Olivia
Online
SpruceID (we're hiring)
@SpruceID
Building a future where users control their identity & data across all digital interactions.
Joined August 2020
3 Following
14.5K Followers
938 Posts
Wayne Chang, CEO of @SpruceID, on the business case for privacy-first identity: reduce institutional fraud costs, increase user convenience, and align security with digital rights – all at once.
Episode 3 of the Privacy Podcast is live. @btschiller sits down with @wycdd, founder of @SpruceID, on why digital identity is broken and what rebuilding it actually looks like.
https://t.co/Yug4a2JA1d
i finally watched episode 3 of Ben Schiller’s Privacy Podcast with Wayne Chang from Spruce ID yesterday
i planned to drop this yesterday but i couldn't finish up, regardless let's get into it...
this episode featured the founder and ceo of @SpruceID (Wayne Chang)
SpruceID is a platform that allows users to have control of their data and credentials across digital platforms
here's my takeaway from this episode of the podcast;
1. Digital identity today is completely broken
Wayne was very straightforward about how bad things are right now. we’re still uploading JPEGs of passports and selfies as “verification” in 2026.
with how powerful generative AI and deepfakes have become, this is basically an invitation for fraud.
he mentioned real cases; including one where a company lost $25 million because the entire Zoom call with the “CFO” and team was completely faked using deepfakes.
it’s really wild. security has always been an afterthought, companies care more about revenue than building proper systems, so we ended up with this messy patchwork that AI can easily break.
2. The vision: Put users back in control
Wayne’s whole philosophy is human-centric. identity shouldn’t start with governments or big platforms owning us.
you already have an identity from birth... your name, your sex, fingerprint etc. Government should only endorse it when needed, not control or track it.
he pointed to Utah’s recent digital identity bills as one of the better real-world examples happening right now...
the idea is simple: give people tools to control their data flows, prevent oversharing, and still make things usable for services.
what stood out to me is how he kept saying we need to get the order right... figure out the societal principles and human needs first, then build the technology (zero-knowledge, selective disclosure, etc.) around that, most of tech does it backwards.
3. Why this matters for crypto
Wayne said identity is one of the biggest missing pillars for real blockchain adoption. without private, verifiable identity tools, a lot of use cases stay stuck in theory.
he gave a very relatable example: imagine a decentralized ride-sharing app. you don’t want to jump into a random car just because it matches on the map.
you want to know the driver is properly licensed, insured, and has a clean record. the driver also wants to know you’re not a risky passenger. all of this can be done privately with digital credentials... no central company watching every ride.
he also touched on bigger ideas like data in escrow for disputes, revocation lists, and how shared ledgers could solve common problems in identity systems.
my take: we talk about self-custody of money all the time in crypto, but we rarely talk about self-custody of our identity and personal data. this episode showed me they’re two sides of the same coin, without solving identity privately, many real-world applications (ride-sharing, lending, insurance, services) will struggle to go fully decentralized.
----+----
this episode got me thinking about who actually owns and controls our digital existence fr... are we really in control?
Ben is really building something special with this podcast series, episode 3 was another banger!
...search "The Privacy Podcast" on youtube to watch this or any of the previous episodes, i'll drop the link in the comments
@DigitalChamber hosted an impactful Blockchain Demo Day today in Albany, highlighting real-world use cases alongside members @BSVAssociation and @SpruceID
An exciting day of engagement with legislators. Thank you to Banking Committee Chair @clydevanel for hosting us!
KYC is ineffective, expensive, and burdensome. It's time for an upgrade. We see just such a proposal in an exciting comment letter submitted to @SecScottBessent and his @USTreasury crypto team on implementation of GENIUS. It was submitted by the team at @SpruceID (see it here https://t.co/4ibZfRTazZ).
The letter argues that the BSA/AML framework (built for a paper/intermediary era) should be modernized for digital assets by recognizing high-assurance digital identity + privacy-preserving cryptography + standardized APIs as first-class compliance evidence—so institutions can detect illicit activity more effectively while collecting less sensitive personal data.
It argues we should adopt an Identity Trust model. Taking this approach, regulated entities (e.g., banks/trust companies/supervised providers):
- verify users once
-issue encrypted/pseudonymous credentials
-support unlinkable transaction identifiers, and
- enable lawful access via a threshold-key process (court + Identity Trust, conceptually).
The model’s four stages—Identifying, Transacting, Investigating, Monitoring—are positioned as a privacy-preserving way to achieve BSA identification where required.
