I'll note that Persona's CEO responded on LinkedIn [1] pointing out that:
- No personal data processed is used for AI/model training. Data is exclusively used to confirm your identity.
- All biometric personal data is deleted immediately after processing.
- All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
- The only subprocessors (8) used to verify your identity are: AWS, Confluent, DBT, ElasticSearch, Google Cloud Platform, MongoDB, Sigma Computing, Snowflake
The full list of sub-processors seems to be a catch-all for all the services they provide, which includes background checks, document processing, etc. identity verification being just one of them.
I have I've worked on projects that require legal to get involved and you do end up with documents that sound excessively broad. I can see how one can paint a much grimmer picture from documents than what's happening in reality. It's good to point it out and force clarity out of these types of services.
I used to have a LinkedIn account, a long time ago. To register I created an email address that was unique to LinkedIn, and pretty much unguessable ... certainly not amenable to a dictionary attack.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
show comments
luxpir
I really appreciate this write-up.
Was forced to verify to get access to a new account. Like, an interstitial page that forced verification before even basic access.
Brief context for that: was being granted a salesnav licence, but to my work address with no account attached to it. Plus I had an existing salesnav trial underway on main account and didn't want to give access to that work.
So I reluctantly verified with my passport (!) and got access. Then looked at all the privacy settings to try to access what I'd given, but the full export was only sign up date and one other row in a csv. I switched off all the dark pattern ad settings that were default on, then tried to recall the name of the company. Lack of time meant I haven't been able to follow up. I was deeply uncomfortable with the whole process.
So now I've requested my info and deletion via the details in the post, from the work address.
One other concern is if my verified is ever forced to be my main, I'll be screwed for contacts and years of connections. So I'll try to shut it down soon when I'm sure we're done at work. But tbh I don't think the issues will end there either.
Why do these services have to suck so much. Why does money confer such power instead of goodwill, integrity and trust/trustless systems. Things have to change. Or, just stay off the grid. But that shouldn't have to be the choice. Where are the decentralised services. I'm increasingly serious about this.
show comments
g8oz
It seems to me that if you let Persona verify your identity you're essentially providing data enrichment for the US government. In exchange for what? A blue tick from a feeder platform like LinkedIn, Reddit or Discord? No thanks.
On the other hand it can be hard to escape if it's for something that actually matters. Coursera is a customer. You might want your course achievements authenticated. The Canada Media Fund arranges monies for Canadian creators when their work lines up with various government sponsored DEI incentives. If you're in this world you will surely use Persona as required by them. Maybe you're applying for a trading account with Wealthsimple and have to have your ID verified. Or you want to rent a Lime Scooter and have to use them as part of the age verification process.
KYC platforms have a place. But we need legal guarantees around the use of our data. And places like Canada and Europe that are having discussions about digital sovereignty need to prioritize the creation of local alternatives.
show comments
codr7
LinkedIn is creepy even compared to Facebook imo.
And the content is the worst trash you'll find online, bottom of the barrel.
petemc_
Persona do not seem to be competent guardians of such a trove of private information.
LinkedIn is Tiktokified social media brainrot disguised as serious work. „Hey - you‘re not wasting time, you‘re building your network and gather industry knowledge!“
LinkedIn is full if so called professionals who make a living by leveraging their brand. If you‘re not one of them, leave
show comments
talkingtab
Somehow the fundamentals of places like linkedin, gmail, google, facebook, etc have eluded people.
1. they are selling you as a target.
2. some people, governments, groups, whatever are willing to pay a lot of money to obtain information about you.
3. why would someone pay good money to target you unless they were going to profit from doing so. are they stupid? no.
4. where does that profit come from? If some one is willing to pay $100 to target you, how are they going to recoup that money?
5. From you.
There is simply no other way this can have worked for this long without this being true.
It is a long causal change, so it is fair to ask whether there is any empirical evidence. If this is true we would expect to see ...? Well how about prices going up? Well how about in general people are less able to afford housing, food, cars, etc.
I'm speculating here, but perhaps it is predictability. There is a common time warp fantasy about being able to go back and guess the future. You go back and bet on a sports game. If I can predict what you are going to do then I can place much more profitable bets.
Do the corporations that participate in this scheme provide mutual economic benefit? Do they contribute to the common wealth or are they parasitical?
No one likes to think they have parasites. But we all do these days.
show comments
ndom91
Isn't Persona the same sub processor Discord is using for their new age-verification :thinking:
elAhmo
From the article:
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
Not sure LinkedIn is a European professional network.
show comments
edoceo
I've been getting "Emails aren’t getting through to one of your email addresses. Please update or confirm your email." -- even tho I get messages from them every day. When you press the button to confirm the (working) email it states "Something went wrong".
It happened last week too, I was able to fix it via their chat-help (human). Yesterday, their chat-help (human) was not able fix it and has to open a ticket. I pay for LinkedIn-Premium. So maybe this is just a scam to route me into Verification. Their help documents (https://www.linkedin.com/help/linkedin/answer/a1423367) for verifying emails doesn't match the current user experience.
Then, in a classic tech-paradox, their phone support person told me they would email me -- on the same address their system reports emails are not getting through to. It felt like 1996 levels of understanding.
We need to get back to de-centralised.
show comments
srameshc
This is the kind of activism in privacy appreciate that we need. I knew I did not want to verify but I did verify on Linkedin recently. The fact that the author also gave an action list if you are concerned about your privacy is just commendable.
BrandoElFollito
Ha. I was reading this and thought "euhhhh, I did not give all of that to verify my account". So I went to LinkedIn to check if I have the shield. I then saw
- that I just have "work email verified" and that there is a Persona thing I was not even aware of
Wow that is insane. Persona is even linked to Peter Thiel.
If LinkedIn asks me to verify then I'll just leave. I'd be very happy for it to fall over anyway so there is space for a new more ethical platform. Especially since Microsoft acquired it, all bets are off.
show comments
csmpltn
A good reminder of how things actually work, but the article could use some more balancing…
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
LinkedIn is an American product. The EU has had 20 years to create an equally successful and popular product, which it failed to do. American companies don’t owe your European nationalist ambitions a dime. Use their products at your own discretion.
Of course an American company is subject to American law. And of course an American company will prioritise other local, similar jurisdiction companies. And often times there’s no European option that competes on quality, price, etc to begin with. In other words I don’t see why any of this is somehow uniquely wrong to the OP.
> Here’s what the CLOUD Act does in plain language: it allows US law enforcement to force any US-based company to hand over data, even if that data is stored on a server outside the United States.
European law enforcement agencies have the same powers, which they easily exercise.
show comments
ollybrinkman
The deeper issue here is that centralized identity verification creates honeypots. You hand over real identity data to verify yourself, and now that data lives in LinkedIn's systems indefinitely. The alternative direction is zero-knowledge proofs for identity — prove you're a real person without revealing which person. Projects like World ID are going this direction. The irony is that for AI agents, none of this matters: they don't have identities to verify, which is actually a feature.
po1nt
>Count them. 17 companies. 16 in the United States. 1 in Canada. Zero in the EU.
We regulated innovation out of the market. Why are you surprises that the only companies finding your data valuable are in the US?
show comments
replwoacause
Good write up I guess, but I'm just so tired of all the AI-isms in every damn thing.
