toward redefining how mobility ecosystems work. At its core, moveID aimed to create a decentralized, user-centric infrastructure where vehicles, infrastructure, and service providers interact seamlessly using Self-sovereign Identity (SSI) and AI agents.

Building the Foundation for Trusted Machine Communication

Working alongside industry leaders such as Bosch, Airbus, Continental, and leading Web3 projects, we contributed to building the technical and conceptual foundation for trusted machine-to-machine communication in the mobility sector. This included the secure exchange of credentials, decentralized data marketplaces, and AI-powered autonomous service interactions—all compliant with European data and privacy standards.

Demonstrating Real-World Impact: MOBIX Park & Charge

A standout achievement was the development and public demonstration of MOBIX Park & Charge, a fully operational system enabling electric vehicles (EV) to autonomously find parking spots, access charging stations, and handle payments. First showcased at IAA Mobility 2023, the system integrated SSI, blockchain-based payments, and AI agents in a live, real-world environment.

Scaling Toward Smart Cities

Beyond the demo, MOBIX has evolved into a scalable smart-city solution. By turning private EV chargers and parking spots into publicly accessible assets, we’re addressing key challenges in urban congestion and infrastructure scalability, while opening up new economic opportunities for individuals and municipalities.

Where Web3 Meets AI

The project also served as a powerful example of the convergence between AI and Web3. By combining intelligent agents with decentralized infrastructure, we demonstrated how machines can not only interact but also negotiate, transact, and self-optimize—laying the groundwork for more ethical and transparent digital ecosystems.

A Foundation for the Future

In sum, moveID wasn’t just about mobility. It showcased how decentralized identity, autonomous agents, and AI can reshape how devices, services, and users interact—not just in cities, but across industries. As the project concludes, its outcomes provide a strong foundation for future applications in smart infrastructure, data sovereignty, and the broader digital economy.

The post moveID: Wrapping Up Three Years of Mobility Innovation appeared first on DATARELLA.

The DDI (Data Documentation Initiative) is a metadata standard designed to document the full research data lifecycle, improving discoverability, reuse, and reproducibility—especially in social sciences. Unlike DataCite, which focuses on citation and discoverability, DDI captures detailed context like methodology and data processing. Platforms like myLaminin support DDI integration, helping researchers enhance metadata quality without added complexity.

To pave the way for KILT Protocol’s ambitious multi-chain future, the KILT token will migrate from its current Base contract to a new Base contract. The migration window will open at 1200 UTC on Thursday June 19th 2025 and remain open for at least 10 weeks. Any holders who do not migrate their tokens within this timeframe shall risk losing them irrevocably.

In line with the new tokenomics scheme approved by the community, holders will receive 1.75 new KILT for each 1 old KILT migrated (i.e. a migration ratio of 1:1.75). The migration will not change the maximum token supply of 290,560,000. After the migration, 100% of the supply will be minted and there will be zero inflation. For further details please see the governance discussion and referendum.

The KILT parachain will continue to run as normal and without interruption. In due course the new Base token will be bridged back to Polkadot to serve as gas, in governance functions, etc.

Please read this guide carefully before undertaking to migrate your tokens.

Contracts and Audit Ethereum KILT: 0x5d3d01fd6d2ad1169b17918eb4f153c6616288eb Base KILT (old): 0x9e5189a77f698305ef76510aff1c528cff48779c Base KILT (new): 0x5d0dd05bb095fdd6af4865a1adf97c39c85ad2d8 Migration Contract: 0x4a62f30d95a8350fc682642a455b299c074b3b8c Security Audit: https://skynet.certik.com/projects/kilt-protocol Migration Routes

There are two alternative ways for users to migrate their KILT tokens.

Either: 1) Deposit to a participating Centralised Exchange (CEX) before their respective deadlines.

We are actively working with KILT’s exchange partners to support the migration. Users with KILT successfully deposited to a participating exchange before their respective deadlines will have their KILT migrated automatically. Note that this is a one-time event; if the deadline is missed it is very unlikely that any further assistance will be offered by the CEXs and deposits will no longer be open to the old KILT token.

Whilst the KILT Foundation strives to support CEX participation, they remain completely independent and the nature and extent of their participation may be subject to change. Individual CEX policies will apply; KYC may be required and geographic restrictions may exist. Each exchange will have their own schedule, deadlines and requirements — please check with your chosen exchange and monitor official channels.

Or, 2) Follow the self-custody bridging and migration route laid out below.

This process requires basic familiarity with self-custody wallets, signing transactions, etc. From 1200 UTC on Thursday June 19th 2025 the migration window will be open for at least 10 weeks and users may migrate at their convenience within that timeframe. After final closure of the migration window, migration will no longer be possible and if a user has not migrated their tokens they will be lost, without the possibility of recourse.

This guide covers bridging of KILT from Polkadot to Base, and migration within Base from the old contract to the new. The overall journey tokens must take is as shown:

You will need:

For Step 1

A Polkadot wallet e.g polkadot{.js}, Talisman, Subwallet, Nova etc. Note that Sporran, the original KILT wallet, will not suffice; the wallet must be able to connect to multiple parachains (e.g. AssetHub). See Appendix — Starting from Sporran at the foot of this guide. An EVM wallet DOT for gas (~$5 fee as of 19th June)

For Steps 2 & 3

An EVM wallet ETH on Ethereum for gas (~$0.60 fee as of 19th June) ETH on Base for gas (<$0.01, this can be bridged during this process)

Note that steps 1 and 2 may be carried out at any time, including before the opening of the migration window. Step 3 may not be completed until the opening of the migration window.

It is recommended to carry out this process on desktop, rather than mobile.

1) Bridge native KILT to Ethereum

Use Polar Path and Snowbridge, following the procedure detailed here:

Switch Polkadot and Ethereum Tokens with Polar Path

Note that Sporran, the original KILT wallet, will not suffice; the wallet must be able to connect to multiple parachains (e.g. AssetHub). See Appendix — Starting from Sporran at the foot of this guide.

2) Bridge Ethereum KILT to Base

a) Go to https://superbridge.app/Base

b) Connect the same wallet you used with Snowbridge during Step 1, which is now holding your Ethereum KILT, and ETH.

c) Click the drop-down list of tokens (normally showing ETH by default).

d) You will see a list of tokens to choose from:

e) In the search field, enter the contract address for Base KILT:

0x9E5189a77f698305Ef76510AFF1C528cff48779c

and select it from the list.

SuperBridge will discover both Ethereum and Base KILT. Import the pair.

Note: if the search fails or does not show a correct balance, you may first need to add KILT as a custom token to your wallet. For example, according to this guide for Metamask.

f) Enter the amount of KILT you would like to bridge. Click “Review bridge” and follow the approval and signing steps particular to your connected wallet. Await confirmation that the bridge has been successful (~3 minutes).

g) If you don’t already have ETH on Base, you will need some to carry out the migration — $0.01 to $0.05 will suffice under normal network conditions.

When the KILT bridging is complete, change the token in the drop-down list from KILT to ETH and repeat the process: click “Review bridge” and follow the approval and signing steps particular to your connected wallet.

h) When the bridging is complete, you can view your Base KILT tokens and Base ETH by switching your wallet to the Base network and adding KILT as a custom token with contract address:

0x9E5189a77f698305Ef76510AFF1C528cff48779c

3) Migrate from the old Base contract to the new Base contract

a) Go to https://migrate.kilt.io to access the KILT migration portal. Carefully read the Terms and Conditions before proceeding.

b) Connect your wallet. If required, the portal will prompt you to switch networks to Base.

c) Enter the amount of KILT you would like to migrate and click Approve. Sign the transaction in your wallet.

d) When the approval is complete, the button will change to Migrate. Click the Migrate button and sign the transaction in your wallet.

e) To view your migrated KILT, add the new contract address to your wallet as a custom token:

0x5d0dd05bb095fdd6af4865a1adf97c39c85ad2d8

This completes the migration. Appendix — Starting from Sporran

If you hold KILT tokens on Sporran, you must first move them to a Polkadot wallet which can interact with other parachains (namely, AssetHub) as well as KILT Spiritnet. Sporran can interact only with KILT Spiritnet.

This may be achieved by either:

Creating a new KILT address within a suitable wallet (e.g polkadot{.js}, Talisman, Subwallet, Nova etc. etc.) and manually sending your KILT from Sporran to the new address, using the “Send” function on Sporran. This is exactly like any other normal token transfer you may have undertaken in the past. Taking your 12 words (recovery phrase/seed words), which were recorded when originally setting up your Sporran address, and importing them into a suitable wallet (e.g polkadot{.js}, Talisman, Subwallet etc.) to recreate your address there. Please consult user guides for your chosen wallet; you may find this function described as “Importing” or “Restoring” an existing wallet. Disclaimer

This guide is provided for informational purposes only and does not constitute financial, legal, or investment advice. The KILT Foundation and its affiliates make no representations or warranties of any kind, express or implied, regarding the completeness, accuracy, reliability, or suitability of the information contained herein. The information is provided “as is”, to the best of our knowledge and efforts, and may be subject to change without prior notice.

Users undertake the KILT token migration at their own risk. The migration involves interactions with blockchain technologies, third-party bridges, centralized exchanges (CEXs), and smart contracts, each of which carries inherent risks including but not limited to technical failures, user error, loss of funds, and service changes by independent entities.

The KILT Foundation does not assume responsibility for any loss, damage, or inconvenience resulting from the use of this guide or from the actions of any third parties mentioned herein. Participation by centralized exchanges is not guaranteed and may be subject to change without notice.

Users are strongly encouraged to ensure they are using official links and sources, to verify contract addresses, and to understand the technical steps involved before proceeding. If you are unsure about any part of the process, seek advice from a qualified professional or contact the KILT support channels.

By following this guide, you acknowledge and accept full responsibility for the outcome of your actions.

KILT Foundation
Genesis Building, 5th Floor, Genesis Close,
PO Box 446, Cayman Islands, KY1–1106
Certificate №418097
Directors: Rishant Kumar, Svetoslav Boyadzhiev
Contact: hello@kilt.io

KILT Token Migration Guide was originally published in kilt-protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

In today’s fast-paced business world, your web browser is more than just a tool for browsing the internet – it’s a critical component of your team’s productivity and efficiency. A well-chosen browser can streamline workflows, enhance collaboration, and safeguard sensitive company data, while a poor choice can lead to frustrating delays and security vulnerabilities. But with so many options available, how do you pick the best web browser for business that truly unleashes your team’s potential? This guide dives deep into the features and considerations crucial for making an informed decision that will empower your employees and secure your operations.

Introduction to Web Browser for Business What is a Web Browser for Business?

A web browser for business is more than just a consumer browse tool; it’s a strategically chosen application designed to enhance organizational productivity, streamline workflows, and, most critically, provide robust security for sensitive company data. Unlike standard browsers built for general use, a business-grade browser often integrates advanced features like centralized management for IT teams, enhanced security protocols such as sandboxing and data loss prevention (DLP), and seamless compatibility with enterprise-specific applications and cloud services.

Why Does a Business Need a Web Browser?

Businesses need a carefully chosen web browser for several compelling reasons:

Enhanced Security: This is paramount. Over 80% of cyberattacks targeting end-users originate in the browser, including phishing, malware, and ransomware. A standard consumer browser offers basic protection, but a dedicated business browser provides advanced security features like built-in threat protection, data loss prevention (DLP), secure access to cloud applications, and real-time monitoring to safeguard sensitive company data from evolving threats. Boosted Productivity and Efficiency: Employees spend the majority of their workdays in a browser, accessing cloud-based software (CRM, project management, accounting), collaborating, and conducting research. A browser optimized for business offers seamless integrations with essential business applications, efficient tab management, and cross-platform syncing, all of which streamline workflows and reduce friction, leading to significant productivity gains. Centralized Management and IT Control: Unlike individual consumer browsers, a business browser allows IT departments to centrally manage and enforce security policies, control extensions, restrict access to risky websites, and deploy updates across the entire organization. This level of control is crucial for maintaining consistent security configurations, ensuring compliance, and significantly reducing IT overhead. Support for Remote and Hybrid Work: With the rise of remote and hybrid work models, employees often access corporate resources from various devices and networks. A business browser provides a secure and controlled environment for accessing company data, even on unmanaged devices, mitigating risks associated with Bring Your Device (BYOD) policies. Compliance and Data Governance: Many industries face strict regulatory requirements regarding data privacy and security (e.g., GDPR, HIPAA). Business browsers help organizations meet these compliance standards by offering features that prevent data leakage, support secure browser practices, and provide auditing and reporting capabilities to track user activity and security incidents. Why Choosing the Best Web Browser for Business Matters

Selecting the right web browser for your business is a pivotal strategic decision, far beyond mere preference. In today’s highly interconnected and cyber-threatened environment, the browser acts as your team’s primary gateway to cloud applications, sensitive data, and client interactions. Its impact is felt across several critical areas:

Impact on Productivity: A well-chosen browser directly influences your team’s efficiency. Fast loading times are crucial, as even small delays accumulate to significant wasted hours daily. Crucially, it must ensure seamless compatibility with essential business applications like CRM systems, project management tools and accounting software. A browser that frequently crashes or struggles with these vital tools can severely hamper workflow and reduce output. Addressing Security Concerns: Protecting sensitive information is paramount. The browser is a primary entry point for cyber threats. The right browser offers robust features for safeguarding sensitive data, including client information, financial records, and proprietary intellectual property, against phishing attacks, malware, ransomware, and data breaches. It should provide advanced security protocols to minimize these risks. Facilitating Collaboration and Integration: Modern businesses thrive on teamwork. The ideal browser supports essential extensions that enhance productivity, enable seamless cloud syncing across devices, and integrate smoothly with team workflows. This ensures employees can collaborate effectively on shared documents, communicate effortlessly, and access synchronized data, regardless of their location.

Example:

Consider the tangible risks: a slow or insecure browser can lead to constant frustration, missed deadlines due to inefficiencies, or, far worse, critical data breaches that compromise client trust, incur heavy financial penalties, and severely damage your company’s reputation. Therefore, investing time in choosing a browser optimized for your business needs directly contributes to unlocking your business’s full potential by fostering a more secure, efficient, and collaborative digital workspace.

Criteria for Selecting the Best Web Browser for Business

Choosing the best web browser for business isn’t just about personal preference. It’s a strategic decision impacting your team’s efficiency and data security. Top-tier business browsers excel in several key areas:

Speed and Performance: A critical factor for boosting productivity, leading browsers offer quick page loading times and smooth multitasking. This minimizes delays, keeping your team focused and efficient throughout the workday. Robust Security Features: Paramount for business, the ideal browser includes built-in privacy tools, effective ad-blockers, and strong protection against phishing and malware. These features are vital for safeguarding sensitive company data and preventing cyber threats. Seamless Compatibility: Essential for modern operations, the browser must offer comprehensive support for business tools like Google Workspace, Microsoft 365, CRM systems, and other cloud-based applications. This ensures workflows remain uninterrupted and integrated. Extensive Customization: The availability of a wide range of extensions for productivity, security, and collaboration. It allows businesses to tailor the Browse experience precisely to their unique needs, enhancing specific team functions and overall efficiency. Reliable Cross-platform Support: For today’s remote and hybrid teams, strong cross-platform syncing across all devices (desktop, mobile) is crucial. This ensures consistent access to data and settings, fostering seamless collaboration regardless of location. Best Web Browsers for Business in 2025 Herond Browser Why it’s a top choice

Herond Browser stands out as an innovative solution for businesses seeking a fast, secure, and Web 3.0-ready Browser experience. It’s designed to eliminate common online annoyances like ads and trackers while prioritizing user data protection. Herond’s unique blend of top-tier security features and blazing-fast performance makes it ideal for businesses aiming to boost productivity and explore decentralized applications without sacrificing safety.

Herond Browser Key features for business

Top-Notch Privacy & Security:Herond Shield offers robust ad-blocking, tracker prevention, and protection from harmful sites. With SSL encryption for data security and an Advanced Security Alert System (ASAS), Herond ensures proactive threat warnings.

Gateway to Web 3.0: Businesses exploring blockchain or decentralized finance can leverage Herond Wallet for direct management of digital assets and seamless interaction with blockchain applications within the browser itself, simplifying Web 3.0 adoption.

Blazing-Fast Performance: Herond prioritizes speed, loading pages up to three times faster than traditional browsers. This significant performance boost directly translates to increased employee productivity and a smoother workflow.

Customizable for Your Business: The intuitive interface allows businesses to tailor security settings and optimize the Browse experience. Herond ID provides decentralized identity management, protecting sensitive personal and company information online.

All-In-One Ecosystem: Herond integrates various functionalities, from wallet management to identity protection, into a cohesive browser experience, centralizing critical tools for a more efficient and secure digital workspace.

Why it’s a top choice: As the dominant browser globally, Chrome Enterprise offers unparalleled integration with the Google Workspace ecosystem, which is crucial for many businesses. Its strengths lie in centralized device management, robust Zero Trust integration capabilities, and a vast extension ecosystem for productivity and specialized business tools. Google continues to invest in AI features within Chrome, enhancing user experience and smart search.

Google Chrome Key features for business

Advanced security features, data loss prevention (DLP) capabilities, managed profiles, forced update policies, and extensive administrative controls via Google Admin console. Its familiarity helps with user adoption.

Microsoft Edge Why it’s a top choice

Since transitioning to the Chromium engine, Microsoft Edge has become a strong contender, particularly for organizations heavily invested in the Microsoft ecosystem (Windows 11, Microsoft 365). It boasts AI-powered features like the Copilot sidebar for instant content summarization and interaction and is known for being power-efficient and fast.

Key features for business

Seamless integration with Microsoft 365, built-in security features, vertical tabs for enhanced multitasking, and enterprise-grade management tools via Microsoft Intune and Group Policy.

Mozilla Firefox Why it’s a top choice

Firefox remains a strong choice for businesses prioritizing privacy, open-source transparency, and resource efficiency. While not always having the deep enterprise management features of Chrome or Edge out-of-the-box, it offers robust security settings, Enhanced Tracking Protection (ETP), and is highly customizable for power users and developers.

Key features for business

Independent engine, strong privacy controls, less resource-intensive compared to Chrome, and flexible deployment options for IT. Organizations can configure Firefox for enterprise environments using Group Policy or custom settings.

Brave Browser Why it’s a top choice

Brave is an excellent option for businesses that place a high premium on privacy and browse speed. Its core strength lies in its built-in ad and tracker blocking (Brave Shield), which not only enhances user privacy by preventing unwanted surveillance but also significantly improves page loading times and reduces bandwidth consumption. This can lead to a more focused and efficient browsing experience for employees, directly impacting productivity.

Key features for business Enhanced Privacy & Security: Default blocking of ads, trackers, and cross-site cookies protects sensitive company data and employees’ browsing habits. Fast Performance: By eliminating resource-heavy ads and trackers, Brave loads pages much quicker, contributing to increased workflow efficiency. Crypto Wallet Integration: Built-in crypto wallet appeals to businesses engaging with Web3 technologies or cryptocurrencies. IPFS Support: Native integration with the InterPlanetary File System offers decentralized content access, potentially useful for future-proofing. How to Optimize Your Browser for Business Use

Optimizing your web browser for business is vital for boosting productivity, enhancing security, and streamlining operations. This goes beyond simple installation, focusing on configuring settings to maximize your team’s potential and protect sensitive data.

Key areas for optimization include: speed and performance (fast loading, smooth multitasking), robust security features (privacy tools, threat protection), seamless compatibility with business apps, effective customization via extensions, and reliable cross-platform support for diverse work environments. A well-optimized browser becomes a secure, efficient, and tailored workspace, leading to significant gains in efficiency, data protection, and overall operational excellence.

Conclusion

Choosing the best web browser for business is a critical strategic decision, that directly impacts your team’s productivity, security, and overall efficiency. It’s not just about internet access; it’s about safeguarding sensitive data, streamlining workflows, and empowering your workforce. By prioritizing speed, robust security features, seamless compatibility with business tools, and centralized management, businesses can transform their digital workspace. Invest wisely in your browser choice to unleash your team’s full potential and secure your operations for future growth.

About Herond

Herond Browser is a cutting-edge Web 3.0 browser designed to prioritize user privacy and security. By blocking intrusive ads, harmful trackers, and profiling cookies, Herond creates a safer and faster browsing experience while minimizing data consumption.

To enhance user control over their digital presence, Herond offers two essential tools:

Herond Shield: A robust adblocker and privacy protection suite. Herond Wallet: A secure, multi-chain, non-custodial social wallet.

As a pioneering Web 2.5 solution, Herond is paving the way for mass Web 3.0 adoption by providing a seamless transition for users while upholding the core principles of decentralization and user ownership.

Have any questions or suggestions? Contact us:

On Telegram https://t.me/herond_browser DM our official X @HerondBrowser Technical support topic on https://community.herond.org

The post Best Web Browser for Business: Unleash Your Team’s Potential appeared first on Herond Blog.

In an age of rising streaming costs, the desire to download movies for free is growing, offering film lovers a personal library of blockbusters accessible anytime, offline. While this digital landscape can be complex with legal and safety concerns, knowing the right platforms is key. This guide will help you navigate safely, revealing the best websites to download movies for free by focusing on accessibility, content variety, and user safety. It will ensure that blockbusters truly await you without compromising your device or data.

Introduction To The Best Websites To Download Movies For Free

The appeal of downloading movies for free is stronger than ever, offering film enthusiasts the convenience of building a personal library without recurring subscription costs. However, navigating the online landscape to find reliable and safe platforms can be complex, often raising concerns about legality, malware, and intrusive ads. This guide is designed to cut through the noise, helping you discover the best websites to download movies by focusing on platforms that offer a balance of broad content, user-friendliness, and a commitment to safety. We’ll ensure you can access your favorite blockbusters and cinematic treasures securely and efficiently, transforming your viewing experience without compromising your device or data.

Why Should We Know About Websites To Download Movies for Free?

For many film enthusiasts, this method offers compelling advantages that go beyond simply saving money. Imagine having your favorite blockbusters and cinematic classics available offline, on any device, whenever you want, without worrying about internet connectivity or recurring monthly fees.

Cost Savings

One of the most immediate and significant drivers for people seeking free movie downloads is the undeniable appeal of cost savings. In an entertainment landscape increasingly dominated by multiple subscription services (Netflix, Disney+, Max, etc.), each demanding a separate monthly fee, the cumulative cost can become substantial. Downloading movies for free allows viewers to bypass these recurring expenses entirely, providing access to a vast library of films, including the latest blockbusters, without putting a dent in their budget. This financial relief makes high-quality entertainment accessible to a broader audience, fostering a personal movie library without ongoing financial commitment.

Convenience and Offline Viewing

Beyond just saving money, the desire for enhanced convenience is a major reason people opt to download movies for free. Unlike streaming, which is entirely reliant on a stable internet connection, downloading enables true offline viewing. This means you can enjoy your favorite films anytime, anywhere – whether on a long flight, a road trip through areas with no Wi-Fi, or simply at home during an internet outage. The ability to access movies without buffering issues or connectivity worries offers unparalleled flexibility, making downloaded content a perfect solution for those who want their entertainment readily available on their terms.

Access to Blockbusters Without Subscriptions

A significant motivation behind seeking free movie downloads is the strong desire to access popular blockbusters and a wider variety of films without the need for multiple, potentially expensive, streaming subscriptions. Not all blockbusters are available on every platform simultaneously, and content libraries frequently change. This provides a sense of “ownership” and ensures access to desired content outside the fluctuating terms of various streaming providers.

The Need for Safe and Legal Sources

While the benefits of downloading movies for free are clear, it’s critical to emphasize the need for safe and legal sources. The internet is rife with unofficial websites that distribute copyrighted content, often bundling it with malicious software. Engaging with such platforms carries significant risks, including exposure to malware, viruses, spyware, and other cyber threats that can compromise your device and personal data. Furthermore, downloading copyrighted material without permission can lead to copyright issues and legal repercussions. Therefore, users must exercise extreme caution and prioritize reputable, legally compliant platforms, or those that aggregate links from verified sources, to ensure a secure and ethical downloading experience.

Criteria for Choosing the Best Websites To Download Movies for free

With a vast and often risky online landscape, understanding key criteria is crucial for a safe, high-quality, and enjoyable experience.

Key Factors for Selection

When seeking the best websites to download movies, several crucial factors dictate a safe and satisfying experience. Foremost among these is Safety, ensuring the platform is entirely malware-free and poses no threat to your device or data. Equally vital is Legality, meaning the site primarily offers public domain content or has explicit authorization to distribute the films. Beyond security and compliance, the platform should boast ease of use, featuring an intuitive interface for effortless navigation and downloading. Finally, content quality is paramount, with a strong emphasis on the availability of HD (high-definition) downloads to ensure a superior viewing experience.

Importance of Avoiding Pirated Content

Users must understand the importance of avoiding pirated content when looking to download movies for free. Beyond the ethical considerations, downloading unauthorized copyrighted material carries significant risks. Firstly, it’s a legal issue, potentially leading to copyright infringement penalties. Secondly, and perhaps more immediately, unofficial sites are notorious for being vectors of malware, viruses, and ransomware, which can severely compromise your device, steal personal information, or even corrupt your entire system. Prioritizing legal and safe sources protects both your legal standing and the integrity of your digital devices.

Checking Regional Availability

A final, yet often overlooked, criterion when selecting movie download websites is checking regional availability. Due to licensing agreements and distribution rights, many platforms or specific film titles may be subject to geo-restrictions, meaning they are only accessible from certain countries. Before committing to a site or attempting a download, it’s advisable to quickly verify if the content is legally available in your region. While VPNs can sometimes offer workarounds for these restrictions, being aware of regional limitations from the outset helps manage expectations and ensures a smoother, more compliant downloading experience.

Top Websites to Download Movies for Free

The desire to download movies for free is stronger than ever, offering film enthusiasts offline access without subscription fees. However, finding truly reliable and safe platforms can be challenging.

Here’s a curated list of top websites to download movies for free, prioritizing those offering legal content or public domain titles, alongside platforms known for user-friendliness and quality.

YouTube (Official Channels / Public Domain) Description: While primarily a streaming platform, YouTube hosts a significant amount of free and legal movie content. This includes official channels from studios or distributors that offer free (ad-supported) movies. Pros: Legal, high-quality streams, diverse genres, no registration needed for viewing, often has download options for purchased/rented content (with Premium for free movies). Cons: Direct free downloads of non-public domain movies typically require YouTube Premium; ad-supported. Usage: Search “free movies” or “public domain movies” on YouTube. Some channels like “Popcornflix” or “The Roku Channel” also host free content directly on YouTube. Crackle Description: Owned by Sony, Crackle is a free, ad-supported streaming service that offers a rotating selection of Hollywood movies and TV shows. While primarily for streaming, it’s a legal platform that provides high-quality content. Pros: Legal, no registration required, features well-known movies and original content. Cons: Ad-supported (unskippable ads), geo-restricted to the US (requires a VPN outside the US). The download option is generally for offline streaming within their app, not direct file downloads. Usage: Access via https://www.google.com/search?q=crackle.com or its apps. Pluto TV Description: Owned by Paramount, Pluto TV offers both live TV channels and a substantial on-demand library of movies and TV shows, all for free and ad-supported. It features themed movie channels and a vast collection of films from various genres. Pros: Free, no signup required, a wide selection of licensed content, offers “live” channels and on-demand movies. Cons: Ad-supported, streaming-focused, not typically for direct file downloads. Usage: Access Pluto.tv or its dedicated apps on smart TVs and mobile devices. Plex Description: While known for its personal media server capabilities, Plex also offers a growing collection of free, ad-supported movies and shows from various studios. Its free catalog includes content from the Crackle library and more. Pros: Free, no signup required for free content, high-quality streaming, also allows you to organize your media library. Cons: Ad-supported, primarily for streaming, not direct file downloads. Usage: Visit plex.tv to access the free content or download the Plex app. Public Domain Movies (Sites like Torrent) Description: Websites specifically dedicated to archiving and making public domain movies available. These are films whose copyrights have expired or were never renewed, making them legally free to download and share.. Pros: 100% legal, no registration needed, direct download options for classic films. Cons: Limited to older titles, often black & white, not for modern blockbusters. Usage: Search for “public domain movies” to find various archive sites like Torrent. Kanopy (via Libraries) Description: Kanopy provides free access to a curated selection of award-winning films, documentaries, and educational content. It operates through partnerships with public libraries and universities. It is allowing patrons to stream and sometimes download content with a valid library card or student login. Pros: Legal, high-quality, ad-free, often includes critically acclaimed and independent films. Cons: Requires membership with a participating library or university; not a universally free service. Usage: Check if your local library or university partners with Kanopy (kanopy.com). How to Stay Safe While Choosing Websites To Download Movies For Free

While the allure of downloading movies for free is strong, navigating the online landscape without risking your device or personal data requires vigilance. Unofficial sources can expose you to malware, viruses, and legal issues.

Use Reputable Websites

The most crucial step in staying safe while downloading movies is to strictly use reputable websites. The internet is rife with unofficial sources that distribute pirated content, which are often laden with malware, viruses, and phishing scams designed to compromise your device or steal your personal information. Stick to well-known, legitimate platforms that offer public domain movies, or provide ad-supported legal streaming with the option for offline viewing (like those mentioned in our “Top Websites” list). By choosing established and trustworthy sites, you significantly reduce your exposure to harmful downloads and deceptive practices.

Install Antivirus Software and Enable a Firewall

A fundamental layer of defense when downloading movies from any source is robust cybersecurity. Always install reliable antivirus software on your computer or device and ensure it is kept up-to-date with the latest definitions. This software acts as your first line of defense, scanning downloaded files for malware and blocking known threats. Complement this by enabling your operating system’s built-in firewall. A firewall monitors incoming and outgoing network traffic, preventing unauthorized access to your device and blocking suspicious connections that could arise from unsafe downloads. These two tools work in tandem to create a secure environment for your digital activities.

Consider Using a VPN for Privacy

While not strictly a safety measure against malware, considering a VPN (Virtual Private Network) for privacy is highly recommended, especially if you find yourself needing to access region-restricted content. A VPN encrypts your internet connection and masks your IP address, making your online activities much more private and difficult to trace. This layer of anonymity adds an extra shield against potential monitoring and enhances your overall online security posture when navigating various movie download sites.

Verify the Legality of the Website

Before initiating any download, it’s essential to verify the legality of the website itself. Illegitimate sites that distribute copyrighted content without permission not only put you at risk of encountering malware but can also lead to copyright infringement issues. Look for clear indicators that a site is offering public domain films, has explicit licensing agreements, or is an official platform. Be wary of sites promising the latest blockbusters for free without ads or any clear business model, as these are strong indicators of illicit activity. Prioritizing legal sources ensures you’re enjoying content ethically and without legal repercussions.

Tips for Spotting Unsafe Websites

Developing an eye for danger signs is crucial for staying safe while downloading movies. Be vigilant for excessive pop-ups, especially those that appear immediately upon visiting a site or when clicking anywhere on the page. These are a classic sign of untrustworthy platforms. Similarly, be extremely cautious of suspicious links that redirect you to unexpected pages or prompt you to download unusual files. Other red flags include websites with very generic or unprofessional designs, numerous broken links, or those that demand personal information or unusual browser extensions before allowing access to content. Trust your instincts; if a site feels off, it’s best to navigate away immediately.

Conclusion

In conclusion, the quest for free movie downloads doesn’t have to be a perilous journey. By understanding the compelling reasons—from significant cost savings and unparalleled offline convenience to accessing desired blockbusters without restrictive subscriptions—you can truly enhance your entertainment experience. However, the paramount takeaway remains the absolute necessity of prioritizing safe and legal sources. By adhering to the criteria of reputable websites, utilizing essential cybersecurity tools like antivirus software and VPNs, and learning to spot the red flags of unsafe platforms, you can confidently navigate the digital landscape. Embrace the world of free cinema responsibly, and with the right knowledge, blockbusters truly await you, ready to be enjoyed securely and at your leisure.

About Herond

Herond Browser is a cutting-edge Web 3.0 browser designed to prioritize user privacy and security. By blocking intrusive ads, harmful trackers, and profiling cookies, Herond creates a safer and faster browsing experience while minimizing data consumption.

To enhance user control over their digital presence, Herond offers two essential tools:

Herond Shield: A robust adblocker and privacy protection suite. Herond Wallet: A secure, multi-chain, non-custodial social wallet.

As a pioneering Web 2.5 solution, Herond is paving the way for mass Web 3.0 adoption by providing a seamless transition for users while upholding the core principles of decentralization and user ownership.

Have any questions or suggestions? Contact us:

On Telegram https://t.me/herond_browser DM our official X @HerondBrowser Technical support topic on https://community.herond.org

The post Best Websites to Download Movies for Free: Blockbusters Await You appeared first on Herond Blog.

Predictoor DF145 rewards available. DF146 runs June 12th — June 19th, 2025 1. Overview

Data Farming (DF) is an incentives program initiated by ASI Alliance member, Ocean Protocol. In DF, you can earn OCEAN rewards by making predictions via ASI Predictoor.

Data Farming Round 145 (DF145) has completed.

DF146 is live today, June 12th. It concludes on June 19th. For this DF round, Predictoor DF has 3,750 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF146 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF146

Budget. Predictoor DF: 3.75K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and ASI Predictoor

Ocean Protocol was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF145 Completes and DF146 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

Join Christine Owen, Field CTO at 1Kosmos, and Fadi Jarrar, VP of Public Sector, as they announce a major milestone: 1Kosmos is now FedRAMP High Authorized. Learn what this achievement means for federal agencies, how it sets 1Kosmos apart as the only Kantara-certified CSP with FedRAMP High, and why it reinforces our commitment to delivering the highest standards in security, privacy, and user experience.

Fadi Jarrar:

Hello everybody. Fadi Jarrar here with 1Kosmos and Vice President of Public Sector, and we have some exciting news to share with you everybody. I’m inviting Christine Owen. Christine, I’ll let you go ahead and introduce yourself and share a little bit of news.

 

Christine Owen:

Hi. So I’m Christine Owen and I’m the field CTO at 1Kosmos, and I am so excited, beyond excited to be able to tell everybody that we have achieved our FedRAMP High Authorization. This is a massive, massive achievement for us. We worked very hard over the last year to make sure that our product was exactly how it needed to be for federal requirements and also for that stricter, higher FedRAMP High requirements. So we are so excited to be able to say that we’re FedRAMP High authorized today.

 

Fadi Jarrar:

Let’s step back a little bit. What is FedRAMP High? What does that mean exactly?

 

Christine Owen:

Right. So FedRAMP is a requirement for federal agencies and it essentially is for SaaS products. So if you are operating in the cloud and you’re a product, you need to have a FedRAMP authorized product. There’s a lot of different levels. Generally people operate in the Moderate space. Moderate has a certain number of NIST 800-53 Rev. 5 controls that you have to meet. We decided to just jump all of that and go straight to High for a lot of different reasons, partially because we are a security by design company and we wanted to make sure that we offered our clients the highest level of security that we could.

 

Fadi Jarrar:

Rip off the bandaid and go straight to High. I like it. What sets FedRAMP High apart from other security certifications? I know we have Kantara, we have a bunch of different certifications. What differs FedRAMP High from all those?

 

Christine Owen:

Right. So we have a lot of different certifications actually. We have ISO 27001, we have SOC 2. We do our PAD-1 and 2 certifications. We have Kantara certification. And then on top of that we also do PIN testing. So we do a lot of certifications and testing of our product regularly. What we’ve decided to do when it comes to FedRAMP High is we decided to create and operate for the federal government in state and local jurisdictions and governments so that we could give them the highest level of security with our product. FedRAMP High has to be operated within a GovCloud, so a certified by the federal government cloud, we have that. So there are certain controls that are stricter than our ISO 27001 certification. So we have that. And then on top of that, there are certain encryption requirements for FedRAMP that essentially require FIPS 140-3 encryption standards and we also meet those.

 

Fadi Jarrar:

Great. So I think you touched on this a little bit, but what really validates the security and reliability of the 1Kosmos platform in our FedRAMP High environment versus commercial and others?

 

Christine Owen:

Right. So we have stronger controls, so we have to operate within the US within a GovCloud, and we have to have US citizens who pass certain tests to be able to get into the environment, operating within the environment. But on top of that, we also have continuous monitoring. And in those cases with FedRAMP, we have to remediate any vulnerabilities we find in a certain period of time based on FedRAMP requirements and based on the criticality of that vulnerability. It’s not that we weren’t doing that before, but now it is a requirement for us to be able to maintain our authorization. So it’s something that we take very seriously and it’s something that we’re really excited to offer to all of our customers, quite frankly, because any vulnerability that has to get fixed in FedRAMP High also flow down into the commercial environment.

 

Fadi Jarrar:

So what is the value as a credential service provider to onboard the FedRAMP High authorization to 1Kosmos?

 

Christine Owen:

Yeah. So we are the only Kantara certified product period that is FedRAMP High. So it’s a big differentiator security-wise against our competitors within the federal market space because we come to the federal government with the highest, strictest security controls in the civilian agencies.

 

Fadi Jarrar:

Awesome. So tell us a little bit about the journey. You and I have conversed about FedRAMP almost every day of our lives together here. So what did the journey look like? What were the big challenges that we had to overcome?

 

Christine Owen:

There were a lot of tears, lots of yelling. No, honestly, I think it’s just, and this is for any product, company that’s getting ready to go through some sort of FedRAMP authorization and starting at the beginning like we did, what you realize is how much you don’t know and there is a lot to learn when it comes to FedRAMP requirements and also when it just comes to the process of getting through the FedRAMP PMO. So I think that was the biggest challenge for us. Now that we’ve gone through it once, I think we have a better understanding of how to go through it again. We already have plans to go back and get reassessed for additional enhancements.

So clearly I am a glutton for pain, but it’s totally worth it because as we continue to enhance and grow the product, on the commercial side, we are planning on doing as much parity within the FedRAMP High environment as possible. So what that means is on the commercial side, we will be building with the FedRAMP High encryption and other standards within our codes and making sure that vulnerabilities are caught before they go into our product. And on the FedRAMP High side, it means that we will be going back to the assessor quite often to make sure that we can provide the best product to our customers. We’re really excited about that.

 

Fadi Jarrar:

So now that we’ve got to FedRAMP High, I’m not sure if we’re at the top of the mountain or if there’s other things in the foreseeable future that we’re focused on and in different markets in public sector, what are your thoughts?

 

Christine Owen:

So we’re never going to be at the top of the mountain. We’re always going to be climbing to the top to achieve the best that we can achieve, so be that as product enhancements and going back to get reassessed multiple times a year. And then next we’ve decided why not? We’re going to strive to become IL4 authorized. And the reason is really because we want to make sure that we are able to operate within any of the agencies in the federal space and we want to make sure that we stay in the strongest, most secure controls. So the difference between High and IL4 is really about 20 controls. And we did the math and we did look through all of this and we decided, you know what? It’s worth it because if something gets compromised within the FedRAMP High environment, we’ll always be able to pivot to the IL4 environment.

 

Fadi Jarrar:

So for basic people like myself, the assumption I have is the FedRAMP environment is extremely restrictive and maybe affects some flexibility. Can you shed a little bit about how the user experience, how we can maintain the user experience and build upon that in our FedRAMP environment?

 

Christine Owen:

Yeah. So the FedRAMP environment is just essentially, I like to think of it as it’s the boundary around our product. So that is really strict. So essentially our engineers have a very strong DevSecOps game. And so what this means is that the perimeter is very hardened, but on the inside it’s still a little squishy. And what I mean by that is it’s the exact same product that we have on the commercial side, which means that user experience, the flexibility of the platform, the flexibility of the workflows, the strong authenticators, that’s all still there. So I’m really excited because the user experience is something that we care about, probably equal to security and privacy. And so we are still iterating on our product and we will still bring a very strong user experience to our product.

 

Fadi Jarrar:

Great. So let me ask you this. There’s a traditional model of achieving FedRAMP and another model which we went to, the endeavor that we took. Can you kind of explain how we were able to get the FedRAMP High so quickly and what users that are looking us up in the marketplace can look for and all that good stuff?

 

Christine Owen:

Right. So we decided to piggyback off of a platform that already was FedRAMP High authorized, which means that we had to go through a significant change request on that platform to be able to achieve FedRAMP High. In theory, it does make it faster, but in practice it’s still a long process when it’s your first time at the rodeo. The platform that we decided to use was FedHIVE. We actually believe that they are the best in the business for various reasons, including the fact that they believe in strong compliance measures and they are very strict and very fair when it comes to how they run their platform. So we are on their platform and if you go to the Marketplace and you can request FedHIVE’s package and we are within that package. You could also go to FedHIVE itself and we have a page on FedHIVE about our FedRAMP High Authorization.

 

Fadi Jarrar:

So our platform is known to be highly flexible and we’re known for our privacy preserving principles and so forth. What impact does FedRAMP have on that? Does it affect our flexibility? Does it affect our privacy preserving principles, anything of that sort?

 

Christine Owen:

No, it doesn’t. Again, all it does is make sure that we adhere to very strong security practices that meet the highest level of the civilian government and we still have a very flexible platform. Our customers can still either just do doc verification or do doc verification with a biometric match or use a biometric to be able to log into their computer. There’s a lot of different things that our customers can still do with our product because we made sure that, I would say 95% of our features ended up in the FedRAMP offering. Now, just like any other product offering that migrates from commercial to FedRAMP, maybe there was one or two features that we are putting in this year once we achieved the authorization. But I am very, very clear to say that that does not affect our privacy. It does not affect our very flexible platform and it won’t affect our security either. So I’m really excited that we’ve worked really hard on this and we’ve achieved a FedRAMP High Authorization with 1Kosmos.

 

Fadi Jarrar:

Well, I think that wraps us up. Appreciate your time, Christine. We got a lot of work to do onward and upward, and we’re looking forward to really working with our clients to really build that security and privacy story and go help defend fraud.

 

Christine Owen:

We’re excited that we’re bringing the most secure full-service Kantara certified CSP to the marketplace today.

The post Vlog: 1Kosmos Achieves FedRAMP High Authorization appeared first on 1Kosmos.

Indicio Proven isn’t just a new way to verify identity, it’s a new way to build portable, interoperable digital trust — one that provides a common, universal foundation for commercial, digital, corporate and decentralized banking and finance.

By Helen Garneau

In banking and  financial services, customer experience and security can feel like a trade-off: You can make a process seamless or you can make it secure — but how to do both?  

That’s what we’re changing.

With Indicio Proven banks and financial services  can provide seamless account authentication — no passwords, no multifactor authentication — with the highest level of digital identity assurance and privacy protection. 

And when we say the “highest level of digital identity assurance,” we mean government-grade digital identity, capable of mitigating biometric identity fraud and generative-AI deepfakes. 

In fact, Indicio Proven’s combination of seamless, secure, and interoperability has the power to turn digital identity into a universal payment system — authentication and payment rails.  

And all with significant cost savings over current, slow-lane identity access management solutions.

Fractured and fragile: how we currently manage of account identity

Right now, banks and  financial services meet compliance requirements using legacy identity systems built around centralized databases, proprietary integrations, and recurring verification steps. 

Customers submit some form of state-issued ID, such as a passport or driver’s license, wait for a check, and do it again when accessing a new product or to make a transaction. Even after passing KYC, they’re stuck verifying over and over again– especially across services, apps, or jurisdictions.

This slows down business, drives up drop-off rates, and creates exposure to security risks: Phishing attacks, account takeovers, and data breaches. With biometric identity fraud, deepfakes, and the rapid expansion in AI usage across all attack vectors,  verifying identity has become exponentially challenging and costly. For consumers, stolen biometrics represent existential threats. They can’t just reset their faces. 

Verifiable Credentials vs credentials that are verifiable

Many institutions and identity providers say they already have verifiable digital credentials for account management and that’s because verifiable credentials are the new buzzword in identity verification. 

But a Verifiable Credential is more than an auth token with a fancy label; it’s the product of a set of global standards that transforms how personal data is created, made tamper proof, stored, shared, and verified.

These standards mean a Verifiable Credential can be used to authenticate a person’s identity anywhere, without having to check in with the source of that identity data. 

For banks and financial services, this means no need for complex direct integrations or phoning home to verify an identity or third-party identity providers and access management. 

For customers, this means they have control over their personal data, consent to share it, and the ability to share it securely.

Behind the scenes, the interplay of cryptography, decentralized technologies, and identity binding all deliver instant authentication, enabling institutions to deliver seamless experiences to their customers.

The decentralized identity revolution just evolved to incorporate biometrics 

When we add authenticated biometrics to a Verifiable Credential, we create “government-grade” digital identity. 

This ground-breaking innovation was developed by Indicio for international travel. It’s a way to generate a Verifiable Credential from a passport so that the image of the passport holder’s face in the passport chip can be checked against a live view of that person. This solution is now being used for international travel and border crossing.

When applied to banking and financial services, authenticated biometrics in a Verifiable Credential delivers the strong assurance needed for KYC, account management, and payments. 

It transforms remote onboarding and provides a way to mitigate biometric identity fraud and deepfakes. A customer can verify a liveness check of their face with an authenticated, tamper-proof biometric template of their face. 

And the magic of real Verifiable Credentials is that you can verify this biometric data without having to store your customers’ biometric data. 

This goes for all the data in the credential. Or data added from another credential to a presentation of this government-grade digital identity. You can cryptographically prove the source of the data and its integrity — that it hasn’t been altered.

Our shorthand for this is “portable trust.” All sorts of personal data or critical information can be rendered fully portable for verification anywhere. It’s a fundamental change in how we communicate information — a software architecture that can sit on top of our fractured internet and make it fully integrated, fully seamless.

This is why we talk of digital identity as a payment rail (and it’s not just a metaphor, Verifiable Credentials allow you to create secure, peer-to-peer communications channels for sharing information).

What it means for your customers

Instead of  relying on usernames and passwords, backend database calls, or waving around photocopies of government-issued IDs in front of webcams, a customer can scan a QR code to instantly prove who they are and what they’re authorized to have access to  without ever exposing sensitive data or calling back to a central server controlled by a third-party verification service. Just a direct, trusted line of communication between your customer and you. 

And because credentials are held by the user, they can move seamlessly across services and providers. Want to let a customer make a transaction with the credentials they used last week to open a digital account? Easy. 

Whether it’s checking identity for a crypto transaction, approving a loan, or verifying a remote signature, you can be confident the user is who they say they are– and that they’re the only one with access.

Indicio Proven powers fintech

Proven gives you the infrastructure to:

Onboard customers faster, with reusable credentials that prove identity, residency, income, or accreditation. Prevent account takeovers, by enabling biometric-authenticated logins and transactions. Comply with regulations, thanks to selective disclosure and audit trails for every credential use. Create better UX, where users don’t repeat the same steps across your ecosystem. Scale trust, by letting partners verify credentials you issue — or issue their own into your network Manage AI, by giving your agents, chatbots, and digital assistants, verifiable identities for secure customer interaction and permissioned data access.

The bottom line

Indicio Proven isn’t just a new way to verify identity, it’s a new way to build digital trust — one that provides a common foundation for commercial, digital, corporate and decentralized banking and finance.

The post Indicio Proven — Decentralized Fintech for Seamless and Secure Banking and Finance appeared first on Indicio.

We explore how leading companies from your industry are already using digital signatures to unlock valuable business opportunities, and how IDnow’s full suite of solutions can help you catch up.

Digital signatures have become an integral part of daily operations. 

Whether to execute simple service agreements or authenticate high-value transactions, increasing numbers of companies from every industry – from financial services to telecommunications – are now asking their customers to sign on the [digital] dotted line.  

Global e-signature transactions have actually soared from 198 million to over 4.7 billion in just five years, clearing showing how organizations are embracing more efficient, secure and compliant ways to manage documents. 

However, as regulations like eIDAS 2.0, Anti Money-Laundering Regulation and AMLD 6 come into force, choosing the right type of digital signature is becoming just as important as using one at all. While Simple Electronic Signatures (SES) provide a fast and frictionless option and are ideal for high-volume scenarios, Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES) offer greater legal assurance, authentication or identification, and cross-border recognition, which are particularly critical for regulated sectors. 

Delaying the move to SES, AES or QES, or choosing the wrong digital signature solution, could expose your business to compliance risks and inefficiencies. Now is the time to act. 

IDnow is expanding its digital signature offering by adding SES and AES to our existing QES solution. Combined with built-in identity verification capabilities, our digital signature solutions help you not only establish the authenticity of a user’s identity but also confirm that the individual signing is the rightful owner.

To discover which digital signature solution is right for you, check out our blog, ‘From SES to QES: Everything your business needs to know about digital signatures in 2025’.

Top 10 reasons why digital signatures are critical for business success.

Digital signatures can massively improve business efficiency by reducing costs and improving conversions, but that’s not all. Here are the top 10 reasons why businesses like yours are integrating digital signatures into their tech stack.

Improved ROI: By eliminating the need for paper, digital signatures can slash operational costs and reduce administrative overhead, allowing staff to focus on the more important, higher-value tasks.
Every signature saves: Although there are considerable price differences between SES, AES and QES, digital signatures can reduce contract execution by 70-90%. For example, when factoring in the costs associated with printing and paper, mailing, archiving, labor time and error correction, a manual, wet ink signature could cost up to €30, whereas even the highest legal assurance QES is available at a mere fraction of that cost and the AES and SES options are even more affordable.
Faster sales cycles: Digital signatures enable contracts and agreements to be signed and returned within minutes, regardless of location. This streamlined approach shortens sales cycles and enables businesses to start generating revenue quicker.
Scale sustainably: Of course, accelerated deal closures also allow businesses to process a higher volume of documents and grow their customer base without needing to proportionally increase staff or administrative overhead.
Regulatory coverage: As AES and QES are legally recognized throughout the European Union under the eIDAS regulation, it allows organizations to conduct business seamlessly across borders, sign contracts with international partners, and comply with local laws. Plus, considering one of the main aims of new and emerging regulatory frameworks like eIDAS is to standardize digital signature usage across member states, it will also drive adoption and boost user confidence.
Security: Digital signatures ensure the authenticity and integrity of documents, so are a great way to secure sensitive information and protect against fraud attacks and data breaches.
Future-proof accreditation: If you choose an accredited vendor like IDnow, which is a joint venture partner of the Qualified Trust Service Provider (QTSP), IDnow Trust Services AB, then you can rest assured that your digital signature solution integration will remain compliant even as laws change. Plus, all relevant evidence data will remain archived.
Environmental benefits: As digital signatures eliminate paper wastage, organizations that integrate digital signature solutions can reduce their carbon footprint and significantly bolster corporate social responsibility efforts.
Cross-industry/ regional collaboration: Industries are now collaborating more than ever (e.g., healthcare and insurance, financial services and e-commerce), making the need for interoperable solutions like digital signatures essential for optimal business performance, not only in different countries, but in different industries.
Superior customer experience: Whatever’s good for the customer is ultimately good for the business, as happy customers are loyal customers that can help build brand reputation and drive word-of-mouth growth. Digital signatures offer unparalleled convenience and accessibility, enabling users to register, transact or authenticate within a matter of seconds.

In 2025 and beyond, digital signatures should be considered as much more than mere authentication tools. Digital signatures should be seen as sophisticated trust mechanisms that ensure document integrity, verify authenticity, and provide irrefutable proof of transaction legitimacy

Uwe Pfizenmaier, Product Director at IDnow and Registration Officer at IDnow Trust Services AB

How digital signatures can unlock opportunities in your industry.

Forward-thinking organizations from industries such as financial services, mobility, insurance, HR, telco, retail and e-commerce, real estate, and the public sector are all integrating digital signatures into their trust architecture to strengthen security postures, streamline customer experiences, and create resilient trust ecosystems capable of adapting to the digital challenges of tomorrow.  

Here’s how competitors from your industry are currently using digital signatures:

Financial services.

Financial institutions face a unique challenge: delivering seamless customer experiences while ensuring full compliance with regulations like Know Your Customer (KYC), eIDAS 2.0, GDPR, and the upcoming AMLR. Common digital signature use cases within the financial services industry include:

• High-value loans and mortgages.

IDnow’s QES provides the highest level of legal assurance for significant financial commitments, ensuring compliance with regulations.

How it works: Once both parties read the relevant documents and the signer’s identity is verified, the signer applies their digital signature, which is then cryptographically linked to the document and locked to prevent changes. A tamper-evident seal is then generated to create an audit trail that records every action and ensures transparency and legal admissibility.

Account opening [AES]  Cross-border transactions [AES]  Credit card loan contract [QES] Mobility.

Mobility services require flexible digital signature solutions that work seamlessly across devices and locations, and are crucial for contracts, rentals and compliance. Common digital signature use cases within the mobility industry include:

• Short-term rentals and car sharing.

IDnow’s AES balances security with convenience, allowing users to quickly complete transactions while providing operators with strong identity verification.

How it works: After the mobility provider verifies the identity of all signatories, the lease agreements and related documents are uploaded to a secure digital platform. Once ready to sign, each party is authenticated and signers apply their digital signature, which is securely linked to the document. A complete audit trail is then generated, and a tamper-evident seal is added to the document, ensuring it cannot be altered post-signature.

Service updates and policy acceptances [SES]  Long-term lease agreements [QES]  Vehicle leasing and financing [AES]  Ride-sharing and rentals [AES] Telecommunications.

Telecom providers offer digital signature solutions to streamline customer acquisition and policy changes, and as a method of fraud prevention. Common digital signature use cases within the telecommunications industry includes:

• Plan changes and upgrades.

IDnow’s SES offers a streamlined experience for existing customers making modifications to their services.

How it works: After the telecom provider generates a digital document outlining the new plan details, terms, and associated costs or commitments, the customer reviews the document and confirms the changes by applying a digital signature — typically by clicking to sign. The document is then locked, and a digital audit trail is created, recording the time, date, and method of signature.

‘High value’ service activation [AES]  New service contracts [AES]  Phone exchange [AES]  Mobile phone financing [QES] Expert guide to digital signatures. As the world shifts from physical to online, digital signatures will be essential in ensuring trust and authenticity in transactions. Check out this handy guide to discover the history of signatures and how digital signatures can be used to unlock valuable business opportunities. Download now Insurance.

The insurance sector relies heavily on digital signatures to streamline policy issuance and claims processing. Common digital signature use cases within the insurance industry includes:

Customer consent forms [SES]  Renewals and endorsements [SES]  Policy issuance [AES]  Claims processing [AES]  Life insurance [QES] Human Resources.

HR departments use digital signatures to streamline employee lifecycle management, from hiring to offboarding. Common digital signature use cases within the HR industry includes:

Exit formalities [SES]  Electronic signatures for internal processes (vacation / travel approvals) [SES]  Employment contracts [AES]  Onboarding documents [AES]  Temporary employment contracts [QES] Retail + e-commerce.

The retail and e-commerce sectors rely on digital signatures to streamline operations, enhance customer experiences, secure transactions, and ensure compliance with data and consumer protection laws. Common digital signature use cases within the retail + e-commerce industry includes:

Purchase orders and invoices [SES]  Subscription services [SES]  Returns and refunds [SES]  Compliance with data privacy laws [SES] Vendor and supplier agreements [AES] Public sector.

The public sector leverages digital signatures to modernize services, reduce bureaucracy, improve citizen access to services, and ensure transparency in government processes. Common digital signature use cases within the public sector includes:

Permits and licenses [SES]  Procurement and tendering [AES]  Identity verification [AES]  Inter-agency collaboration [AES]  E-government services [QES] Real estate.

The real estate industry uses digital signatures to simplify complex, document-heavy processes and enable remote transactions. Common digital signature use cases within the public sector includes:

Lease and rental agreements [SES]  Agent and broker contracts [AES]  Property sale and purchase agreements [QES]  Mortgage documents [QES]  Title deeds and transfers [QES] Understanding different digital signature solutions.

IDnow offers a comprehensive suite of digital signature solutions to satisfy whatever the required legal assurance or industry use case. What’s more, as IDnow offers trust services via IDnow Trust Services AB, customers benefit from streamlined procurement and contractual simplicity by receiving both identity verification and trust services from a single, unified process with a trusted vendor.

Simple Electronic Signature (SES): SES is the most basic form of digital signature, providing a straightforward way to indicate consent or approval in digital transactions. SES solutions are ideal for low-risk scenarios where convenience and speed are priorities. 
 
Advanced Electronic Signature (AES): IDnow’s AES solution provides a higher level of security and authentication than SES. As AES links the signature to both the signer and the data in a way that alterations are detectable, it is suitable for transactions that require strong identity verification without the full regulatory weight of QES. 
 
Qualified Electronic Signature (QES): IDnow’s QES represents the highest security standard and is the legal equivalent of a handwritten signature across the EU under eIDAS regulation. Created using a qualified digital certificate from a Qualified Trust Service Provider, QES provides maximum legal certainty for high-stake transactions.

5 considerations to help you select the right digital signature solution for your industry use case. Regulatory requirements? What level of signature does your industry regulation require for your specific transaction type? 
  What is the transaction value? Higher-value transactions generally warrant stronger signature types (AES or QES). 
  Risk profile? Consider the potential for fraud or dispute in the specific transaction context. 
  User experience priorities? What experience do your customers expect? Speed, security or a balance of the two? 
  Budgets and deadlines? Although neither is likely to be the deciding factor as to why organizations would choose one solution over the other, SES and AES can typically be implemented quicker than QES solutions, while SES are considerably cheaper to implement. Unlocking business benefits, one signature at a time.

Whether you’re in financial services managing high-risk transactions, a mobility provider streamlining vehicle agreements, or a telecommunications company optimizing service contracts, IDnow’s signature solutions provide the tools to transform your document workflows while enhancing security and compliance. 

Interested in more information on IDnow’s comprehensive signature portfolio? Check out our blog, ‘From SES to QES: Everything your business needs to know about digital signatures in 2025’.

By

Jody Houton
Senior Content Manager at IDnow
Connect with Jody on LinkedIn

 

 

DDoS May 2025 report: 2 new attacks every minute. Get key insights, traffic trends, and actionable security guidance.

Ensuring regulatory compliance and fostering loyalty is crucial for fast-growing SaaS and FinTech startups. Thus, selecting the right AML and KYC provider is paramount to maintain speed, growth, and cost-effectiveness in the long-run.

The post Best KYC & AML Platforms for Growing SaaS and FinTech Startups first appeared on ComplyCube.

Get CISO Marshall Erwin's take on Fastly's Q1 2025 threat report, including shifts in attacks on e-commerce, bot traffic trends, and supply chain risks.

Free your developers to innovate! Auth0 simplifies identity, enhancing security and accelerating product launches.

Hey folks 👋

We asked, you answered. And, well... you really like Journaling.

We heard from dozens of you after our last scoop, and your feedback gave us a lot of ideas.

So many, that we went back to the drawing board, cleared the clutter, and built a better way to Journal with Kin.

What’s new with Kin🚀

From version 0.3.2.0 (the latest update as of now), you’ll find:

New Journal, who’s this? 📖

The Journal has had some massive quality-of-life updates. Take a look:

• A whole new look to Kin’s Journal, to make it easier to use

• Editable Journal titles, so keeping track becomes easier

• Morning- and Evening-specific Journal prompts, to help you start and end your days

• ‘Brain dump’ mode - no prompts, just space for you to write (or speak!)

• Customizable Journal templates - so you can build whatever works best for you

You Journal. Kin replies. 💬

The way Kin treats your Journal entries has also changed.

Now, if you start an entry and leave it half-finished, it becomes an ‘in-progress’ entry, not a draft.

Once you’re done, Kin opens up a new Chat conversation, dedicated to helping you reflect on your feelings, and potentially consider solutions (depending on how you’ve set your Kin’s behaviour).

That last part is what we were asked for the most. Because now, you’re not just writing in a Journal. Your Journal is hearing you.

And if you don’t want to reflect right now (or at all)? Just close the conversation. You don’t need to come back to it - Kin will still commit it all to memory.

The concerns, moods, patterns, and questions you share - all still saved privately, all still on-device - allow Kin to provide the best support and conversation it can to you.

We can’t think of any other AI Journal with that level of privacy and personalization.

When you talk to Kin, it talks back - and only talks you.

A couple more updates 📈

• We improved Kin’s stability improved across weak connections. It still needs internet access to function currently, but now the app should load even when no connection is present

• Kin’s Memory system overhaul is still in progress (as always)

We still want to hear from you 📝

The Journal update being out doesn’t mean we’re done taking feedback.

Now, we need to know how you find the changes - are they what you wanted? Are there other ways Kin could better serve you?

Clara might be back working on new things behind the scenes, but that doesn’t mean you shouldn’t let her - or any of the team - know your thoughts.

As always, you can reply to this email, drop us a message in our Discord server, or simply shake or screenshot the app to trigger a ticket submission.

Our current reads 📚

Tool: An ultra-realistic AI voice generation tool
READ - ElevenLabs

Article: AI friends are a good thing, actually
READ - digitalnative.tech

Article - OpenAI partners with legendary Apple designer Jony Ive to develop new AI wearable
READ - The Guardian

Article - What happens when people don’t understand how AI works?
READ - The Atlantic

Our online vibe✨

In a departure from our usual TikTok videos, one of our team has started an article series on the more technical aspects of Kin and AI technology.

Read the first one, on why Kin needs a brand-new memory system, below.

Read article

This week’s Super Prompt 🤖

“What parts of myself am I hiding away from?”

If you have Kin installed and updated to the latest version (0.3.20), you can hit the link below to start exploring the sides to your identity you might be neglecting.

As a reminder, you can do this on both Android and iOS.

Open prompt in Kin

Don’t stop talking 🗣

The Journal only evolved because you asked it to - much like any aspect of Kin.

If we’re going to keep growing, and expanding the capability of personal, ethical AI, then we need your voice too.

Keep telling us what you think - the good, the bad, and the ugly. All of it improves Kin for all of us.

For now though, I’ll see you in the next one. Don’t forget to Journal tonight.

The KIN team

The EU Digital Identity Wallet is set to reshape how businesses handle identity verification, authentication, and data exchange. 

While the potential is vast, its real-world impact will depend on adoption, regulation, and business use cases.

In our recent conversation with Esther Makaay, VP of Digital Identity at Signicat, she shared insights on how the EUDI Wallet will affect industries such as payments, travel, and organizational identity. 

Here’s what you need to know:

KYC refresh is more than regulatory hygiene. Done right, it protects your business, improves customer satisfaction, and reduces operational drag. By applying a risk-based approach and the right technology, you can refresh client records with precision, automate up to 90 percent of the process, and turn compliance into a competitive asset.

Why KYC Refresh Matters

A KYC refresh is the periodic process of reviewing and updating client information to ensure it reflects their current risk profile. It is not optional. Whether required by a regulatory cycle, triggered by a risk event, or prompted by a jurisdictional policy update, KYC refresh is now expected as part of any ongoing customer due diligence framework.

What used to be a back-office task has become a front-line control. It protects your institution against fraud, enforcement action, and reputational damage. But for too many firms, it still means a mess of emails, PDF forms, manual reviews, and irritated clients.

Common Pitfalls in Traditional KYC Refresh Workflows

Most firms still treat KYC refresh as a reactive checklist. This approach is slow, manual, and prone to error.

Data is pulled from outdated systems or spreadsheets Customers are asked for information they have already provided Compliance analysts must manually compare documents, validate changes, and log notes in isolated systems Refresh cycles are static, not risk-based, meaning high-risk clients may go unchecked while low-risk clients are over-screened There is no audit trail that links what was reviewed, when, by whom, and what changed

The result is poor visibility, increased regulatory exposure, and customer frustration.

A Better Model: Risk-Based and Automated

Leading firms are shifting from reactive reviews to proactive KYC refresh cycles. This means segmenting clients by risk and automating the work accordingly.

High-risk clients

Refresh most frequently or upon trigger events. Include document re-verification, new screening, updated risk assessments, and potential escalation to enhanced due diligence.

Medium-risk clients

Refresh regularly. Use automation to confirm key data, update watchlist screening, and verify continued activity alignment with stated business purpose.

Low-risk clients

Refresh less often or on auto-pilot via continuous monitoring. Use passive data checks, behaviour monitoring, and automated triggers to flag changes in risk exposure.

How to Implement a Modern KYC Refresh Strategy 1. Segment your customers by risk

Review your onboarding profiles and determine which customers are due for a refresh. Consider geography, industry, ownership complexity, transaction history, and past risk indicators.

2. Set triggers and schedules

Combine fixed intervals with dynamic events. Triggers can include address changes, document expiry, transaction anomalies, adverse media alerts, or policy shifts.

3. Automate outreach and collection

Use pre-filled digital forms, smart questionnaires, and self-service portals to request updated information. Eliminate the need for manual email follow-ups and one-size-fits-all templates.

4. Validate documents automatically

Use document authentication and biometric checks to verify IDs and ownership documents. Apply liveness checks and passive face match for returning users.

5. Refresh screening in real time

Screen updated profiles against sanctions, PEP lists, adverse media, and fraud databases. Record all hits and resolutions in an audit-ready format.

6. Maintain a continuous audit trail

Capture every action, update, and risk score adjustment. Your refresh process should be defensible, not just compliant.

Why iComply is Purpose-Built for KYC Refresh

With iComply, refreshing client profiles is no longer a manual project. It is a systematic, automated part of your risk lifecycle.

Edge-processed document authentication and 3D biometric verification

Configurable risk scoring and tiered refresh cycles

Smart workflows that adapt to client profile and regulatory context

Integrated screening with global sanctions, PEP, and adverse media data

Detailed, exportable audit logs and reporting summaries

Frictionless customer experience with self-service updates and fewer requests

Whether your trigger is a scheduled review or a jurisdictional change, iComply helps you execute the refresh with minimal friction and maximum confidence.

KYC Refresh is Not Just a Task. It’s an Opportunity.

When you modernize your refresh process, you reduce risk, enhance client satisfaction, and demonstrate operational maturity to your regulators and your board.

Compliance is not just about checking boxes. It is about protecting your reputation, accelerating onboarding, and preserving trust.

Reduce manual work. Improve accuracy. Stay compliant. Start your free trial of iComply today.

“Have you ever thought, how facial ID recognition plays its crucial role in ID verification? No! Get ready! This blog post is going to be special for you.” 

 

In this digital age, where digital security is paramount for all agencies, facial ID recognition has emerged as a cutting-edge solution for ID verification.

But here is a question often raised by many users: What is this? How is it shaping the future of ID verification? 

This blog post is an answer to such questions. In this guide, we will have a detailed discussion on this topic. 

Read this content from start to end carefully….

 

What is Facial ID Recognition?

After hearing this term, you would have understood it. Facial ID recognition is an innovative biometric technology that analyzes the facial features of users. It utilizes AI, ML, and their sophisticated algorithms to verify whether and map the facial geometry, like the distance between your eyes, the shape of your jawline, and other facial features.

Here you would be thinking, how does this technology work? Don’t worry! The upcoming section is the answer to this question.

 

How Facial ID Recognition Works?

In this section, we will discuss a step-by-step guide on how facial ID recognition works for ID document liveness detection SDK. 

 

Step 1: The system captures some images of users or scans their faces using a high-quality scanner.

Step 2: Software driven by AI identifies the facial features of users, like jawlines, distance between eyes, etc.

Step 3: Now, the system compares the scanned face with the database of images.

Step 4: Finally, the decision is made based on the similarity score. It ensures whether the fake ID scanner confirms the matches or not.

 

Role of Facial ID Verification in Shaping the Future of ID Verification

Let’s uncover the cornerstone section of this blog, which is all about the role of facial ID recognition in shaping the future of fake ID verification.

1. Enhanced Security

After the arrival of facial ID recognition, users have eliminated their worries related to security during ID verification. As we have hinted earlier that this technology is driven by AI software.

So, this is the greatest benefit of this integration of AI and ML with this technology, that security has been increased from 10 to 1000.

How this technology further shows its magic will be discussed in the next headings.

 

2. Frictionless User Experience

Those days have gone when old traditional methods of security like entering passwords, answering questions, and others were at their peak. These ways were undoubtedly time-consuming and boring.

However, technology has brought this innovative method of verification. This facial ID recognition is free of such tension of time and hassles. 

You can verify the users’ and their documents’ realness or fakeness within a few minutes. Additionally, it always provides the system with accurate results. Such accuracy is not exclusive to humans. They can sometimes make some mistakes during verification. That’s really great…….

 

3. Spoofing Prevention & Liveness Detection

We should be very thankful to AI and deep learning, which have provided us with an opportunity to differentiate between real faces and fake 3D images and videos. This is called facial liveness detection. 

The two main types of face liveness detection play a crucial role in identity verification. 

Active livness detection: This type of facial liveness detection verifies whether the users have presented the real or fake ID documents and images to the system. They are said to perform some specific actions like blinking, head-moving, and others to identify whether the users are physically present or using fake identities.

Passive liveness detection: In this type, users are identified by their skin and facial features. Additionally, they are also identified through their blood flow. 

 

4. Real-time Verification 

We will ask a very simple question of you: Are security guards exclusive to real-time verification of criminals? Hoping!  You will say, no! 

This is true! Humans can perform their duty for a specific time. Even sometimes, criminals can manipulate them during their duty time. 

However, manipulating this technology is not child’s play. This whole system is driven by algorithms. Now you can understand the efficiency of a fake ID scanner used by this system. 

If we derive a formula for this technology, it is a combination of real-time, error-free, and accurate detection of theft.

 

What About Our Service?

In this section, we will tell you about our new cutting-edge service.

After reading this role of facial ID recognition, many users ask, How to get it? How can we generate or get such algorithms to identify the theft? So, our service name is Recognito. Let’s give its brief overview.

Recognito is a top developer of face recognition algorithms recognized by NIST FRVT and a leading provider of identity verification solutions. Specializing in cutting-edge face recognition, advanced liveness detection, and accurate ID document verification, the company delivers secure and reliable digital identity services. 

Their technology is trusted across various industries for its high accuracy, speed, and compliance with global standards in biometric security and identity verification.

For more information, you can visit one of our service pages GITHUB.

Would you ever like to gain benefit from our service? Whether yes or no! We want your feedback.

 

Final Thoughts

Facial ID recognition is quickly changing how ID verification works. It uses smart technology like AI and machine learning to scan and match people’s faces with their records. This method is fast, safe, and very accurate. 

Unlike old ways of checking identity, like passwords or manual checks, facial ID is easier and quicker. It also helps stop fake IDs and detect real users using liveness checks. Real-time detection adds even more security by making it harder for criminals to cheat the system. Services like Recognito are making this advanced technology available to more people and businesses. With strong accuracy and security, facial ID recognition is shaping a better and safer future for digital ID verification. It’s time to trust this new way of staying secure and protected.

What are your opinions about this blog post? Whenever you need our services, we will be available for you as your friends……….

 

APAC cyber-attacks are being fuelled by AI according to a number of reports issuing warnings for key trends in 2025.

Technode Global issued a warning in February that businesses across the Asia-Pacific (APAC) region were confronting a significant escalation in cyber-attacks driven by artificial intelligence (AI).

The post APAC cyber-attacks fuelled by AI appeared first on Veracity Trust Network.

Ocean Protocol Update || 2025 1. Introduction

Turns out if you spend all your time building, June sneaks up on you. And we wouldn’t have it any other way. 2025’s been moving fast, and so have we. Here’s what we’ve been building and where we’re headed next.

First things first, let’s start with what you already know: Ocean Protocol was founded to level the playing field for AI and data. Over the years, we’ve built a versatile tech stack that combines AI and crypto, allowing secure, private, and decentralized data sharing.

The past few months have been all about putting real tools into your hands, improving workflows, and setting the stage for what’s next. With the launch of the new Ocean Nodes Visual Studio Code extension, developers and data scientists can now run free compute-to-data jobs straight from their editor, with zero friction, for developing and testing. You can read more about it here.

Adoption of Ocean Nodes is growing steadily, and we’re starting to see more community-driven use cases emerge. On the enterprise side, Ocean Enterprise is progressing toward a production-ready launch. Meanwhile, we’re actively building on real-world applications and partnerships to make decentralized AI practical and usable — like the ones with Netmind and Aethir.

Let’s explore what else we’ve been building, and where we’re headed next in the second half of 2025.

Ocean Nodes: This is the innovative solution our core team developed to democratize large models, decentralize them, and help monetize and protect IP. Since the launch on August 15, 2024, more than 1.4M nodes have been installed across over 73 countries, marking a significant leap toward decentralizing data computation. Predictoor has matured with enhanced models, dashboards, and insights, helping users discover pathways to profitability. Ocean Enterprise Collective, an independent initiative, now unites 12 organizations spanning 8 countries and 9 industries, enabling businesses to leverage a fully compliant and secure version of Ocean Protocol. 2. Goals for 2025

In this update, we’ll break down our 2025 goals and highlight how they’ll enable you, whether you’re a data scientist, developer, enterprise, or crypto enthusiast, to innovate and thrive.

2.1 From Predictoor baseline, make $ trading

About Predictoor. In Ocean Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. The “earn $” part is key, because it fosters usage.

Predictoor involves two groups of people:

Predictoors: data scientists who use AI models to predict what the price of ETH, BTC, etc will be 5 (or 60) minutes into the future. The scientists run bots that submit these predictions onto the chain every 5 minutes. Predictoors earn $ based on sales of the feeds, including sales from Ocean’s Data Farming incentives program. Traders: run bots that input predictoors’ aggregated predictions, to use as alpha in trading. It’s another edge for making $ while trading.

Predictoor is built using the Ocean stack. And, it runs on Oasis Sapphire; we’ve partnered with the Oasis team.

Predictoor traction. Since mainnet launch in October 2023, Predictoor has accumulated about $2B total volume. [Source: DappRadar].

2024 core goal review. Predictoor’s primary goal throughout 2024 was “traders to make serious $”. If that is met, then traders will spend $ to buy feeds; which leads to serious $ for predictoors. The Predictoor team worked towards this primary goal throughout 2024, testing trading strategies with real $. Bonus side effects of this were improved analytics and tooling.

2025 core goal. Obviously “make $ trading” is not an easy task. It’s a grind taking skill and perseverance. The team has ratcheted, inching ever-closer to making money. As of early 2025, the live trading algorithms are starting to bear fruit. The team will continue to grind, towards the goal “make serious $ trading”. We can expect this to be the main progress in Predictoor in 2025. Everything else in Predictoor will follow.

2025 bonus. We’re a few months into 2025. Our collaborators at Oasis have launched WT3, a decentralized, verifiable trading agent that uses Predictoor feeds for its alpha.

2.2 Launch Ocean Nodes C2D.2

Since launching Ocean Nodes in August, nearly 1.4M nodes have been deployed globally, becoming the foundation of decentralized AI infrastructure.

What’s new in 2025?

Free Compute Jobs: Developers can run test algorithms using limited runtime directly inside their development environment.

2. VS Code Extension:

This extension brings Compute-to-Data directly into VS Code, allowing users to: Write and run algorithms on real datasets Monitor job progress in real-time Customize environments using Docker or private keys Publish to the Ocean stack directly from their editor

What’s next?

With Ocean Nodes C2D.2, we’re focused on making the platform even more intuitive and powerful.

Our vision is to support data scientists to easily write and monetize algorithms, allow businesses to quickly spin up and validate data-driven business cases, and enables developers to build dApps with minimal effort.

To achieve this goal, we are simultaneously focusing on three key initiatives:

Redesigning the compute infrastructure Grow our community of data scientists and engage them in using compute Build real-world business cases on top of compute

For b. and c. we will work in close collaboration with the community of data scientists that we built throughout the years with our data challenges.

The development plan

The end goal: to create a sustainable network of compute environments. To do this, we need users to have as little friction as possible before starting to build on top of the stack. Here’s how we’re doing it:

Free Compute Jobs Visual Studio Code Extension Paid Compute Jobs: Now that the above is out, we are focused on the paid jobs. Whilst it may sound simple, the mechanisms are more complicated. Also, we are introducing a new payment model that is more flexible and based on the time it takes to compute. Configurable Nodes: Node owners can enable or disable specific functionalities, such as free environments tied to incentives. Multistage Compute: Manage complex AI pipelines seamlessly

All these new functionalities will be included in the Visual Studio Code extension, so make sure to download that and get yourself familiar with it before the next updates.

The end goal is to facilitate the creation of models. For this, we need to integrate GPUs. Together with the data scientist community, we will create easy and intuitive flows to train models and provide ways for inference on created models.

While the features keep rolling out we will also keep working on creating relevant analytics for the network of nodes and improving the nodes dashboard.

Expanding Ocean Nodes Through Strategic Partnerships

In 2025, Ocean Protocol has formed key partnerships to enhance the capabilities of Ocean Nodes:

NetMind AI: As the first external GPU provider for Ocean Nodes, NetMind contributes nearly 2,000 high-performance GPUs. This collaboration empowers developers and data scientists to train and scale AI models more efficiently within the decentralized ecosystem. Aethir: Aethir brings its decentralized cloud computing infrastructure to the Ocean Nodes network. This integration provides AI developers with scalable and cost-effective resources to build, scale, and deploy AI models, further advancing the decentralized AI landscape.

These partnerships significantly bolster the Ocean Nodes infrastructure, offering enhanced computational power and scalability for AI development within the Ocean Protocol ecosystem.

3. Ocean Enterprise

What is Ocean Enterprise?

Ocean Enterprise is a free open-source enterprise-ready data ecosystem software solution that enables companies and public institutions to securely manage and monetize proprietary AI & data products and services in a trusted and compliant environment.

What is the goal for 2025?

After extensive design and development in close collaboration with the business community, Ocean Enterprise v1 (OE v1) will be released in Q3 2025. Powered by Ocean Node, OEv1 is meant to be used by companies that are looking to turn digital goods into profits and leverage the exciting new capabilities of compute-to-data in a compliant enterprise offering.

OE v1 is designed to ensure compliance with the most recent EU data regulations and comes with features dedicated to enterprise use cases. The main features of OEv1 include data space interoperability, access control based on Self Sovereign Identities (SSI), cloud-agnostic design, e-money payment, advanced Intellectual Property licensing, and easy onboarding. The release will include a demo environment that will allow users to test all OEv1 features as well as a deployment kit that will enable easy onboarding and deployment.

Once OE v1 is released, the existing ecosystem of more than 100 companies and institutions with 400+ solutions across different domains who are already using current versions of Ocean will be able to start onboarding onto Ocean Enterprise and move towards bringing their enterprise-grade environments into production throughout 2025. Future updates to OE are planned towards the end of 2025 and exciting new features are already being considered such as enhanced asset encryption and indexing, detailed seller dashboard, machine-readable asset descriptions, and enhanced privacy protection for computation results.

Ocean Enterprise is being developed by the Ocean Protocol Collective, a non-profit association dedicated to developing a free open-source, collectively-governed, compliant version of Ocean Protocol designed specifically for enterprise products & projects.

The Ocean Enterprise Collective includes business representatives from over eight countries and nine different industries including aerospace, agriculture, energy, health, human resources, manufacturing, and the public sector. Interested in becoming a member of the Ocean Enterprise Collective Team? Ready to explore how Ocean Enterprise can transform your business?

Contact the team at info@oceanenterprise.io.

4. Ongoing Initiatives Ocean Predictoor Data Farming: Data Farming remains a cornerstone of Ocean’s ecosystem. This is Ocean’s incentives program, where you can earn OCEAN rewards by making predictions via Ocean Predictoor. Ocean Nodes incentives: Naturally, the program will continue to evolve as the Ocean Nodes do. We will align incentives with C2D.2 updates, encouraging adoption and rewarding engagement. These changes will always be communicated in advance so the node owners have time to react. Community Engagement: We’ve already reached Season 12 of our Zealy campaigns, with targeted challenges and rewards. We’ll pause them until the end of Q3, so keep an eye on our socials to know when we’re re-launching them. 5. What’s Coming in H2 2025

With the foundation set in H1, the second half of 2025 is all about scaling impact and maturing our products. Here’s what’s coming next:

Paid Compute Jobs: Introducing a flexible payment model to monetize compute jobs Inference Workflows: Supporting full model development pipelines from training to deployment Ocean Enterprise Onboarding: Moving early adopters into production environments Real-World dApps: Expanding the use of Ocean tech into industries like real estate and energy Analytics Dashboard Improvements: Deeper insights for node operators and users Incentive Program Updates: Realigning rewards with new feature rollouts 6. Conclusion

We’re halfway through 2025, and the focus is clear: sharpen the tools, reduce friction, and support real use cases. From Ocean Nodes VS Code Extension to Ocean Enterprise, everything we’ve released so far is about helping you build faster, better, and with more confidence.

Whether you’re here to develop AI models, monetize your data, or just experiment with compute-to-data, Ocean is the stack you can build on, but, most importantly, build with.

Thanks for being part of it. Let’s keep building.

Ocean Protocol Product Update 2025 — Half Year Check-In was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

Global regulators including AUSTRAC, FCA, FINRA, FinCEN, and the EU’s AMLA are tightening Know Your Business (KYB) and Ultimate Beneficial Ownership (UBO) rules. Legacy methods for identifying and verifying UBOs are too slow, too manual, and too risky. But with the right systems, UBO discovery can become a competitive advantage. KYB compliance software enables firms to reduce onboarding times, increase customer satisfaction, and slash manual effort by 90 percent – all while exceeding the regulatory bar.

The Shift Toward Verified Ownership

Firms today face growing pressure to not just know their clients but to understand who ultimately owns or controls them. UBO identification is no longer a tick-box exercise. It’s central to anti-money laundering obligations, reputational risk management, and trust in the global financial system. Whether you’re operating in the UK, EU, US, or Australia, regulators are demanding more transparency, faster disclosures, and ongoing oversight of ownership structures.

Regulatory Expectations Are Clear – and Increasing

AUSTRAC mandates that reporting entities identify and verify the ultimate beneficial owners of customers, particularly for higher-risk customers and complex structures.

FCA requires that firms identify and verify UBOs of corporate customers and understand control mechanisms, including voting rights and indirect influence.

FINRA enforces Customer Due Diligence (CDD) rules, requiring firms to identify the natural persons who own or control legal entity customers.

FinCEN has implemented the Corporate Transparency Act, mandating detailed beneficial ownership reporting for nearly all corporations, LLCs, and similar entities in the United States.

EU AMLA legislation sets consistent rules across member states, including central UBO registers and tighter requirements for verifying cross-border ownership chains.

The message is consistent: firms must discover and document beneficial owners with precision and speed. Excuses tied to complexity or resource constraints are no longer acceptable.

The Problem: Manual Processes Can’t Keep Up

Most compliance teams still rely on a tangled mix of email chains, spreadsheets, static PDF forms, and fragmented data vendors to complete UBO discovery. These methods result in:

Days or weeks to onboard complex corporate structures Inconsistent data that can’t withstand audits or enforcement scrutiny Frustrated clients who feel like they’re doing your job for you A Better Approach: Automate, Map, Monitor

Firms that invest in purpose-built KYB platforms gain far more than just efficiency. With the right technology, UBO discovery becomes a competitive differentiator.

1. Gain a Competitive Advantage

Fast onboarding isn’t just nice to have – it’s critical to your success. When your competitors take days to review complex structures, and you deliver decisions in minutes, you win more deals in less time. That’s the bottom line. Rapid UBO discovery across jurisdictions creates momentum for sales, onboarding, and operations. You reduce friction and show clients that you are serious about compliance without making them feel punished by it.

2. Increase Customer Satisfaction and Loyalty

Clients don’t want to feel like suspects. Repeated document requests and contradictory forms make onboarding feel adversarial. Automating document collection and verification helps you engage clients with clarity, consistency, and confidence. That’s not just better service – it’s brand protection. Happy clients are loyal clients. Loyal clients refer business.

3. Reduce Manual Work by 90 Percent

When your KYB system collects, enriches, and monitors beneficial ownership information in real time, your team stops firefighting and starts delivering value. Automated workflows replace redundant data entry. Smart questionnaires adapt to risk. Alerts notify your analysts when something changes, instead of expecting them to spot it manually. The result is a smarter team with more time to focus on high-value work.

iComply’s KYB Compliance Software: Built for Beneficial Ownership

iComply’s KYB platform is designed to accelerate and secure UBO discovery at scale:

Automated document collection and prefilled forms

Intelligent UBO mapping, linking, and monitoring

Sanctions, PEP, and adverse media screening for all related parties

Ongoing monitoring and refresh cycles based on your risk triggers

Audit-ready reporting in a single click

All sensitive user data is processed at the edge – on the user’s device – ensuring compliance with data residency, GDPR, and privacy laws no matter which jurisdiction they are in at the time of verification. One platform. No vendor sprawl. No surprises.

Where the Market Is Going

Most firms see KYB and UBO checks as a cost centre. That mindset is obsolete. Regulators now expect beneficial ownership transparency as a condition of market access. Banks, PSPs, and law firms will increasingly be judged by how well they identify and assess their clients’ true owners. That means compliance teams who adopt automation early will not only survive – they’ll bring their firms into the lead.

You don’t need more forms. You don’t need more emails. You need a system that does the work for you. Accelerating UBO discovery isn’t about cutting corners. It’s about building trust, faster. With iComply, you can meet global KYB requirements, onboard clients with confidence, and leave manual ownership checks behind—for good.

Start your free trial. Automate beneficial ownership. Take control.

The FBI is urging all iPhone and Android users to be alert to an insidious toll fee texting scam from China widely regarded as “an infrastructural attack on our phones, not a single campaign.”

It follows an urgent FBI and Cybersecurity and Infrastructure Security Agency (CISA) warning in December 2024 to stop sending texts messages over unsecured networks and use encrypted messaging and calling systems instead.

The agencies warn texting between Android phones and iPhones is vulnerable (iPhone to iPhone and Android to Android is reportedly safe) due to “Chinese hacking of U.S. networks that is reportedly ‘ongoing and likely larger in scale than previously understood.’”

Encrypted channels are considered the best defense against these attacks.

“Encryption is your friend” for texts and phone calls, Jeff Greene, CISA’s executive assistant director for cybersecurity, told NPR. “Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible, if not really hard, for them to detect it. So our advice is to try to avoid using plain text.”

MySudo all-in-one privacy app offers end-to-end encrypted messaging and video and voice calls. Download it for iOS or Android now.

Get MySudo Desktop and the MySudo browser extension.

Toll smishing texts are rapidly spreading across America

The recent spate of smishing texts are claiming an unpaid toll of $6.99 but are really designed to steal the recipient’s credit card and identity.

The Anti-Phishing Working Group (APWG) says the attackers are registering tens of thousands of domains to mimic state and city toll agencies and attract clicks. They’re also making similar-looking text message using “an upgraded phishing kit sold in China, which makes it simple to send text messages and launch phishing sites that spoof toll road operators in multiple U.S. states.”

The toll smishing attacks are rapidly spreading “from state to state.” The FBI is urging people to delete the texts immediately.

Authorities are reminding Americans that “legitimate agencies usually send invoices via official mail, not random emails or texts.”

Learn more about the toll smishing attacks. If you receive a toll smishing text, the FBI advises you to:

File a complaint with the Internet Crime Complete Centre (IC3). Be sure to include: The phone number from where the text originated The website listed within the text. Check your account using the toll service’s legitimate website. Contact the toll service’s customer service phone number. Delete any smishing texts you receive.

You can also report toll scams to the Federal Trade Commission (FTC) at reportfraud.ftc.gov or your local consumer protection agency.

Spam texts are on the rise

According to Robokiller, more than 19 billion spam texts were sent in the U.S. in February alone.

Always be alert to the possibility of scams texts and emails and NEVER CLICK THE LINK OR GIVE YOUR INFORMATION. If you think the content of the message might be correct, go straight to the company’s legitimate website (e.g. your toll service’s website) and log into your account to check.

If you think you’ve been scammed, check your accounts and change your passwords even if you haven’t made a payment to the scammers. Dispute any unfamiliar charges on your accounts.

Remember, legitimate agencies will communicate with you about unpaid tolls through official post and not via texts and emails.

The APWG says people receiving any sort of scam text can “help update alerting/blocking mechanisms that protect billions of devices and software clients worldwide” by reporting the texts to the FBI’s IC3.gov or directly to them at apwg.org/sms.

MySudo can protect you from smishing and phishing attacks

Sick of scammers? Fight back with MySudo.

First, download MySudo for iOS or Android.

Then, set up a dedicated “Car Bills” Sudo digital identity within MySudo, and use it specifically for opening and paying tolls and all other car-related services you want to include.

Only ever use your “Car Bills Sudo” phone number and email address when communicating with and logging into these services. Do not use your personal phone or email.

If a suspected smishing text about an outstanding toll or any other supposed debt comes into any other Sudo (you can have 9 Sudos, depending on your plan) or to your personal phone number, then you will know it’s a scam and delete it.

If a text about a toll comes into your official “Car Bills Sudo” you’re more likely to consider whether it’s from the legitimate service provider and not a scammer. But still stay vigilant and check with the legitimate service provider, remembering they’re more likely to contact you by official mail. If the message turns out to be a scam, you can either:

Ignore it, or Block the scammer’s number, or Reset your “Car Bills” Sudo phone number, or Delete the “Car Bills Sudo” altogether and cut off the scammers. They won’t be able to reach you again.

Go one powerful step further by always using the MySudo virtual card within your dedicated “Car Bills Sudo” to pay your toll account and any other car-related bills. That way, even if you fall victim to a scam, the scammer does not have your personal credit card. They have your Sudo virtual card, which you can easily cancel or close and move on.

The data protection strategy behind MySudo is called compartmentalization.

Learn more about how MySudo can help you protect your information, communicate securely, and organize your life.

You might also like:

New to MySudo? Start Here

2024 was the Biggest Year for Data Breaches: Here’s How to Stay Safe in 2025

The Top 10 Ways Bad Actors Use Your Stolen Personal Information

How to Take Back Control of Your Digital Footprint: Get RECLAIM 1.1!  

Americans Say Data Privacy is a Human Right: 3 Apps that Achieve It 

The post FBI Says Secure Your Texts + Beware Toll Smishing. Get MySudo Now! appeared first on Anonyome Labs.

Learn how Auth0 and Amazon Web Services can enhance fan engagement for sports organizations.

The post Eight Bold Startups Define Next Generation of Fintech at Money20/20 Europe appeared first on Indicio.

The post Flawless User Onboarding with FIDO2 Authentication: Simplifying the Process appeared first on uqudo.

23 bin üyesi bulunan İstanbul Sanayi Odası (İSO), üyelerine yönelik aidat bildirimlerini KEP (Kayıtlı Elektronik Posta) ile dijitalleştirdi ve %50’nin üzerinde maliyet tasarrufu sağladı. TÜRKKEP'in sunduğu dijital çözümler sayesinde, güvenli ve yasal geçerliliğe sahip bir şekilde artık saniyeler içinde iletiliyor.

Predictoor DF144 rewards available. DF145 runs June 5th — June 12th, 2025 1. Overview

Data Farming (DF) is an incentives program initiated by ASI Alliance member, Ocean Protocol. In DF, you can earn OCEAN rewards by making predictions via ASI Predictoor.

Data Farming Round 144 (DF144) has completed.

DF145 is live today, June 5th. It concludes on June 12th. For this DF round, Predictoor DF has 3,750 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF145 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF145

Budget. Predictoor DF: 3.75K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and ASI Predictoor

Ocean Protocol was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF144 Completes and DF145 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

Choosing the right AML software for your business is crucial, especially with so many options available today. To select the best AML solution for banking, focusing on core features for effective compliance and risk management is key.

The post Top 10 AML Software for Banks to Watch in 2025 first appeared on ComplyCube.

Luxembourg, 5th June 2024 – Kerdo.io, a Luxembourg-based digital securities platform focused on institutional-grade investment structuring, has partnered with Tokeny, the leading onchain finance operating system, to enable the tokenization and digital distribution of real-world assets across Europe.

Through this collaboration, Kerdo.io is launching a new wave of tokenized investment products—including real estate, hedge funds, private equity, and private debt—designed to simplify access to private markets for European professional investors.

Combining deep capital markets expertise with advanced blockchain infrastructure, Kerdo.io streamlines the creation and management of alternative investment opportunities. Leveraging Tokeny’s white-label T-REX tokenization platform, Kerdo.io delivers a seamless, compliant, and user-friendly experience throughout the full lifecycle of digital securities.

Private markets are becoming increasingly popular, but due to a lack of infrastructure, they remain largely manual and paper-based. Tokenization offers a powerful solution, yet technology barriers have slowed adoption. We’re proud to partner with Kerdo to help them overcome these challenges and deliver an e-commerce-like experience to their end investors. Together, we’re accelerating access and unlocking new possibilities across the investment landscape. Luc FalempinCEO of Tokeny At Kerdo.io, we’re bridging traditional finance and digital assets. Tokeny’s on-chain operating system allows us to simplify the complexity behind tokenization and launch high-quality investment products that are easier to access and manage. Federico BasileFounder of Kerdo.io About Kerdo.io

Kerdo.io is a Luxembourg-based digital securities platform offering structuring and lifecycle management of tokenized investments. Built by capital markets professionals, Kerdo.io enables the seamless creation and subscription of investment products backed by real-world assets, including real estate, private equity, hedge funds, and private debt.

Website

About Tokeny

Tokeny is a leading on-chain finance operating system. It has pioneered compliant tokenisation with the open-source ERC-3643 “T-REX” standard and advanced white-label software solutions. The enterprise-grade platform and APIs unify fragmented on-chain and off-chain workflows, integrating essential services to eliminate silos. Tokeny enables the seamless issuance, transfer, and management of tokenized securities. By automating operations, offering innovative on-chain services, and connecting with any desired distributor, Tokeny helps financial players attract more customers and improve liquidity. Trusted worldwide, Tokeny has successfully executed over 120 use cases across five continents and has facilitated $3 billion worth of on-chain transactions and operations.

Website | LinkedIn | X/Twitter

The post Kerdo.io Partners with Tokeny to Bring Tokenized Alternative Investments to European Professional Investors appeared first on Tokeny.

For passionate football fans, catching live matches without subscription fees is key. In 2025, navigating free streaming options can be tricky, with varying quality and reliability. This guide cuts through the noise, presenting the Top 10 Websites to Watch Football for Free, ensuring you find stable, high-quality streams for all your favorite leagues and never miss a goal this year.

Introduction To Top Websites To Watch Football For Free

For football fans, watching live matches is essential, but high subscription costs can be a barrier. Thankfully, many platforms let you watch football for free. However, quality, stability, and safety vary greatly. This guide will introduce you to the top websites to watch football for free, helping you find reliable streams for major leagues and enjoy every game without cost, while also ensuring a smooth and safe viewing experience.

Why You Should Watch Football for Free Online?

In 2025, the appeal of watching football for free online is stronger than ever. With rising subscription costs for traditional TV channels, free streaming offers a convenient and accessible alternative. It breaks down financial barriers, allowing every fan to catch live matches from top leagues and tournaments globally, right from their device. This method ensures you never miss a moment of the action, providing unparalleled flexibility and cost savings for truly passionate supporters.

Cost Savings

One of the most compelling reasons to watch football for free online is the significant cost savings it offers. In an era where cable television packages and premium sports subscriptions can run into hundreds of dollars annually, free streaming platforms eliminate this financial burden. This allows passionate fans to avoid expensive monthly fees, redirecting those savings to other priorities or simply enjoying the sport without the added economic pressure, making top-tier football accessible to everyone.

Accessibility

Beyond financial benefits, watching football online for free provides unparalleled accessibility. You are no longer confined to a living room TV; instead, you can catch every thrilling moment of a match on various devices, including your phone, laptop, or smart TV, from anywhere with an internet connection. Whether you’re commuting, traveling, or simply away from your main screen, this flexibility ensures you never miss a crucial goal or a game-changing tackle, fitting seamlessly into your modern lifestyle.

Variety

Free online football streaming truly shines in its variety of content. Unlike traditional local TV channels that often only secure broadcasting rights for a limited number of major leagues, these online platforms typically provide access to a vast array of global leagues and tournaments. This means you can follow not just the Premier League or Champions League, but also niche competitions, less-publicized domestic leagues from around the world, or even youth and women’s football, expanding your horizons as a true football connoisseur.

Flexibility

Finally, the flexibility offered by free online football streaming is a huge draw for modern fans. These platforms often provide more than just live streams; many offer options for watching highlights shortly after matches or even full replays if you miss a game. This freedom from fixed schedules and without long-term commitments allows you to consume football content on your terms, fitting it into your busy life and ensuring you can catch up on all the action at your convenience.

Criteria for Choosing the Top Websites To Watch Football For Free

With countless options promising free football streams, finding truly reliable and safe websites is crucial for an uninterrupted viewing experience. Not all free platforms are created equal; many come with frustrating issues like excessive ads, poor quality, or even security risks. To genuinely enjoy every goal and thrilling moment without compromise, it’s essential to understand the key criteria for choosing the top free football streaming websites.

Legality

When seeking to watch football for free online, prioritizing legality is paramount to avoid potential risks. The best platforms either host content with official broadcast rights or provide links to legal, publicly available streams. While entirely free, completely legal sources for major commercial leagues are rare, discerning users should look for signs of legitimacy, such as clear disclaimers, professional website design, and minimal redirects. Opting for sites that respect intellectual property helps you enjoy the game without contributing to piracy, safeguarding yourself from legal issues or malware often associated with illicit streaming.

Stream Quality

A crucial factor for an enjoyable viewing experience is stream quality. Top free football streaming websites should deliver high-definition (HD) streams as a standard, ensuring sharp visuals and clear details of the game. Equally important is minimal buffering or lag, allowing for smooth, uninterrupted viewing of fast-paced action. While achieving perfect stability can be challenging for free services, the best platforms invest in robust servers and efficient content delivery networks to provide a consistent, high-quality picture that truly captures the excitement of live football.

Safety

Safety is a non-negotiable criterion when choosing free streaming platforms. Reputable websites should be free from malware, excessive and intrusive ads, or phishing risks that could compromise your device or personal information. Be wary of sites demanding suspicious downloads, displaying an overwhelming number of pop-ups, or redirecting you to unfamiliar pages. Prioritizing platforms that demonstrate a commitment to user safety, often indicated by an “https://” URL and a clean, trustworthy interface, is essential for a worry-free football viewing experience.

User Experience

A seamless user experience significantly enhances the pleasure of watching football online. The best free streaming websites feature easy-to-navigate interfaces, allowing you to quickly find matches, browse schedules, and access streams without frustration. Mobile compatibility is also vital, ensuring a smooth experience whether you’re watching on a phone, tablet, or smart TV.

Availability

Finally, availability plays a key role in accessibility. The top free football streaming websites should either be accessible globally or provide clear information and workarounds for geo-restrictions. This ensures that fans, regardless of their geographical location, can tune into their desired matches. Websites that consistently offer live links for a wide range of international and local tournaments demonstrate superior availability, ensuring you can follow your favorite teams and leagues from anywhere in the world.

Top 10 Websites to Watch Football for Free in 2025

For passionate football fans, catching live matches without subscription fees is key. In 2025, navigating free streaming options can be tricky, with varying quality and reliability. Here are your top 10 websites to watch football for free in 2025.

Live Soccer TV

Live Soccer TV is a highly comprehensive and reliable platform that serves as an essential guide for football fans worldwide. While it primarily acts as a scheduling hub, it offers detailed information on where to watch matches, including links to official streams and legal broadcasters across a vast array of global leagues and tournaments. Its key advantage lies in its legality and extensive coverage, encompassing both major and niche leagues, all without requiring any user registration. The main consideration is that it mostly redirects users to other platforms rather than hosting direct streams, meaning the ultimate viewing experience depends on the linked service. To use it, simply visit livesoccertv.com to find upcoming match schedules and discover where to access the streams.

YouTube (Official Channels)

For a legitimate and high-quality viewing experience, YouTube’s official channels from leagues or individual teams are an excellent resource for football content. Many official entities offer free live streams for select matches, particularly youth leagues, pre-season games, or specific tournament stages, alongside a wealth of high-quality highlights, replays, and behind-the-scenes content. The main benefits include guaranteed legality and superior stream quality. However, not all matches are broadcast live, and availability can vary significantly by region due to geo-restrictions. Users can search directly for official league or team channels on YouTube, and a reliable VPN might be necessary to access geo-restricted content.

Pluto TV

Pluto TV stands out as a popular free, ad-supported streaming service that includes dedicated sports channels relevant to football enthusiasts. Channels like beIN Sports Xtra and Fox Sports (though content can vary by region) occasionally offer live football matches but are more commonly known for providing football highlights, replays, analysis, and sports-related documentaries. Its main pros include being completely free with no signup required and wide support across multiple devices. Access is straightforward: visit pluto.tv on your web browser or download its dedicated app.

Tubi

Tubi is another significant player in the free, ad-supported streaming market, offering a variety of content that includes sports channels like Fox Sports. For football fans, this means access to football highlights, replays of past games, and occasional live events, though the emphasis is more on curated sports content rather than extensive live match schedules. Tubi is a legal platform that does not require an account, making it highly accessible. It’s also very mobile-friendly, offering a seamless experience on smartphones and tablets. The main con is its limited live match availability, often focusing more on replays and football documentaries. To use Tubi, simply visit tubitv.com or download the app on your preferred device.

BBC iPlayer (UK only)

For football fans residing in the UK, or those with a reliable UK VPN, BBC iPlayer is a premier legal and free platform. It offers free live football streams for select matches, particularly those involving the UK national teams, FA Cup ties, or specific Premier League games if the BBC holds broadcasting rights. Its major advantages are high-quality, legal, and ad-free viewing for users within the United Kingdom. The significant limitation is its strict geo-restriction to the UK, and users also typically require a valid UK TV license to access its full content. To use it, access bbc.co.uk/iplayer, ensuring your IP address is registered as being within the UK, potentially via a VPN.

SportRAR

SportRAR is a well-known aggregator that compiles free streams for football and a wide array of other sports. It’s particularly popular for providing access to streams for major leagues globally. However, like many free aggregators, some links may be unreliable, leading to broken streams or constant buffering. Users should also be prepared for potential ad issues, though often manageable. To use it, visit sportrar.tv and cautiously select the football streams that appear to be most stable.

Footybite

Footybite is a platform specifically tailored for football fans, making it a go-to destination for many seeking free streams. It offers an extensive selection of free live streams and highlights for various global tournaments and leagues. A significant advantage is its dedicated focus on football, often providing multiple stream links for a single match, allowing users to choose the most stable option. However, users should exercise caution as some links may lead to unofficial sources or sites with intrusive advertising. The general usage involves accessing Footybite and checking for active streams for upcoming or live matches.

Social442 TV

Social442 TV positions itself as a football-centric community and streaming site, offering live streams, highlights, and analysis for a variety of leagues. Its strength lies in its dedicated focus on football and its community-driven aspect, which can provide a richer experience for fans. However, accessing its content typically requires account creation, which might be a barrier for some users seeking instant access. Additionally, as with many free streaming platforms, the stability of some streams may vary, especially during peak viewing times. To utilize its features, users need to sign up at social442.com for access.

Red Bull TV

Red Bull TV is a high-quality streaming platform primarily known for extreme sports, but it also offers free streams for select football events. These often include niche tournaments, youth football championships, or unique football-related documentaries sponsored by Red Bull. Its advantages include no signup requirement, consistently high-quality streams, and broad multi-device support. The main drawback for dedicated football fans is its limited football coverage, as its primary focus remains on action and extreme sports. Users can visit redbull.tv to check for any available football streams, which are typically well-produced.

Facebook Video

Facebook Video has become an unexpected platform for watching football for free, particularly for user-generated content and streams from smaller leagues or local tournaments. Both individual users and pages (including some official ones from smaller clubs or regional associations) may feature live streams for football matches. Its main pros are being completely free and highly accessible with a standard Facebook account. However, inconsistent stream quality is a significant drawback, as it relies heavily on the uploader’s connection and equipment. Official content from major leagues is also quite limited. Users can find streams by searching for “live football” or specific match names on facebook.com/watch.

Tips for Safe and Smooth Websites to Watch Football for Free

Here are the key tips to consider:

Use a Reliable VPN

A Virtual Private Network (VPN) is your best friend when watching football for free online. A VPN encrypts your internet connection, hiding your IP address and making your online activity private. This is crucial for two reasons:

Bypassing Geo-Restrictions: Many free (and even some legal) streams are limited to specific countries. A VPN allows you to connect to a server in a different country, making it appear as if you’re browsing from there, thus unlocking geo-restricted content. Enhanced Security: Free streaming sites can sometimes be malicious or riddled with trackers. A VPN adds a layer of security, protecting your data from potential threats and preventing third parties from monitoring your streaming habits. Choose reputable VPN services like NordVPN, ExpressVPN, or Surfshark for optimal performance and security. Employ an Ad Blocker

One of the most common frustrations with websites to watch football for free is the sheer volume of intrusive advertisements, including pop-ups, pop-unders, and auto-playing video ads. These not only disrupt your viewing but can also be a source of malware. Installing a robust ad blocker (like Herond Shield of Herond Browser, AdBlock Plus, or AdGuard) as a browser extension is highly recommended. This will significantly reduce the number of ads, improve page loading times, and create a much smoother, safer viewing environment. Some browsers like Herond Browser have built-in ad blockers.

Maintain a Strong Internet Connection

A fast and stable internet connection is fundamental for websites to watch football for free with minimal buffering. For HD quality, aim for a minimum download speed of 5-10 Mbps, with higher speeds (25 Mbps+) being ideal for Full HD or 4K.

Check Your Speed

Regularly run an internet speed test to ensure you’re getting the promised bandwidth from your provider.

Wired Connection

If possible, use an Ethernet cable to connect your device directly to your router. This provides a more stable and faster connection than Wi-Fi.

Reduce Network Congestion

During streaming, close unnecessary tabs, applications, and background downloads on your device and other devices connected to your network.

Keep Your Software Updated

Ensure your operating system, web browser, and any streaming apps are always up-to-date. Software updates often include security patches and performance improvements that can prevent vulnerabilities and enhance streaming quality. Outdated software can be a gateway for malware and lead to compatibility issues that cause buffering or crashes.

Be Wary of Suspicious Links and Downloads

Free streaming sites, especially aggregators, can sometimes redirect you to unknown or malicious pages.

Look for HTTPS

Always check that the website’s URL begins with “https://” (indicating a secure connection) rather than just “http://”.

Avoid Unknown Downloads

Never download any software, plugins, or executables prompted by a streaming site unless you are sure of its legitimacy. These are common vectors for malware.

Close Pop-ups Safely

If a pop-up appears, try to close it using the small “x” button on the pop-up itself, rather than clicking anywhere else on the screen, which could activate a malicious link.

Consider Browser Choice

Some browsers are inherently more privacy-focused or offer better performance. Herond Browser, for instance, has a built-in ad blocker and prioritizes privacy. Using a browser with good security and performance features can naturally contribute to a safer and smoother streaming experience.

By implementing these tips, you can significantly enhance your experience of watching football for free online, enjoying every moment of the game with peace of mind and minimal interruptions.

Conclusion

By understanding the importance of legality, stream quality, safety, user experience, and availability, you can confidently choose platforms that deliver the matches you want, without the hidden costs or risks. Remember to leverage tools like VPNs and ad blockers for enhanced security and a smoother viewing experience.

Whether you prefer official highlights on YouTube, legal ad-supported streams from Pluto TV, or carefully vetted aggregators, the power to choose websites to watch football for free is truly at your fingertips. Embrace these resources and tips, and prepare to enjoy every thrilling moment of the beautiful game throughout 2025, without missing a single kick.

About Herond

Herond Browser is a cutting-edge Web 3.0 browser designed to prioritize user privacy and security. By blocking intrusive ads, harmful trackers, and profiling cookies, Herond creates a safer and faster browsing experience while minimizing data consumption.

To enhance user control over their digital presence, Herond offers two essential tools:

Herond Shield: A robust adblocker and privacy protection suite. Herond Wallet: A secure, multi-chain, non-custodial social wallet.

As a pioneering Web 2.5 solution, Herond is paving the way for mass Web 3.0 adoption by providing a seamless transition for users while upholding the core principles of decentralization and user ownership.

Have any questions or suggestions? Contact us:

On Telegram https://t.me/herond_browser DM our official X @HerondBrowser Technical support topic on https://community.herond.org

The post Top Websites to Watch Football for Free in 2025 appeared first on Herond Blog.

Ethereum’s switch to a Proof-of-Stake (PoS) system has totally changed how people can get involved in keeping the network secure and running smoothly. By staking your ETH, you’re not just helping secure the Ethereum blockchain – you’re also earning passive income! With more platforms supporting Ethereum Proof of Stake than ever before, it’s easier for investors to stake their ETH safely and effectively. In this blog, we’ll dive into the top five platforms that make Ethereum Proof of Stake simple, rewarding, and beginner-friendly.

What is Ethereum Staking?

Ethereum staking is a way to earn rewards by helping keep the Ethereum network secure. It involves locking up your ETH to support transaction validation and network security. In return, participants, called validators, earn rewards for their role in maintaining the blockchain.

This system started after Ethereum upgraded to a proof-of-stake (PoS) model during the Ethereum Merge. Instead of using energy-heavy mining, the network now selects validators to confirm transactions based on how much ETH they have staked. This shift makes the network more energy-efficient and secure. However, validators must act responsibly—any dishonest behavior can result in penalties or loss of funds.

For everyday users, staking offers a way to earn passive income without needing to trade actively. By staking ETH through trusted platforms, users can contribute to the network and grow their holdings over time. However, it’s important to choose a secure staking method to protect your investment.

How Does Ethereum Staking Work?

Ethereum staking allows you to earn rewards by locking up your ETH to support the network’s security and operations. To become a validator, you need to stake at least 32 ETH, which enables you to propose and confirm new transaction blocks. This role comes with rewards but also carries risks; dishonest actions can lead to penalties, including slashing, where a portion of your staked ETH is forfeited.

If you don’t have 32 ETH or prefer not to manage a validator node, staking pools offer an accessible alternative. These platforms allow you to stake smaller amounts by pooling your ETH with others. The platform manages the technical aspects, and you earn rewards proportional to your contribution, minus any service fees.

Staking rewards can vary based on network activity and the total amount of ETH staked. On average, annual returns range from 4% to 7%. By staking your ETH, you’re not only earning passive income but also contributing to the security and scalability of the Ethereum network.

Top 5 Platforms Supporting Ethereum Proof of Stake Bybit

Bybit is a leading cryptocurrency exchange renowned for its user-friendly interface and innovative financial products. Among its diverse offerings, Bybit provides Ethereum 2.0 Liquid Staking, enabling users to stake their ETH with ease and flexibility.

Key Features of Bybit’s Ethereum 2.0 Liquid Staking:

Accessibility: Users can stake as little as 0.01 ETH, making staking accessible to a broad audience. Zero Gas Fees: Bybit covers all gas fees associated with staking, ensuring a cost-effective experience for users. Derivative Tokens: Upon staking, users receive stETH tokens, representing their staked ETH. These tokens can be traded or utilized within the platform, providing liquidity and flexibility. Daily Rewards: Stakers earn daily rewards, allowing for consistent passive income generation. User-Friendly Interface: Bybit’s platform is designed to cater to both novice and experienced investors, simplifying the staking process and integrating seamlessly with other trading tools.

Bybit’s commitment to simplifying the staking experience is further demonstrated through its On-Chain Earn feature, which removes complex technicalities and provides direct access to staking opportunities. Bybit’s Ethereum 2.0 Liquid Staking offers a comprehensive solution for users seeking to participate in Ethereum’s proof-of-stake mechanism, combining accessibility, flexibility, and user-centric design.

Lido

Lido is a decentralized liquid staking platform that allows users to stake any amount of ETH without the need to run their own validator nodes. In return, users receive stETH tokens, which represent their staked ETH and accrue staking rewards over time.

Key Features:

Liquidity Through stETH Tokens: Lido’s stETH tokens provide liquidity to stakers, enabling them to trade, hold, or utilize these tokens across various DeFi platforms while still earning staking rewards.  DeFi Integration: stETH can be used as collateral in DeFi protocols such as Aave and Curve, allowing users to engage in lending, borrowing, and other financial activities without unstaking their ETH. No Minimum Staking Requirement: Unlike solo staking, which requires a minimum of 32 ETH, Lido allows users to stake any amount of ETH, making staking more accessible to a broader audience. Decentralized and Secure: Lido operates through a decentralized protocol, enhancing security and transparency for its users. 

By offering these features, Lido has become a popular choice for Ethereum holders seeking to participate in staking without sacrificing liquidity or requiring significant technical expertise.

Frax Finance

Frax Finance offers a cutting-edge staking solution through its innovative Frax Ether (frxETH) system. Designed to balance liquidity and stability, Frax allows users to participate in Ethereum staking without the technical barriers of running validator nodes or meeting the 32 ETH minimum requirement. This makes Frax Finance an attractive platform for both beginners and experienced investors seeking a more flexible staking experience.

Key Features:

Dual-Token Model (frxETH & sfrxETH): Frax operates with two tokens—frxETH, pegged 1:1 to Ethereum, and sfrxETH, which accrues staking rewards. This system enables users to stake ETH while maintaining liquidity and earning passive income. High-Yield Staking Rewards: sfrxETH holders benefit from competitive staking yields, making Frax one of the highest-yielding liquid staking platforms available. Seamless User Experience: Frax Finance’s user-friendly design ensures easy navigation and smooth staking processes, catering to both novice and seasoned crypto users. Integration with DeFi Ecosystem: frxETH and sfrxETH can be used across various DeFi platforms, expanding utility and maximizing earning potential. Decentralized and Transparent: Frax Finance prioritizes decentralization and transparency, offering users confidence in the platform’s security and governance.

Frax Finance’s innovative approach to staking makes it a standout option for those seeking both stability and liquidity in the Ethereum staking landscape.

Binance

Binance stands as one of the largest and most reputable cryptocurrency exchanges worldwide, offering a wide range of staking options, including Ethereum. Its global presence and extensive user base make it a trusted platform for both beginner and experienced investors seeking a seamless staking experience.

Key Features:

Simplified Ethereum 2.0 Staking: Binance removes the technical barriers of Ethereum staking, allowing users to stake ETH without managing validator nodes or meeting the 32 ETH requirement. Competitive Rewards: Binance offers attractive staking rewards, making it a profitable choice for users aiming to maximize returns. Robust Security: With advanced security protocols and insurance funds, Binance ensures a secure environment for staking and asset storage. Integrated Ecosystem: Users can leverage additional features such as trading, lending, and DeFi integrations within Binance’s expansive ecosystem. User-Friendly Interface: The platform is designed for ease of use, providing a smooth staking process for both beginners and seasoned investors.

Binance’s blend of security, competitive rewards, and a user-friendly interface makes it a top choice for Ethereum staking in 2025.

EigenLayer

EigenLayer is an innovative decentralized protocol designed to expand Ethereum staking through its unique restaking mechanism. It allows users to redeposit their staked ETH or liquid staking tokens (like stETH) to secure Ethereum’s Layer 2 networks and other middleware solutions. This process not only enhances Ethereum’s scalability and security but also offers users the opportunity to earn additional rewards.

Key Features

Restaking Mechanism: Enables users to restake ETH or liquid staking tokens, maximizing capital efficiency and increasing potential returns. Layer 2 Support: Strengthens Ethereum’s Layer 2 ecosystems by providing additional security and decentralization. Enhanced Rewards: Offers extra incentives for participants who contribute to network security through restaking. Decentralized Security Model: Leverages Ethereum’s decentralized validators to secure new protocols without compromising safety. Innovative Investment Opportunity: Appeals to advanced and tech-savvy investors seeking new ways to optimize staking rewards.

EigenLayer’s pioneering approach to restaking introduces a dynamic strategy for boosting returns and supporting Ethereum’s evolving infrastructure, making it an exciting option for forward-thinking investors.

Conclusion

Ethereum Proof of Stake has opened exciting opportunities for earning passive income while making the network safer and more scalable. Whether you’re a beginner or a seasoned investor, platforms like Bybit, Lido, Frax Finance, Binance, and EigenLayer offer secure and rewarding ways to stake your ETH. No matter your experience level, these platforms make it easy to join in and grow your crypto holdings.

About Herond Browser

Herond Browser is a cutting-edge Web 3.0 browser designed to prioritize user privacy and security. By blocking intrusive ads, harmful trackers, and profiling cookies, Herond creates a safer and faster browsing experience while minimizing data consumption.

To enhance user control over their digital presence, Herond offers two essential tools:

Herond Shield: A robust adblocker and privacy protection suite. Herond Wallet: A secure, multi-chain, non-custodial social wallet.

As a pioneering Web 2.5 solution, Herond is paving the way for mass Web 3.0 adoption by providing a seamless transition for users while upholding the core principles of decentralization and user ownership.

Have any questions or suggestions? Contact us:

On Telegram https://t.me/herond_browser DM our official X @HerondBrowser Technical support topic on https://community.herond.org

The post Platforms Supporting Ethereum Proof of Stake appeared first on Herond Blog.

Starting in August 2025, the UK mandates identity verification for company directors and Persons with Significant Control (PSCs) under the Economic Crime and Corporate Transparency Act 2023. While GOV.UK’s One Login system offers a verification route, recent security concerns have emerged due to its loss of certification. iComply provides a robust, privacy-focused alternative that not only meets but exceeds these new requirements, ensuring secure and compliant identity verification.

 

The Changing Landscape of Corporate Director Identity Verification in the United Kingdom

The UK’s corporate environment is undergoing significant reforms aimed at enhancing transparency and combating economic crime. Central to these changes is the requirement for identity verification of key individuals involved in companies.

Key Requirements: Who Must Verify: All new and existing company directors Persons with Significant Control (PSCs) Individuals submitting filings to Companies House Verification Methods: Directly through Companies House via GOV.UK One Login In-person at designated UK Post Office branches Through Authorised Corporate Service Providers (ACSPs) Timeline: Voluntary verification available from April 8, 2025 Mandatory verification for new appointments from Autumn 2025 12-month transition period for existing directors and PSCs to comply

Failure to comply may result in criminal offenses and the inability to serve as a director. 

 

Real-World Implications: A Compliance Officer’s Perspective

Consider James, a compliance officer at a reputable UK corporate services firm. James is tasked with onboarding a new client, a multinational corporation with a complex ownership structure. Navigating the intricate web of subsidiaries and stakeholders, James must ensure that all directors and PSCs are properly verified to meet the upcoming regulatory requirements.

Utilizing iComply’s advanced identity verification solutions, James efficiently:

Automates the collection of necessary identification documents Conducts thorough checks against global watchlists and sanctions Generates audit-ready reports to demonstrate compliance

This streamlined process not only saves time but also provides peace of mind, knowing that the firm adheres to the highest standards of regulatory compliance.

 

Concerns Surrounding GOV.UK One Login

While GOV.UK’s One Login system offers a digital route for identity verification, recent developments have raised concerns:

Loss of Certification: In May 2025, One Login lost its certification under the Digital Identity and Attributes Trust Framework (DIATF) due to its biometric authentication provider, iProov, failing to renew compliance. Security Vulnerabilities: The system has been reported to comply with barely half – only 21 – of the 39 outcomes detailed in the National Cyber Security Centre’s Cyber Assessment Framework, indicating significant shortcomings in information security. Privacy Concerns: The centralized nature of One Login raises potential privacy issues, with critics highlighting the risks of “ID phone home” scenarios where user interactions could be tracked, monitored, or controlled remotely.

These issues underscore the importance of choosing a reliable and secure identity verification solution.

 

iComply: Exceeding Standards in Identity Verification

iComply offers a comprehensive identity verification solution that not only meets but surpasses the UK’s new regulatory requirements:

Advanced Verification Techniques: Employing document authentication, hybrid (active and passive) liveness detection, and concurrent biometric verification within a secure video session. Privacy-First Approach: Prioritizing user privacy through decentralized verification methods, reducing the risk of data breaches associated with centralized systems. Continuous Compliance Monitoring: Staying ahead of regulatory changes to ensure ongoing compliance and security. User Empowerment: Providing users with control over their personal data, fostering trust and confidence in the verification process.

 

Enhancing Corporate Transparency

The implementation of stringent identity verification requirements aims to:

Prevent Fraudulent Activities: By ensuring that only verified individuals can hold key positions within companies. Improve Data Accuracy: Enhancing the reliability of information within the Companies House register. Strengthen Public Trust: Demonstrating a commitment to transparency and accountability in the corporate sector.

iComply’s KYB and KYC solutions align with these objectives, offering tools that support businesses in maintaining integrity and public confidence.

As the UK moves towards stricter identity verification mandates, businesses must adapt to ensure compliance and protect their reputations. iComply stands as a trusted partner in this transition, offering advanced, privacy-focused solutions that meet and exceed regulatory standards.

Contact us to learn why James’ firm chose iComply for secure, compliant, and trustworthy identity verification on directors, beneficial owners, and PSCs in the United Kingdom.

Learn how identity solutions like Auth0 N2W SSO help adapt to new App Store rules and unlock revenue with secure web payments.

Robust Research Data Management (RDM) is the backbone of reliable digital twins, ensuring consistent, accurate, and scalable data inputs. Without it, even the best models can mislead. myLaminin, a blockchain-enabled RDM platform, empowers organizations to govern data across systems with integrity and flexibility. With features like immutable audit trails and customizable storage, myLaminin helps digital twin projects stay accurate, compliant, and future-ready.

[Amsterdam] Money 20/20 — “The world’s leading, premium content, sales and networking platform for the global money ecosystem” — has selected Indicio as one of eight startups “transforming the world of money.”

The announcement was made today during the Money 20/20 conference in Amsterdam.

“This is tremendous recognition for Indicio and our technology’s capacity to turn verifiable identity into the ubiquitous payment method of the future,” said Heather Dahl, CEO. “The banking and financial sector has started to realize the power of Verifiable Credentials to create industry-spanning solutions that cover everything from seamless account access to digital assets, privacy-preserving biometric authentication, and identity for agentic AI. All these have tremendous value to business and customers alike. But the payoff is even bigger when you start to see how decentralized identity can be a secure payment rail for instant, independent, peer-to-peer transactions — digital infrastructure you can create with your phone.”

To underscore how rapidly this future is coming, Indicio just announced Indicio ProvenAI. ProvenAI is a simple way to implement verifiable identity for AI agents and their customers, so each can authenticate the other before the customer gives consent to access data. It is the latest addition to Indicio Proven, the company’s platform for interoperable decentralized identity solutions and the latest product in its suite of financial service applications.

“Simply put, the vast potential of agentic AI in banking and finance is constrained by the problems our technology solves,” said Dahl. “With Verifiable Credentials, we are able to give AI agents verifiable identities, we enable secure communication between agent and customer that can be initiated by the agent, and we provide a simple way for the customer to give consent to the AI requesting access to their data.”

Indicio’s identity solution for AI follows on its ground-breaking solution to the problem of AI-generated identity fraud.

“With the emergence of deepfakes, we saw an opportunity to translate our travel solution — the world’s first digital passport credential based on standards set by the International Civil Aviation Organization — into a financial one,” said Dahl. “At  the core of this is ‘government-grade digital identity’ using authenticated biometrics.”

Indicio’s ability to combine authenticated biometrics with Verifiable Credentials means that a remote liveness check or biometric scan can be instantly crosschecked against an authenticated, tamper-proof copy of a person’s biometrics that the person holds on their phone. When added to a KYC credential, financial institutions have an enormously powerful, reusable  authentication solution at a fraction of the cost of conventional identity verification.

“The beauty of it is that the biometric data stays with the person — there’s no need for enterprises  to store people’s biometric data to verify it,” said Dahl. “This is a breakthrough for consumers — and a gateway to better account login and security. We know from the travel sector that many people are willing to use and trust  biometrics if they can be sure their data is protected. With Indicio, people have custody and control of their most valuable data and can share it in a way that’s instantly verifiable.”

Indicio has been leading the decentralized identity sector with these kinds of innovations, but it has also recently entered the European digital wallet market with another tech first: a simple way to combine credentials built to Europe’s digital identity specifications with credentials from outside Europe that have been built to different global standards.

“Our goal is to make every kind of credential format — digital travel credentials, EU credentials, mobile driver’s licenses — all work with each other and be easily combined in seamless workflows, including in the world of money,” said Dahl. “We successfully showed that this was possible earlier in the year in an international travel trial with Aruba, Delta Air Lines, and SITA.

“This seamless interoperability creates a single customer journey, bridging companies, industries, and sectors to meet a consumer’s needs. Interoperability is the key to a single digital market in a micro as well as macro sense.

“We call it decentralized identity,” said Dahl, “but it’s really a way to connect anywhere to everywhere in a trusted, privacy-preserving way. It’s a foundation for seamless interaction, payments, agentic AI and a new kind of internet.”

In line with the company’s commitment to be the leader in global interoperability, Indicio is currently incorporating the Mobile Driver’s License (mDL) into its Proven platform. The company will also be developing the technology for government-issued digital passport credentials based on the ICAO DTC 2 specification with its global partner SITA in the EU Aptitude Trial.

To learn more and see a demonstration of the technology in action you can explore Indicio’s banking and finance solutions, or take a look at our highly customizable flagship product Indicio Proven®. If you have any questions our team would be happy to answer them or talk through a specific use case, please contact us here.

##

Sign up to our newsletter to stay up to date with the latest from Indicio and the decentralized identity community

The post Indicio “poised to transform the world of money” — Money20/20 appeared first on Indicio.

Modernize security with Detection-as-Code. Learn how to automate threat detection & response using DevSecOps & tools like Fastly's WAF Simulator.

The post Indicio launches ProvenAI platform for authenticating AI agents appeared first on Indicio.

Learn how to implement fine-grained authorization in Java RAG systems using LangChain4j and Auth0 FGA to secure your AI applications.

Streamlining Security: HYPR and HID Merge Physical and Digital Access The notion of “access” no longer coincides with a single connotation. Within a sprawling landscape of digital identities and physical spaces, modern enterprises are confronted with the daunting task of securing each of these spaces from all possible angles. The struggle to secure virtual and physical access incurs productivity setbacks and security vulnerabilities. The introduction of the virtual world was supposed to provide convenience and efficiency, but the resulting balance between digital and physical access has left organizations scrambling to address each separately.

But what if there was a way to streamline access, fortify security, and empower employees all at once?
A Unified Solution for Every Use Case

HYPR and HID have partnered to deliver one converged access solution with hardware- and software-based passkeys in a single platform. Whether your workforce needs smart cards for regulated environments, mobile-device credentials for remote workers, or both, this solution flexes to your policies and compliance requirements:

Hardware-Based Passkeys: Ideal for high-security sites and regulated industries (finance, manufacturing, healthcare). Software-Based Passkeys: Perfect for contractors, hybrid staff, and deskless workers. Mixed Workforces: Assign each user the credential type that matches their role; no system overhaul required.

By registering and verifying identities at enrollment, HYPR’s identity verification establishes a chain of trust from day one. HID’s smart cards then become both your physical badge and your FIDO credential, unlocking doors and business applications with a single tap.

A Leader in Trusted Identity Solutions

HID is a global leader in Identity and Access Management, specializing in the issuance, authentication, and management of digital identities for millions of users. As an active member of the FIDO Alliance, HID strongly advocates for passwordless authentication. We recognize that the transition from traditional password-based authentication to passkeys varies for each organization. Therefore, we have partnered with strategic vendors such as Microsoft and HYPR to deliver solutions that meet businesses wherever they are in their passwordless journey. Whether leveraging the power of physical access cards, the Crescendo portfolio, or our software solutions, our mission is to become the trusted leader in delivering confidence to navigate within a digital world.

Key Benefits of the HYPR | HID Integration Stronger Security 
Deploy phishing-resistant, device-bound passkeys, with no password fallbacks, across every environment. Only verified users gain access to sensitive systems or secure areas. Flexible Deployment 
Support hardware and software passkeys from the same console. Simplified Administration
Manage Crescendo Cards and HYPR credentials through one pane of glass. Reduce provisioning steps, lower maintenance costs, and accelerate onboarding.
Faster Onboarding
Enable self-service enrollment – no pre-issued certificates or IT hand-holding required. New hires, contractors, and partners get up and running in minutes. Increased Productivity
One credential for doors, desktops, and apps means fewer helpdesk tickets and smoother user experiences. Employees focus on work, not passwords. Compliance Ready
Built on FIDO-certified technology, the solution supports zero trust initiatives and audit requirements across industries. Frictionless User Experience for Enterprise Access

No employee walks into their building, sits down at their desk, opens their computer, and starts working. The users at your organization use ID badges to gain entry to the office. They then use a number of authentication methods to access their workstations and applications. HID and HYPR’s solution acknowledges these existing methods and improves the speed and efficiency of your infrastructure rather than changing it or overcomplicating it. 

Single Credential for Physical and Digital Access

To provide a unified physical and digital access experience, the HYPR and HID integration leverages the power of the Crescendo Cards, which support PIV and are FIDO-certified. Acting as a single, secure credential, they allow users to unlock office doors and log in to workstations. Notably, the Crescendo tools streamline the management, provisioning, and recovery of these cards, relieving administrative burden. Users can self-enroll their Crescendo Cards for both domains of access, eliminating complex onboarding processes. If a card is lost or stolen, organizations are assured of quick and secure recovery.

Simplifying Security in the Face of Modern Threats

By converging physical and digital access, HYPR and HID eliminate the silos and manual gaps that adversaries exploit. Users self-enroll, IT manages everything centrally, and security teams gain continuous assurance that only verified humans enter your systems and spaces.

Learn more about how the HYPR | HID integration can address your most demanding access use cases while reducing risk, accelerating onboarding, and maximizing your existing investments.

Read the full Solution Brief 

“Most digital systems were built around a simple model: one user, one identity, one device, one intent. If you need more than that, that’s what password sharing is for, right? (Note: that was sarcasm.) Who needs delegation?“

A Digital Identity Digest Acting on Behalf of Others: Delegation, Consent, and Messy Reality Play Episode Pause Episode Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds 00:00 / 00:12:18 Subscribe Share Amazon Apple Podcasts CastBox Listen Notes Overcast Pandora Player.fm PocketCasts Podbean RSS Spotify TuneIn YouTube iHeartRadio RSS Feed Share Link Embed

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

Reality, which has definitely included sharing passwords, has always been messier.

From caregivers managing health portals, to coworkers submitting expense reports on behalf of others, to kids navigating school systems with help from their parents, the need for delegation is everywhere. But digital identity systems still mostly assume a clean one-to-one world. And when real life demands “acting for someone else,” we’re left cobbling together workarounds such as password sharing, manual overrides, and endless customer support calls.

Now, with the rise of agentic AI, where digital agents can take actions independently, the challenge of delegation has found new urgency. If humans already can’t delegate to other people cleanly in digital systems, what happens when software needs to do it?

Delegation isn’t new. But it’s getting urgent.

You may also be interested in some of my earlier posts, “Agentic AI and Authentication: Exploring Some Unanswered Questions” and “What AI Agents Can Teach Us About Fraud in Consumer Identity.”

Delegation: Beyond Permission Tokens and Role Switching

Delegation sounds simple: authorize one party to act on behalf of another. I wish it were that simple! Alas, today, “delegation” often gets boiled down to clumsy versions of permission tokens or role-switching.

Let’s take a real-world example. I’m paraphrasing from George Fletcher‘s LinkedIn article on Delegated Authorization (are you following George? You need to be following George).

Alice managed medical and supplement accounts for herself and her spouse Bob. After Alice’s death, Bob needed access to those accounts to make changes. But because most systems didn’t support delegation, the only option was for Bob to impersonate Alice, using her password, risking terms-of-service violations and creating an audit mess.

This is hardly rare. Across industries, you see:

Healthcare: Caregivers trying to manage appointments and prescriptions without “breaking” patient portals. Workplaces: Expense approvals getting “proxy-approved” by executive assistants without clear delegation records. Education: Parents struggling to fill out school forms because online systems assume the student is the sole user. Customer Service: Agents needing to fix a customer’s problem but lacking any secure way to act on the customer’s behalf.

In these cases, systems often lean on role-switching (“pretend to be someone else”) or manual overrides (“fax us a form”). Neither solution is scalable, auditable, or user-friendly.

Why Agentic AI Turns the Pressure Up

If delegation was already broken for humans, AI makes the problem even harder. (The irony here, given AI is supposed to make everything easier, does not escape me.)

Picture an AI financial assistant you authorize to move money between your accounts. That AI is acting on your behalf, but today’s systems aren’t designed to distinguish “the customer” from “the customer’s agent.” There’s no standard way to represent delegated credentials. No clear audit trail showing who (or what) took which action.

Without robust delegation models, AI agents risk being blocked from useful actions or allowed to act too broadly without sufficient consent or guardrails.

This isn’t just a futuristic thought experiment. Real discussions (like those at The Identity Salon) have flagged problems ranging from AI in banking to AI-powered scheduling assistants accessing your work calendar.

Delegation Models (and Why They’re Still Not Enough)

We’ve tried to tackle delegation before. Some of the main models include:

OAuth “Alice-to-Alice” Sharing: Useful for limited access (like “this app can see your calendar”), where you grant a service permission to act on your behalf. But even though another app is doing the work, the system still treats it as if you personally took the action, which isn’t the kind of clear, separate delegation we often need. User-Managed Access (UMA): A step forward in enabling a touch more complexity, UMA (a spec out of the Kantara Initiative) allows Bob to act for Alice with his own identity. Unfortunately, adoption of UMA has been slow. On-Behalf-Of Models in “OAuth 2.0 Token Exchange” (RFC 8693): Helpful for service-to-service delegation, but lacking lifecycle management and human-centric constraints. Persona Chaining: Several efforts have proposed ways to create sub-identities for delegation, but they tend to introduce ambiguity over time and often fail to take hold in real-world systems. Why? Because chaining authority adds complexity: it’s harder to define clear boundaries, enforce policy constraints, and ensure reliable audit trails as the chain grows. Without strong governance, persona chains risk becoming security liabilities instead of flexible solutions.

Each model solves part of the puzzle. None solves it completely. Especially once you factor in:

Contextual constraints (“only for this task,” “only until next Tuesday”). Transitivity (“Bob can act for Alice—but can’t pass that authority to Carol”). Auditability (“who did what, when, and why”). Lifecycle management (“delegation expires automatically when conditions change”). Real-World Enterprise Reflections

Healthcare and personal AI agents are one thing, but don’t think the enterprise gets to avoid this pain.

In HR systems, managers often need to submit forms on behalf of employees. Without built-in delegation, companies end up granting broad admin rights, creating security risks and compliance headaches. (There’s a reason digital identity is one of the most successful attack vectors there is today.)

In expense systems, executive assistants often “act for” executives, but technically submit expenses “as” the executive. Good luck untangling that when auditors come knocking. Or not. You deserve at least a slap on the wrist if that’s what you’re doing.

Even in research settings, project leads sometimes need to act on behalf of students or postdocs to access grant portals or finalize submissions, but systems rarely support clear, limited delegation.

Delegation Isn’t Optional Anymore

As George Fletcher put it, we need ways for one party to prove:

They have the right to act on someone else’s behalf. They are the specific person (or agent) authorized. Their actions are constrained by clear, enforceable policies.

Without this, delegation remains a patchwork of risky workarounds.

And with AI agents entering the mix, “I’ll just share my password” is no longer an acceptable fallback.

If we want a digital world that reflects real human (and increasingly agentic) relationships, delegation needs to be a first-class feature, not an afterthought. But it’s not going to be easy. Whatever new specifications technologists come up with will have to contend with legacy systems that have no idea how to implement those specifications (I wrote about the long-tail of implementation not too long ago). The technical debt here is crazypants.

In the next post, I’ll dive into where I think existing delegation models fall short and what a more complete, future-ready solution could look like.

Want to stay updated? I write about digital identity and related standards—because someone has to keep track of all this! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

[00:00]
Welcome to A Digital Identity Digest, the audio companion to the blog at Spherical Cow Consulting. I’m Heather Flanagan, and every week I break down interesting topics in the field of digital identity—from credentials and standards to browser weirdness and policy twists.

If you work with digital identity but don’t have time to follow every specification or hype cycle, you’re in the right place.

Let’s get into it.

Delegation Sounds Simple — Until It Isn’t

[00:00:29]
Today, we’re diving into a problem that’s bigger than it sounds: delegation.

If that word makes your eyes glaze over, hang on. Because without solving the delegation problem, everything from caregiving to AI agents managing your bank accounts is held together with virtual duct tape and hope.

What Is Delegation, Really?

[00:01:03]
Digital systems were built on a simple model: one user, one identity, one device, one intent. Clean. Predictable.

But real life doesn’t work like that.

[00:01:17]
Delegation happens all the time. You hand your kid your phone to check in at the orthodontist. A coworker approves an invoice while you’re in the air. Your partner logs into the utility company’s website to pay a bill.

Delegation is normal behavior. It’s how families, companies, and governments function. Ever heard of a power of attorney? Same idea, different paperwork.

[00:01:48]
But our systems still assume we all live alone on little digital islands. One user, one device. No help allowed.

How People Actually Delegate

[00:02:00]
When you try to act for someone else, you usually end up doing one of three things:

Share a password (bad, and you know it) Fill out a 1990s-style form Spend an afternoon lost in customer support limbo

[00:02:24]
Delegation isn’t a corner case. It’s everyday life. And as AI agents enter the mix, the cracks in our one-user model become more obvious—and more dangerous.

Real Life Example: Bob and Alice

[00:02:41]
Let’s talk about a real-world example, using Bob and Alice. Because in Identity Land, everyone is Bob and Alice.

[00:02:49]
Alice manages all the medical and supplement accounts for her household. When she dies, Bob needs to access those accounts to cancel services, update info, settle things.

[00:02:59]
But that’s not easy. Most sites don’t support real delegation. Bob’s options:

Steal or guess Alice’s password (which is illegal) Fax around a death certificate like it’s 1997

[00:03:24]
Even if he gets in, the system doesn’t know Bob is acting with Alice’s consent.

[00:03:35]
This isn’t an extreme case. Parents managing care for kids, adult children helping with banking, executive assistants scheduling meetings—it’s all delegation.

We designed our systems as if these use cases don’t exist.

And Then Came AI Agents

[00:03:59]
Let’s make it even messier by adding AI.

[00:04:05]
Imagine you have an AI assistant that can act on your behalf: book flights, order groceries, pay bills, move money. Maybe it even negotiates your internet bill.

You’ve told it what it can do—and it works. Until it doesn’t.

[00:04:24]
When the AI tries to update your address or cancel a subscription, the system says: Who are you, and why should I trust you?

[00:04:56]
Right now, there’s no standard credential that says, “I’m an authorized agent.” No way to prove the agent isn’t just stealing your identity.

So you either get blocked at every step, or you let the AI act freely—with no oversight, audit trail, or way to revoke access.

[00:05:22]
Either scenario is a nightmare.

[00:05:24]
This isn’t theoretical. Visa and Mastercard are already testing AI agents that act on your behalf. People are plugging them into banking tools, medical apps, productivity workflows.

But the tools weren’t built for real delegation.

Existing Models Aren’t Enough

[00:06:04]
There have been attempts to fix this:

OAuth 2.0 — Lets Alice share access, but it still looks like Alice did everything User Managed Access (UMA) — Great concept where Bob acts for Alice as Bob, with permission. But not widely adopted OAuth Token Exchange — Works well for backend services, but not for actual humans Persona Chaining — Create sub-identities, then lose track of them

[00:07:00]
Each solves part of the problem, but none cover the full picture—especially when you need context, limits, expiration, and audit trails.

Delegation in the Enterprise? Worse.

[00:07:25]
You’d think enterprises would have this figured out. Nope.

[00:07:30]
HR managers need to do things on behalf of employees. But instead of targeted delegation (like submitting vacation requests but not seeing salary), they get full admin rights.

[00:07:40]
Executive assistants submit expenses for executives all the time. That’s fine—until an audit shows $6,000 in upgrades and spa charges, and the system logs show the executive clicked “submit.”

Maybe they did. Maybe they didn’t.

[00:08:12]
Yes, this really happens. Especially in older ERP or expense systems, or in underfunded orgs without fine-grained access controls.

[00:08:49]
Even well-funded companies often rely on temporary access, shared accounts, and informal workflows that make real audit trails impossible.

[00:09:12]
Unless the system supports delegated authority as a first-class feature, it always looks like the executive made the request. Not the assistant.

Broken Delegation = Risk and Waste

[00:09:31]
Every time delegation is handled poorly, it:

Slows down work Increases friction Creates security risks Forces people into workarounds

[00:09:48]
Delegation isn’t an edge case. It’s just life. And ignoring it breaks everything.

What Needs to Change

[00:10:02]
We need ways for people and agents to prove:

They have the right to act for someone else They are who they say they are Their actions are constrained, auditable, and revocable

[00:10:28]
Without that, delegation stays chaotic—and automation doesn’t work.

[00:10:39]
Fixing this isn’t easy. It means:

Updating protocols like OAuth and UMA Building support for verifiable credentials Creating governance models that aren’t just “hope and vibes”

[00:10:53]
And then there’s the technical debt—so large it might have its own zip code. Updating protocols doesn’t magically update software. Apps have to evolve too.

[00:11:17]
If we want digital systems that reflect real life, delegation has to be a first-class feature.

What’s Next

[00:11:25]
In Part Two, I’ll dig deeper into where today’s models fall short—and what it’ll take to build delegation that doesn’t suck.

Thanks for Listening

[00:11:42]
That’s it for this episode of A Digital Identity Digest.

If this helped make the messy world of digital identity a little clearer—or at least more interesting—please share it with a friend or colleague. Connect with me on LinkedIn @hlflanagan.

And if you enjoyed the show, subscribe and leave a review on Apple Podcasts or wherever you listen.

You can read the full post at sphericalcowconsulting.com.

Stay curious. Stay engaged. Let’s keep the conversation going.

The post Acting on Behalf of Others: Delegation, Consent, and Messy Reality appeared first on Spherical Cow Consulting.

In one of our latest podcast episodes, we were joined by Rob White, Head of Identity Services at Samsung Wallet, for an in-depth conversation about the future of mobile driver’s licenses (mDLs) and digital identity.

With decades of experience in mobile wallets and payments, Rob shared Samsung’s vision for making identity more secure, convenient, and privacy-preserving. From user trust and interoperability to commercial use cases and government partnerships, the conversation covered the key hurdles and opportunities shaping the next phase of digital identity in the U.S.

Below are the key insights and takeaways from the session.

Fastly's Q1 2025 Threat Report: Key insights on web attacks, bot traffic, and how to defend your apps & APIs. Read the full report now.

Anonyome Labs was among the world’s leading experts on the future of digital identities and cybersecurity at the 2025 European Identity and Cloud Conference in Germany in May.

Anonyome’s CTO Dr Paul Ashley presented on implementing hardware security modules in digital identity wallets, and Chief Architect Steve McCown discussed fighting AI deepfakes with personhood credentials.

The four-day EIC 2025 saw 300 experts share solutions to the complex challenges of human-centric digital identity in the face of accelerating artificial intelligence (AI) capabilities, and other developments in cutting-edge identity and cloud technologies.

Implementing hardware security modules in digital identity wallets

Dr Ashley explained how digital identity wallets can be enhanced through HSM integration to fulfill the requirements of the EU Digital Identity Wallet framework and analyzed each credential standard’s compatibility with various HSMs’ cryptographic capabilities. He focused on examining the secure enclave capabilities on iOS and Android phones and Yubikey 5C NFC devices to support different verifiable credential presentation proof signature profiles and strong holder binding. Dr Ashley explained:

The secure enclaves on iOS and Android phones offer limited cryptographic flexibility for supporting various verifiable credential proof signature profiles, restricting the types of credentials and signing algorithms that can be utilized.
Approximately 50% of current Android phones lack secure enclaves, limiting accessibility to this functionality for a significant portion of the population.
Yubikey 5C NFC provides greater cryptographic flexibility and the added benefit of compatibility across the user’s wallet devices.
None of the mentioned options are currently certified for EUDI Wallet use.
Exploring the potential of remote HSMs like those from ubiqu as a solution to the identified limitations presents an intriguing avenue for future consideration.

Watch Dr Ashley’s presentation.

Steve McCown made two appearances at EIC 2025: he presented a “101” on personhood credentials (PHCs) and was part of an expert panel examining real-world implementations, emerging standards, and practical challenges in digital identity.

Benefits and challenges of personhood credentials

In his “101” Steve looked at the evolution of the “personhood” concept as a way of proving a user is a real human and not a bot in an AI world. He identified some of the significant benefits of PHCs, such as reducing impact of sockpuppeting, mitigating bot attacks, and verifying a person’s delegation to AI agent, but also warned of potential challenges, including:

Equitable access: can PHCs affect access to digital services?
Free expression: will people feel safe using PHCs?
Checks on power: how will PHCs affect tech providers?
Robustness of attack and error: how might PHCs be vulnerable to errors or subversive compromise?

Steve’s talk underscored the idea that the web faces a critical inflection point: as AI-generated content proliferates and platforms demand increasingly invasive identity verification, we risk creating a digital environment where every interaction requires credentials—essentially a “papers, please” culture for the internet. Privacy-preserving approaches to personhood verification can help prevent this dystopian outcome while still enabling necessary trust.

Watch Steve’s presentation.

The expert panel explored how technologies such as zero-knowledge proofs and selective disclosure can preserve individual privacy while meeting legitimate verification requirements. The discussion addressed pressing questions around maintaining an open web, preventing privacy violations, and safeguarding human agency in increasingly digital environments.

Steve was joined on the panel by Ankur Banerjee, Co-chair of Technical Steering Committee, Decentralized Identity Foundation; Drummond Reed, DIF Community Member; and Sebastian Rodriguez, Strategy Advisor, Privado.ID.

Watch the panel discussion.

Hosted by KuppingerCole, the annual European Identity and Cloud Conference is Europe’s premier event on digital ID, security, privacy, and governance in an AI-driven world. This year’s conference, which attracted 1500 attendees to 230 sessions over four days, focused on shaping the future of digital identities.

Anonyome Labs was proudly a silver sponsor of the conference, which is now in its 18th year.

See the EIC 2025 wrap-up.

Anonyome Labs and cheqd discuss learnings from the EIC

Following the 2025 EIC, Dr Ashley spoke to cheqd CEO Fraser Edwards about the key learnings from the conference, particularly:

The latest developments in decentralized identity and verifiable credentials and progress towards the EU DI Wallet
AI agent identity and the issues around delegating trust to AI agents and providing authorization control

Listen to their conversation.  

Anonyome Labs’ suite of robust, market-ready software products have been deployed by leading brands across diverse industries worldwide. By offering developer-ready SDKs and APIs, Anonyome enables the seamless integration of decentralized identity capabilities for wallets, issuers, and verifiers. This supports the global shift towards decentralized and user-centric digital identity management, empowering organizations to adopt secure, scalable, and future-proof solutions.

Explore Anonyome Labs’ verifiable credentials solution

Schedule a demo

Read our whitepaper: Inside the Anonyome Platform.

You might also like:

KuppingerCole Greenlights Anonyome Labs’ Verifiable Credential Solution in $50B Future Industry cheqd and Anonyome Labs Partner to Transform Digital Identity  Anonyome’s DI Mobile Wallet SDK Now Offers Even More DI Trust Infrastructure Options Go Inside Version 3.0 of the Most Advanced Mobile Wallet SDK on the Market Verifiable Credentials – the Killer Feature of Decentralized Identity

The post Anonyome Talks Digital Wallets, Personhood Credentials & AI at EIC 2025 appeared first on Anonyome Labs.

We’re excited to share the latest updates on Permissioning the City (PtC). Our vision to transform how urban spaces are managed and shared by communities has taken some exciting steps forward with the development of our MVP (Platform 1.0).

Introducing the MVP — Platform 1.0

Check out our new video highlighting the core functionalities and vision behind the product. (Not all functionalities described in the video are currently accessible but the backend is there!)

Our MVP focuses on three critical areas:

Space Discovery: Making it easier to discover and access information about underutilised spaces. Rule-making: Enabling communities to collaboratively create, adjust, and iterate rules using our rule-template system. Community Decision-Making: Facilitating inclusive decisions and structured deliberation through an ‘explained vote’ system.

Throughout this development, we’ve actively worked with stakeholders — from commercial and non-commercial space managers to event organisers, artists, and administrators. Our three dedicated in-person workshops allowed us to test ideas such as collaborative rule-making, refine features, and fine-tune our feedback system directly with potential users. You can see our video here which features these engagements.

Our Recent Highlights

We’re excited to share some achievements from the past year:

Dubai World Government Summit: Featured in the Edge of Government exhibition, showcasing global innovations in public governance. Digital Innovation Award: Selected by South Korea’s Ministry of Science and ICT for the 2025 Digital Innovation Awards. Funder Validation: Successfully presented MVP to our funder, the National IT Industry Promotion Agency (NIPA), receiving encouraging support and validation. New Funding Secured: NIPA renewed our support for 2025–2026! We’re collaborating with regional institutions across South Korea— Incheon, Yongin, Daegu, and Jeonnam — to expand testing across private homes, shared offices/kitchens, and public squares. Melbourne Design Week: With RMIT, collaboratively exploring the potential of digital permission architectures in unlocking Australian cities. See event info here. What’s Next?

Next, we’re diving deep into testing the MVP across real-world environments to answer key governance and knowledge/data related questions, such as:

Self-selecting permissioning group with responsibility sharing:

Does this feature allow us to find a generally permissive balance of concerned parties, and find considerate and consensual ways for space to be activated? Should there be special members of the permissioning group which should always be involved as a safeguard, e.g. the space owner? (One way we can test this is having the permissioning group decisions reviewed by a responsibility holder — if the veto is never used, it would suggest that the responsibility holder may not necessarily always need to participate.) How do we avoid “tragedy of the commons” situations after something goes wrong? What processes do we need to define how these responsibilities are assigned as part of rule-making?

Rule-focused feedback:

Does focusing feedback on rules rather than individuals encourage compliance and reduce negative behaviours?

Asynchronous deliberation:

Will our voting system, which allows explanations and discussions, lead to broader consensus?

Collective intelligence generated through the use of the platform:

What meaningful data can we (responsibly) collect that will benefit both communities and local authorities — creating a positive feedback loop? What are the possible external use cases for this intelligence? What stakeholders might be interested? E.g. evidence-informed masterplanning Developing Platform 2.0: AI-Supported Adaptive Permissioning

Our new grant enables us to move towards Platform 2.0, a transformative phase introducing conversational, AI-supported dynamic permissioning. While decisions by peers will remain at the heart of Permissioning the City, AI will be used only to facilitate this process. Instead of cumbersome forms, users will interact naturally, negotiating space access through intuitive dialogues powered by small Language Models (sLLMs).

Highlights of Platform 2.0 include:

Adaptive permissions: Permissions that evolve dynamically based on real-time feedback, context, and outcomes. Trust & verification: Layered verification combining human, sensor, and machine inputs, secured by decentralised identity systems (DIDs) and privacy-enhancing technologies. Legal automation: Automatically generated contracts and insurance agreements based on the intents and care commitments agreed by peers. Conversational interfaces: Natural language dialogues facilitate real-time rule negotiations and dynamic governance. Core Design Questions Driving Platform 2.0 Dynamic cities: How can adaptive governance replace static control, fostering real-time, participatory space management? Decentralised trust: What robust verification systems (e.g., blockchain, multi-level checks) ensure permissions remain trustworthy? Contextual rule-making: Can organic rule creation emerge effectively from lived behaviours and evolving contexts? AI governance support: How effectively can AI agents assist in managing real-time space usage and adaptive rules, such as matching between space needs and availability, or proposing rule adjustments based on peer feedback? Dialogic permissions: Can we structure legal permissions conversationally, moving beyond rigid contracts to flexible, understandable agreements? Collaborative Development

The Permissioning the City Korean consortium includes key technology and government partners working towards shared outcomes.

Dark Matter Labs: Leading the conceptual design and back-end permissioning architecture Authrium: Providing decentralised identity (DID) solutions and zero-knowledge proof (ZKP) mechanisms to ensure privacy AP I&D: Managing conversational infrastructure and developing small language models tailored to localised AI engines DaonPlace and o2pluss: Responsible for civic branding, UI/UX design, and integrated payment systems Incheon Technopark, Jeonnam Information and Culture Industry Promotion Agency, Yongin City Industrial Promotion Agency, Daegu Technopark, and Inha University are jointly coordinating live pilot testing, local experimentation, and integration with the public sector systems to drive the development and deployment of Platform 2.0

We are finding that civic tech development in this phase is less about centralised, in-house production and more about building ecosystems — compiling modular parts from loosely connected collaborators. We’re enthusiastic about this next chapter in transforming how cities manage shared spaces — moving towards flexible, community-led, and intelligent permissioning solutions. Stay tuned for more updates as we continue this exciting journey!

An open invitation

We are only at the beginning of a journey to transform cities, and we are always looking for people to work with. If you want to support the development of PtC, or apply PtC in your own context or space, reach out to us at: ptc@darkmatterlabs.org.

Thanks to:
The team at Dark Matter Labs
Mission holder : Eunji Kang, Indy Johar
Project/product holder: Eunsoo Lee, Eunji Kang
Strategic design: Calvin Po, Fang-Jui ‘Fang-Raye’ Chang
Software development: Donghun Ohn, Shu Yang Lin
Strategic and technical adviser: Indy Johar, Gurden Batra, Theo Campbell
Project administration: Doeun Kim

Design collaboration (UX & Branding)
GRAFIK P.L-F: Hyojeong Lee, Yuna Shin

Community engagement and coordination
Parti

Strategic coordination
Heedae Kim (Daegu Technopark)

Video production
LEJ Production

Research collaboration
Zeynep Uğur (HU University of Applied Sciences Utrecht)

Permissioning the City 2025 Update was originally published in Permissioning the City Product Journey on Medium, where people are continuing the conversation by highlighting and responding to this story.

With financial crime at all all-time high, AML Watchlist Screening Software has become a critical tool for financial institutions, fintech, and regulated enterprises. Learn more about how Watchlist Screening can help.

The post The Power of AML Watchlist Screening Software first appeared on ComplyCube.

KILT Protocol is entering an exciting new phase in its mission to enable real-world trust on the internet.

KILT’s technology, products, and tokenomics are undergoing a complete transformation with the goal of becoming a leader in the decentralized identity (DeID) sector. Developments include:

The establishment of the KILT Foundation dedicated to supporting the growth and success of KILT protocol. Expansion of the team and advisory council. A bold new product strategy to fulfill consumer app demand, complimenting our earlier focus on infrastructure and enterprise/government integrations. Growth beyond Polkadot to Base and the EVM world; opening to a user base orders of magnitude larger than before. Tokenomic improvements including a halt of inflation, and novel token utility. Continued pursuit and development of enterprise and government integrations; high-level working relationships with some of the world’s largest organizations.

With an ambitious new outlook, KILT is expanding and improving its contribution to Web3, the next phase of the internet where identity is portable, credentials are verifiable, and users retain full control.

Read on to find out about some of the products and updates for 2025 which will take the network to the next level, providing multichain tools around DeID for everyday internet users, enterprise and developers.

New Products and Services

The new KILT product portfolio will include the Clans InfoFi platform; the Sporran super app; decentralized identifiers (DeIDs) for individuals and as a service (DaaS); KILT Pay, linking credentials with real-world payments; and a software development kit (SDK) bringing KILT to Ethereum-compatible blockchains. These and more are are under active development and are planned to roll out through 2025, beginning with Clans in the next few weeks.

Clans: Rewards in the Attention Economy

The attention economy just got an upgrade! Built on KILT, Clans is a mobile-first InfoFi platform that lets you earn rewards for engaging with others and creating content — directly tied to your activity on X (Twitter). Available on iOS and Android, Clans enables you to rise through the ranks while supporting your favorite projects across any network.

In Web3, community is currency.

But building meaningful communities requires more than Discord bots or bounty boards. It needs measurable attention economics, social proof, and incentives aligned with contribution.

Post-to-Earn Mechanics: Join campaigns, post content, and earn Roar Points based on real engagement (likes, reposts, replies) and mindshare. Leaderboard Dynamics: Rise through the ranks and earn exclusive rewards by supporting campaigns. Mobile-First UX: Available on iOS and Android, Clans facilitates effortless engagement, particularly for mobile-first communities globally. Beyond KILT: Ecosystem-agnostic infrastructure allows other protocols to launch viral growth campaigns using Clans. Fully mobile-native; Clans turns attention into ownership. Sporran 2.0: Your Identity Super App

The Sporran 2.0 “Super App” brings decentralized identity to the real world. Not limited to Web3 and with frictionless onboarding, this multi-functional app lets you authenticate a decentralized single sign-on (SSO) and access secure digital signing (DIDsign), KILT Pay, and third-party integrations. So now you can manage your identity, credentials and tokens across the internet just using your phone.

Reimagining the Web3 Wallet.

Today’s Web3 wallets are great for storing tokens but fall short in managing identities and credentials, and providing utility. With Sporran 2.0, KILT is transforming its identity wallet into a multi-functional super app that unlocks decentralized identity in your daily digital life.

Claim & Present Credentials: Easily manage your KILT-based verifiable credentials (DIDs, attestations, proofs). Built-In Security: Leverages TEE (Trusted Execution Environments) and MPC (Multi-Party Computation) for secure credential and key management. Access Mini-Apps: Use Sporran as your gateway to DIDsign, KILT Pay, and third-party integrations. Single Sign-On (SSO): Authenticate seamlessly across dApps and Web2 platforms using KILT-issued credentials, eliminating the need for passwords or traditional wallets. Powered by OpenID Connect (OIDC) with relayers, for a secure, single sign-on access across services. Sporran is a Web3-native passport; not just for access, but for utility. DIDsign 2.0: The Web3 Signing Platform for Everyday Use

A decentralized alternative to DocuSign and Adobe Sign, DIDsign 2.0 is a verifiable, privacy-preserving signing platform. Based on the internationally-recognized W3C decentralized identifiers (DIDs), you can create and control your digital identity, storing it on your own device. With DIDsign you can use decentralized identities for document signing and credential-based access via your phone or device, with signatures verifiable on-chain without revealing document content. The platform also enables multi-party signing, great for quick and transparent contract approvals.

Bringing decentralized signature infrastructure into everyday workflows.

KILT is reimagining DIDsign as a fully-featured decentralized signing platform: a verifiable, privacy-preserving alternative to DocuSign and Adobe Sign.

Legally-Sound Document Signing: Sign contracts, agreements, NDAs, and invoices using decentralized identifiers and timestamped hashes. Credential-Based Authentication: Only signers with required credentials (e.g., verified KYC or professional affiliations) can access and sign. Auditability Without Surveillance: All signatures are verifiable on-chain, while document contents remain off-chain and encrypted. Team Collaboration: Manage multi-party signing flows, track progress, and issue countersignatures — all inside a unified interface. From DAOs signing grants to enterprises managing staffing contracts — DIDsign 2.0 brings decentralized signature infrastructure into everyday workflows. KILT Pay: Credential-Aware Payments Infrastructure

KILT Pay links your identity with real-world payments using verified credentials. This allows users and platforms to transact safely and seamlessly. Integrated with payment services, KILT Pay can be used for credential-based anti-money-laundering (AML) controls or non-custodial Know Your Customer (KYC) requirements without leaking personal data.

Web3 payments need more than just wallets and QR codes — they need verified, compliant identity.

KILT Pay bridges on-chain credentials with real-world payments, enabling merchants, platforms, and users to transact safely and seamlessly. Keep an eye on KILT X for announcements of collaborations with leading payment integrators.

Credential-based checkout and AML controls — without leaking personal data. Onboarding tools for fintechs, exchanges, and DAOs requiring non-custodial KYC. Pay for services with a tap, while proving eligibility or jurisdiction — no passwords, no screenshots, no friction. EVM SDK: KILT Identity for Every Chain

The EVM Software Development Kit (SDK) expands KILT identity solutions beyond the Polkadot ecosystem, bringing them to Ethereum-compatible blockchains. The TypeScript SDK makes it easier for developers to integrate KILT as identity middleware, with cross-chain portability and credentials that can be utilized by smart contracts across Ethereum, Base, Arbitrum, Optimism, Polygon and all Ethereum-compatible blockchains.

KILT’s identity layer becomes composable across ecosystems.

We will be releasing a complete EVM Software Development Kit (SDK) that brings KILT’s credential primitives to Ethereum-compatible chains.

Solidity Libraries: KILT credentials can be natively verified by smart contracts across a range of blockchains, including Ethereum, Base, Arbitrum, Optimism, Polygon, and other Layer 2 solutions. Cross-Chain Credential Portability: Credentials issued on KILT, validated across ecosystems. TypeScript SDK: Simplifies backend and frontend development with credential APIs. This makes KILT de facto identity middleware for the EVM universe. DID-as-a-Service (DaaS): Developer-Friendly Identity APIs

Verifiable identity shouldn’t require a PhD in cryptography.

DID-as-a-Service is KILT’s turnkey developer suite that lets any builder integrate decentralized identifiers and verifiable credentials into apps, platforms, and products — with just a few lines of code. Not limited to Web3 platforms, these can be used for secure log-ins, credential gating or age-restricted content, and embedded identity layers.

Use Cases: Identity-based logins for DeFi or Web2 portals. Credential gating for token sales, age-restricted content, or governance. Embedded identity layers for wallets, exchanges, AI agents, and more. Available via RESTful APIs and SDKs, DaaS lowers the barrier for integrating identity into high-scale applications. Token Migration

To pave the way for KILT’s ambitious multichain future, the community voted to migrate the KILT token to a new contract on the Base network. This process will begin in the near future; details will be announced on KILT X (Twitter). KILT holders will be required to migrate their tokens either via supported exchanges or manually by a self-custody route. A detailed how-to guide will be published via X and the KILT blog before migration begins.

The new token contract, the migration contract, and migration portal have recently completed a security audit with Certik.

These new developments on KILT Protocol aim to bring more trust and security to the internet without compromising on privacy. Follow KILT updates on X or on the blog. 🔗 A Unified Identity Layer for the Decentralized Internet: Why It Matters

Identity is the missing layer in decentralized infrastructure.

Without scalable, privacy-preserving, and composable identity primitives:

DAOs can’t onboard contributors with trust. DeFi protocols can’t scale responsibly or compliantly. Content and engagement can’t be credibly incentivized. Signing documents still relies on centralized Web2 vendors.

KILT solves this — with infrastructure, UX, and interoperability baked in.

📣 Get Involved

Whether you’re a:

dApp Builder looking to integrate login, credentials, or document signing, Ecosystem Project wanting to launch community campaigns via Clans, Enterprise seeking a decentralized e-signature alternative, Digital Identity Framework integration. User exploring DID-based identity ownership…

KILT is ready for you.

👉 Explore: Website: https://www.kilt.io Docs: https://docs.kilt.io Twitter/X: @KiltProtocol Email: hello@kilt.io

The decentralized internet will not scale without decentralized identity.
KILT is building the core infrastructure to power it — one credential, one signature, one community at a time.

Welcome to the new era of trust. About KILT Protocol

KILT is an identity blockchain for generating decentralized identifiers (DIDs) and verifiable credentials, enabling secure, practical identity solutions for enterprise and consumers. KILT brings the traditional process of trust in real-world credentials to the digital world, while keeping data private and in possession of its owner.

KILT 2025: A New Chapter was originally published in kilt-protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

In deze aflevering van de Data Sharing Podcast duiken we in de wereld van pensioenen en keuzebegeleiding. Host Caressa Kuk spreekt met Stefan Taubert (Stichting Pensioenregister) en Robert Harreman (Ockto) over hoe je mensen écht kunt helpen bij pensioenkeuzes en welke rol persoonlijke data daarin speelt.

The post Market & Buyer’s Guide for Anti-Money Laundering appeared first on Liminal.co.

🤝 Partnership Spotlight

Safle x DetaSecure Integration

We’re thrilled to announce a new partnership with DetaSecure! They provide next-gen solutions that protect your apps, DApps, data, and systems against today’s most complex threats. Their focus on AI security, blockchain risk, Web3 protection, and more helps businesses stay one step ahead.

Their vision is to build Smart Security Solutions for a Decentralized World, as well as recently introduced: OVF — Open Validation Framework

They are solving these problems with

⚡️ Decentralized Validators

⚡️ Restaking Security via @eigenlayer

⚡️Incentive-based reward systems

⚡️ Cross-chain validation support

Details you can find here: https://x.com/ovfxyz/status/1924924324844085723

We have explored integrating an embedded wallet solution for their platform, OVF, which aims to solve AI data validation challenges using blockchain with seamless Web3 onboarding, as well as working with the multichain module!

The partnership has the strength to get the next million users with secure data!

📣 Marketing Highlights

🎯 KYP (Keep Your Player) Dashboard Campaign is Live!

We’ve launched a targeted ad campaign to promote the KYP Dashboard Survey an initiative to collect critical insights from the Web3 gaming ecosystem.

👾 Who’s it for?

Blockchain game developers, aggregators, gaming enthusiasts, and Web3 visionaries.

🎁 Why participate?

First 20 respondents get $5 in USDT, Safle tokens, and early access to the KYP dashboard. Your feedback will directly influence our next-gen analytics and retention tools.

👉 Take the survey now: https://hgbopbs0vss.typeform.com/safle 👈

🛠 Product Updates

1. Login via Safle

The Safle embedded wallet now supports social login, allowing users to seamlessly authenticate using platforms like Google or Discord. This login mechanism is global, i.e. it’s not tied to any specific integration partner and works uniformly across the entire platform. It simplifies user onboarding while maintaining a consistent and secure authentication flow.

🚀 Ready for release

2. Developer Dashboard

The developer dashboard streamlines partner onboarding by providing a centralized interface to manage integrations and monitor usage. It offers key analytics such as total users created, login trends over time, and insights into inactive users. This empowers partners with actionable data and simplifies the overall integration experience.

🔧 User activity analytics for partners in development

Thank you for your continued support in shaping the future of Web3 with Safle.

The Safle Team

🚀 More updates coming soon!

Learn how Fastly boosted Super Bowl 2023 traffic by 46% with the same server fleet, improving performance, sustainability, and reducing carbon impact.

In a transformative move for the decentralized technology ecosystem, Kwaai and Verida today announced their intent to join forces to create a world-leading, end-to-end decentralized AI platform. This union brings together two highly complementary open-source technology stacks to empower a new generation of private, personalized, and user-owned AI applications.

The combined organization will unify Verida’s decentralized data and connectivity infrastructure with Kwaai’s decentralized AI systems to build a comprehensive, open-source solution to realize sovereign AI.

Working with Reza and the Kwaai team has been inspiring. Their dedication to open source, long-term thinking, and community building aligns perfectly with our mission to make personal technology and AI accessible to everyone. Our technologies complement each other in exciting ways, and we’re thrilled to take this step together. Chris Were, Verida CEO.

Verida’s gracious contribution accelerates the Kwaai mission by providing complementary components of personal data connectors and shared storage. By merging our two communities, we follow the example of Linux in demonstrating the power of open source to transform an industry. Reza Rassool, Kwaai Chair.

Today, Verida and Kwaai signed a memorandum of understanding to support the contribution of Verida’s technology to the Kwaai project. This agreement reflects our commitment to bringing our communities together and jointly exploring the future role of the VDA token and network.

A Shared Mission

At the heart of this initiative is a unified mission: to build open-source, decentralized, human-centric AI that prioritizes sovereignty, accessibility and personal agency.

This is not just a technology partnership — it’s a global movement towards reclaiming control over data, computation, and decision-making in the age of AI.

By joining forces Verida and Kwaai are accelerating the realization of personal AI, that empowers individuals, respects data sovereignty and leverages decentralized infrastructure to ensure user control.

Open source ecosystems thrive on modularity, and we expect the personal AI stack to involve multiple technologies working together. Verida’s decentralized identifiers make it possible to link diverse sovereign services — including compute, storage, and messaging. Verida’s encrypted decentralized database is just one of several storage components expected to power a flexible, full-featured personal AI platform.

About Kwaai Kwaai is a rapidly growing community of 850+ AI volunteers — a technical and policy think tank of designers, builders, and researchers supported by over 30 partner organizations. KwaaiNet: a peer-to-peer fabric supporting distributed AI — Built by the People, For the People. KwaaiNet aggregates unused and unsold processing in residential, enterprise, and cloud computing to deliver a digital public infrastructure accessible to all. KwaaiNet comprises a three-layered sandwich of a shared storage network, a community inference layer, and an Intentcasting network. Kwaai builds Personal AI focused on empowering individuals, respecting data sovereignty, and leveraging edge infrastructure such as KwaaiNet. The Kwaai Fundamental AI workgroups are driving cutting-edge research to enhance AI efficiency and capability. Areas of exploration include GraphRAG architectures, sub-quadratic neural networks, physics-informed neural models, state space modeling, and privacy-preserving methods like homomorphic confidential computing.

The Verida ecosystem includes:

A global community of 85k X followers, 30k Discord members, multilingual ambassadors, application builders, and data integrators Data connector framework enabling users to export and connect their existing data and services — like Gmail, Telegram, Slack etc. Self-sovereign confidential compute to facilitate private operations on personal data and services A proven decentralized database network for storing encrypted personal data Verida Vault web application enabling people to manage their data and connections Decentralized identifier and API key implementations to support personal identity and key management Verida Network Transition

The current Verida Storage Network, which has served as a critical testbed for decentralized storage and early AI integration, will cease operations on June 6, 2025. All users and builders must export their data before this date.

Going forward, the next iteration of Verida’s open-source infrastructure — tailored specifically for decentralized AI — will be developed and supported under a dedicated working group in the Kwaai community.

A New Vision for the VDA Token

Verida and Kwaai joining forces presents a unique opportunity to review the utility and scope of the existing VDA token. Originally designed as a decentralized storage credit, the combined organization has a much broader scope and the VDA token to become the basis for a universal community-driven economy for decentralized AI infrastructure. This will support access to personal storage, compute, and inference across a fully integrated, decentralized AI stack.

How You Can Get Involved

Join the growing community of decentralized AI pioneers:

Join the Kwaai Community: kwaai.ai/home/sign-up Investigate running a KwaaiNet Node: kwaai.ai/kwaainet Follow Verida and Kwaai on X to stay updated What’s Next?

This is a high-level announcement. In the coming weeks we will share more detailed plans with actionable steps members from both communities can take to support a smooth integration of technology, community and other key stakeholders.

Stay tuned. The future of decentralized, ethical, user-owned AI starts now.

Kwaai and Verida Join Forces to Accelerate the World’s First Open Source Personal AI Platform was originally published in Verida on Medium, where people are continuing the conversation by highlighting and responding to this story.

In a recent conversation with Paul Grassi (Principal Product Manager for Identity Services at Amazon), he mentioned that the ecommerce giant wants to move from verification to acceptance.

Traditionally, Amazon handled all the heavy lifting: scanning physical documents, running credit checks, and matching selfies to confirm a user’s identity. While effective, those steps create extra friction for customers and risk collecting more data than necessary.

Now, Amazon aims to accept digital ID credentials that have already been verified by trusted issuers (like state governments). 

Shyft Network, the trust protocol, has entered into a partnership with GetBit, a mobile-first cryptocurrency exchange in India, to support scalable regulatory readiness in one of the world’s fastest-growing digital asset markets.

As India sharpens its focus on regulation and responsible innovation in the crypto space, exchanges like GetBit are proactively stepping up. Through this partnership, GetBit will integrate Veriscope, Shyft Network’s compliance infrastructure, providing a seamless solution for FATF Travel Rule compliance. Unlike traditional approaches, Veriscope facilitates the exchange of verified user data between Virtual Asset Service Providers (VASPs) using cryptographic proof — ensuring compliance without compromising user privacy or operational efficiency.

For emerging exchanges operating in rapidly evolving markets, building trust through transparent and compliant infrastructure is critical. This collaboration reflects a growing demand for solutions that bridge the gap between privacy, decentralization, and regulatory alignment.

“As the digital asset space in India matures, there is a clear need for tools that simplify compliance without burdening users or platforms,” said Zach Justein, co-founder of Veriscope. “GetBit’s commitment to secure and accessible crypto aligns with our mission to embed privacy and compliance into the fabric of blockchain infrastructure.”

GetBit’s mobile-first approach, intuitive interface, and growing user base position it as an accessible onramp for crypto participation in India. The exchange emphasizes simplicity, transparency, and regulatory readiness — principles that resonate strongly in today’s market environment.

With this integration, GetBit joins a growing list of regional platforms across India choosing Veriscope to meet regulatory requirements without friction. The move reflects Shyft Network’s broader push to enable secure, compliant digital finance infrastructure in high-growth economies.

‍About Veriscope

Veriscope is the only frictionless FATF Travel Rule compliance solution, enabling VASPs to securely verify and share user data through cryptographic proof. Built on Shyft Network, it reduces complexity and risk while protecting user autonomy — trusted by leading VASPs worldwide.

About GetBit

GetBit is a user-focused Indian crypto exchange offering a simple and secure mobile-first trading experience. With an emphasis on regulatory alignment and market accessibility, GetBit is committed to supporting the next wave of crypto users in India.

Shyft Network and GetBit Powering Privacy-Preserving Compliance in India was originally published in Shyft Network on Medium, where people are continuing the conversation by highlighting and responding to this story.

Sometimes I cry Sometimes I lie Sometimes I try Sometimes I fly But mostly inside? I die

Continue reading on Clubwritter »

Web3 + AI + Fortune : Combination, New product Web3 + AI + Fortune-telling: A New Combination

Dear Metadium community,

Metadium will be showcasing real-world use cases of DID services. We will be introducing a variety of services that integrate with Metadium DID.

The first of these is the fortune-telling service ‘majoo’, which we are excited to share with you.

🌠 Introducing the Fortune-telling Service “majoo”

Fortune-telling has long been a subject of great public interest. Majoo reinterprets this in a modern way by offering “personalized daily insights tailored to your current state and personality.”

On June 16, 2025, the Metadium-powered fortune-telling service majoo will officially launch.

Majoo goes beyond basic fortune-telling. It offers personalized analysis of one’s temperament and flow using Metadium DID and AI technology.
It’s not just entertainment — it’s a guide for self-awareness and actionable life decisions.

▶️ Download majoo
Coming to Google Play and App Store in June.

🌟 Real-World DID Usage and AI Technology Power the Expansion of the Metadium Ecosystem

Majoo is a service that combines Metadium’s DID technology with AI.

As more people use majoo, the number of users issuing and utilizing Metadium DID will naturally increase.
The more frequently DID is applied in real-world services, the more it becomes embedded in practical ecosystems, ultimately accelerating the growth of Metadium’s overall infrastructure.

“Every new user makes Metadium stronger in the real world.”

The AI applied in majoo doesn’t just automate results. It analyzes your daily state, behavioral patterns, and personal tendencies to offer fortune readings that feel truly tailored to you.
As a result, user satisfaction and retention increase, and DID adoption happens naturally.

Furthermore, Metadium’s quick integration of AI — one of today’s most prominent tech trends — shows its commitment to staying on the cutting edge.
This strategic move enhances the user experience and drives the evolution of Web3 services in the Metadium ecosystem.

📢 Stay Updated — Join the Metadium Community

To receive updates on future releases and DID-based service announcements, subscribe to our community:

Website | https://metadium.com Discord | https://discord.gg/ZnaCfYbXw2 Telegram(EN) | http://t.me/metadiumofficial Twitter | https://twitter.com/MetadiumK Medium | https://medium.com/metadium

Thank you.

Metadium team.

Web3 + AI + 운세: 새로운 조합

안녕하세요, 메타디움 팀입니다.

메타디움 DID의 실생활 서비스와의 결합, AI 서비스 출시 등 다양한 사례들이 매주 순차적으로 공개될 예정입니다.

그 첫 번째로, 운세 서비스(“마주”)의 출시와 메타디움 DID 도입을 소개드립니다.

🌠 운세 서비스 ‘마주’ 소개

운세는 오랜 시간 많은 사람들이 관심을 가져온 주제입니다. 시대가 바뀌어도 ‘나를 알고 싶다’는 사람들의 본질적인 욕구는 여전히 유효하며, 그만큼 운세는 언제나 친숙하고 강력한 접근점이 되어줍니다.

2025년 6월, 메타디움 기반 운세 서비스 ‘마주(majoo)’가 정식 출시됩니다.

‘마주’는 단순한 운세를 넘어 매일 달라지는 나의 성향과 흐름에 맞춘 운세 경험을 제공합니다. 단순한 엔터테인먼트를 넘어 자기이해와 실생활 행동의 가이드가 제공됩니다.

▶️ ‘마주’를 만나보세요!

GooglePlay / AppStore 에 6월 출시될 예정입니다.

🌟 DID 실사용과 AI기술이 메타디움 생태계를 확장합니다

마주는 메타디움 DID와 AI기술을 결합한 서비스입니다.

‘마주’를 사용하는 사람들이 많아질수록, 메타디움 DID를 발급 및 활용하는 사용자도 함께 늘어나게 됩니다.

DID가 실제로 사용되는 사례가 많아지면 많아질수록, 메타디움 기술은 더 많은 서비스와 연결되고, 이는 메타디움의 생태계 성장으로 이어질 것입니다.

“한 명의 사용자가 늘어날 때마다,

메타디움은 현실 속에서 더 강해집니다.”

마주에 적용된 AI 기술은 단순히 운세를 자동으로 보여주는 수준을 넘어, 사용자의 성향과 흐름을 읽고, 실제 생활에 밀접한 가이드를 제공합니다. AI가 생성한 맞춤형 운세는 사용자에게 더 높은 만족도와 몰입을 유도합니다.

AI는 현재 가장 주목받는 기술 트렌드 중 하나입니다. 메타디움은 기술 흐름에 민감하게 반응하고, 적극적으로 DID 생태계에 접목하고 있습니다. 이는 단순히 기술 도입을 넘어, 미래형 Web3 서비스로의 진화를 가속화하는 전략적 선택입니다.

📢 매주 발표되는 소식을 받기 위해 메타디움 커뮤니티를 구독하세요

마주(운세)를 시작으로, 다양한 분야에서 DID의 적용과 AI 기술 활용 사례, 협업 소식이 매주 이어집니다.

Website | https://metadium.com Discord | https://discord.gg/ZnaCfYbXw2 Telegram(EN) | http://t.me/metadiumofficial Twitter | https://twitter.com/MetadiumK Medium | https://medium.com/metadium

감사합니다.

메타디움 팀.

Web3 + AI + Fortune : Combination, New product was originally published in Metadium on Medium, where people are continuing the conversation by highlighting and responding to this story.

Discover how Fastly helped a major North American broadcaster overlay customized ads on live streams—without adding latency.

Effective budgeting for data management is key to research compliance and sustainability. Under NIH’s Data Management and Sharing (DMS) policy, institutions must plan early for costs like storage, curation, repository fees, and compliance. These must be detailed in grant budgets. Platforms like myLaminin help by enabling accurate cost forecasting, secure storage, and efficient data stewardship—supporting institutions in meeting funder expectations.

Predictoor DF143 rewards available. DF144 runs May 29th — June 5th, 2025 1. Overview

Data Farming (DF) is an incentives program initiated by ASI Alliance member, Ocean Protocol. In DF, you can earn OCEAN rewards by making predictions via ASI Predictoor.

Data Farming Round 143 (DF143) has completed.

DF144 is live today, May 29th. It concludes on June 5th. For this DF round, Predictoor DF has 3,750 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF144 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF144

Budget. Predictoor DF: 3.75K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and ASI Predictoor

Ocean Protocol was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF143 Completes and DF144 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.