The rundown of Spruce's proposals are:
1) Treat verifiable digital credentials (VDCs) as valid Customer Identification Program (CIP)/Customer Due Diligence (CDD) evidence, including as “documentary” methods where appropriate, with assurance baselines like NIST IAL2+ and issuers such as government authorities / approved institutions / identity trusts.
2) Enable/recognize privacy-preserving “attribute verification” (data minimization) so compliance can be satisfied by proofs like “not on OFAC list” without routinely collecting full PII.
3) Create or approve a financial-sector trust registry of approved credential issuers (e.g., DMVs, regulated FIs, certified identity providers), aligned with interoperability standards (the letter references NCCoE).
4) [THE BIG ONE] Use existing exemptions/relief authority to allow early adopters to treat validated credentials as acceptable documentary evidence for CIP (the letter explicitly points to using exemptions authority).
5) Modernize the Travel Rule to allow VDC-based transmission (i.e., transmitting verifiable proofs instead of plaintext PII), with conditions like trusted issuance, IAL2+, binding to required data, real-time validity checks, and lawful access on legal request.
6) Standardize “verifiable real-time APIs” and technical profiles and clarify what evidence (logs/signatures/receipts) satisfies BSA obligations.
*****
If we are going to improve consumers' lives by fixing KYC, we need the full engagement of the Treasury and other agencies like @SECGov, where I have to imagine @SECPaulSAtkins and @HesterPeirce would be in favor of an upgrade. Pursuing a sandbox or other MVP in-the-wild trial of such a system could change things for the better.
![BillHughesDC's tweet photo. KYC is ineffective, expensive, and burdensome. It's time for an upgrade. We see just such a proposal in an exciting comment letter submitted to @SecScottBessent and his @USTreasury crypto team on implementation of GENIUS. It was submitted by the team at @SpruceID (see it here https://t.co/4ibZfRTazZ).
The letter argues that the BSA/AML framework (built for a paper/intermediary era) should be modernized for digital assets by recognizing high-assurance digital identity + privacy-preserving cryptography + standardized APIs as first-class compliance evidence—so institutions can detect illicit activity more effectively while collecting less sensitive personal data.
It argues we should adopt an Identity Trust model. Taking this approach, regulated entities (e.g., banks/trust companies/supervised providers):
- verify users once
-issue encrypted/pseudonymous credentials
-support unlinkable transaction identifiers, and
- enable lawful access via a threshold-key process (court + Identity Trust, conceptually).
The model’s four stages—Identifying, Transacting, Investigating, Monitoring—are positioned as a privacy-preserving way to achieve BSA identification where required.
The rundown of Spruce's proposals are:
1) Treat verifiable digital credentials (VDCs) as valid Customer Identification Program (CIP)/Customer Due Diligence (CDD) evidence, including as “documentary” methods where appropriate, with assurance baselines like NIST IAL2+ and issuers such as government authorities / approved institutions / identity trusts.
2) Enable/recognize privacy-preserving “attribute verification” (data minimization) so compliance can be satisfied by proofs like “not on OFAC list” without routinely collecting full PII.
3) Create or approve a financial-sector trust registry of approved credential issuers (e.g., DMVs, regulated FIs, certified identity providers), aligned with interoperability standards (the letter references NCCoE).
4) [THE BIG ONE] Use existing exemptions/relief authority to allow early adopters to treat validated credentials as acceptable documentary evidence for CIP (the letter explicitly points to using exemptions authority).
5) Modernize the Travel Rule to allow VDC-based transmission (i.e., transmitting verifiable proofs instead of plaintext PII), with conditions like trusted issuance, IAL2+, binding to required data, real-time validity checks, and lawful access on legal request.
6) Standardize “verifiable real-time APIs” and technical profiles and clarify what evidence (logs/signatures/receipts) satisfies BSA obligations.
*****
If we are going to improve consumers' lives by fixing KYC, we need the full engagement of the Treasury and other agencies like @SECGov, where I have to imagine @SECPaulSAtkins and @HesterPeirce would be in favor of an upgrade. Pursuing a sandbox or other MVP in-the-wild trial of such a system could change things for the better.](https://pbs.twimg.com/media/HBjZyjvW8AAErIp.jpg)
✨𝐓𝐡𝐞 𝐏𝐫𝐢𝐯𝐚𝐜𝐲 𝐒𝐚𝐥𝐨𝐧 speaker lineup at 𝐄𝐓𝐇𝐃𝐞𝐧𝐯𝐞𝐫✨
Wayne Chang, founder and CEO of @SpruceID, is a digital identity expert and privacy advocate.
We’re excited to welcome @SpruceID as one of our new Diplomat members to TDC. Founded in 2020, SpruceID builds self-custodial digital identity infrastructure used by governments to issue and verify trusted credentials, like mobile driver's licenses and digital permits.