"Your European passport is one quiet subpoena away"
Why does the subpoena need to be quiet? If I search my chats with ChatGPT for the word "quiet", I get a ridiculous number of results. "Quietly this, quietly that". It's almost like the new em dash.
There's many others all over this blog post I won't bother calling out.
"Understanding what I actually agreed to took me an entire weekend reading 34 pages of legal documents."
Yeah I'll bet it did. Or it took an hour of back and forth with ChatGPT loaded up with those 34 pages.
I get it, we all use AI, but I'm just so tired of seeing the unmistakable mark of AI language all over every single thing. For some reason it just makes me think "this person is lazy". The CEO of a company my friend works for used Claude to write an important letter to business partners recently and we were all galled at her lack of awareness of how AI-sloppified the thing was. I guess people just don't care anymore.
show comments
weinzierl
The strange thing about LinkedIn organization verification is that it never seems to be revoked. I have many contacts with verifications from companies they no longer work for - sometimes for a very long time.
On the other hand I see many people posting in official capacity for an organization without verification.
When they actively represent their current company but with a random verification from a previous one it gets pretty absurd.
In its current form LinkedIn verification is pretty worthless as a trust signal.
flumpcakes
I am about to talk about "vibes" and "feelings" so please take this with a grain of salt:
Does anyone else get the impression that they feel like the nefarious surveillance state is now real and definitely not for their benefit?
It's been a long running trope of the men in black, and the state listening to your phone calls, etc. Even after Snowdon's leaks, where we learned that there are these massive dragnets scooping up personal information, it didn't feel real. It felt distant and possibly could have been a "probably good thing" that is it was needed to catch "the real bad guys".
It feels different now. Since last year, it feels like the walls are closing in a bit and that now the US is becoming... well, I can't find the words, but it's not good.
show comments
ricardo81
So basically 'Their “global network of data partners”' means once you submit that information, it's a free for all.
There's so many angles of grind with this kind of thing that big tech has gradually normalised.
kburman
I don't get the whole idea of treating identity verification as a private enterprise problem. I realize it's easy to just blame LinkedIn or Microsoft here, but the core issue is architectural. We are trying to solve a public utility problem by building private honeypots.
The government should provide an API or interface to validate a user, essentially acting just like an SSO. Instead of forcing users to upload raw passport scans to a third-party data broker, LinkedIn should just hit a government endpoint that returns an anonymized token or a simple boolean confirming "yes, this is a real, unique person." It gives platforms the sybil resistance they need without leaking the underlying PII.
dhayabaran
Apollo is one of many. The broader pattern is the same across the industry — companies collect data with one set of promises and then the data ends up accessible through channels users never consented to.
I've been documenting this pattern in AI apps specifically. The number of companies shipping to production with Firebase rules set to "allow read: if true" or Supabase databases with no Row Level Security is staggering. The identity data people hand over during verification often ends up in databases with zero access controls.
LinkedIn at least has a security team. Most AI startups shipping verification flows don't.
sigwinch
Last year, someone’s experience when LinkedIn required interacting with Persona:
I almost fell for a very sophisticated phishing attack last December and most of the "verifiable" information was from my LinkedIn account.
For each role I had described some of the tasks and accomplishments and this was used in the phishing message.
Since then, I removed my photo, changed my name only to initials and removed all the role-specific information.
It's a bit of a bummer as I'm currently in the process of looking for a new job and unfortunately having a LinkedIn profile is still required in some places, but once I find it, I'll delete my profile.
show comments
lacoolj
This is a little unnerving because I know I've had to provide similar ID verification somewhere online, but I can't remember where. And based on everything here, it was almost certainly Persona.
I guess I'll just be in the corner crossing my fingers none of it is found in a hostile foreign land or used against me.
VerifiedReports
The link isn't working, but anyone handing over unnecessary data to LinkedIn (AKA Facebook Pro) is probably too gullible to be online safely at this point.
7777777phil
> If you’ve already verified — like me — here’s what I’d recommend
Did you actually follow through with 1-4 and if so what was the outcome? how long did it take?
PacificSpecific
I wonder what mongo and snowflake are doing with that data. The table is a little vague.
I was under the impression they just make database products. Do they have a side hustle involving collecting this type of data?
show comments
hliyan
Here's what I found the most frightenting:
> Hesitation detection — they tracked whether I paused during the process
> They use uploaded images of identity documents — that’s my passport — to train their AI.
> Persona’s Terms of Service cap their liability at $50 USD.
> They also include mandatory binding arbitration — no court, no jury, no class action.
ceramati
Why can't we have an ATproto LinkedIn? It seems pretty well suited.
throwaway77385
How does this work for the myriad banks I've had to prove my identity to in the same way?
I'll be attempting steps 1-4 and see what Persona comes back with.
puszczyk
This is a good write-up and useful content, but edit-wise it could be simplified significantly. Additionally, phrases like "let that sink in" are characteristic of poor LinkedIn content, which is a bit of an irony :)
8cvor6j844qw_d6
Seeing some of my colleagues verify through Persona on LinkedIn, and I can't quite figure out what they're getting out of it.
Every hiring process I've been through already requires proof of identity at some point. Background checks, I-9s, whatever it may be. So you're essentially handing your ID to a third party just to get a badge that doesn't skip any steps you'd have to do anyway.
show comments
laszlojamf
I work in this space for a competitor to Persona, so take my opinion as potentially biased, but I have two points:
1. just because the DPA lists 17 subprocessors, it doesn't mean your data gets sent to all of them. As a company you put all your subprocessors in the DPA, even if you don't use them. We have a long list of subprocessors, but any one individual going through our system is only going to interact with two or three at most. Of course, Persona _could_ be sending your data to all 17 of them, legally, but I'd be surprised if they actually do.
2. the article makes it sound like biometric data is some kind of secret, but especially your _face_ is going to be _everywhere_ on the internet. Who are we kidding here? Why would _that_ be the problem? Your search/click behavior or connection metadata would seem a lot more private to me.
show comments
deaux
The content is of course 100% true and needs to be repeated over and over, every single day.
The straight-from-LLM writing style is incredibly grating and does a massive disservice to its importance. It really does not take that long to rewrite it a bit.
I hope at least he wrote it on his local Llama instance, else it's truly peak irony.
> Here’s the thing about the DPF: it’s the replacement for Privacy Shield, which the European Court of Justice killed in 2020. The reason? US surveillance laws made it impossible to guarantee European data was safe.
> The DPF exists because the US signed an Executive Order (14086) promising to behave better. But an Executive Order is not a law. It’s a presidential decision. It can be changed or revoked by any future president with a pen stroke.
This understates the reality: the DPF is already dead. Double dead, two separate headshots.
Its validity is based on the existence of a US oversight board and redress mechanism that is required to remain free of executive influence.
1. This board is required to have at least 3 members. It has had 1 member since Trump fired three Democrat members in Jan 2025 (besides a 2-week reinstatement period).
2. Trump's EO 14215 of Feb 2025 has brought (among other agencies) the FTC - which enforces compliance with the DPF - under presidential supervision. This is still in effect.
Of course, everyone that matters knows this, but it doesn't matter, as it was all a bunch of pretend from day 1. Rules for thee but not for me, as always. But what else can we expect in a world where the biggest economy is ruled by a serial rapist.
show comments
zquestz
In your "WHAT YOU SHOULD DO" section, you missed the most important thing.
Stop using LinkedIn, and stop using these terrible services that rip away our privacy.
afh1
>The legal basis? Not consent.
You read and agreed with the terms explicitly stating the data would be used to do those things, and it was not at all necessary for you to do that. What else do you want? It seems like consent isn't the issue. You just don't like what this company does, and still volunteer your data for them to do just that. Now you regret it and write a blog post?
One thing is to be tricked or misled, or for a government to force your face to be scanned and shared with a third party. Another is to have terms explicitly saying this will be done, requiring explicit agreement, and no one forcing you to do it.
show comments
trilogic
Great article, thank you.
Hiding all this very important info (which literally affects the users life) behind an insignificant boring click!
Even the most paranoid user will give up in certain use cases, (like with covid 19 which even though didn´t agree, you needed to travel, work making it compulsory).
Every company that uses deciving techniques like this should be banned in Europe.
game_the0ry
Off topic -- the design for that blog is really slick. Added it to my "design swipe file."
Less off topic -- there are some black hat marketers that (I think) buy or create verified profiles with attractive women, then they use the accounts for b2b sales through linkedin DMs. I find that amusing. Neutered corpo bois are apparently big poon hounds. Makes sense when you think about it -- that type of guy is craving female attention and probably does not have the balls to do anything in real life, so a polite DM from a fake linkedin thot would be appealing.
Joyfield
How did they get your MAC address?
show comments
flkiwi
This is only going to become more common. Companies are implementing checks using similar services (a) to prevent employment scams (where the person who interviews is not the person who works; usually the latter is a low-paid offshore individual) and (b) basic security authentication. It won’t be long before this sort of biometric validation starts showing up to authenticate users on regular websites and similar services, if it hasn’t already. I think the last one I had to do was to authenticate when activating a bank card.
show comments
mamma_mia
I've never used linkedin and have been more than fine, I feel that like with most social media that noise makes it seem more important than it is
tqi
> Persona extracts the mathematical geometry of your face from your selfie and from your passport photo. This isn’t just a picture — it’s a numerical map of the distances between your eyes, the shape of your jawline, the geometry of your features. It’s data that uniquely identifies you. And unlike a password, you can’t change your face if it gets compromised
Is there anything special about a passport photo, or can that be done from any photo of your face?
show comments
Kaijo
I hate LinkedIn but need it for a few things, mostly accessing certain clients and projects as a freelancer. Last October my ISP (Vodafone UK) assigned me a datacenter-classified IPv6 address with 80+ abuse reports on reputation databases, for bots, DDoS, crawlers. Before I realized this I started getting locked out, suspended, restricted from just about every web service I use, having to solve captchas for simple Google searches, etc.
I resolved everything except LinkedIn. They required Persona verification to restore access, but I'd already recently verified with Persona, so clicking the re-verification links just returned a Catch-22 "you've already verified with us." LinkedIn support is unreachable unless you're signed into an account. I tried direct emails, webforms, DMs to LinkedIn Help on Twitter, all completely ignored.
Eventually some cooldown timer must have expired, because Persona finally let me re-verify last week. Upon regaining access, I was encouraged me to verify with Persona AGAIN, this time for the verified badge.
I now have a taste of what "digital underclass" means, and look forward to the day when no part of my income depends on horrible platforms that make me desperate for the opportunity to give away my personal data!
show comments
snowhale
the Persona CEO response addresses the AI training concern but totally sidesteps the CLOUD Act issue. doesn't matter where data is stored -- if Persona or any of their US-based subprocessors get a US national security letter, that data is accessible. "deleted within 30 days" also means it exists for up to 30 days, which is plenty of time for a legal demand.
xenator
More interesting that LinkedIn use fingerprinting everywhere and connect your personal data to every device you are using and connect to other services connected to their network.
show comments
chickensong
First mistake was using LinkedIn. More mistakes were made.
huqedato
Passport photo... OMG. You can't image what they can do with that. That's precisely why I closed my linkedin years ago.
keithluu
I believe OpenAI used Persona during the verification step that you must complete to use their SOTA models in the API. Not sure if it's still the case now.
Anyway, I found that too much of a hassle and switched to other LLM providers.
show comments
bromuk
As a European citizen I hope it becomes law to have this data processed in the EU rather than the US.
show comments
efavdb
The privacy concerns are real.
The need / demand for some verification system might be growing though as I’ve heard fraudulent job application (people applying for jobs using fake identities… for whatever reason) is a growing trend.
cco
People who found this post interesting may also find this blog post about Persona a good read as well: https://vmfunc.re/blog/persona/
tl;dr Persona shares your identity data directly with the federal governments of the US and Canada and likely is sharing data/works with ICE on the same.
peter_retief
My ISP and my bank decided they needed my biometrics to have an account, same sort of thing
eel
I'm glad the absurdity of verification is getting attention. I was "forced" to verify by Linkedin to unlock my account. It was last year, and I had left my previous job, but I had not yet lined up a new job. So one of the only times in my career I might actually get value from Linkedin, they locked me out, removed my profile, and told me if I wanted back in, I'd have to verify. I felt helpless and disgusted.
I gave in and verified. Persona was the vendor then too. Their web app required me to look straight forward into my camera, then turn my head to the left and right. To me it felt like a blatant data collection scheme rather than something that is providing security. I couldn't find anyone talking about this online at the time.
I ended up finding a job through my Linkedin network that I don't think I could have found any other way. I don't know if it was worth getting "verified".
---
Related: something else that I find weird. After the Linkedin verification incident, my family went to Europe. When we returned to the US, the immigration agent had my wife and I look into a web cam, then he greeted my wife and I by name without handling our passports. He had to ask for the passport of our 7 month old son. They clearly have some kind of photo recognition software. Where did they get the data for that? I am not enrolled in Global Entry nor TSA PreCheck. I doubt my passport photo alone is enough data for photo recognition.
show comments
dave_sid
Linkedin is the sleaziest thing I’ve seen on the internet since it was invented. The sight of it makes my skin crawl. The way they have desperately tried to onboard you via data that they seem to have that they shouldn’t. The way users even present themselves, posting updates that probably make them want to vomit themselves and shower in disgust even tho it’s not their fault, we need to find work. The bloody badge that you have to wear on your forehead to say you are available for work. The thought of the money they are raking in from recruiters and corporations. The way they try to be a little bit more like Facebook to make it look a little more ‘fun’. I hate it.
Well they made it. They conquered the recruitment scene and I can’t think of a company I’d wish had gone out of business sooner.
Am I wrong?
show comments
rambojohnson
everyone on linkedin sounds like chatgpt / claude.
blaze33
> My NFC chip data — the digital info stored on the chip inside my passport
Do we know how they get that? Because my fingerprints are also in there, so...
show comments
tagami
Thank you for doing and sharing what I was hesitant to do. Now I know with good reason why.
trinsic2
If you are using Linked in for anything at this point, you are just asking for trouble. They have no interest in maintaining a healthy business ecosystem and you can see that with the way they try to close you into their system and the amount of AI slop that is on that platform.
_pdp_
On EU data sovereignty:
The OP is right. For that reason we started migrating all of our cloud-based services out of USA into EU data centers with EU companies behind them. We are basically 80% there. The last 20% remaining are not the difficult ones - they are just not really that important to care that much at this point but the long terms intention is a 100% disconnect.
On IDV security:
When you send your document to an IDV company (be that in USA or elsewhere) they do not have the automatic right to train on your data without explicit consent. They have been a few pretty big class action lawsuits in the past around this but I also believe that the legal frameworks are simply not strong enough to deter abuse or negligence.
That being said, everyone reading this must realise that with large datasets it is practically very likely to miss-label data and it is hard to prove that this is not happening at scale. At the end of the day it will be a query running against a database and with huge volumes it might catch more than it should. Once the data is selected for training and trained on, it is impossible to undo the damage. You can delete the training artefact after the fact of course but the weights of the models are already re-balanced with the said data unless you train from scratch which nobody does.
I think everyone should assume that their data, be that source code, biometrics, or whatever, is already used for training without consent and we don't have the legal frameworks to protect you against such actions - in fact we have the opposite. The only control you have is not to participate.
ozgung
I think at this point we should all accept the fact that Information Tech = Spy Tech = Surveillance Tech. This is not about Linkedin or bad implementation by some 3rd party company. This is on purpose. Bad news is that countries started to make id verification mandatory for social media usage. That is also coordinated and for surveillance purposes.
Actually Steve Blank has a great talk on the roots of Silicon Valley. SV basically built upon military tech meeting private equity. That's why it's wildly different than say Berlin startup scene, and their products are global and free.
so their "shady" network of subprocessors are just the companies that already have all of your data? wow. I'm pretty sure I use most if not all of them in my own stack.
In any case, I don't know how much more ad money they'll extract from knowing what I look like. Maybe beauty products?
show comments
aleksandrm
LinkedIn is no longer a "professional network". I'm actually considering DELETING my account.
show comments
unglaublich
Through extensive data harvesting, and exchanging and partnering across thousands of such data miners, I suspect that by now, the graph of identities and fingerpinted devices must be practically complete. That means that all your actions on the internet can be tracked back, via device fingerprinting and cookie networks, to your physical identity. Great milestone for the surveillance states.
ttflee
I guess the day that a corporate AI could easily fake all my online existence is drawing nigh.
dzink
If you fly to US, Singapore, and many other countries these days, your face will be photographed and the photo will be matched to your passport photo via facial recognition (the machine tells you that outright, and does the action on the spot). They also take your right hand fingerprints.
show comments
sanex
Those 17 sub processors are probably the most vanilla cloud computing companies you're going to find. Maybe you can complain about using one of the three LLM providers for doing OCR but there have been quite a few posts here about how LLMs are great for OCR.
anoncow
What should an ideal work website or social network be like?
show comments
aestetix
Peter Thiel knows about the anti-christ...
kopollo
The only thing left is for them to want our asses.
CrzyLngPwd
Blue tick is the thin end of the wedge, as is "think of the children" ID demands.
It won't be long before we'll be required to verify ID for every major website.
thepancake
Here's where you went wrong: you're on LinkedIn.
Since it's your first time, this one is free, I'll be collecting micropayments for future advice, rest assured.
JohnMakin
I was randomly forced to do this about a year ago, gave them everything except a passport (Tried providing other doc but support is either bots or overseas), got rejected, and lost a 15 year old legitimate business account.
Could never find any explanation why I was targeted by this - it said it detected “suspicious activity” but I only ever interacted with recruiters, and only occasionally. Supposedly it is deleted after if you don’t go all the way through, but I do not believe it. This data ends up in very weird places and they can go fuck themselves for it afaic.
jihadjihad
> The legal basis? Not consent.
> The reason? US surveillance laws […]
This slop in every blog post? Fucking tiresome.
ozim
I verified my account and I handed over the same info as I handed over when I was getting MSFT Azure cert exam.
So it was nothing special for me.
show comments
WhereIsTheTruth
LinkedIn is the ultimate intelligence test: if you register, you have lost
the_real_cher
Modern day LinkedIn is a terrible company that violates privacy as bad as any other social media company.
Also, the content on LinkedIn is terrible and fake.
Need to start shunning these bad actors.
veltas
Persona just got hacked so we're off to a good start.
sunaookami
AI slop blogspam
dvfjsdhgfv
Since some job offers require a linked in link, I maintain an empty page explaining why maintaining a LI account is a privacy and security hole. It turns out it works.
show comments
brainless
I am in India and this is the reason I have not verified till now. I do not know how LinkedIn has the audacity to ask for this level of personal detail. This seems dystopian to me.
LinkedIn is a social network and I wish there was an alternative.
show comments
jarek-foksa
LinkedIn support will also blatantly lie to you when you ask them whether Persona is GDPR compliant and needed to activate your account.
Last year I was trying to setup a business LinkedIn page for SEO purposes, which meant I also had to create a personal account. After being told several times that I absolutely need to scan my ID card with that dodgy app I simply replied that I can't do it due to security concerns. After several weeks they unlocked my account anyway, but I suspect this would not happen if algorithms determined that I actually needed that account to find a job and pay my bills.
nalekberov
You can verify yourself using company email address - maybe I am being naive to think that it’s much safer, but it’s way better than handing over your ID data.
I never understand why people supply too much info about themselves for small gains.
People at LinkedIn wants you to believe that your career is safe if you play by their games, but ironically they are one of the main reasons why companies nowadays are comfortable with hiring and firing fast.
show comments
smashah
They are making the apparatus to destroy our freedoms.
cess11
TFA should have mentioned that this junk has ties to security services in Five Eyes, through Paravision.
Just wait when next time they ask for your member length and girth or flaps size.
show comments
SanjayMehta
LinkedIn locked me out of my account, and wants me to verify via this same Persona company. I didn't read the terms but there's no way I'm giving Microsoft or its minions my govt id.
What this user missed is the affidavit option: you can get a piece of paper attested by a local authority and upload that instead, if you really really need a LinkedIn verified account.
Microsoft can go jump.
show comments
yapyap
welp, yikes
globalnode
What a sad story. I feel sorry for this person. But it was very naive to put that data up in the first place. I recently tried to open a FB acct so I could connect with local community but within 2 days I was accused of being a bot and asked to start a video interview with a verification bot. That didn't happen, local community can do without me ;)
show comments
aanet
Thanks for writing this up. I didn't realize the privacy rot went so deep.
Aside from their AI-slopped newsfeed (F@#$!!!) which should have died long ago, this is atrocious. "Enshittification" was created just for this.
Sorry, I got sidetracked.
Isn't there anyone from LinkedIn here??
cluckindan
Just wait until GitHub starts requiring this.
IOT_Apprentice
So LinkedIn’s 1st CEO Reid Hoffman who was all up in relationships with Epstein & Bone Saw, yakking it up with monsters is the place to store your employment history? To provide a blue checkmark? To feed into copliot & be sold to AI weapons vendors & gruesome thugs like Palantir’s CEO & Chairman? Yikes.
skywhopper
This is all bad, but I feel compelled to call out the “geolocation (inferred from your IP)” tidbit, because I can vouch that in the era of IPv4 scarcity, this value is often wildly wrong. When I’m at home, for the past 10 years, living in three different cities in that time, my ISP-granted IP address registered as incorrect locations (often by hundreds of miles) more often than not. And my mobile phone is always wrong, showing me in Colorado, St Louis, or North Carolina depending on the day. None of those locations are even close to correct.
It’s truly a shame we are allowing these companies to steal and share and abuse our personal data, and it’s even worse that even the very basics of that data are so often blatantly wrong.
xhcuvuvyc
You still have a linkedin? Isn't that just all ai slop?
show comments
tamimio
This process will be done in a way that you won’t even have to do it in 3min, it will be part of you phone wallet, and whenever you sign up you will be required to verify it there, essentially, all big tech will be having a copy of your biometric, and consequently, all three letter agencies too. Welcome to the tyranny of big tech!
zeroq
> And look at who’s doing “Data Extraction and Analysis” — Anthropic, OpenAI, and Groqcloud. Three AI companies are processing your passport and selfie data.
That's quite cool, it means that soon models will be able to create a fake ID photos with real data.
I'm so excited about it! /s
stevehawk
Because it's Persona you can also count on every ICE body cam that is having facial recognition performed by Palantir has access to this data.
I'll note that Persona's CEO responded on LinkedIn [1] pointing out that:
The full list of sub-processors seems to be a catch-all for all the services they provide, which includes background checks, document processing, etc. identity verification being just one of them.I have I've worked on projects that require legal to get involved and you do end up with documents that sound excessively broad. I can see how one can paint a much grimmer picture from documents than what's happening in reality. It's good to point it out and force clarity out of these types of services.
[1]: https://www.linkedin.com/feed/update/urn:li:activity:7430615...
I used to have a LinkedIn account, a long time ago. To register I created an email address that was unique to LinkedIn, and pretty much unguessable ... certainly not amenable to a dictionary attack.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
I really appreciate this write-up.
Was forced to verify to get access to a new account. Like, an interstitial page that forced verification before even basic access.
Brief context for that: was being granted a salesnav licence, but to my work address with no account attached to it. Plus I had an existing salesnav trial underway on main account and didn't want to give access to that work.
So I reluctantly verified with my passport (!) and got access. Then looked at all the privacy settings to try to access what I'd given, but the full export was only sign up date and one other row in a csv. I switched off all the dark pattern ad settings that were default on, then tried to recall the name of the company. Lack of time meant I haven't been able to follow up. I was deeply uncomfortable with the whole process.
So now I've requested my info and deletion via the details in the post, from the work address.
One other concern is if my verified is ever forced to be my main, I'll be screwed for contacts and years of connections. So I'll try to shut it down soon when I'm sure we're done at work. But tbh I don't think the issues will end there either.
Why do these services have to suck so much. Why does money confer such power instead of goodwill, integrity and trust/trustless systems. Things have to change. Or, just stay off the grid. But that shouldn't have to be the choice. Where are the decentralised services. I'm increasingly serious about this.
It seems to me that if you let Persona verify your identity you're essentially providing data enrichment for the US government. In exchange for what? A blue tick from a feeder platform like LinkedIn, Reddit or Discord? No thanks.
On the other hand it can be hard to escape if it's for something that actually matters. Coursera is a customer. You might want your course achievements authenticated. The Canada Media Fund arranges monies for Canadian creators when their work lines up with various government sponsored DEI incentives. If you're in this world you will surely use Persona as required by them. Maybe you're applying for a trading account with Wealthsimple and have to have your ID verified. Or you want to rent a Lime Scooter and have to use them as part of the age verification process.
KYC platforms have a place. But we need legal guarantees around the use of our data. And places like Canada and Europe that are having discussions about digital sovereignty need to prioritize the creation of local alternatives.
LinkedIn is creepy even compared to Facebook imo.
And the content is the worst trash you'll find online, bottom of the barrel.
Persona do not seem to be competent guardians of such a trove of private information.
https://vmfunc.re/blog/persona
LinkedIn is Tiktokified social media brainrot disguised as serious work. „Hey - you‘re not wasting time, you‘re building your network and gather industry knowledge!“
LinkedIn is full if so called professionals who make a living by leveraging their brand. If you‘re not one of them, leave
Somehow the fundamentals of places like linkedin, gmail, google, facebook, etc have eluded people.
1. they are selling you as a target.
2. some people, governments, groups, whatever are willing to pay a lot of money to obtain information about you.
3. why would someone pay good money to target you unless they were going to profit from doing so. are they stupid? no.
4. where does that profit come from? If some one is willing to pay $100 to target you, how are they going to recoup that money?
5. From you.
There is simply no other way this can have worked for this long without this being true.
It is a long causal change, so it is fair to ask whether there is any empirical evidence. If this is true we would expect to see ...? Well how about prices going up? Well how about in general people are less able to afford housing, food, cars, etc.
I'm speculating here, but perhaps it is predictability. There is a common time warp fantasy about being able to go back and guess the future. You go back and bet on a sports game. If I can predict what you are going to do then I can place much more profitable bets.
Do the corporations that participate in this scheme provide mutual economic benefit? Do they contribute to the common wealth or are they parasitical?
No one likes to think they have parasites. But we all do these days.
Isn't Persona the same sub processor Discord is using for their new age-verification :thinking:
From the article:
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
Not sure LinkedIn is a European professional network.
I've been getting "Emails aren’t getting through to one of your email addresses. Please update or confirm your email." -- even tho I get messages from them every day. When you press the button to confirm the (working) email it states "Something went wrong".
It happened last week too, I was able to fix it via their chat-help (human). Yesterday, their chat-help (human) was not able fix it and has to open a ticket. I pay for LinkedIn-Premium. So maybe this is just a scam to route me into Verification. Their help documents (https://www.linkedin.com/help/linkedin/answer/a1423367) for verifying emails doesn't match the current user experience.
Then, in a classic tech-paradox, their phone support person told me they would email me -- on the same address their system reports emails are not getting through to. It felt like 1996 levels of understanding.
We need to get back to de-centralised.
This is the kind of activism in privacy appreciate that we need. I knew I did not want to verify but I did verify on Linkedin recently. The fact that the author also gave an action list if you are concerned about your privacy is just commendable.
Ha. I was reading this and thought "euhhhh, I did not give all of that to verify my account". So I went to LinkedIn to check if I have the shield. I then saw
- that I just have "work email verified" and that there is a Persona thing I was not even aware of
- a post by Brian Krebs at the top of my feed, exactly on that topic: https://www.linkedin.com/posts/bkrebs_if-you-are-thinking-ab...
Wow that is insane. Persona is even linked to Peter Thiel.
If LinkedIn asks me to verify then I'll just leave. I'd be very happy for it to fall over anyway so there is space for a new more ethical platform. Especially since Microsoft acquired it, all bets are off.
A good reminder of how things actually work, but the article could use some more balancing…
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
LinkedIn is an American product. The EU has had 20 years to create an equally successful and popular product, which it failed to do. American companies don’t owe your European nationalist ambitions a dime. Use their products at your own discretion.
Of course an American company is subject to American law. And of course an American company will prioritise other local, similar jurisdiction companies. And often times there’s no European option that competes on quality, price, etc to begin with. In other words I don’t see why any of this is somehow uniquely wrong to the OP.
> Here’s what the CLOUD Act does in plain language: it allows US law enforcement to force any US-based company to hand over data, even if that data is stored on a server outside the United States.
European law enforcement agencies have the same powers, which they easily exercise.
The deeper issue here is that centralized identity verification creates honeypots. You hand over real identity data to verify yourself, and now that data lives in LinkedIn's systems indefinitely. The alternative direction is zero-knowledge proofs for identity — prove you're a real person without revealing which person. Projects like World ID are going this direction. The irony is that for AI agents, none of this matters: they don't have identities to verify, which is actually a feature.
>Count them. 17 companies. 16 in the United States. 1 in Canada. Zero in the EU.
We regulated innovation out of the market. Why are you surprises that the only companies finding your data valuable are in the US?
Good write up I guess, but I'm just so tired of all the AI-isms in every damn thing.
"Your European passport is one quiet subpoena away"
Why does the subpoena need to be quiet? If I search my chats with ChatGPT for the word "quiet", I get a ridiculous number of results. "Quietly this, quietly that". It's almost like the new em dash.
There's many others all over this blog post I won't bother calling out.
"Understanding what I actually agreed to took me an entire weekend reading 34 pages of legal documents."
Yeah I'll bet it did. Or it took an hour of back and forth with ChatGPT loaded up with those 34 pages.
I get it, we all use AI, but I'm just so tired of seeing the unmistakable mark of AI language all over every single thing. For some reason it just makes me think "this person is lazy". The CEO of a company my friend works for used Claude to write an important letter to business partners recently and we were all galled at her lack of awareness of how AI-sloppified the thing was. I guess people just don't care anymore.
The strange thing about LinkedIn organization verification is that it never seems to be revoked. I have many contacts with verifications from companies they no longer work for - sometimes for a very long time.
On the other hand I see many people posting in official capacity for an organization without verification.
When they actively represent their current company but with a random verification from a previous one it gets pretty absurd.
In its current form LinkedIn verification is pretty worthless as a trust signal.
I am about to talk about "vibes" and "feelings" so please take this with a grain of salt:
Does anyone else get the impression that they feel like the nefarious surveillance state is now real and definitely not for their benefit?
It's been a long running trope of the men in black, and the state listening to your phone calls, etc. Even after Snowdon's leaks, where we learned that there are these massive dragnets scooping up personal information, it didn't feel real. It felt distant and possibly could have been a "probably good thing" that is it was needed to catch "the real bad guys".
It feels different now. Since last year, it feels like the walls are closing in a bit and that now the US is becoming... well, I can't find the words, but it's not good.
So basically 'Their “global network of data partners”' means once you submit that information, it's a free for all.
There's so many angles of grind with this kind of thing that big tech has gradually normalised.
I don't get the whole idea of treating identity verification as a private enterprise problem. I realize it's easy to just blame LinkedIn or Microsoft here, but the core issue is architectural. We are trying to solve a public utility problem by building private honeypots.
The government should provide an API or interface to validate a user, essentially acting just like an SSO. Instead of forcing users to upload raw passport scans to a third-party data broker, LinkedIn should just hit a government endpoint that returns an anonymized token or a simple boolean confirming "yes, this is a real, unique person." It gives platforms the sybil resistance they need without leaking the underlying PII.
Apollo is one of many. The broader pattern is the same across the industry — companies collect data with one set of promises and then the data ends up accessible through channels users never consented to.
I've been documenting this pattern in AI apps specifically. The number of companies shipping to production with Firebase rules set to "allow read: if true" or Supabase databases with no Row Level Security is staggering. The identity data people hand over during verification often ends up in databases with zero access controls.
LinkedIn at least has a security team. Most AI startups shipping verification flows don't.
Last year, someone’s experience when LinkedIn required interacting with Persona:
https://news.ycombinator.com/item?id=44435997
I almost fell for a very sophisticated phishing attack last December and most of the "verifiable" information was from my LinkedIn account.
For each role I had described some of the tasks and accomplishments and this was used in the phishing message.
Since then, I removed my photo, changed my name only to initials and removed all the role-specific information.
It's a bit of a bummer as I'm currently in the process of looking for a new job and unfortunately having a LinkedIn profile is still required in some places, but once I find it, I'll delete my profile.
This is a little unnerving because I know I've had to provide similar ID verification somewhere online, but I can't remember where. And based on everything here, it was almost certainly Persona.
I guess I'll just be in the corner crossing my fingers none of it is found in a hostile foreign land or used against me.
The link isn't working, but anyone handing over unnecessary data to LinkedIn (AKA Facebook Pro) is probably too gullible to be online safely at this point.
> If you’ve already verified — like me — here’s what I’d recommend
Did you actually follow through with 1-4 and if so what was the outcome? how long did it take?
I wonder what mongo and snowflake are doing with that data. The table is a little vague.
I was under the impression they just make database products. Do they have a side hustle involving collecting this type of data?
Here's what I found the most frightenting:
> Hesitation detection — they tracked whether I paused during the process
> They use uploaded images of identity documents — that’s my passport — to train their AI.
> Persona’s Terms of Service cap their liability at $50 USD.
> They also include mandatory binding arbitration — no court, no jury, no class action.
Why can't we have an ATproto LinkedIn? It seems pretty well suited.
How does this work for the myriad banks I've had to prove my identity to in the same way? I'll be attempting steps 1-4 and see what Persona comes back with.
This is a good write-up and useful content, but edit-wise it could be simplified significantly. Additionally, phrases like "let that sink in" are characteristic of poor LinkedIn content, which is a bit of an irony :)
Seeing some of my colleagues verify through Persona on LinkedIn, and I can't quite figure out what they're getting out of it.
Every hiring process I've been through already requires proof of identity at some point. Background checks, I-9s, whatever it may be. So you're essentially handing your ID to a third party just to get a badge that doesn't skip any steps you'd have to do anyway.
I work in this space for a competitor to Persona, so take my opinion as potentially biased, but I have two points: 1. just because the DPA lists 17 subprocessors, it doesn't mean your data gets sent to all of them. As a company you put all your subprocessors in the DPA, even if you don't use them. We have a long list of subprocessors, but any one individual going through our system is only going to interact with two or three at most. Of course, Persona _could_ be sending your data to all 17 of them, legally, but I'd be surprised if they actually do. 2. the article makes it sound like biometric data is some kind of secret, but especially your _face_ is going to be _everywhere_ on the internet. Who are we kidding here? Why would _that_ be the problem? Your search/click behavior or connection metadata would seem a lot more private to me.
The content is of course 100% true and needs to be repeated over and over, every single day.
The straight-from-LLM writing style is incredibly grating and does a massive disservice to its importance. It really does not take that long to rewrite it a bit.
I hope at least he wrote it on his local Llama instance, else it's truly peak irony.
> Here’s the thing about the DPF: it’s the replacement for Privacy Shield, which the European Court of Justice killed in 2020. The reason? US surveillance laws made it impossible to guarantee European data was safe.
> The DPF exists because the US signed an Executive Order (14086) promising to behave better. But an Executive Order is not a law. It’s a presidential decision. It can be changed or revoked by any future president with a pen stroke.
This understates the reality: the DPF is already dead. Double dead, two separate headshots.
Its validity is based on the existence of a US oversight board and redress mechanism that is required to remain free of executive influence.
1. This board is required to have at least 3 members. It has had 1 member since Trump fired three Democrat members in Jan 2025 (besides a 2-week reinstatement period).
2. Trump's EO 14215 of Feb 2025 has brought (among other agencies) the FTC - which enforces compliance with the DPF - under presidential supervision. This is still in effect.
Of course, everyone that matters knows this, but it doesn't matter, as it was all a bunch of pretend from day 1. Rules for thee but not for me, as always. But what else can we expect in a world where the biggest economy is ruled by a serial rapist.
In your "WHAT YOU SHOULD DO" section, you missed the most important thing.
Stop using LinkedIn, and stop using these terrible services that rip away our privacy.
>The legal basis? Not consent.
You read and agreed with the terms explicitly stating the data would be used to do those things, and it was not at all necessary for you to do that. What else do you want? It seems like consent isn't the issue. You just don't like what this company does, and still volunteer your data for them to do just that. Now you regret it and write a blog post?
One thing is to be tricked or misled, or for a government to force your face to be scanned and shared with a third party. Another is to have terms explicitly saying this will be done, requiring explicit agreement, and no one forcing you to do it.
Great article, thank you.
Hiding all this very important info (which literally affects the users life) behind an insignificant boring click! Even the most paranoid user will give up in certain use cases, (like with covid 19 which even though didn´t agree, you needed to travel, work making it compulsory). Every company that uses deciving techniques like this should be banned in Europe.
Off topic -- the design for that blog is really slick. Added it to my "design swipe file."
Less off topic -- there are some black hat marketers that (I think) buy or create verified profiles with attractive women, then they use the accounts for b2b sales through linkedin DMs. I find that amusing. Neutered corpo bois are apparently big poon hounds. Makes sense when you think about it -- that type of guy is craving female attention and probably does not have the balls to do anything in real life, so a polite DM from a fake linkedin thot would be appealing.
How did they get your MAC address?
This is only going to become more common. Companies are implementing checks using similar services (a) to prevent employment scams (where the person who interviews is not the person who works; usually the latter is a low-paid offshore individual) and (b) basic security authentication. It won’t be long before this sort of biometric validation starts showing up to authenticate users on regular websites and similar services, if it hasn’t already. I think the last one I had to do was to authenticate when activating a bank card.
I've never used linkedin and have been more than fine, I feel that like with most social media that noise makes it seem more important than it is
> Persona extracts the mathematical geometry of your face from your selfie and from your passport photo. This isn’t just a picture — it’s a numerical map of the distances between your eyes, the shape of your jawline, the geometry of your features. It’s data that uniquely identifies you. And unlike a password, you can’t change your face if it gets compromised
Is there anything special about a passport photo, or can that be done from any photo of your face?
I hate LinkedIn but need it for a few things, mostly accessing certain clients and projects as a freelancer. Last October my ISP (Vodafone UK) assigned me a datacenter-classified IPv6 address with 80+ abuse reports on reputation databases, for bots, DDoS, crawlers. Before I realized this I started getting locked out, suspended, restricted from just about every web service I use, having to solve captchas for simple Google searches, etc.
I resolved everything except LinkedIn. They required Persona verification to restore access, but I'd already recently verified with Persona, so clicking the re-verification links just returned a Catch-22 "you've already verified with us." LinkedIn support is unreachable unless you're signed into an account. I tried direct emails, webforms, DMs to LinkedIn Help on Twitter, all completely ignored.
Eventually some cooldown timer must have expired, because Persona finally let me re-verify last week. Upon regaining access, I was encouraged me to verify with Persona AGAIN, this time for the verified badge.
I now have a taste of what "digital underclass" means, and look forward to the day when no part of my income depends on horrible platforms that make me desperate for the opportunity to give away my personal data!
the Persona CEO response addresses the AI training concern but totally sidesteps the CLOUD Act issue. doesn't matter where data is stored -- if Persona or any of their US-based subprocessors get a US national security letter, that data is accessible. "deleted within 30 days" also means it exists for up to 30 days, which is plenty of time for a legal demand.
More interesting that LinkedIn use fingerprinting everywhere and connect your personal data to every device you are using and connect to other services connected to their network.
First mistake was using LinkedIn. More mistakes were made.
Passport photo... OMG. You can't image what they can do with that. That's precisely why I closed my linkedin years ago.
I believe OpenAI used Persona during the verification step that you must complete to use their SOTA models in the API. Not sure if it's still the case now.
Anyway, I found that too much of a hassle and switched to other LLM providers.
As a European citizen I hope it becomes law to have this data processed in the EU rather than the US.
The privacy concerns are real.
The need / demand for some verification system might be growing though as I’ve heard fraudulent job application (people applying for jobs using fake identities… for whatever reason) is a growing trend.
People who found this post interesting may also find this blog post about Persona a good read as well: https://vmfunc.re/blog/persona/
tl;dr Persona shares your identity data directly with the federal governments of the US and Canada and likely is sharing data/works with ICE on the same.
My ISP and my bank decided they needed my biometrics to have an account, same sort of thing
I'm glad the absurdity of verification is getting attention. I was "forced" to verify by Linkedin to unlock my account. It was last year, and I had left my previous job, but I had not yet lined up a new job. So one of the only times in my career I might actually get value from Linkedin, they locked me out, removed my profile, and told me if I wanted back in, I'd have to verify. I felt helpless and disgusted.
I gave in and verified. Persona was the vendor then too. Their web app required me to look straight forward into my camera, then turn my head to the left and right. To me it felt like a blatant data collection scheme rather than something that is providing security. I couldn't find anyone talking about this online at the time.
I ended up finding a job through my Linkedin network that I don't think I could have found any other way. I don't know if it was worth getting "verified".
---
Related: something else that I find weird. After the Linkedin verification incident, my family went to Europe. When we returned to the US, the immigration agent had my wife and I look into a web cam, then he greeted my wife and I by name without handling our passports. He had to ask for the passport of our 7 month old son. They clearly have some kind of photo recognition software. Where did they get the data for that? I am not enrolled in Global Entry nor TSA PreCheck. I doubt my passport photo alone is enough data for photo recognition.
Linkedin is the sleaziest thing I’ve seen on the internet since it was invented. The sight of it makes my skin crawl. The way they have desperately tried to onboard you via data that they seem to have that they shouldn’t. The way users even present themselves, posting updates that probably make them want to vomit themselves and shower in disgust even tho it’s not their fault, we need to find work. The bloody badge that you have to wear on your forehead to say you are available for work. The thought of the money they are raking in from recruiters and corporations. The way they try to be a little bit more like Facebook to make it look a little more ‘fun’. I hate it.
Well they made it. They conquered the recruitment scene and I can’t think of a company I’d wish had gone out of business sooner.
Am I wrong?
everyone on linkedin sounds like chatgpt / claude.
> My NFC chip data — the digital info stored on the chip inside my passport
Do we know how they get that? Because my fingerprints are also in there, so...
Thank you for doing and sharing what I was hesitant to do. Now I know with good reason why.
If you are using Linked in for anything at this point, you are just asking for trouble. They have no interest in maintaining a healthy business ecosystem and you can see that with the way they try to close you into their system and the amount of AI slop that is on that platform.
On EU data sovereignty:
The OP is right. For that reason we started migrating all of our cloud-based services out of USA into EU data centers with EU companies behind them. We are basically 80% there. The last 20% remaining are not the difficult ones - they are just not really that important to care that much at this point but the long terms intention is a 100% disconnect.
On IDV security:
When you send your document to an IDV company (be that in USA or elsewhere) they do not have the automatic right to train on your data without explicit consent. They have been a few pretty big class action lawsuits in the past around this but I also believe that the legal frameworks are simply not strong enough to deter abuse or negligence.
That being said, everyone reading this must realise that with large datasets it is practically very likely to miss-label data and it is hard to prove that this is not happening at scale. At the end of the day it will be a query running against a database and with huge volumes it might catch more than it should. Once the data is selected for training and trained on, it is impossible to undo the damage. You can delete the training artefact after the fact of course but the weights of the models are already re-balanced with the said data unless you train from scratch which nobody does.
I think everyone should assume that their data, be that source code, biometrics, or whatever, is already used for training without consent and we don't have the legal frameworks to protect you against such actions - in fact we have the opposite. The only control you have is not to participate.
I think at this point we should all accept the fact that Information Tech = Spy Tech = Surveillance Tech. This is not about Linkedin or bad implementation by some 3rd party company. This is on purpose. Bad news is that countries started to make id verification mandatory for social media usage. That is also coordinated and for surveillance purposes.
Actually Steve Blank has a great talk on the roots of Silicon Valley. SV basically built upon military tech meeting private equity. That's why it's wildly different than say Berlin startup scene, and their products are global and free.
https://www.youtube.com/watch?v=ZTC_RxWN_xo
so their "shady" network of subprocessors are just the companies that already have all of your data? wow. I'm pretty sure I use most if not all of them in my own stack.
In any case, I don't know how much more ad money they'll extract from knowing what I look like. Maybe beauty products?
LinkedIn is no longer a "professional network". I'm actually considering DELETING my account.
Through extensive data harvesting, and exchanging and partnering across thousands of such data miners, I suspect that by now, the graph of identities and fingerpinted devices must be practically complete. That means that all your actions on the internet can be tracked back, via device fingerprinting and cookie networks, to your physical identity. Great milestone for the surveillance states.
I guess the day that a corporate AI could easily fake all my online existence is drawing nigh.
If you fly to US, Singapore, and many other countries these days, your face will be photographed and the photo will be matched to your passport photo via facial recognition (the machine tells you that outright, and does the action on the spot). They also take your right hand fingerprints.
Those 17 sub processors are probably the most vanilla cloud computing companies you're going to find. Maybe you can complain about using one of the three LLM providers for doing OCR but there have been quite a few posts here about how LLMs are great for OCR.
What should an ideal work website or social network be like?
Peter Thiel knows about the anti-christ...
The only thing left is for them to want our asses.
Blue tick is the thin end of the wedge, as is "think of the children" ID demands.
It won't be long before we'll be required to verify ID for every major website.
Here's where you went wrong: you're on LinkedIn. Since it's your first time, this one is free, I'll be collecting micropayments for future advice, rest assured.
I was randomly forced to do this about a year ago, gave them everything except a passport (Tried providing other doc but support is either bots or overseas), got rejected, and lost a 15 year old legitimate business account.
Could never find any explanation why I was targeted by this - it said it detected “suspicious activity” but I only ever interacted with recruiters, and only occasionally. Supposedly it is deleted after if you don’t go all the way through, but I do not believe it. This data ends up in very weird places and they can go fuck themselves for it afaic.
> The legal basis? Not consent.
> The reason? US surveillance laws […]
This slop in every blog post? Fucking tiresome.
I verified my account and I handed over the same info as I handed over when I was getting MSFT Azure cert exam.
So it was nothing special for me.
LinkedIn is the ultimate intelligence test: if you register, you have lost
Modern day LinkedIn is a terrible company that violates privacy as bad as any other social media company.
Also, the content on LinkedIn is terrible and fake.
Need to start shunning these bad actors.
Persona just got hacked so we're off to a good start.
AI slop blogspam
Since some job offers require a linked in link, I maintain an empty page explaining why maintaining a LI account is a privacy and security hole. It turns out it works.
I am in India and this is the reason I have not verified till now. I do not know how LinkedIn has the audacity to ask for this level of personal detail. This seems dystopian to me.
LinkedIn is a social network and I wish there was an alternative.
LinkedIn support will also blatantly lie to you when you ask them whether Persona is GDPR compliant and needed to activate your account.
Last year I was trying to setup a business LinkedIn page for SEO purposes, which meant I also had to create a personal account. After being told several times that I absolutely need to scan my ID card with that dodgy app I simply replied that I can't do it due to security concerns. After several weeks they unlocked my account anyway, but I suspect this would not happen if algorithms determined that I actually needed that account to find a job and pay my bills.
You can verify yourself using company email address - maybe I am being naive to think that it’s much safer, but it’s way better than handing over your ID data.
I never understand why people supply too much info about themselves for small gains.
People at LinkedIn wants you to believe that your career is safe if you play by their games, but ironically they are one of the main reasons why companies nowadays are comfortable with hiring and firing fast.
They are making the apparatus to destroy our freedoms.
TFA should have mentioned that this junk has ties to security services in Five Eyes, through Paravision.
https://en.wikipedia.org/wiki/Paravision_(identity_verificat...
Well don't do that then.
Just wait when next time they ask for your member length and girth or flaps size.
LinkedIn locked me out of my account, and wants me to verify via this same Persona company. I didn't read the terms but there's no way I'm giving Microsoft or its minions my govt id.
What this user missed is the affidavit option: you can get a piece of paper attested by a local authority and upload that instead, if you really really need a LinkedIn verified account.
Microsoft can go jump.
welp, yikes
What a sad story. I feel sorry for this person. But it was very naive to put that data up in the first place. I recently tried to open a FB acct so I could connect with local community but within 2 days I was accused of being a bot and asked to start a video interview with a verification bot. That didn't happen, local community can do without me ;)
Thanks for writing this up. I didn't realize the privacy rot went so deep.
Aside from their AI-slopped newsfeed (F@#$!!!) which should have died long ago, this is atrocious. "Enshittification" was created just for this. Sorry, I got sidetracked.
Isn't there anyone from LinkedIn here??
Just wait until GitHub starts requiring this.
So LinkedIn’s 1st CEO Reid Hoffman who was all up in relationships with Epstein & Bone Saw, yakking it up with monsters is the place to store your employment history? To provide a blue checkmark? To feed into copliot & be sold to AI weapons vendors & gruesome thugs like Palantir’s CEO & Chairman? Yikes.
This is all bad, but I feel compelled to call out the “geolocation (inferred from your IP)” tidbit, because I can vouch that in the era of IPv4 scarcity, this value is often wildly wrong. When I’m at home, for the past 10 years, living in three different cities in that time, my ISP-granted IP address registered as incorrect locations (often by hundreds of miles) more often than not. And my mobile phone is always wrong, showing me in Colorado, St Louis, or North Carolina depending on the day. None of those locations are even close to correct.
It’s truly a shame we are allowing these companies to steal and share and abuse our personal data, and it’s even worse that even the very basics of that data are so often blatantly wrong.
You still have a linkedin? Isn't that just all ai slop?
This process will be done in a way that you won’t even have to do it in 3min, it will be part of you phone wallet, and whenever you sign up you will be required to verify it there, essentially, all big tech will be having a copy of your biometric, and consequently, all three letter agencies too. Welcome to the tyranny of big tech!
> And look at who’s doing “Data Extraction and Analysis” — Anthropic, OpenAI, and Groqcloud. Three AI companies are processing your passport and selfie data.
That's quite cool, it means that soon models will be able to create a fake ID photos with real data.
I'm so excited about it! /s
Because it's Persona you can also count on every ICE body cam that is having facial recognition performed by Palantir has access to this data.