Their work centers on verifiable credentials, user-controlled wallets, privacy-preserving design, and open standards.
7/8 Project Glitch Fireside Chat: “Digital ID in 2026” — Wayne Chang, @wycdd, Founder & CEO of Spruce ID @SpruceID & Mike Orcutt @mike_orcutt, Founding Editor of @projectglitch_
Highlights:
• Wayne and Mike discussed digital credentials as a foundation for modernizing KYC/AML and reducing both friction and unnecessary data collection—especially as AI-driven forgery makes “upload an ID image” controls less reliable.
• A key policy point: architecture choices matter. They contrasted “server retrieval” vs “device retrieval” models for mobile driver’s licenses (mDLs), and why those choices can determine whether a digital ID system is privacy-preserving or surveillance-prone.
• They pointed to Utah’s Senate Bill 260 as an example of articulating guardrails (e.g., no tracking/over‑collection, preserving physical alternatives), and they argued for clearer government guidance that confirms modern privacy-preserving tools (including zero‑knowledge proofs, pseudonymous identifiers, and multi‑party computation) can support compliance outcomes.
SpruceID CEO pitches US health records group on verifiable digital credentials
Wayne Chang urges adoption of VDCs for vital records modernization
#digitalID @SpruceID
https://t.co/FMuhamt7zL
Here is what you can look forward to at tomorrow's PGP* (Pretty Good Policy) for Crypto meeting...
Lightning talks:
* Policy Update: @BlockchainAssn
* Paul Brody @pbrody, Principal & Global Blockchain Leader, Ernst & Young
* Tony Douglas Jr. @dao_officer & Kyle Bligen @KyleBligen, The Decentralization Research Center @TheDRC_
* Remi Gai @remi_gai, Founder of Inco @inconetwork
* Ying Tong @therealyingtong, Applied Independent Cryptographer
Project Glitch Fireside Chat: Digital ID in 2026 — A pivotal year ahead for innovation in both policy and technology
* Wayne Chang @wycdd, Founder & CEO of Spruce ID @SpruceID
* Mike Orcutt @mike_orcutt , Founding Editor of @projectglitch_
All are welcome to attend virtually (here on X)—or register (see below) to join us in person.
🎟️ Register to join in-person: https://t.co/F2zXlNUI3h
🔗 Alternate link with NFT claim: https://t.co/9xnW6JHaLq
Thank you to our sponsors: @ZcashCommGrants, @hedera Hashgraph, Ernst & Young, The Digital Securities Initiative, USC VanEck Digital Assets Initiative @USC_VEDA, and @ElectricCoinCo are proud sponsors of the PGP* for Crypto Briefing and Roundtable Series. We are also thankful for the support of the DeFi Education Fund @fund and the Blockchain Association @BlockchainAssn.
Live here on X tomorrow at 10 a.m. ET: https://t.co/LHl7lXn2bY
We're looking forward to supporting CCI's work advancing responsible crypto policy and user empowerment through secure, user-controlled digital identity 🤝
We are proud to welcome @SpruceID! Their work on secure digital identity and privacy-preserving infrastructure is an important contribution to building trusted, user-focused systems that can support the next generation of digital services.
We're honored to be a part of this important conversation on Dec. 15 at the SEC Roundtable.
Excited to contribute our perspective (and share a cool demo!) on how privacy-preserving digital identity can strengthen trust, security, and usability across the crypto ecosystem. 🫡
JUST IN: 🇺🇸🏛️ The SEC has updated the agenda for its Dec. 15 roundtable on crypto, financial surveillance, and privacy — featuring Zcash founder Zooko Wilcox, and other crypto and blockchain leaders.
📄Read our full blog post here to learn more: https://t.co/X4hDINK7DV
🧵We’ve made major updates to SpruceID’s developer documentation, making it easier to integrate verifiable digital credentials (VDCs) into mobile apps. Here’s what’s new ⬇️
📢Dive into our updated documentation at https://t.co/Kyk8N5RPMx and connect with us on Discord & GitHub. We welcome your feedback and look forward to seeing what you build.
📱SpruceKit Showcase App: A fully open-source wallet and verifier reference app. Use it to test, QA, or as a foundation for your own application. Explore it here: https://t.co/U9gvKaNf99
✅Expanded capabilities: Accept and present W3C credentials, verify mDLs offline, support OID4VCI/OID4VP, and verify JWTs. Our SDKs abstract the complexities of these standards for seamless integration.
📚New Android & iOS SDKs: We consolidated our libraries into dedicated SDKs, simplifying credential-holding and verification implementation for mobile apps.
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers