_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
HTML Visit Hacker News on the Web
COMMENT PAGE FOR:
HTML I verified my LinkedIn identity. Here's what I handed over
mehulashah wrote 1 day ago:
This is sick.
rixed wrote 1 day ago:
> they sit invisibly between you and the platforms you trust.
Is Linkedin that "platform you trust"?
Aren't they the company that used some dark pattern to get your mail
account password so they could swallow your contacts at registration?
If you trust Linkedin you are already in trouble even before you start
scanning anything.
b8 wrote 1 day ago:
I wish more states would make this illegal like Illinois does.
hluska wrote 1 day ago:
I log into LinkedIn approximately once every five years. While this is
apparently âcareer suicideâ, I have never lost an opportunity as a
result.
Serious question:
Why do we keep putting up with this bullshit? Of course they share data
and of course Persona does fucked up shit with the data they generate
about you. LinkedIn is the same company that leaked everyoneâs
passwords. There is absolutely no reason to trust LinkedIn besides mass
hysteria. Seriously folks; we can all stop using it and then it will
die.
In LinkedIn tradition, I should end this with wild claims and hashtags.
#LinkedInKickedMyCat #winning #lackofcreativity #bueller.
Teocali wrote 1 day ago:
the moment I saw âPersonaâ n the verification page, I noped out.
bambax wrote 1 day ago:
I've been maintaining a fake LinkedIn profile for over 10 years (in
addition to the real one). It has a significant amount of connections
(people with the "open to work" badge tend to accept connection
requests from total strangers).
This fake profile often receives offers from recruiters; it's quite
fun.
I wonder if I could get it verified using a fake passport photo? I'd
try it but I'm afraid of being found out and losing it.
ymolodtsov wrote 1 day ago:
Being uselessly worried about stuff like this is such a European thing.
Wrote an extensive blog post. Is there any actual harm happening? No,
not even a hint of it, just some hypotheticals.
Itâs better to dedicate your time to interesting problems.
Crowberry wrote 1 day ago:
I did that process on a whim after being buggered for weeks on end by
LinkedIn. I immediately regretted it and realised that I had shared my
private data for a fucking linkedin badge⦠I didnât look into it
back then but this article confirms my suspicions and dreaded feeling!
simpleusername wrote 1 day ago:
I suddenly had my account locked down unless I provide my government
ID, just like [1] .
Never did LinkedIn state it was Persona carrying out the validation,
and in the email they stated the data would be promptly deleted. I'm
now learning this is not true; companies removed from LinkedIn store my
data for however long they want.
I feel this is solid grounds for a lawsuit, particularly in states such
as California.
HTML [1]: https://news.ycombinator.com/item?id=44435997
fireant wrote 1 day ago:
KYC data is the most dangerous data that can leak right now. If your CC
leaks, you will know almost immediately and can revoke it and generally
will get your money back. Password leaks can be neutered with 2FA.
Medical data leak can perhaps be used in a complex extortion, but
generally for most people this data is worthless.
KYC data on the other hand allows third party criminals who have bought
your KYC on the black market to perform money laundering in your name
(by opening bank accounts) and taking debt in your name. Generally you
won't even know this is happening until it's too late and debt
collectors come. And it's not like you can revoke your
biometrics/liveness check/selfie and who knows if revoking your
passport/id card would actually work.
IMO it's much better if a dedicated KYC processor, like Persona, with
actual security team/mindset, handles this rather than random website
inside their zendesk instance. But there still needs to be extremely
strict regulation surrounding this data.
Also while CC data will be getting less dangerous over time due to AI
fraud detection and mandated 3DS, KYC data will IMO be getting more
dangerous over time because more fintech/govtech will rely on it.
umairnadeem123 wrote 1 day ago:
The unique email technique ColinWright describes is the gold standard
for tracking data leaks and I wish more people did it. I use a
catch-all domain for this exact purpose - every service gets
service@mydomain format. The pattern is pretty clear: services that get
acquired are the worst offenders. The new parent company inherits the
data and applies their own, usually worse, privacy practices. LinkedIn
being acquired by Microsoft and then the spam starting tracks perfectly
with this. The legal framework treats acquisitions as a continuity of
service even when the privacy practices change completely.
mcintyre1994 wrote 1 day ago:
I have a LinkedIn account and I occasionally have recruiters cold phone
call me. They always tell me they got my phone number from LinkedIn.
The first time this happened I deleted my number off LinkedIn, which
was not shared according to their settings but was being used for 2FA.
I still occasionally get these calls, and I'm unsure if LinkedIn is
still letting people buy access to my deleted phone number, or if the
recruiters are just lying and getting my number from some creepy stolen
data service.
heliumtera wrote 1 day ago:
You have you identity away but at least you have a blue checkmark!
It could be a purple checkmark, thing about that!
hajix007 wrote 1 day ago:
Good to know, ty!
codr7 wrote 1 day ago:
LinkedIn is creepy even compared to Facebook imo.
And the content is the worst trash you'll find online, bottom of the
barrel.
ndom91 wrote 1 day ago:
Isn't Persona the same sub processor Discord is using for their new
age-verification :thinking:
zquestz wrote 1 day ago:
In your "WHAT YOU SHOULD DO" section, you missed the most important
thing.
Stop using LinkedIn, and stop using these terrible services that rip
away our privacy.
ceramati wrote 1 day ago:
Why can't we have an ATproto LinkedIn? It seems pretty well suited.
VerifiedReports wrote 1 day ago:
The link isn't working, but anyone handing over unnecessary data to
LinkedIn (AKA Facebook Pro) is probably too gullible to be online
safely at this point.
trinsic2 wrote 1 day ago:
If you are using Linked in for anything at this point, you are just
asking for trouble. They have no interest in maintaining a healthy
business ecosystem and you can see that with the way they try to close
you into their system and the amount of AI slop that is on that
platform.
cco wrote 1 day ago:
People who found this post interesting may also find this blog post
about Persona a good read as well: [1] tl;dr Persona shares your
identity data directly with the federal governments of the US and
Canada and likely is sharing data/works with ICE on the same.
HTML [1]: https://vmfunc.re/blog/persona/
sunaookami wrote 1 day ago:
AI slop blogspam
chickensong wrote 1 day ago:
First mistake was using LinkedIn. More mistakes were made.
CrzyLngPwd wrote 1 day ago:
Blue tick is the thin end of the wedge, as is "think of the children"
ID demands.
It won't be long before we'll be required to verify ID for every major
website.
po1nt wrote 1 day ago:
>Count them. 17 companies. 16 in the United States. 1 in Canada. Zero
in the EU.
We regulated innovation out of the market. Why are you surprises that
the only companies finding your data valuable are in the US?
danpritch wrote 1 day ago:
Maybe it's just me but I don't count tracking people as innovation.
Tell me what's innovative about it.
po1nt wrote 1 day ago:
Tracking people is dystopian. But only collection of data allowed
us to train the AI. I don't think EU has issues with tracking
people unless a private party does it.
dave_sid wrote 1 day ago:
Linkedin is the sleaziest thing Iâve seen on the internet since it
was invented. The sight of it makes my skin crawl. The way they have
desperately tried to onboard you via data that they seem to have that
they shouldnât. The way users even present themselves, posting
updates that probably make them want to vomit themselves and shower in
disgust even tho itâs not their fault, we need to find work. The
bloody badge that you have to wear on your forehead to say you are
available for work. The thought of the money they are raking in from
recruiters and corporations. The way they try to be a little bit more
like Facebook to make it look a little more âfunâ. I hate it.
Well they made it. They conquered the recruitment scene and I canât
think of a company Iâd wish had gone out of business sooner.
Am I wrong?
Exoristos wrote 1 day ago:
I do find them the most loathsome of the social media platforms I
visit. But here's another point -- recent investigations have shown
they're not as good a resource for finding jobs anymore[0].
0.
HTML [1]: https://www.inc.com/joe-procopio/you-cant-find-a-job-because...
dave_sid wrote 1 day ago:
Interesting article.
ollybrinkman wrote 1 day ago:
The deeper issue here is that centralized identity verification creates
honeypots. You hand over real identity data to verify yourself, and now
that data lives in LinkedIn's systems indefinitely. The alternative
direction is zero-knowledge proofs for identity â prove you're a real
person without revealing which person. Projects like World ID are going
this direction. The irony is that for AI agents, none of this matters:
they don't have identities to verify, which is actually a feature.
mamma_mia wrote 1 day ago:
I've never used linkedin and have been more than fine, I feel that like
with most social media that noise makes it seem more important than it
is
kburman wrote 1 day ago:
I don't get the whole idea of treating identity verification as a
private enterprise problem. I realize it's easy to just blame LinkedIn
or Microsoft here, but the core issue is architectural. We are trying
to solve a public utility problem by building private honeypots.
The government should provide an API or interface to validate a user,
essentially acting just like an SSO. Instead of forcing users to upload
raw passport scans to a third-party data broker, LinkedIn should just
hit a government endpoint that returns an anonymized token or a simple
boolean confirming "yes, this is a real, unique person." It gives
platforms the sybil resistance they need without leaking the underlying
PII.
egorfine wrote 1 day ago:
We have exactly that in Ukraine. And in Poland. And in many other
countries.
This does not conform to the requirements of american KYC/AML
provisions that require KYC service to store and leak PII.
flumpcakes wrote 1 day ago:
I am about to talk about "vibes" and "feelings" so please take this
with a grain of salt:
Does anyone else get the impression that they feel like the nefarious
surveillance state is now real and definitely not for their benefit?
It's been a long running trope of the men in black, and the state
listening to your phone calls, etc. Even after Snowdon's leaks, where
we learned that there are these massive dragnets scooping up personal
information, it didn't feel real. It felt distant and possibly could
have been a "probably good thing" that is it was needed to catch "the
real bad guys".
It feels different now. Since last year, it feels like the walls are
closing in a bit and that now the US is becoming... well, I can't find
the words, but it's not good.
weird_tentacles wrote 1 day ago:
You are slooowwly waking up.
snowhale wrote 1 day ago:
the Persona CEO response addresses the AI training concern but totally
sidesteps the CLOUD Act issue. doesn't matter where data is stored --
if Persona or any of their US-based subprocessors get a US national
security letter, that data is accessible. "deleted within 30 days" also
means it exists for up to 30 days, which is plenty of time for a legal
demand.
IOT_Apprentice wrote 1 day ago:
So LinkedInâs 1st CEO Reid Hoffman who was all up in relationships
with Epstein & Bone Saw, yakking it up with monsters is the place to
store your employment history? To provide a blue checkmark? To feed
into copliot & be sold to AI weapons vendors & gruesome thugs like
Palantirâs CEO & Chairman? Yikes.
g8oz wrote 1 day ago:
It seems to me that if you let Persona verify your identity you're
essentially providing data enrichment for the US government. In
exchange for what? A blue tick from a feeder platform like LinkedIn,
Reddit or Discord? No thanks.
On the other hand it can be hard to escape if it's for something that
actually matters. Coursera is a customer. You might want your course
achievements authenticated. The Canada Media Fund arranges monies for
Canadian creators when their work lines up with various government
sponsored DEI incentives. If you're in this world you will surely use
Persona as required by them. Maybe you're applying for a trading
account with Wealthsimple and have to have your ID verified. Or you
want to rent a Lime Scooter and have to use them as part of the age
verification process.
KYC platforms have a place. But we need legal guarantees around the use
of our data. And places like Canada and Europe that are having
discussions about digital sovereignty need to prioritize the creation
of local alternatives.
tokenless wrote 1 day ago:
> On the other hand it can be hard to escape if it's for something
that actually matters.
E.g. Job applications, rental references, clearance at existing jobs,
citizenship and visa applications, digital signing for things like
business contracts.
egorfine wrote 1 day ago:
> KYC platforms have a place
Yes. In hell.
rsync wrote 1 day ago:
No, in banking.
Banks are in a unique and perfect place to collect and require KYC
data.
Because of the exorbitant privileges given to banks by state actors
it should be easy to demand that the banks KYC be extensible to all
other private transactions.
Which is to say: if the banks do KYC, nobody else has to.
peter_retief wrote 1 day ago:
My ISP and my bank decided they needed my biometrics to have an
account, same sort of thing
aylmao wrote 1 day ago:
I'll note that Persona's CEO responded on LinkedIn [1] pointing out
that:
- No personal data processed is used for AI/model training. Data is
exclusively used to confirm your identity.
- All biometric personal data is deleted immediately after
processing.
- All other personal data processed is automatically deleted within
30 days. Data is retained during this period to help users
troubleshoot.
- The only subprocessors (8) used to verify your identity are: AWS,
Confluent, DBT, ElasticSearch, Google Cloud Platform, MongoDB, Sigma
Computing, Snowflake
The full list of sub-processors seems to be a catch-all for all the
services they provide, which includes background checks, document
processing, etc. identity verification being just one of them.
I have I've worked on projects that require legal to get involved and
you do end up with documents that sound excessively broad. I can see
how one can paint a much grimmer picture from documents than what's
happening in reality. It's good to point it out and force clarity out
of these types of services.
[1]
HTML [1]: https://www.linkedin.com/feed/update/urn:li:activity:743061549...
corry wrote 1 day ago:
I mean...
1) This is 'trust me bro' with more details
2) 'After processing' is wide enough to drive a truck through. What
if processing takes a year? What if processing is defined as
something involving recurring checks?
3) You have no contract with Persona or even LinkedIn beyond the fact
that you agreed to LinkedIn's TOS (but didn't even read).
4) The company that acquires or takes-private Persona might have a
very different of how it handles this.
5) What does verifying do for you, the user? I understand its value
to LinkedIn and their ability to sell your attention to advertisers,
but what do YOU gain?
frm88 wrote 1 day ago:
Persona Identity, Inc. is a Peter Thiel-backed venture that offers
Know Your Customer (KYC) and Anti-Money Laundering (AML) solutions
that leverage biometric identity checks to estimate a userâs age
that use a proprietary âliveliness checkâ meant to distinguish
between real people and AI-generated identities.
Once a user verifies their identity with Persona, the software
performs 269 distinct verification checks and scours the internet and
government sources for potential matches, such as by matching your
face to politically exposed persons (PEPs), and generating risk and
similarity scores for each individual. IP addresses, browser
fingerprints, device fingerprints, government ID numbers, phone
numbers, names, faces, and even selfie backgrounds are analyzed and
retained for up to three years.
There are so many keywords in there that should raise a red flag, but
funded by Peter Thiel should probably be enough.
HTML [1]: https://www.therage.co/persona-age-verification/
torginus wrote 1 day ago:
My favourite 'thing' in the modern world is that 'we don't process
and store your data' has taken to mean - 'we don't process and store
your data - our partner does'.
Which might not even be stated explicitly, it might be that they just
move it somewhere and then pass it on again, at which point its
outside the legal jurisdiction of your country's ability to enforce
data protection measures.
Even if such a scheme is not legal, the fact that your data moves
through multiple countries with different data protection measures,
enforcing your rights seems basically impossible.
mikkupikku wrote 1 day ago:
"We don't sell your data" translates to "we sell OUR data about
you".
They would never admit the data belongs to you while selling it.
When they sell it, they declare themselves the owners of that data,
which they derived from things you uploaded or told them, so
they're never selling your data according to their lawyers.
Another thing they like to do is sell the use or access to this
data, without transferring the legal rights to the data, so they
can say with a straight face they never sold the data. Google
loves this loophole and people here even defend it.
wackget wrote 1 day ago:
"The only subprocessors used to verify your identity are"... some of
the biggest data mining companies on the planet. Excellent.
keepamovin wrote 1 day ago:
This is not the concern for me. I thought the risk was obvious to
everyone. Tho I've been tempted because it means I'll "have more
interactions" or whatever LinkedIn pitches with, I didn't want to put
a public signal out there with yes: "This is my real name, real job,
real city" - to me it's like a pre-vetted database of marks for
identity theft criminals or whatnot. You know?
I thought everyone, at least in security would be somewhat concerned
about this, but they're not. I get the benefits, and I want to enjoy
those benefits too. I'd much prefer if I could privately confirm my
name using IDs (zero problem with that) but then not have to show it
or an exact profile photo. I'm sure there's a cryptographic way for
my identity to be proven to any who I chose to prove it to who
required such bona fides. I dislike the surface of "proven identity
for everyone". You know?
This to me is the far more important thing than: "security focused
biometric company processed my data, therefore being rational and
modern I will now have a meltdown." Everytime you drive, use a
payment method linked to your name, use your plan phone, your laptop,
go to a venue that ID scans, make a rental, catch a flight, cross a
border, etc, your ID (or telemetric equivalents sufficient to ID you)
is processed by some digital entity. If you will revolt against the
principle of "my government issued and not-truly-mine-anyway ID
documents, or other provided bona fides are being read by digital
entities contracted to do that", it seems nonsensical.
I think the bigger risk is always taking a photo of your passport and
putting it on the internet, which is basically what the current LI
verification means. Casual OSINT on a verified profile likely reveals
the exact birthday (or cross-referenced on other platforms), via
"happy birthday" type posts. How old am I type image AI can give you
rough years.
the_nexus_guard wrote 1 day ago:
> I'm sure there's a cryptographic way for my identity to be proven
to any who I chose to prove it to
There is. The pattern is: generate a keypair locally, derive a DID
(decentralized identifier) from the public key, and then
selectively prove your identity to specific verifiers using digital
signatures. No central authority ever holds your private key.
The key difference from the LinkedIn model: you never hand
biometric data to a third party. Instead, you hold a cryptographic
identity that you control. If someone needs to verify you, they
check a signature â not a database. You can prove you're the same
entity across interactions without revealing anything about who you
are in the physical world.
This is exactly the approach behind things like W3C DIDs and
Verifiable Credentials. The crypto has been solved for years; the
adoption problem is that platforms like LinkedIn have no incentive
to give users self-sovereign identity when the current model lets
them be the middleman.
I've been building an open implementation of this for AI agents
(where the identity problem is arguably even worse â there's no
passport to scan): [1] . But the same cryptographic primitives
apply to human identity too.
HTML [1]: https://github.com/The-Nexus-Guard/aip
pyrale wrote 1 day ago:
> pointing out that
Certainly, you mean: "claiming that".
In the terms of Mandy Rice-Davies [1], "well he would, wouldn't he?"
Especially, his claim that the data isn't used for training by
companies that are publicly known to have illegally acquired data to
train their models doesn't look very serious.
[1]
HTML [1]: https://en.wikipedia.org/wiki/Well_he_would,_wouldn%27t_he%3...
dataflow wrote 1 day ago:
If he's really so confident these assurances will stand scrutiny then
why doesn't he put them in the agreement and provide legal assurance
to that effect?
hansmayer wrote 1 day ago:
Right, because as seen over the last several years, the Big Tech CEOs
should totally be trusted on their promises, especially if it is
related to how our sensitive personal data is stored and processed.
This goes even wtihout knowing who is one of the better known
"personas" investing in Persona.
whatever1 wrote 1 day ago:
Facebook at some period was pushing users to enable 2fa for security
reasons, and guess what they did with the phone numbers they
collected.
mdani wrote 1 day ago:
I am wondering what the 'sub-processor' means here. Am I right in
assuming that the Persona architecture uses Kafka, S3 data lake in
AWS and GCP, Elastic Search, MongoDB for configuration or user
metadata, and Snowflake for analytics, thus all these end up on
sub-processle list as the data physically touches these company's
products or infra hosted outside Persona? I hope all these aren't
providing their own identity services and all of them aren't seeing
my passport for further validation.
YorickPeterse wrote 1 day ago:
Ah yes, because companies never lie about how they process your
data...
singleshot_ wrote 1 day ago:
Why would anyone believe this?
barryhennessy wrote 1 day ago:
As an industry we really need a better way to tell whatâs going g
where than:
- someone finally reading the T&Cs
- legal drafting the T&Cs as broadly as possible
- the actual systems running at the time matching whatâs in the
T&Cs when legal last checked in
Maybe this is a point to make to the Persona CEO. If he wants to
avoid a public issue like this then maybe some engineering effort and
investment in this direction would be in his best interest.
smw wrote 1 day ago:
What possible use legitimate use is Snowflake in verifying your
identity? ES?
rawgabbit wrote 1 day ago:
It's probably used to aggregate all their data sources to compile
profiles. They then match the passport against their database of
profiles. To say, yup, this passport is for real person; not a
deceased person whose identity was stolen for example.
rawgabbit wrote 1 day ago:
This reads like their entire software stack. I donât understand the
role
ElasticSearch plays; are people still using it for search?
Infrastructure:
AWS and Google Cloud Platform
Database: MongoDB
ETL/ELT: Confluent and
DBT
Data Warehouse and Reporting: Sigma Computing and Snowflake
godelski wrote 1 day ago:
> - All biometric personal data is deleted immediately after
processing.
The implication is that biometric data leaves the device. Is that
even a requirement? Shouldn't that be processed on device, in memory,
and only some hash + salt leave? Isn't this how passwords work?
I'm not a security expert so please correct me. Or if I'm on the
right track please add more nuance because I'd like to know more and
I'm sure others are interested
wholinator2 wrote 1 day ago:
I'm not an expert but i imagine bio data being much less exact than
a password. Hashes work on passwords because you can be sure that
only the exact date would allow entry, but something like a face
scan or fingerprint is never _exactly_ the same. One major tenant
that makes hashes secure is that changing any singlw bit of input
changes the entirety of the output. So hashes will by definition
never allow the fuzzy authentication that's required with biodata.
Maybe there's a different way to keep that secure? I'm not sure but
you'd never be able to open your phone again if it requires a 100%
match against your original data.
godelski wrote 1 day ago:
I'd assume they'd use something akin to a perceptual hash.
Btw, hashes aren't unique. I really do mean that an input doesn't
have a unique output. If f(x)=y then there is some z such that
f(z)=y.
Remember, a hash is a "one way function". It isn't invertible
(that would defeat the purpose!). It is a surjective function.
Meaning that reversing the function results in a non-unique
output. In the hash style you're thinking of you try to make the
output range so large that the likelihood of a collision is low
(a salt making it even harder), but in a perceptual hash you want
collisions, but only from certain subsets of the input.
In a typical hash your collision input should be in a random
location (knowing x doesn't inform us about z). Knowledge of the
input shouldn't give you knowledge of a valid collision. But in a
perceptual hash you want collisions to be known. To exist in a
localized region of the input (all z are near x. Perturbations of
x).
HTML [1]: https://en.wikipedia.org/wiki/Perceptual_hashing
Delk wrote 1 day ago:
> Remember, a hash is a "one way function". It isn't invertible
(that would defeat the purpose!). It is a surjective function.
Meaning that reversing the function results in a non-unique
output.
This is a bit of a nitpick and not even relevant to the topic,
but that's not the reason cryptographic hashes are (assumed to
be) one-way functions. You could in principle have a function
f: X -> Y that's not invertible but for which the set of every
x that give a particular y could be tractably computed given y.
In that case f would not be a one-way function in the
computational sense.
Cryptographic hashes are practically treated as one-way
functions because the inverse computation would take an
intractable amount of time.
vinay_ys wrote 1 day ago:
> that require legal to get involved and you do end up with documents
that sound excessively broad
If you let your legal team use such broad CYA language, it is usually
because you are not sure what's going on and want CYA, or you
actually want to keep the door open for broader use with those
broader permissive legal terms.
On the other hand, if you are sure that you will preserve user's
privacy as you are stating in marketing materials, then you should
put it in legal writing explicitly.
SilverElfin wrote 1 day ago:
Why would we believe they are deleted after processing and not shared
with the government?
astura wrote 1 day ago:
What's the government going to do with a picture of the ID they,
themselves issued to you?
Biganon wrote 1 day ago:
TIL the US government issued my Swiss passport
Jolter wrote 1 day ago:
Keep in mind for most users of the service, the ID was not issued
by the US government.
SilverElfin wrote 1 day ago:
As an example, the state government may issue a particular ID
that I use in several different places. But the federal
government did not issue that ID to me.
attila-lendvai wrote 1 day ago:
it's one service collecting ID's issued by dozens of governments.
the already too centralized is being made even more centralized
here.
JoshTriplett wrote 1 day ago:
Associate it with the specific service they don't want you using,
or transactions they don't want you making, or conversations and
connections they don't want you having.
egorfine wrote 1 day ago:
A KYC provider is a company that doesn't start with neutral trust. It
starts with a huge negative trust.
Thus it is impossible to believe his words.
jcheng wrote 1 day ago:
Can you say more? Why isn't it neutral or slightly positive? I
would assume that a KYC provider would want to protect their
reputation more than the average company. If I were choosing a KYC
provider I would definitely want to choose the one that had not
been subject to any privacy scandals, and there are no network
effects or monopoly power to protect them.
egorfine wrote 1 day ago:
> Why isn't it neutral or slightly positive?
Because KYC is evil in itself and if the linked article does not
explain to you why is that then I certainly cannot.
> KYC provider would want to protect their reputation more than
the average company
False. It is exactly the opposite. See, there are no
repercussions for leaking customers data, while properly securing
said data is expensive and creates operational friction. Thus,
there are NO incentives to protect data while there ARE
incentives to care as less as possible.
Bear in mind that KYC is a service that no one wants, anll
customers are forced and everybody hates it: customers, users,
companies.
chowells wrote 1 day ago:
I want KYC. I want AML. I want reversible transactions. I also
want all of those things to be well regulated by a responsive
and reasonable regulatory body.
They may have cases where they break down, but their net social
impact is positive.
mikkupikku wrote 1 day ago:
We're talking about LinkedIn, not banking. KYC and AML with
respect to banks is a privacy tradeoff that is required by
law, after public debate from legally elected
representatives. With LinkedIn, it's none of that.
flumpcakes wrote 1 day ago:
What does the (I assume) acronym KYC mean?
astura wrote 1 day ago:
Know your customer
HTML [1]: https://en.wikipedia.org/wiki/Know_your_customer
egorfine wrote 1 day ago:
Kill Your Customer.
tripdout wrote 1 day ago:
Know Your Customer
kwar13 wrote 1 day ago:
this is just "trust me bro" with more words. even if true, the point
is not what they do right now, the point is what they CAN do, which
clearly as pointed in terms is a lot more than that.
y-c-o-m-b wrote 1 day ago:
All of which is meaningless if it's not reflected properly in their
legal documents/terms. I've had interactions with the Flock CEO here
on Hacker News and he also tried to reassure us that nothing fishy
is/was going on. Take it with a grain of salt.
jeffybefffy519 wrote 1 day ago:
Yup exactly, if this is the truth then put it on the terms/privacy
policy etc... exec's say anything these days with zero consequences
for lieing in a public forum.
nashashmi wrote 1 day ago:
Can a ceo's word on linkedin and X be used to make claims against
them?
throwaway2037 wrote 1 day ago:
Absolutely. I don't know what legal jurisdiction they are
subject to, but I could imagine that someone tries to sue an EU
division/outpost in an EU court under a GPDR-type of petition,
these posts would be submitted as evidence. One could easily
argue the CEO is acting on behalf of the company by posting using
their real name. (Let's presume there is no identity fraud for
these posts.)
And don't forget that Elon Musk was tried in the US for
defamation after making a bunch of posts on Twitter against some
UK citizens. Assuming that you are posting under your real name,
you are definitely legally responsible for those words.
shimman wrote 1 day ago:
Why anyone would trust the executives at any company when they are
only incentivized to lie, cheat, and steal is beyond me. It's a
lesson every generation is hellbent on learning again and against
and again.
It use to be the default belief, throughout all of humanity, on how
greed is bad and dangerous; yet for the last 100 years you'd think
the complete opposite was the norm.
godelski wrote 1 day ago:
> when they are only incentivized to lie, cheat, and steal
The fact that they are allowed to do this is beyond me.
The fact that they do this is destructive to innovation and I'm
not sure why we pretend it enables innovation. There's a
thousands multi million dollar companies that I'm confident most
users here could implement, but the major reason many don't is
because to actually do it is far harder than what those companies
build. People who understand that an unlisted link is not an
actual security measure, that things need to actually be under
lock and key.
I'm not saying we should go so far as make mistakes so punishable
that no one can do anything but there needs to be some bar.
There's so much gross incompetence that we're not even talking
about incompetence; a far ways away from mistakes by competent
people.
We are filtering out those with basic ethics. That's not a system
we should be encouraging
judahmeek wrote 1 day ago:
Because the liars who have already profited from lying will
defend the current system.
The best fix that we can work on now in America is repealing
the 17th amendment to restrengthen the federal system as a
check on populist impulses, which can easily be manipulated by
liars.
godelski wrote 1 day ago:
> Because the liars who have already profited from lying will
defend the current system.
Okay? And so we just have to deal with it? Give up? Throw in
the towel? Not push back?
> repealing the 17th amendment
Did you read your first sentence?
*By your own logic,* the liars who have already profited from
lying will appoint those who will help them defend the
current system.
shimman wrote 1 day ago:
lol what the fuck, no. Can't believe you look at the current
system and think "you know what, political parties should be
able to choose senators not the citizens." Good lord.
touristtam wrote 1 day ago:
So your senators were appointed before that? No election
needed?
bitwize wrote 1 day ago:
Yes, by state legislatures. The concept was the Senate
would reflect the states' interests, whereas the House
would reflect the people's interests, in matters of federal
legislation.
throwaway2037 wrote 1 day ago:
For those unaware, the German Federal democratic system
works in a similar way. They have two houses: the
Bundestag (directly elected) and the Bundesrat (appointed
by state legistatures). As a outsider, their democracy
appears to be very high functioning, which demonstrates
this form of democracy can work well.
logifail wrote 1 day ago:
> their democracy appears to be very high functioning,
which demonstrates this form of democracy can work well
This probably depends on your definition of "working
well".
In March 2025, after the last Federal elections were
held in Germany (February 2025), but before the new
parliament was constituted (within 30 days of the
results?), the new governing coalition engineered a
constitutional amendment which required a supermajority
which they would not have in the new parliament, so
instead they held the vote in the old parliament. [1]
This was perfectly legal, although if you explain it to
an outsider it might seem like an abuse of process.
HTML [1]: https://www.nytimes.com/2025/03/18/world/europ...
saghm wrote 1 day ago:
I'm not convinced there's any significant overlap between "people who
are worried about which subprocessors have their data" and "people
who don't think that eight subprocessors is a lot"
__float wrote 1 day ago:
I mean, two of them are cloud vendors. The rest just seem like very
boring components of a (somewhat) modern data pipeline.
majormajor wrote 1 day ago:
But why believe that when their policy says any of it may not be
true, or could change at any time?
Even if the CEO believes it right now, what if the team responsible
for the automatic-deletion merely did a soft-delete instead of a hard
delete "just in case we want to use it for something else one day"?
BorisMelnik wrote 1 day ago:
I dont believe that for one second. I can think of many examples of
times CEO's have said things publicly that were not or ended up
being not true!
paulnpace wrote 1 day ago:
Whelp, so long as the CEO says it's fine, we've no reason to worry
about what's in the legal verbiage.
lysace wrote 1 day ago:
All of those statements require trust and/or the credible threat of a
big stick.
Trust needs to earned. It hasn't been.
The big stick doesn't really exist.
lacoolj wrote 1 day ago:
This is a little unnerving because I know I've had to provide similar
ID verification somewhere online, but I can't remember where. And
based on everything here, it was almost certainly Persona.
I guess I'll just be in the corner crossing my fingers none of it is
found in a hostile foreign land or used against me.
the_real_cher wrote 1 day ago:
Modern day LinkedIn is a terrible company that violates privacy as bad
as any other social media company.
Also, the content on LinkedIn is terrible and fake.
Need to start shunning these bad actors.
tagami wrote 1 day ago:
Thank you for doing and sharing what I was hesitant to do. Now I know
with good reason why.
puszczyk wrote 1 day ago:
This is a good write-up and useful content, but edit-wise it could be
simplified significantly. Additionally, phrases like "let that sink in"
are characteristic of poor LinkedIn content, which is a bit of an irony
:)
edoceo wrote 1 day ago:
I've been getting "Emails arenât getting through to one of your email
addresses. Please update or confirm your email." -- even tho I get
messages from them every day. When you press the button to confirm the
(working) email it states "Something went wrong".
It happened last week too, I was able to fix it via their chat-help
(human). Yesterday, their chat-help (human) was not able fix it and
has to open a ticket. I pay for LinkedIn-Premium. So maybe this is
just a scam to route me into Verification. Their help documents ( [1]
) for verifying emails doesn't match the current user experience.
Then, in a classic tech-paradox, their phone support person told me
they would email me -- on the same address their system reports emails
are not getting through to. It felt like 1996 levels of understanding.
We need to get back to de-centralised.
HTML [1]: https://www.linkedin.com/help/linkedin/answer/a1423367
1over137 wrote 1 day ago:
> Emails arenât getting through to one of your email addresses
Do you block remote image loading? They are probably measuring via
tracking pixels.
edoceo wrote 1 day ago:
Good idea -- I've not loaded images since...ever, I still prefer
the text/plain part. Like an idiot I assumed they were getting an
error message from the MTA. But then what if they deliver but I
never open?
b00ty4breakfast wrote 1 day ago:
I have no proof but I have suspicions that call-center systems are
designed like this on purpose. low-level employees are hamstrung in
what they can do, so then they have to hand it off to someone else,
with varying degrees of ceremony, which either involves submitting a
"ticket" or transferring you to some other department who may or may
not have higher privileges wrt what they can do to help you.
Then you might hit a wall where nobody can do anything because you're
trapped in the gears of some byzantine IT system that decides what
can and can't happen at any given time with any given situation.
Then there's the labyrinth of the phone system itself littered
low-bit smooth jazz and awful menus not often alleviated by AI voice
recognition (which in my experience can sometimes be worse than the
older voice systems) and the back and forth from one department to
the next either because of the above or because someone or something
keeps sending you to the wrong people to get your problems addressed.
If it's not engineered, it's some kinda emergent eldritch
abomination that has slowly accreted over the decades.
aestetix wrote 1 day ago:
Peter Thiel knows about the anti-christ...
rambojohnson wrote 1 day ago:
everyone on linkedin sounds like chatgpt / claude.
hliyan wrote 1 day ago:
Here's what I found the most frightenting:
> Hesitation detection â they tracked whether I paused during the
process
> They use uploaded images of identity documents â thatâs my
passport â to train their AI.
> Personaâs Terms of Service cap their liability at $50 USD.
> They also include mandatory binding arbitration â no court, no
jury, no class action.
afh1 wrote 1 day ago:
>The legal basis? Not consent.
You read and agreed with the terms explicitly stating the data would be
used to do those things, and it was not at all necessary for you to do
that. What else do you want? It seems like consent isn't the issue. You
just don't like what this company does, and still volunteer your data
for them to do just that. Now you regret it and write a blog post?
One thing is to be tricked or misled, or for a government to force your
face to be scanned and shared with a third party. Another is to have
terms explicitly saying this will be done, requiring explicit
agreement, and no one forcing you to do it.
jungturk wrote 1 day ago:
"Consent" and "Legitimate Interest" are legal terminology - they're
two bases defined in GDPR and have different implications and
requirements for balancing user and processor interests.
When the author says that Persona claims the "legitimate interest"
basis for these data, they're saying that Persona is trying to
achieve maximum flexibility for using the data (since "consent"
generally requires specific agreement on a specific use for the data,
and the burden of maintaining the consent records, where "legitimate
interest" does not).
HTML [1]: https://www.bulletproof.co.uk/blog/consent-vs-legitimate-int...
wat10000 wrote 1 day ago:
The plans were on file in a disused lavatory with a sign in the door
saying Beware of the Leopard.
rmccue wrote 1 day ago:
They consented to their data being used to verify their identity, not
to train an AI on their data. Each separate purpose the data is being
processed for needs its own basis.
SilverElfin wrote 1 day ago:
> no one forcing you to do it
This is where I disagree. You basically have to use LinkedIn to
participate in todayâs job market. These large platforms that are
protected by network effects should be highly regulated so they
cannot abuse your privacy and rights.
p-e-w wrote 1 day ago:
Most privacy issues with todayâs technology industry are caused
by companies behaving like private service providers, when in
practice they are somewhere between public utilities and government
agencies in terms of their necessity and inevitability.
In many companies, you donât need to bother applying without a
LinkedIn profile. Youâre not even going to be considered for a
position, full stop.
skywhopper wrote 1 day ago:
This is all bad, but I feel compelled to call out the âgeolocation
(inferred from your IP)â tidbit, because I can vouch that in the era
of IPv4 scarcity, this value is often wildly wrong. When Iâm at home,
for the past 10 years, living in three different cities in that time,
my ISP-granted IP address registered as incorrect locations (often by
hundreds of miles) more often than not. And my mobile phone is always
wrong, showing me in Colorado, St Louis, or North Carolina depending on
the day. None of those locations are even close to correct.
Itâs truly a shame we are allowing these companies to steal and share
and abuse our personal data, and itâs even worse that even the very
basics of that data are so often blatantly wrong.
yapyap wrote 1 day ago:
welp, yikes
keithluu wrote 1 day ago:
I believe OpenAI used Persona during the verification step that you
must complete to use their SOTA models in the API. Not sure if it's
still the case now.
Anyway, I found that too much of a hassle and switched to other LLM
providers.
Aldipower wrote 1 day ago:
I just registered at platform.OpenAI.com two days ago for MCP Apps
registration and had to do the Persona process! Now I could cry.
8cvor6j844qw_d6 wrote 1 day ago:
Similar experience here.
A few months back I was evaluating one of the GPT-5 models for a side
project. Turns out streaming via the API requires org verification,
and I decided to look elsewhere.
In hindsight, a good decision given what just came out about Persona.
DonThomasitos wrote 1 day ago:
LinkedIn is Tiktokified social media brainrot disguised as serious
work. âHey - youâre not wasting time, youâre building your
network and gather industry knowledge!â
LinkedIn is full if so called professionals who make a living by
leveraging their brand. If youâre not one of them, leave
Aurornis wrote 1 day ago:
Most people donât log in to LinkedIn to check the feed. They
donât interact with the feed at all.
Itâs used for keeping contacts, having your online resume in a
standard place, and maybe messaging people.
The feed is a sideshow. It enrages a lot of people because itâs
full of slop, but you need to treat it like almost everyone else:
Ignore it. Itâs a sideshow.
nicbou wrote 1 day ago:
I use it as write-only media and I had an okay experience. I have met
a lot of people IRL through LinkedIn.
dboreham wrote 1 day ago:
Kind of. I've had a strict policy since LinkedIn launched of only
connecting with people I've actually met and had at least some
meaningful conversation with. Most of my contacts are former work
colleagues. I think this makes my feed and audience a bit less spammy
and grifty.
ericmay wrote 1 day ago:
Never connect with anyone you havenât met. If a work colleague or
someone is on a call and doesnât use video, no connection either.
Donât upload and store your resume on LinkedIn. There is no
reason to do so.
Also, I donât recall where this setting is, but make the default
behavior such that if someone finds you and tries to connect with
you, they actually follow you instead. This cuts down aggressively
on spammers because in order to actually connect with you they
would have to view your profile, open the ⦠menu, and then click
connect. If they arenât paying attention theyâll just follow
you instead of connect which means you can broadcast to them but
they canât broadcast to you.
IshKebab wrote 1 day ago:
Why? It's pretty useful for connecting with recruiters in my
experience, and I don't think anyone can actually do anything
just because they have a connection with you.
I do ignore the connections from random students though tbf.
ericmay wrote 1 day ago:
Connecting with recruiters is mostly a waste of time, and
generally anyone can just fake being a recruiter. Once someone
has a connection with you they can see your extended network,
they know where you work, they find out all information you
have shared with on your profile, &c. The recruiter may be
using you to connect with someone else. You also start to
consume their content since you are connected. Better to let
them follow you and then when it's time to reach out to offer
you a job/send an in-mail.
Generally speaking, unless you operate at an elite level or at
an elite institution, you're not getting a ton of worthwhile
cold intros from recruiters.
IshKebab wrote 1 day ago:
> Connecting with recruiters is mostly a waste of time
Probably depends on the field but this definitely isn't
always true. I've got my last two jobs through recruiters,
and speaking to colleagues a lot of them do too.
> they can see your extended network, they know where you
work, they find out all information you have shared with on
your profile
This is public anyway though? Isn't that the point of
LinkedIn?
> You also start to consume their content since you are
connected.
I don't because I don't read LinkedIn. I pretty much only use
it to get jobs. Although I have actually started posting
technical stuff I've done there because people actually read
it (I guess other people do read LinkedIn tbf!)
> Generally speaking, unless you operate at an elite level or
at an elite institution, you're not getting a ton of
worthwhile cold intros from recruiters.
I'm definitely not elite level and I would say ~20% of the
jobs I get from LinkedIn recruiters are of interest. That's
pretty good! Almost all of them are at least relevant to my
field (silicon verification). Sometimes I get stuff about
mechanical engineering validation, or software jobs that
aren't relevant but that's pretty rare. It must depend on the
field. Maybe the country too?
ericmay wrote 1 day ago:
> This is public anyway though? Isn't that the point of
LinkedIn?
You can limit this. I don't think it's necessarily the
point of LinkedIn - i.e. for others to connect with you and
then have full visibility into all of the details of
everyone you know and whatever you have on your profile.
It's a bit naive to assume that operating in this manner
doesn't make you a prime target for scammers, social
engineers, hackers, &c., or even worse - solicitors.
> My experience is different
Yea, everyone has different experiences. I'm just
describing how the platform generally works, as a matter of
fact.
sigwinch wrote 1 day ago:
Last year, someoneâs experience when LinkedIn required interacting
with Persona:
HTML [1]: https://news.ycombinator.com/item?id=44435997
tagyro wrote 2 days ago:
I almost fell for a very sophisticated phishing attack last December
and most of the "verifiable" information was from my LinkedIn account.
For each role I had described some of the tasks and accomplishments and
this was used in the phishing message.
Since then, I removed my photo, changed my name only to initials and
removed all the role-specific information.
It's a bit of a bummer as I'm currently in the process of looking for a
new job and unfortunately having a LinkedIn profile is still required
in some places, but once I find it, I'll delete my profile.
randycupertino wrote 1 day ago:
I'm routinely shocked how biased people I work with are against
individuals without a linkedin page. So many hiring managers across
15 years in my industry won't consider people without pages. One guy
goes on rants how people are "sketchy" if they don't have a verified
page and a lot of skill endorsements and testimonials! He'll pull up
our vendors pages and check them out during meetings, complain if it
isn't available or complete. I used to keep mine very minimal and
locked down but I felt pressure from peers to flesh is out and keep
it public which I hate.
Aurornis wrote 1 day ago:
I agree for in-person jobs.
For remote jobs with remote interviews, not having a LinkedIn page
or having a LinkedIn page full of generic information that can be
disproven by a quick background check are common traits of scam
applicants.
A friendâs employer started requiring more verification after
they hired a group of remote workers who would some times connect
from North Korean IPs when they made a mistake with their VPN.
veltas wrote 2 days ago:
Persona just got hacked so we're off to a good start.
kopollo wrote 2 days ago:
The only thing left is for them to want our asses.
replwoacause wrote 2 days ago:
Good write up I guess, but I'm just so tired of all the AI-isms in
every damn thing.
"Your European passport is one quiet subpoena away"
Why does the subpoena need to be quiet? If I search my chats with
ChatGPT for the word "quiet", I get a ridiculous number of results.
"Quietly this, quietly that". It's almost like the new em dash.
There's many others all over this blog post I won't bother calling out.
"Understanding what I actually agreed to took me an entire weekend
reading 34 pages of legal documents."
Yeah I'll bet it did. Or it took an hour of back and forth with ChatGPT
loaded up with those 34 pages.
I get it, we all use AI, but I'm just so tired of seeing the
unmistakable mark of AI language all over every single thing. For some
reason it just makes me think "this person is lazy". The CEO of a
company my friend works for used Claude to write an important letter to
business partners recently and we were all galled at her lack of
awareness of how AI-sloppified the thing was. I guess people just don't
care anymore.
ceroxylon wrote 1 day ago:
I also find AI trope-ification articles exhausting to read, there's a
reason I've fine tuned my system prompts to wipe all of it away. This
reads like "Hey Gemini, I verified my passport on LinkedIn, write an
impassioned exposé on Persona's privacy policy".
When people leave in things like staccato language and Blogspot era
emphasis, I feel like I might as well copy the Persona privacy policy
and prompt my own AI(s) on the topic and read that instead.
ziml77 wrote 1 day ago:
> Or it took an hour of back and forth with ChatGPT loaded up with
those 34 pages.
That's exactly what I was thinking when I read that line. And there's
nothing necessarily wrong with using AI to help decipher large legal
documents, just be honest about it.
roywiggins wrote 1 day ago:
Or just verify and write up its findings yourself, this is like
pasting notes from a research assistant in verbatim. It comes
across as pretty lazy!
brainless wrote 2 days ago:
I am in India and this is the reason I have not verified till now. I do
not know how LinkedIn has the audacity to ask for this level of
personal detail. This seems dystopian to me.
LinkedIn is a social network and I wish there was an alternative.
sdkfjhdsjk wrote 1 day ago:
I am in the USA (regrettably--my nation was conquered and subjugated
long ago) and it IS dystopian, but there IS an alternative.
The alternative is stay far away from digital slavery. Keep out of
the slaughterhouse. Never approach it, and denounce it with every
breath and fiber of your being.
Do you have a phone? It's a surveillance device. Its entire purpose
from day one was to enslave you. Do not participate.
The question is, how much are you willing to give up in order to
obtain freedom? What lengths will you go to? How badly do you really
want it?
sanex wrote 2 days ago:
Those 17 sub processors are probably the most vanilla cloud computing
companies you're going to find. Maybe you can complain about using one
of the three LLM providers for doing OCR but there have been quite a
few posts here about how LLMs are great for OCR.
game_the0ry wrote 2 days ago:
Off topic -- the design for that blog is really slick. Added it to my
"design swipe file."
Less off topic -- there are some black hat marketers that (I think) buy
or create verified profiles with attractive women, then they use the
accounts for b2b sales through linkedin DMs. I find that amusing.
Neutered corpo bois are apparently big poon hounds. Makes sense when
you think about it -- that type of guy is craving female attention and
probably does not have the balls to do anything in real life, so a
polite DM from a fake linkedin thot would be appealing.
dhayabaran wrote 2 days ago:
Apollo is one of many. The broader pattern is the same across the
industry â companies collect data with one set of promises and then
the data ends up accessible through channels users never consented to.
I've been documenting this pattern in AI apps specifically. The number
of companies shipping to production with Firebase rules set to "allow
read: if true" or Supabase databases with no Row Level Security is
staggering. The identity data people hand over during verification
often ends up in databases with zero access controls.
LinkedIn at least has a security team. Most AI startups shipping
verification flows don't.
cluckindan wrote 2 days ago:
Just wait until GitHub starts requiring this.
dzink wrote 2 days ago:
If you fly to US, Singapore, and many other countries these days, your
face will be photographed and the photo will be matched to your
passport photo via facial recognition (the machine tells you that
outright, and does the action on the spot). They also take your right
hand fingerprints.
wolvoleo wrote 2 days ago:
I think flying to a country is a whole lot different than a little
tickmark on a website, sorry.
Don't forget that if you fly to a country you are also bound by their
laws. They can do anything to you as long as they can make it stick
under their laws. It's one thing that people often don't realise when
flying somewhere, you are basically giving a blanket submission to
their laws!
For this reason I have a long blacklist of countries I won't visit
because they have laws I do not accept.
Cider9986 wrote 1 day ago:
I am curious, would you be willing to share the list?
dzink wrote 2 days ago:
I donât say it to justify what linkedin is doing - there is no
justification for that. I say it to warn those who are conscious of
it that there are more places that will harvest the data and use
it.
wolvoleo wrote 2 days ago:
Sorry for my misunderstanding of your point.
Cider9986 wrote 2 days ago:
OK.
flkiwi wrote 2 days ago:
This is only going to become more common. Companies are implementing
checks using similar services (a) to prevent employment scams (where
the person who interviews is not the person who works; usually the
latter is a low-paid offshore individual) and (b) basic security
authentication. It wonât be long before this sort of biometric
validation starts showing up to authenticate users on regular websites
and similar services, if it hasnât already. I think the last one I
had to do was to authenticate when activating a bank card.
wolvoleo wrote 2 days ago:
Why would they need to do that? If you start working there you need
to show up with your actual ID anyway.
flkiwi wrote 2 days ago:
Remote, multi location workforces, supervisors and workers
thousands of miles apart.
wolvoleo wrote 2 days ago:
Wow that is insane. Persona is even linked to Peter Thiel.
If LinkedIn asks me to verify then I'll just leave. I'd be very happy
for it to fall over anyway so there is space for a new more ethical
platform. Especially since Microsoft acquired it, all bets are off.
bicepjai wrote 2 days ago:
In the era of agents, just create your own website. Also it is insane
that this is happening.
Exoristos wrote 1 day ago:
Yes. Then, you only have to convince Bing Copilot (et al.) to
eventually list that website of yours.
bicepjai wrote 20 min ago:
Are you saying we need our website to be shown in search results
? Can you elaborate on your comments ? Genuinely curious
anoncow wrote 2 days ago:
What should an ideal work website or social network be like?
deadbabe wrote 2 days ago:
Text only, single font size, no whitespace.
anoncow wrote 1 day ago:
Should it use real names?
smashah wrote 2 days ago:
They are making the apparatus to destroy our freedoms.
cess11 wrote 2 days ago:
TFA should have mentioned that this junk has ties to security services
in Five Eyes, through Paravision.
HTML [1]: https://en.wikipedia.org/wiki/Paravision_(identity_verificatio...
petemc_ wrote 2 days ago:
Persona do not seem to be competent guardians of such a trove of
private information.
HTML [1]: https://vmfunc.re/blog/persona
KomoD wrote 1 day ago:
just a warning: when you press "continue" it starts blasting music
remixer-dec wrote 1 day ago:
as much as I like the design and the post, that website causes a
massive memory leak in Firefox for Mac
foxglacier wrote 1 day ago:
"reveals", not "causes". The memory leak, if it truly exists, was
already present. It's not a website's fault for triggering it.
cloverich wrote 1 day ago:
You can follow the discussions between that blogger and the CEO btw -
[1] Persona was not hacked. No database was breached. Frontend code
source maps were leaked,
which means unminified variable names were exposed revealing all
the names of our features.
These names are already publicly listed in @Persona_IDV's help
center and API documentation.
HTML [1]: https://x.com/rickcsong/status/2025038040599810385
illithid0 wrote 2 days ago:
Thank you so much for sharing this. Not only is it a great post, but
the site invokes such warm feelings of an internet long lost.
wolvoleo wrote 2 days ago:
True, I love the little cat chasing the mouse in particular.
moss_dog wrote 2 days ago:
That's Neko!
HTML [1]: https://en.wikipedia.org/wiki/Neko_%28software%29
efavdb wrote 2 days ago:
The privacy concerns are real.
The need / demand for some verification system might be growing though
as Iâve heard fraudulent job application (people applying for jobs
using fake identities⦠for whatever reason) is a growing trend.
laszlojamf wrote 2 days ago:
I work in this space for a competitor to Persona, so take my opinion as
potentially biased, but I have two points:
1. just because the DPA lists 17 subprocessors, it doesn't mean your
data gets sent to all of them. As a company you put all your
subprocessors in the DPA, even if you don't use them. We have a long
list of subprocessors, but any one individual going through our system
is only going to interact with two or three at most. Of course, Persona
_could_ be sending your data to all 17 of them, legally, but I'd be
surprised if they actually do.
2. the article makes it sound like biometric data is some kind of
secret, but especially your _face_ is going to be _everywhere_ on the
internet. Who are we kidding here? Why would _that_ be the problem?
Your search/click behavior or connection metadata would seem a lot more
private to me.
tryauuum wrote 1 day ago:
> your _face_ is going to be _everywhere_ on the internet. Who are we
kidding here? Why would _that_ be the problem?
It's a strange logic. "Evil thing X will happen anyway so it's
acceptable for me to work in a company doing evil thing X". You
should be ashamed of building searchable databases of faces
egorfine wrote 1 day ago:
> I work in this space for a competitor to Persona
So that means you are participating in the evil that KYC services
are.
testing22321 wrote 2 days ago:
So theyâll send the data to whichever of the 17 pay them for it.
Obviously our faces are public, but thereâs no easy way to tie it
to all my PII unless I give it to them.
einrealist wrote 2 days ago:
Why not show a summary of who actually received the data? It should
be easy to implement. You could also add what data is retained and an
estimate of how long it is kept for. It could be a summary page that
I can print as a PDF after the process is complete.
I'd consider that a feature that would increase trust in such a
platform. These platforms require trust, right?
ataru wrote 2 days ago:
The problem with anyone using my face to identify me is that it's
hard for me to leave home without it.
laszlojamf wrote 2 days ago:
yes, that's why people _can_ identify you by it. Identification was
the _purpose_ here.
pavel_lishin wrote 2 days ago:
> your _face_ is going to be _everywhere_ on the internet.
Why is that your assumption?
laszlojamf wrote 2 days ago:
Unless you have friends without phones and live in a city without
cameras, I think that's a pretty fair assumption
Aldipower wrote 1 day ago:
Those records are not connected to your ID and personal data.
troupo wrote 2 days ago:
> We have a long list of subprocessors, but any one individual going
through our system is only going to interact with two or three at
most.
So, in aggregate, all 17 data leeches are getting info. They are not
getting info on all you users, but different subsets hit different
subsets of the "subprocessors" you use.
And there's literally no way of knowing whether or not my data hits
"two" or "three" or all 17 "at the most".
> but especially your _face_ is going to be _everywhere_ on the
internet. Who are we kidding here? Why would _that_ be the problem?
If you don't see this as a problem, you are a part of the problem
laszlojamf wrote 2 days ago:
I agree that DPA:s, as they are written today, aren't good. I was
just pointing out that the reality probably isn't as bad as the
article made it sound.
> If you don't see this as a problem, you are a part of the problem
I think you're misunderstanding me. I'm just saying that there are
way bigger fish to fry in terms of privacy on the internet than
passport data. In the end, your face is on every store's CCTV
camera, your every friends phone, and every school yearbook since
you were a kid. Unless you ask all of them to also delete it once
they are done with it.
troupo wrote 2 days ago:
> I agree that DPA:s, as they are written today, aren't good.
That is, multiple regulations already explicitly restrict the
amount of data you can collect and pass on to third parties.
And yet you're here saying "it's not that bad, we don't send
eggregious amounts of data to all 17 data brokers at once, inly
to 2 or 3 at a time, no big deal"
> In the end, your face is on every store's CCTV camera, your
every friends phone
If you don't see how this is a problem already, and is now
exacerbated by huge databases cross-referencing your entire life,
you are a part of the problem
fainpul wrote 2 days ago:
But it makes a big difference if some CCTV camera captures my
face and comes up with "unknown person" or if it finds my
associated passport and other information.
By the way, ever since facebook was a thing I always asked my
friends not to tag me in any photos and took similar measures at
every opportunity to keep my data somewhat private.
junon wrote 2 days ago:
> Why would _that_ be the problem
Because it should still be my choice as to what you do with it, which
data you associate with it, and how you store it. Removing that
choice is anti-privacy.
johndhi wrote 1 day ago:
It's way less your choice what happens with a photo of your face in
pretty much every other situation.
When your face is on your LinkedIn profile, anyone can download it
and do whatever they want with it. Legally. Here, the vendor has to
tell you how they use it.
junon wrote 1 day ago:
Someone downloading it randomly is not the same as me
volunteering information said random person wouldn't otherwise
have and having that information be stored next to my image in a
database that can be breached.
All for a checkmark next to my profile that says I'm a real
human.
JohnMakin wrote 2 days ago:
I was randomly forced to do this about a year ago, gave them everything
except a passport (Tried providing other doc but support is either bots
or overseas), got rejected, and lost a 15 year old legitimate business
account.
Could never find any explanation why I was targeted by this - it said
it detected âsuspicious activityâ but I only ever interacted with
recruiters, and only occasionally. Supposedly it is deleted after if
you donât go all the way through, but I do not believe it. This data
ends up in very weird places and they can go fuck themselves for it
afaic.
stevehawk wrote 2 days ago:
Because it's Persona you can also count on every ICE body cam that is
having facial recognition performed by Palantir has access to this
data.
tqi wrote 2 days ago:
> Persona extracts the mathematical geometry of your face from your
selfie and from your passport photo. This isnât just a picture â
itâs a numerical map of the distances between your eyes, the shape of
your jawline, the geometry of your features. Itâs data that uniquely
identifies you. And unlike a password, you canât change your face if
it gets compromised
Is there anything special about a passport photo, or can that be done
from any photo of your face?
rpdillon wrote 2 days ago:
When I read selfie, I was thinking of one of those motion-based
selfies where it's really a short video. And from the video, you can
extract those measurements. I'm assuming it wasn't extracted from the
passport photo, but rather the passport photo was used to verify that
the selfie is of the same person that the passport belongs to.
pisanvs wrote 2 days ago:
so their "shady" network of subprocessors are just the companies that
already have all of your data? wow. I'm pretty sure I use most if not
all of them in my own stack.
In any case, I don't know how much more ad money they'll extract from
knowing what I look like. Maybe beauty products?
lionkor wrote 2 days ago:
It can be simple things like using your race, hair color, etc. to
infer things about you and treat you differently.
ttflee wrote 2 days ago:
I guess the day that a corporate AI could easily fake all my online
existence is drawing nigh.
8cvor6j844qw_d6 wrote 2 days ago:
Seeing some of my colleagues verify through Persona on LinkedIn, and I
can't quite figure out what they're getting out of it.
Every hiring process I've been through already requires proof of
identity at some point. Background checks, I-9s, whatever it may be. So
you're essentially handing your ID to a third party just to get a badge
that doesn't skip any steps you'd have to do anyway.
Aurornis wrote 1 day ago:
It does provide an advantage when applying to remote jobs at some
companies. They try to filter scammer applicants out early and the
verified profile is one signal they look for.
Depends on the company, but in a competitive job market any extra
signal can help.
There are a crazy number of fake LinkedIn profiles out there that are
used for scamming companies or people.
Nextgrid wrote 2 days ago:
The badge could (I don't know, haven't done it yet) help you
differentiate yourself in a sea of monkeys slinging ChatGPT'd
profiles from a third-world boiler room.
(whether it actually does or the monkeys now got a steady source of
fake/stolen IDs is another matter)
ozgung wrote 2 days ago:
I think at this point we should all accept the fact that Information
Tech = Spy Tech = Surveillance Tech. This is not about Linkedin or bad
implementation by some 3rd party company. This is on purpose. Bad news
is that countries started to make id verification mandatory for social
media usage. That is also coordinated and for surveillance purposes.
Actually Steve Blank has a great talk on the roots of Silicon Valley.
SV basically built upon military tech meeting private equity. That's
why it's wildly different than say Berlin startup scene, and their
products are global and free.
HTML [1]: https://www.youtube.com/watch?v=ZTC_RxWN_xo
qmr wrote 2 days ago:
Well don't do that then.
talkingtab wrote 2 days ago:
Somehow the fundamentals of places like linkedin, gmail, google,
facebook, etc have eluded people.
1. they are selling you as a target.
2. some people, governments, groups, whatever are willing to pay a lot
of money to obtain information about you.
3. why would someone pay good money to target you unless they were
going to profit from doing so. are they stupid? no.
4. where does that profit come from? If some one is willing to pay $100
to target you, how are they going to recoup that money?
5. From you.
There is simply no other way this can have worked for this long without
this being true.
It is a long causal change, so it is fair to ask whether there is any
empirical evidence. If this is true we would expect to see ...? Well
how about prices going up? Well how about in general people are less
able to afford housing, food, cars, etc.
I'm speculating here, but perhaps it is predictability. There is a
common time warp fantasy about being able to go back and guess the
future. You go back and bet on a sports game. If I can predict what you
are going to do then I can place much more profitable bets.
Do the corporations that participate in this scheme provide mutual
economic benefit? Do they contribute to the common wealth or are they
parasitical?
No one likes to think they have parasites. But we all do these days.
bell-cot wrote 1 day ago:
a.) But it's cool and shiny and all the cool kids are there AND IT'S
FREE!!!
b.) And more-or-less pretty much nobody ever that I remember
suffered real consequences for doing what all the cool kids were
doing.
c.) Thinking about all that logic stuff makes me unhappy and my head
hurt so I won't do that.
Aurornis wrote 1 day ago:
> 1. they are selling you as a target.
This is why people sign up for LinkedIn.
They want to be targeted by companies for jobs. Or when theyâre
applying for a job, they want to be easily found by people at that
company so they can see more information.
If you donât want those things, you donât need a LinkedIn page.
> Do the corporations that participate in this scheme provide mutual
economic benefit? Do they contribute to the common wealth or are they
parasitical?
You wrote a long hand wavey post but you stopped short of answering
your own question.
The corporations who pay LinkedIn are doing so to recruit people for
jobs. Iâve purchased LinkedIn premium for this purpose at different
times.
After âtargetingâ those LinkedIn users, I eventually hired some
of them for jobs. Thereâs your mutual economic benefit. This is why
people use LinkedIn.
> It is a long causal change, so it is fair to ask whether there is
any empirical evidence. If this is true we would expect to see ...?
Well how about prices going up? Well how about in general people are
less able to afford housing, food, cars, etc.
You think the root cause of inflation is⦠social media companies?
This is an extraordinary claim that requires extraordinary evidence.
Youâre just observing two different things and convinced theyâre
correlated, while ignoring the obvious rebuttal that inflation
existed and affordability changes happened before social media.
> Somehow the fundamentals of places like linkedin, gmail, google,
facebook, etc have eluded people.
I think most people understand the fundamentals of LinkedIn better
than you do, to be honest. Itâs not a mystery why people sign up
and maintain profiles.
themafia wrote 1 day ago:
You assume that targeting is to find the best worker for the
correct pay.
What if it's just to find the most desperate worker for the lowest
pay possible?
Aurornis wrote 1 day ago:
Iâm not assuming anything. Itâs a job market. Like all
markets they operate on supply and demand.
In your example, so what if they give the job to the most
desperate worker instead of a different one at a higher price?
Are we supposed to prefer that the desperate worker does not get
the job and instead it goes to someone else at a higher rate?
If someone is desperate for a job because they really need work,
Iâd prefer that a platform help them get matched with jobs.
Wouldnât you? I think youâre so focused on penalizing
corporations that youâre missing the obvious.
themafia wrote 1 day ago:
Like all markets they can be monopolized. You are assuming
quite a bit by presuming that the market works perfectly
according to rather basic economic principles.
There are all kinds of reasons someone could be more desperate.
Perhaps they have a significant skills gap. Perhaps they
don't have citizenship. Perhaps their health care options are
artificially limited. You invoke supply and demand but you
narrow your focus to a single interface when it's obvious that
wouldn't be appropriate.
It's not about "penalizing corporations" it's about "being
honest about their motives." Unlike many on HN I refuse to
handwave away this thorny and uncomfortable process.
port11 wrote 1 day ago:
Hereâs the problem I have with your take (even if I agree):
LinkedIn has a product to sell. Youâre not supposed to be the
product, because companies pay to advertise job postings, they sell
career tools, sales tools, etc.
At what point is that not enough for them to stop doing data
brokerage or sharing?
noefingway wrote 1 day ago:
well said. You are the product not the consumer. "Soylent green is
people!"
mark_l_watson wrote 2 days ago:
Beautifully written, I saved your post to send the next friend or
relative who asks me why I am so hard-over on privacy. I enjoyed
working at Google hears ago as a contractor, and they are my
âfavoriteâ tech company - the only mega-tech company whoâs
services I regularly use, but I am constantly mindful of their
business model as I use YouTube, GCP, and their various dev APIs.
andrewjf wrote 1 day ago:
being "hard-over on privacy" and regularly using google services is
an astounding level of cognitive dissonance.
mark_l_watson wrote 1 day ago:
Except, I only use services I pay for and set tight privacy
settings.
EDIT: sorry for the initial short reply, your comment deserved a
more reasoned response: I build my digital life on two primary
service providers:
Proton: mail, cloud storage, and Luma private LLM chat
(integrated web search tool with a strong Mistral model: my
default tool that replaces plain web searches, 90% of my routine
âLLM chatâ use)
Google: Gemini APIs, occasional use of Gemini for deep research,
very occasional use of AntiGravity for coding using Claude and
Gemini models, YouTube Plus for entertainment (philosophy talks,
nature videos, Qi Gong exercise, etc. etc.)
Also some use of:
DuckDuckGo: when I still do web search, DDG is my default.
locknitpicker wrote 2 days ago:
> Somehow the fundamentals of places like linkedin, gmail, google,
facebook, etc have eluded people.
LinkedIn is slightly different, as it's fundamentally framed as a job
board and recruiting platform. The paying customers are recruiters,
and the product is access to the prospective candidates. Hence,
LinkedIn offering for free services such as employee verification,
work history verificarion, employee vouching, etc.
WhereIsTheTruth wrote 2 days ago:
LinkedIn is the ultimate intelligence test: if you register, you have
lost
aleksandrm wrote 2 days ago:
LinkedIn is no longer a "professional network". I'm actually
considering DELETING my account.
8organicbits wrote 2 days ago:
What's holding you back?
As a blogging platform it seems like a mess of fake posturing.
Recruiters use it, but that mostly means you get lots of spam. You
can find a job without LinkedIn. I deleted my account about a decade
ago and feel increasingly justified every time I read about the
current state of affairs.
After deleting I got a job from HN "who's hiring", joined a friend's
company, and now freelance.
ivanjermakov wrote 2 days ago:
What are the alternatives? Reaching out to recruiters directly?
stevehawk wrote 2 days ago:
being unemployed forever
eel wrote 2 days ago:
I'm glad the absurdity of verification is getting attention. I was
"forced" to verify by Linkedin to unlock my account. It was last year,
and I had left my previous job, but I had not yet lined up a new job.
So one of the only times in my career I might actually get value from
Linkedin, they locked me out, removed my profile, and told me if I
wanted back in, I'd have to verify. I felt helpless and disgusted.
I gave in and verified. Persona was the vendor then too. Their web app
required me to look straight forward into my camera, then turn my head
to the left and right. To me it felt like a blatant data collection
scheme rather than something that is providing security. I couldn't
find anyone talking about this online at the time.
I ended up finding a job through my Linkedin network that I don't think
I could have found any other way. I don't know if it was worth getting
"verified".
---
Related: something else that I find weird. After the Linkedin
verification incident, my family went to Europe. When we returned to
the US, the immigration agent had my wife and I look into a web cam,
then he greeted my wife and I by name without handling our passports.
He had to ask for the passport of our 7 month old son. They clearly
have some kind of photo recognition software. Where did they get the
data for that? I am not enrolled in Global Entry nor TSA PreCheck. I
doubt my passport photo alone is enough data for photo recognition.
egorfine wrote 1 day ago:
> I'm glad the absurdity of verification is getting attention
It's not. The developers' bubble we're in on the HN is invisibly tiny
compared to the real life. And normies are not only perfectly happy
uploading all their PII to Persona - they won't even understand
what's wrong with that.
eel wrote 1 day ago:
It's a start. I agree HN is a bubble and doesn't reflect real life
as a whole. But I do think HN has a significant bearing on US tech.
I've been reading HN for nearly 19 years and in that time almost
every new major tech, unicorn, or big culture shift is discussed
here before it is mainstream.
There has also been a backlash against verification in other
communities like Reddit (also a bubble), mainly stemming from
Discord's recent announcement.
The discourse is good, and while I wish every user and potential
user understood all the pros, cons, and ramifications, I'm also
happy we are finally talking about it in our bubbles.
kccqzy wrote 2 days ago:
The thing about looking straight into the camera and turning your
head seems to originate from Chinese apps, including some payment
apps, bank apps, and government apps. Itâs especially disgusting
since it imitates the animation used by Apple Face ID, but of course
itâs not at all implemented like Face ID.
Joyfield wrote 2 days ago:
How did they get your MAC address?
fuzzy2 wrote 1 day ago:
They probably did not. Privacy notices are usually written by
non-technical people. They include a lot more than what is actually
stored. Iâd also be very surprised if they actually interacted with
the digital passport (NFC) as part of the process.
I was once part of the process of creating one. After two rounds,
business decided too much money is wasted here and all the nonsense
will stay. Better to have too much listed than too little.
huqedato wrote 2 days ago:
Passport photo... OMG. You can't image what they can do with that.
That's precisely why I closed my linkedin years ago.
aanet wrote 2 days ago:
Thanks for writing this up. I didn't realize the privacy rot went so
deep.
Aside from their AI-slopped newsfeed (F@#$!!!) which should have died
long ago, this is atrocious. "Enshittification" was created just for
this.
Sorry, I got sidetracked.
Isn't there anyone from LinkedIn here??
unglaublich wrote 2 days ago:
Through extensive data harvesting, and exchanging and partnering across
thousands of such data miners, I suspect that by now, the graph of
identities and fingerpinted devices must be practically complete. That
means that all your actions on the internet can be tracked back, via
device fingerprinting and cookie networks, to your physical identity.
Great milestone for the surveillance states.
thepancake wrote 2 days ago:
Here's where you went wrong: you're on LinkedIn.
Since it's your first time, this one is free, I'll be collecting
micropayments for future advice, rest assured.
ricardo81 wrote 2 days ago:
So basically 'Their âglobal network of data partnersâ' means once
you submit that information, it's a free for all.
There's so many angles of grind with this kind of thing that big tech
has gradually normalised.
zeroq wrote 2 days ago:
> And look at whoâs doing âData Extraction and Analysisâ â
Anthropic, OpenAI, and Groqcloud. Three AI companies are processing
your passport and selfie data.
That's quite cool, it means that soon models will be able to create a
fake ID photos with real data.
I'm so excited about it! /s
bromuk wrote 2 days ago:
As a European citizen I hope it becomes law to have this data processed
in the EU rather than the US.
uyzstvqs wrote 1 day ago:
Why? I don't want companies and governments to datamine and abuse my
data at all. Be it in the US or EU, it's going to be no-way
either-way.
al_borland wrote 2 days ago:
It would be even better if the law enforced that this kind of data
could only be used for the stated business need (the basic identity
verification), and not be stored or used/shared with anyone else. If
anyone is caught violating a law like this, throw the entire c-suite
in prison for 10 years.
Iâm so tired of all these covert ops run by these businesses. They
arenât going to stop until there is a heavy price to pay.
Wilder7977 wrote 2 days ago:
My wife works for a competitor of the company mentioned. They are in
EU. Still run everything on AWS. The data collected is usually even
more than what stated, full video recording of the session with audio
etc.
AWS EU region is not doing much, and I suspect most companies run on
US providers. EU needs independent platform for this to matter.
ozim wrote 2 days ago:
I verified my account and I handed over the same info as I handed over
when I was getting MSFT Azure cert exam.
So it was nothing special for me.
port11 wrote 2 days ago:
âI handed over a lot of personal information to my bank, so every
website wanting the same level of access is nothing special to me.â
ozim wrote 2 days ago:
No point is, it is the same company handling data with exactly the
same process.
They do it for all MSFT related stuff I guess.
port11 wrote 1 day ago:
Sure, but a subsidiary has their own Terms, Privacy Policy, list
of sub-processors, etc.
xenator wrote 2 days ago:
More interesting that LinkedIn use fingerprinting everywhere and
connect your personal data to every device you are using and connect to
other services connected to their network.
alansaber wrote 2 days ago:
... i'm pretty sure every website does this lol. Aggressive
fingerprinting is so easy to implement and so high ROI from a
security/marketing perspective.
xenator wrote 1 day ago:
Unfortunately true, but this time shady KYC is involved
jihadjihad wrote 2 days ago:
> The legal basis? Not consent.
> The reason? US surveillance laws [â¦]
This slop in every blog post? Fucking tiresome.
weinzierl wrote 2 days ago:
The strange thing about LinkedIn organization verification is that it
never seems to be revoked. I have many contacts with verifications from
companies they no longer work for - sometimes for a very long time.
On the other hand I see many people posting in official capacity for an
organization without verification.
When they actively represent their current company but with a random
verification from a previous one it gets pretty absurd.
In its current form LinkedIn verification is pretty worthless as a
trust signal.
jarek-foksa wrote 2 days ago:
LinkedIn support will also blatantly lie to you when you ask them
whether Persona is GDPR compliant and needed to activate your account.
Last year I was trying to setup a business LinkedIn page for SEO
purposes, which meant I also had to create a personal account. After
being told several times that I absolutely need to scan my ID card with
that dodgy app I simply replied that I can't do it due to security
concerns. After several weeks they unlocked my account anyway, but I
suspect this would not happen if algorithms determined that I actually
needed that account to find a job and pay my bills.
deaux wrote 2 days ago:
The content is of course 100% true and needs to be repeated over and
over, every single day.
The straight-from-LLM writing style is incredibly grating and does a
massive disservice to its importance. It really does not take that long
to rewrite it a bit.
I hope at least he wrote it on his local Llama instance, else it's
truly peak irony.
> Hereâs the thing about the DPF: itâs the replacement for Privacy
Shield, which the European Court of Justice killed in 2020. The reason?
US surveillance laws made it impossible to guarantee European data was
safe.
> The DPF exists because the US signed an Executive Order (14086)
promising to behave better. But an Executive Order is not a law. Itâs
a presidential decision. It can be changed or revoked by any future
president with a pen stroke.
This understates the reality: the DPF is already dead. Double dead, two
separate headshots.
Its validity is based on the existence of a US oversight board and
redress mechanism that is required to remain free of executive
influence.
1. This board is required to have at least 3 members. It has had 1
member since Trump fired three Democrat members in Jan 2025 (besides a
2-week reinstatement period).
2. Trump's EO 14215 of Feb 2025 has brought (among other agencies) the
FTC - which enforces compliance with the DPF - under presidential
supervision. This is still in effect.
Of course, everyone that matters knows this, but it doesn't matter, as
it was all a bunch of pretend from day 1. Rules for thee but not for
me, as always. But what else can we expect in a world where the biggest
economy is ruled by a serial rapist.
alansaber wrote 2 days ago:
Even the title is AI slop. Surprised these slop posts do so well on
HN of all platforms but I guess they're just high volume. AI-ese is
becoming its own dominant language group at this point
csmpltn wrote 2 days ago:
A good reminder of how things actually work, but the article could use
some more balancingâ¦
> Let that sink in. You scanned your European passport for a European
professional network, and your data went exclusively to North American
companies. Not a single EU-based subprocessor in the chain.
LinkedIn is an American product. The EU has had 20 years to create an
equally successful and popular product, which it failed to do. American
companies donât owe your European nationalist ambitions a dime. Use
their products at your own discretion.
Of course an American company is subject to American law. And of course
an American company will prioritise other local, similar jurisdiction
companies. And often times thereâs no European option that competes
on quality, price, etc to begin with. In other words I donât see why
any of this is somehow uniquely wrong to the OP.
> Hereâs what the CLOUD Act does in plain language: it allows US law
enforcement to force any US-based company to hand over data, even if
that data is stored on a server outside the United States.
European law enforcement agencies have the same powers, which they
easily exercise.
cbeach wrote 1 day ago:
> The EU has had 20 years to create an equally successful and popular
product, which it failed to do. American companies donât owe your
European nationalist ambitions a dime.
So true.
There's a lot of passive-aggressive anti-US rhetoric and
fearmongering on HN at the moment, while America is simply doing what
it's always done - innovating and thriving.
As a European, I wish our continent was able to be more like America,
as opposed to jealously coveting its outcomes.
lp4v4n wrote 2 days ago:
>The EU has had 20 years to create an equally successful and popular
product, which it failed to do. American companies donât owe your
European nationalist ambitions a dime. Use their products at your own
discretion.
I can see not everybody here will agree with me, but I find this take
absolutely reasonable. The European space has the capacity and the
resources to create a product that replaces something as trivial as
Linkedin, and yet it takes the lazy approach of just using American
products.
It's the same thing with China's manufactured products, at some point
the rest of the world just accepted that everything gets done in
China and then keep complaining about how abusive China can be.
The most recent issue is the military question. Europe relied for
decades on the "cheap" protection of the USA. Now the USA gave the
middle finger to Europe and Europe acts shocked, but Europe is not so
shocked when it comes to the military budget it did not spend on self
defense during all the time the Americans provided protection.
csmpltn wrote 1 day ago:
> "The most recent issue is the military question. Europe relied
for decades on the "cheap" protection of the USA. Now the USA gave
the middle finger to Europe and Europe acts shocked, but Europe is
not so shocked when it comes to the military budget it did not
spend on self defense during all the time the Americans provided
protection."
Fully agree. Europe expects some kids from nowheresville Tennessee
to die in a ditch defending Ukraine. The war will be over the
second they need to draft 18 year-olds at scale from anywhere in
western Europe to go defend "Europe". Nobody in France will die
defending Poland, nobody in Greece will die defending Latvia. The
EU is such a joke.
register wrote 1 day ago:
But Britain lost 457 soldiers, Germany 62, France 90, Spain 97,
Italy 53, Denmark 43 to aid USA in Afghanistan.
csmpltn wrote 1 day ago:
It's okay, in Europe you don't need to fight extreme Islamism.
You've fully embraced it.
holistio wrote 1 day ago:
Nobody is expecting anyone from Tennessee, but I know that's what
the likes of Musk are making you believe.
Ylpertnodi wrote 2 days ago:
> American companies donât owe your European nationalist ambitions
a dime. Use their products at your own discretion.
As a fairly vociferous eu person....I fully agree.
However, gdpr covers all eu residents, so if US companies don't want
to obey eu law, that'sa fine, too.
csmpltn wrote 2 days ago:
Nobody is forcing you to use LinkedIn. LinkedIn is an American
product, made by an American company in America, subject to
American law. When you create an account - you agree to American
terms and conditions, arbitrated by American courts.
LinkedIn doesn't need to obey to EU law. It needs to obey to
American law, which allows LinkedIn to do business with anybody
(other than people from sanctioned countries) whilst complying with
US law. EU's laws don't matter in the US. The EU can sue LinkedIn,
but LinkedIn can just safely ignore any lawsuits and ignore
sanctions, because they are an American company subject to American
laws.
EU citizens are willingly subscribing to an American service, then
complain the American service doesn't abide by EU laws. That's
laughable at every level, to any individual with a modicum of
intelligence. If you don't agree to the terms, don't use LinkedIn.
You are not entitled to anything.
yunnpp wrote 1 day ago:
I agree that people should just stay off LinkedIn. Keep your
local job boards alive. That being said:
> LinkedIn doesn't need to obey to EU law.
This is false. A company must follow the law of the jurisdictions
where it operates.
buzer wrote 1 day ago:
> you agree to American terms and conditions, arbitrated by
American courts.
"Designated Countries. We use the term âDesignated Countriesâ
to refer to countries in the European Union (EU), European
Economic Area (EEA), and Switzerland."
"If you reside in the âDesignated Countriesâ, you are
entering into this Contract with LinkedIn Ireland Unlimited
Company (âLinkedIn Irelandâ) and LinkedIn Ireland will be the
controller of your personal data provided to, or collected by or
for, or processed in connection with our Services."
"If you live in the Designated Countries, the laws of Ireland
govern all claims related to LinkedIn's provision of the
Services" "With respect to jurisdiction, you and LinkedIn agree
to choose the courts of the country to which we direct your
Services where you have habitual residence for all disputes
arising out of or relating to this User Agreement, or in the
alternative, you may choose the responsible court in Ireland."
Source: [1] I'm not sure from where you got your information.
HTML [1]: https://www.linkedin.com/legal/user-agreement
csmpltn wrote 1 day ago:
Nobody cares. They keep a skeleton crew office in the EU for
compliance purposes only. Whether they have an office in the EU
or not is inconsequential. If they closed it tomorrow, the EU
would literally have nothing to go after...
Supernaut wrote 1 day ago:
> They keep a skeleton crew office in the EU for compliance
purposes only
According to LinkedIn, they have over 2,000 employees in
Dublin alone.
lejalv wrote 1 day ago:
You're saying they are buccaneers, and validating that as the
fundamental working principle of American capitalism.
csmpltn wrote 1 day ago:
Call them whatever you want. All I'm saying is that
Europeans are hypocrites for fucking over their greatest
ally via unenforceable and anti-competitive regulation
that's not worth the paper it's written in (and that
European institutions have even exempted themselves from).
The one ally that they desperately depend on for safety and
security, technology, medicine, research, etc.
holistio wrote 1 day ago:
> LinkedIn doesn't need to obey to EU law.
Yes, they do.
> If you don't agree to the terms, don't use LinkedIn.
We agree on that.
loglog wrote 1 day ago:
Operator of the LinkedIn Website:
LinkedIn Ireland Unlimited Company
Wilton Place,
Dublin 2, Ireland
register wrote 2 days ago:
That response reeks of astonishing arrogance. It doesnât surprise
me that nearly 50% of Americans voted for Donald Trump he perfectly
embodies that mindset.
Do you genuinely believe you are superior to the rest of the world?
What you call âinnovationâ or a âbetter productâ is often
nothing more than the creation of dominant market positions through
massive, capital deployment, followed by straightforward rent
extraction.
The European Union has every right to regulate markets operating
within its jurisdiction, especially when there are credible concerns
about anti-competitive practices and abuse of dominance. From what
Iâve seen, there may be sufficient grounds to consider collective
legal action against LinkedIn at the European level. As for so-called
âEuropean nationalist ambitions,â rest assured: Europe does not
lack capable lawyers or regulatory expertise. I will be forwarding
the relevant material to contacts of mine working within the European
institutions in Brussels.
philipallstar wrote 2 days ago:
> That response reeks of astonishing arrogance. It doesnât
surprise me that nearly 50% of Americans voted for Donald Trump he
perfectly embodies that mindset. Do you genuinely believe you are
superior to the rest of the world? What you call âinnovationâ
or a âbetter productâ is often nothing more than the creation
of dominant market positions through massive, capital deployment,
followed by straightforward rent extraction. The European Union has
every right to regulate markets operating within its jurisdiction,
especially when there are credible concerns about anti-competitive
practices and abuse of dominance. From what Iâve seen, there may
be sufficient grounds to consider collective legal action against
LinkedIn at the European level. As for so-called âEuropean
nationalist ambitions,â rest assured: Europe does not lack
capable lawyers or regulatory expertise. I will be forwarding the
relevant material to contacts of mine working within the European
institutions in Brussels.
This all seems to miss the point, which is: why does the US create
so much stuff that Europe doesn't? Turning that useful reflective
question into an attack on Americans sounds perfect if you want to
refuse to work it out and change accordingly.
Barrin92 wrote 1 day ago:
>why does the US create so much stuff that Europe doesn't?
because the "stuff" in question is social networks who live, as
the name suggests, off network effects. To have a European
LinkedIn would require everyone in Europe to switch at the same
time. Which can be trivially arranged, we just would need the
courage to ban LinkedIn and every other American social media
company. We'd have a clone up and running in a month. You only
need to look to China who did exactly this.
csmpltn wrote 1 day ago:
> "We just would need the courage to ban LinkedIn and every
other American social media company. We'd have a clone up and
running in a month. You only need to look to China who did
exactly this."
That's socialist dictatorship. Why do you want the EU to be
more like China, instead of the EU being more like the US? It
will result in further isolation and decline of Europe which
sorely depends both on the US (and China) for survival.
wolvoleo wrote 2 days ago:
> This all seems to miss the point, which is: why does the US
create so much stuff that Europe doesn't? Turning that useful
reflective question into an attack on Americans sounds perfect if
you want to refuse to work it out and change accordingly.
Because the US had so much venture capital, during the time of
the low interest rates it was basically free money so they could
afford to throw it to the wall and see what sticks. 90% of them
would sink but it didn't matter. That doesn't fly here.
Then, they used that money to subsidise adoption, and then once
the users were hooked into rent extraction as the OP mentioned.
We call this process enshittification these days, and it's a
really predatory business practice.
European companies don't do that as much because we have more
guardrails against it, and more importantly we didn't have random
cash sloshing up the walls. American could do that especially
because of the petrodollar. Once the dollar loses its
international status it will be a lot harder to do (and it
already is due to the rising interest rates).
It was no surprise that exactly with the rising interest rates
all the companies started tightening up their subscriptions.
Netflix, amazon, all exploding in cost and introducing ads. Same
with meta's platforms.
csmpltn wrote 2 days ago:
Oh no! Not your "relevant material" and your "contacts working
within the European institutions in Brussels".
Listen, I'm truly sorry to be so direct but you sound like exactly
the kind of person that needs to hear this.
> Europe does not lack capable lawyers or regulatory expertise. I
will be forwarding the relevant material to contacts of mine
working within the European institutions in Brussels.
Who do you think - between the current US government and the kinds
of global, powerful tech behemoths being discussed in this article
- gives a single flying fuck about more European lawyers and more
European regulation? You literally didn't get the first thing about
the point I made. You perfectly played out that classic trope we've
all come to know. How about instead of lawyers and regulation
Europe actually produces a successful competitor that challenges
LinkedIn in any successful manner? What makes you think an army of
lawyers and some more regulation are going to change simple,
obvious facts about Europe's decline in productivity, innovation,
etc?
Listen. The reason not a single worthy competitor has come out of
Europe is because Europe just doesn't have what it takes. And it
never will have what it takes, because the mindset is exactly what
you're demonstrating here: EU is not out to actually build anything
useful, it's about hiring armies of lawyers and creating paperwork
and regulation nobody has asked for. Your funds and money should go
to technology, competitiveness, tech education - not this lawfare
nonsense. The EU right now doesn't have the right people, the work
ethic, the funds, the innovation, the will to challenge and dream
big, the incentives to bet big on tech. You know it, I know it,
everybody else knows it. But please, tell us more about how we need
a bit more lawyers twiddling their thumbs on the tax payers' bill.
You need to understand something quickly: Europe depends sorely on
the US and China. You don't change that through lawyers. Europe is
behind on every front.
register wrote 1 day ago:
Sure, in fact it's USA that is well behind Europe in happines
(World Happiness Ranking) , life expectancy , infant mortality
rate, general literacy ( PISA scores ), homicide rate, mass
shootings frequency, violent crimes, inequality, democracy ( as
reported by the Democracy Index) , press freedom ( World Press
Freedom Index), just to name the first indexes that came to my
mind.
wolvoleo wrote 2 days ago:
Building a site like LinkedIn is really easy. Europe can easily
do this. All it is is yet another social media site of which
there are tons. There is nothing special about LinkedIn.
The reason we didn't was critical mass. Everyone was already on
linkedin and there wasn't really a reason to pick something else
until the US started becoming a nuisance. It's marketing, not
technical.
I'm sure an EU alternative will come up now that the US is no
longer a trustworthy partner. A lot of people like myself now
have ethical issues with using american products (especially from
big tech) and there's a lot of demand for EU-local stuff that
wasn't there before.
lejalv wrote 1 day ago:
I have an issue with any US-American product.
I guess Americans wouldn't like to buy from Nazi Germany in
1942 and so do I with buying US-American in 2026
csmpltn wrote 1 day ago:
> I'm sure an EU alternative will come up now that the US is no
longer a trustworthy partner. A lot of people like myself now
have ethical issues with using american products (especially
from big tech) and there's a lot of demand for EU-local stuff
that wasn't there before.
This is all hot air. If it's so easy to build, it would've been
built by now. I bet you that there won't be a single successful
European LinkedIn competitor - not for the past 20 years, not
now, and not for the next 20. Europe is fundamentally at a deep
state of decay at every level. The only way anything might be
built, is by banning the competition. At which point you might
as-well just forget about a social network for professionals
entirely, because you're probably working at a gulag and
there's no job hopping to be done anyways :)
Aldipower wrote 1 day ago:
There _was_ a successfully LinkedIn competitor at least in
Germany. Xing. But they made a lot of wrong decision..
register wrote 2 days ago:
Completely agree.
Saline9515 wrote 2 days ago:
Why can't the EU deploy capital? Regulation doesn't create better
products, more aggressive marketing techniques, or deeply
entrepreneurial mindsets which favor innovation and growth.
While OP is quite aggressive here, there is a nugget of truth:
innovation doesn't happen because "we have the best lawyers" or
"the best regulations". Maybe some self-criticism would be
warranted to solve the problem.
Also nothing forces Europeans to use LinkedIn. I deleted my account
long ago after getting search requests from NSA-adjacent private
intel companies.
register wrote 2 days ago:
Here's another JD Vance who doesn't understand what international
rules are and justifies that with (lack of) innovation
Below you can find the relevant GDPR excerpt. But before that,
let me add to the coment below that US companies only comply with
what EU institutions can enforce and what suits them; which is
normal, since China does the same. Well, it couldnât have been
said better: in fact, weâre beginning to view you the same way
we view China. And China innovates a lot, right?
"Article 3 â Territorial scope (GDPR)
This Regulation applies to the processing of personal data in the
context of the activities of an establishment of a controller or
a processor in the Union, regardless of whether the processing
takes place in the Union or not.
This Regulation applies to the processing of personal data of
data subjects who are in the Union by a controller or processor
not established in the Union, where the processing activities are
related to:
(a) the offering of goods or services, irrespective of whether a
payment of the data subject is required, to such data subjects in
the Union; or
(b) the monitoring of their behaviour as far as their behaviour
takes place within the Union.
This Regulation applies to the processing of personal data by a
controller not established in the Union, but in a place where
Member State law applies by virtue of public international law."
foxglacier wrote 1 day ago:
Is LinkedIn established in a place where Member State law
applies? I guess not? You can't just go around pretending your
law applies to people in other countries because none of the
necessary institutions in those countries will respect your
law.
register wrote 1 day ago:
The GDPR applies to the personal data of individuals in the
European Union, regardless of where the data is processed.
You can easily find the relevant law online.
csmpltn wrote 1 day ago:
European governments and institutions have conveniently
exempted themselves from GDPR.
And just because it's a law somewhere on earth, doesn't
make it reasonable or enforceable or legal.
1. American and European laws have different standards for
data processing
2. EU citizens willingly go into a contract with an
American company, buying and using American services
3. EU citizens complain American law is different than
European law, whilst continuing to use American products
4. EU citizens expect their laws and regulations to apply
to American companies
Nobody can reasonably expect American companies to just
bend over for whatever the lawmakers in Europe demand. It's
an absurd scenario that only the EU can come up with.
Saline9515 wrote 1 day ago:
First I'm not american, I'm simply displeased to see my fellow
Europeans seething about the consequences, while refusing to
address the causes.
You speak about China: their government is very eager to favor
local alternatives, which helps fund the local ecosystem.
In contrast, Euro countries don't generally procure office
software from elsewhere than US companies (especially,
Microsoft). It's always talk, talk, when the time for action
comes, everyone looks at their shoes and signs the contract
from the US company.
Even the European commission does the same, and filed a lawsuit
against their own regulatory body after it pointed out that MS
Office 365 wasn't fully compliant with the EC's own privacy
rules! Rules for thee, not for me, as always with the EC.[0]
So yeah, regulations and laws don't replace political will and
action. Especially when we talk about the EU, where hypocrisy
and lobbying is at its highest.
[0]
HTML [1]: https://www.freevacy.com/news/official-journal-of-the-...
register wrote 1 day ago:
The point here isnât that Europe lacks innovation and is
too bureaucratic. I have no problem admitting that. The crux
of the matter is that, in response to my complaint about the
possible failure to comply with a European law, the reply
was: LinkedIn answers to American laws, you have no
alternative to LinkedIn, and therefore thereâs no point in
opposing it. You just have to put up with it; itâs your own
fault for not innovating.
The scenario being portrayed is one in which the law of the
strongest prevails over the rule of law. As a European,
coming from the continent that gave birth to the rule of law,
I find all of this appalling. And I am sorry to hear that a
fellow European thinks along the same lines. I donât
believe this is realism; rather, it is surrender.
Saline9515 wrote 1 day ago:
The law is just mere words if you don't have an army, the
guns, and the will to back it up. It has never been
different. Louis XIV's wrote "The last argument of kings"
on his cannons, in the 17th century.
Guess who holds the guns that protect Europe right now? So
yeah, either comply, leave (what I did), or create an
alternative. The EU had Viadeo[0], it could have pushed it
to have an alternative. It didn't.
[0]:
HTML [1]: https://en.wikipedia.org/wiki/Viadeo
rrook wrote 1 day ago:
Youâd be well served to stop the political name calling,
itâs childish.
I view the dynamic from the opposite direction. You might think
that that the EU is starting to view America the same way it
views china, but in actuality the EU is starting to behave more
like China. The wheels of a great firewall for the EU have been
turning for some time already.
PKop wrote 2 days ago:
The strong do what they can, the weak suffer what they must.
gib444 wrote 1 day ago:
Indeed. But Americans are told they never use that strength to
their advantage. It's all just the working 23 hours a day,
determination and chasing the American dream that has resulted in
supreme economic success.
Military is just for defence against baddies and liberating
countries from dictators etc
PKop wrote 1 day ago:
> Americans are told
Yes or that using strength to one's advantage is necessarily
bad.
rrook wrote 2 days ago:
Maybe 30% of Americans voted for Donald Trump. This response reeks
of ignorance and hubris.
> Do you genuinely believe you are superior to the rest of the
world?
This assertion wasn't made, in any way, by the person you're
replying to, and it sounds as though it's being asked in anger.
This entire conversation has been about data privacy and
stewardship. The OP has pointed out, correctly, that there's
nothing that has prevented a EU based professional social network
from existing in a way that is satisfying for EU based data policy.
If you sign up on an American website, you've decided to do
business with Americans in America. Why are you entitled to
something that the people you are doing business with are not
subject to?
Ylpertnodi wrote 2 days ago:
It's the law.
register wrote 2 days ago:
Trump received 77,284,118 votes, representing 49.8% of the
ballots cast for president. The 30% figure you mention refes to
the share of the total voting-eligible population, including
those who did not vote.
A national poll conducted on February 16â18 found that 42.4%
approve of Trumpâs job performance, while 54.6% disapprove.
Whether you accept it or not and whether you are a Democrat or
Republican Trump now is the face of America and most of Europeans
are of the same opinion.
Regardless of the fact that LinkedIn is an American company, it
is required to comply with the GDPR when operating within the
European Union. I am not a lawyer, but I don't believe that there
is evidence of full compliance here.
rrook wrote 2 days ago:
We can have a more detailed discussion around political
alignments in America, but you've already agreed that your
original statement was false. I mention the 30% figure
specifically because you said "nearly 50% of Americans voted
for donald trump".
American companies "complying" with is only required insofar as
the EU authorities can do anything about it - and that's the
same dynamic that exists across all geo boundaries on the
internet, that's not specifically American - see China and its
great firewall. If an American company is taking steps to be in
compliance with GDPR, it's because there is benefit in doing
so.
WRT GDPR, I'd ask a clarification before continuing - you said
"operating within the EU" - what does that mean? If I deploy a
website, from America, onto American servers, and you can reach
them from within the EU, am I "operating within the EU"? I'm
not trying to be coy by asking this, I actually don't know the
extent to which I agree or disagree with you.
pixl97 wrote 2 days ago:
>Maybe 30% of Americans voted for Donald Trump
If you don't vote, you don't count.
poszlem wrote 2 days ago:
I see this sentiment constantly. It is genuinely hilarious to watch
Americans lecture the world about the free market while feigning
shock that Europe hasn't produced its own tech giants.
Claiming "the EU had 20 years to build an equally successful product"
is the geopolitical equivalent of a deeply dysfunctional 1950s
household. For decades, the husband insisted he handle all the
enterprise and security so he could remain the undisputed head of the
family. Then, after squandering his focus on a two-decade drunken
military bender in the Middle East, he stumbles home, realizes he's
overextended, and screams at his wife for not having her own Silicon
Valley corner office, completely ignoring that he was the one who
ruthlessly bought out her ventures and demanded her dependence in the
first place.
America engineered a digitally dependent Europe because it funneled
global data straight to US monopolies. To blame Europeans for playing
the exact role the US forced them into is historical gaslighting. And
pretending the CLOUD Act's global, extraterritorial overreach is the
same as local EU law enforcement is just the icing on the delusion
cake.
gib444 wrote 1 day ago:
Very well said.
> To blame Europeans for playing the exact role the US forced them
into is historical gaslighting.
Hear hear
csmpltn wrote 2 days ago:
Oh, the EU is a victim now? And the EU's laziness, bloat and
uselessness is the US's fault now?
And where's all of this evidence of this hidden extraordinary
European talent and ability that just needs to be unleashed given
some more lawyers and regulation?
This is a joke.
wolvoleo wrote 2 days ago:
Exactly! It's the same with the military dependency.
America wanted a weak Europe, to be dependent on them so they would
have geopolitical influence. They basically bought influence. They
didn't want us to have nukes to defend ourselves from the Russians
(the French are frowned upon and the British don't really have
their own, they are beholden to the US). It also gave them a huge
market for their products and services (and no there was no
imbalance if you take services into account which Trump doesn't).
Then Trump comes and complains that we're not investing equally.
Well no, but this was exactly as his predecessors designed. Now we
will build it up but of course we will need to build our own
nuclear umbrella and we will no longer give the US its influence it
previously had, obviously.
We also don't need quite as much military expenditure anyway
because we're just looking to defend ourselves, not trample
oil-producing countries. The only times we did that were exactly
due to the US' bought influence.
gib444 wrote 1 day ago:
> America wanted a weak Europe, to be dependent on them so they
would have geopolitical influence
100% in agreement
Saline9515 wrote 2 days ago:
The US is not just alone, EU governments are fully cooperating,
happily.
A Microsoft official explained during a french parliamentary
session that he couldn't guarantee that the State data was safe
from US requests. It created a shockwave, as everyone discovered
what was evident from the start.
Of course, nothing happened, and they renewed every contract since
then. We could talk about the F35 procurement.
wolvoleo wrote 2 days ago:
They renewed every contract, but the French government is hard at
work at replacements for Microsoft stuff, called 'la suite'. The
Germans are doing the same under the name 'opendesk' and the
suite shares a lot of common tools in fact.
This predates Trump II by the way, they did have more foresight
than a lot of EU institutions.
Things have changed for sure but big ships take long to turn.
Saline9515 wrote 1 day ago:
There are already credible alternatives, from the EU, which do
not require rebuilding everything from scratch. OnlyOffice, for
instance. The french government's job isn't to write a new
office SaaS suite.
glitchc wrote 1 day ago:
This is sabre rattling and everyone knows it. A municipality in
Germany already tried switching to open source. They're back on
Office and Sharepoint.
wolvoleo wrote 1 day ago:
This is a lot bigger than one municipality. And with the
Munich thing there was a lot of dodgy lobbying going on. Like
Microsoft suddenly moving their HQ there. Then a new mayor
came in that was suddenly all pro-Microsoft.
La suite is a lot bigger than that. And parts are actually
being used already. They recently started using the meeting
component called visio.
register wrote 2 days ago:
Thank you for your words I couldn't say any better. I agree on
everything but one thing. I definetely don't find this hilarious. I
find it frightening and disgusting.
gib444 wrote 2 days ago:
The "pull yourselves up by your bootstraps" advice has more weight
when the person saying it hasn't taken control of all bootstraps for
a good 75 years. This is this toxicity in the toxic relationship
between the US and EU. Foot in our faces telling us to pick ourselves
up. Ditto South America.
csmpltn wrote 2 days ago:
Victim mentality? Explain what stops Europe from producing a worthy
LinkedIn competitor that challenges LinkedIn's hegemony.
gib444 wrote 1 day ago:
> Victim mentality
Oh please.
foxglacier wrote 1 day ago:
He's right though. Blaming someone else for your own failures
is victim mentality - regardless of whether they really are the
cause or not. Notice how China managed to break free from US
tech dominance, no matter how difficult it was, by making
itself strong and capable instead of accepting helplessness
which is victim mentality.
gib444 wrote 1 day ago:
I will not take the bait. We all know the meaning of victim
of mentality and know it doesn't apply in this discussion.
csmpltn wrote 1 day ago:
> I will not take the bait.
I simply asked you to qualify what makes the EU a victim of
the US, and why that's somehow the reason for things never
being built or done in the EU.
Barrin92 wrote 1 day ago:
>Notice how China managed to break free from US tech
dominance, no matter how difficult it was
They did this because in the Chinese narrative Americans are
a bunch of hegemonic brutes and self sufficiency was a matter
of survival. Europeans don't use LinkedIn because they're
victimized, they use American products because there was a
belief that the United States is a civilized country whose
companies and government can be relied on.
That Americans of all people now adopt the rhetoric of the
Chinese about themselves and Europe, which has some
terrifying and unflattering implications about their own self
image should make people think about what they're saying.
Europe didn't go for a different route because of
victim-hood, but because the rule of law and the so-called
Western values do still mean something on the old continent.
If Americans now openly say, Europe you losers you should
have treated us the way the Communist party told you to, fair
enough but mind you that's how people talk who are at the end
of their own civilization, I'm German I know the attitude
very well.
birdsongs wrote 2 days ago:
> In other words I donât see why any of this is somehow uniquely
wrong to the OP.
Did you read the article? It's a dark pattern. It is an act that
takes 3 minutes to perform. Yet it takes multiple days of reading
legal documents to understand what actually happens. I would argue
this feels wrong, to most people who interact with technology.
We have a set of laws here that companies are obliged to follow,
regardless of where they are incorporated, so we expect that. We are
used to having some basic human rights here, perhaps unlike most
Americans these days.
Data processes and ownership of biometric data should be made
explicitly clear. It shouldn't take days of reading to understand. It
feels wrong to me too.
kleiba wrote 2 days ago:
One detail you might have overlooked: even if you're an American
company - if you offer your services in Europe (through the web or
otherwise), you're subject to European laws and regulations,
including the GDPR.
rrr_oh_man wrote 2 days ago:
"Sue me" is what a purely cis-Atlantean company might say.
wolvoleo wrote 2 days ago:
Which is of course exactly what is happening with the likes of
Google and Meta.
csmpltn wrote 1 day ago:
Google and Meta don't need to show up to court :)
rrr_oh_man wrote 1 day ago:
...both of which have offices in the EU.
47282847 wrote 2 days ago:
> European law enforcement agencies have the same powers.
No they donât, not in the way that is implied here. A German court
can subpoena German companies. Even for 100% subsidiaries in other
European or non-European countries, one needs to request legal
assistance. Which then is evaluated based on local jurisdiction of
the subsidiary, not the parent. Microsoft Germany as operator is
subject to US law and access. See Wikipedia âAmerican
exceptionalismâ for further examples.
Kaijo wrote 2 days ago:
I hate LinkedIn but need it for a few things, mostly accessing certain
clients and projects as a freelancer. Last October my ISP (Vodafone UK)
assigned me a datacenter-classified IPv6 address with 80+ abuse reports
on reputation databases, for bots, DDoS, crawlers. Before I realized
this I started getting locked out, suspended, restricted from just
about every web service I use, having to solve captchas for simple
Google searches, etc.
I resolved everything except LinkedIn. They required Persona
verification to restore access, but I'd already recently verified with
Persona, so clicking the re-verification links just returned a Catch-22
"you've already verified with us." LinkedIn support is unreachable
unless you're signed into an account. I tried direct emails, webforms,
DMs to LinkedIn Help on Twitter, all completely ignored.
Eventually some cooldown timer must have expired, because Persona
finally let me re-verify last week. Upon regaining access, I was
encouraged me to verify with Persona AGAIN, this time for the verified
badge.
I now have a taste of what "digital underclass" means, and look forward
to the day when no part of my income depends on horrible platforms that
make me desperate for the opportunity to give away my personal data!
wolvoleo wrote 1 day ago:
The nasty part of that is also that you can't even delete your
account without getting back into it so you need to doxx yourself to
even delete it :(
blfr wrote 2 days ago:
LinkedIn (like Teams) is a Microsoft product. And it shows.
However, they have a very generous free trial for sales/recruitment.
You could probably activate it and get real support.
Kaijo wrote 2 days ago:
Thanks for mentioning this. I have activated a one-month LinkedIn
Premium free trial, hopefully as another layer of protection while
I re-establish myself and fortify my profile.
prox wrote 2 days ago:
I also feel that digital companies get away with âno human
representativesâ. I should always have access to a human. It should
be law. It will screw over a lot of companies and I am all for it
since they donât know what service looks like if it looked them in
the eyes.
AlienRobot wrote 2 days ago:
I heard this being described as an "accountability sink." A system
designed in such way that when something bad happens, there is
nobody to be held accountable. It feels pervasive in the modern
world.
casenmgreen wrote 2 days ago:
Having this problem with Amazon right now, trying to get a GDPR
deletion done.
jll29 wrote 2 days ago:
The rule for not replying to GDPR requests (e.g. sent by
registered letter) holds within a month: the maximum fine for
this is 4% of last years total revenue or 20 mio â¬, whichever
is the larger number.
For US companies use their (typically Dublin) European HQs.
wolvoleo wrote 1 day ago:
Yes but the Irish privacy authority is just a front for US
interests. Because the country makes so much money from big
tech tax avoidance.
Nextgrid wrote 2 days ago:
> the maximum fine for this is 4% of last years total revenue
or 20 mio â¬, whichever is the larger number.
The maximum fine wasn't even achieved by Facebook, after years
and many blatant GDPR cases. Do you really think someone is
getting a fine for not replying to a subject access request in
due time? If so I have a very good bridge to sell you, and that
bridge has more probability to exist than Amazon getting any
kind of GDPR fine for not acknowledging a SAR.
rrr_oh_man wrote 2 days ago:
> look forward to the day when no part of my income depends on
horrible platforms that make me desperate for the opportunity to give
away my personal data
We are moving into the opposite direction. Drink a verification can.
srameshc wrote 2 days ago:
This is the kind of activism in privacy appreciate that we need. I knew
I did not want to verify but I did verify on Linkedin recently. The
fact that the author also gave an action list if you are concerned
about your privacy is just commendable.
trilogic wrote 2 days ago:
Great article, thank you.
Hiding all this very important info (which literally affects the users
life) behind an insignificant boring click!
Even the most paranoid user will give up in certain use cases, (like
with covid 19 which even though didn´t agree, you needed to travel,
work making it compulsory).
Every company that uses deciving techniques like this should be banned
in Europe.
luxpir wrote 2 days ago:
I really appreciate this write-up.
Was forced to verify to get access to a new account. Like, an
interstitial page that forced verification before even basic access.
Brief context for that: was being granted a salesnav licence, but to my
work address with no account attached to it. Plus I had an existing
salesnav trial underway on main account and didn't want to give access
to that work.
So I reluctantly verified with my passport (!) and got access. Then
looked at all the privacy settings to try to access what I'd given, but
the full export was only sign up date and one other row in a csv. I
switched off all the dark pattern ad settings that were default on,
then tried to recall the name of the company. Lack of time meant I
haven't been able to follow up. I was deeply uncomfortable with the
whole process.
So now I've requested my info and deletion via the details in the post,
from the work address.
One other concern is if my verified is ever forced to be my main, I'll
be screwed for contacts and years of connections. So I'll try to shut
it down soon when I'm sure we're done at work. But tbh I don't think
the issues will end there either.
Why do these services have to suck so much. Why does money confer such
power instead of goodwill, integrity and trust/trustless systems.
Things have to change. Or, just stay off the grid. But that shouldn't
have to be the choice. Where are the decentralised services. I'm
increasingly serious about this.
SilverElfin wrote 1 day ago:
Letâs not forget Persona is linked to Peter Thiel. When Thiel and
his friends support the government snatching citizens off the
streets, there is unacceptable risk with forcing job seekers and the
like to create accounts on LinkedIn.
ibejoeb wrote 1 day ago:
>Thiel and his friends support the government snatching citizens
off the streets
What's the story here?
dygd wrote 1 day ago:
The Palantir app helping ICE raids in Minneapolis: [1] ICE using
Palantir tool that feeds on Medicaid data:
HTML [1]: https://news.ycombinator.com/item?id=46633378
HTML [2]: https://news.ycombinator.com/item?id=46756117
lossyalgo wrote 1 day ago:
That's just the tip of the iceberg:
HTML [1]: https://en.wikipedia.org/wiki/Palantir#Controversies
jofla_net wrote 2 days ago:
> Why do these services have to suck so much.
They can do what they please. Its due to the network effects. The
tie-ins of tech are so strong, I'd wager that %99 of why they succeed
has nothing to do with competency or making a product for the user,
just that people are too immobile to jump ship for too many reasons.
Its staggering how much stronger this is than what people give credit
for. Its as if you registered all your cells with a particular pain
medication provider, and the idea of switching pills makes one go
into acute neurosis.
jll29 wrote 2 days ago:
Someone needs to reimplement a "clean" version of its
functionality: professional networking is too important to be left
to the data hoarders/government surveillance cluster of
organizations.
Besides, its UX has decayed to a "Facebook for the employed", where
John Doe praises himself for mastering a mandatory training at work
or taking Introduction to HTML at "Harvard" via Coursera.
mcmcmc wrote 2 days ago:
The problem is a competitor will never be able to succeed without
doing the same thing. Try to compete as a "free" service and
you'll have to sell ads, try to charge and you'll never get
enough signups to fund the business.
dwedge wrote 2 days ago:
Nobody is coming to save us. A federated LinkedIn would be great
but will not take over. We just need to stop using these services
stateofinquiry wrote 2 days ago:
Thank you for sharing this.
I understand, and even agree, that how this is being handled has some
pretty creepy aspects. But one thing missing from the comments I see
here and elsewhere is: How else should verification be handled? We
have a real problem with AI/bots online these days, trust will be at
a premium. How can we try to assure it? I can think of one way:
Everyone must pay to be a member (there will still be fraud, but it
will cost!). How else can we verify with a better set of tradeoffs?
There is some info from Persona CEO on (of course) LinkedIn, in
response to a post from security researcher Brian Krebs: [1] . I note
he's not verified, but he does pay for the service.
HTML [1]: https://www.linkedin.com/posts/bkrebs_if-you-are-thinking-ab...
drnick1 wrote 1 day ago:
> How else should verification be handled?
There should be no verification. The idea of a single platform
where every worker is listed, identified, and connected to other
people he/she knows IRL is scary. It shouldn't exist.
kwar13 wrote 1 day ago:
zero knowledge proofs, with services such as [1] (i am not
affiliated)
HTML [1]: https://zkpassport.id/
throwaway063_1 wrote 2 days ago:
> How else should verification be handled?
Many European countries have secure electronic identifications that
are trusted by the government, banks etc.
Linkedin could easily use this to verify the identities.
Example of services where you can verify the identity with 35
different providers using a single API: [1] or [2] I doubt it would
take more than a sprint to integrate with this or other services.
HTML [1]: https://www.signicat.com/products/identity-proofing/eid-hu...
HTML [2]: https://www.scrive.com/products/eid-hub
anttihaapala wrote 2 days ago:
How about everyone gets a digital certification from their own
government that this is the person named this and that. No need to
share cranial measurements and iris scans.
stateofinquiry wrote 2 days ago:
Well, different trade offs there. On the plus side, sounds pretty
simple. On the other hand...
Digital certification from the gov sounds a lot like "digital
ID", which has run into considerable resistance in the UK and EU
in just the last few months. As a general observation I find most
EU citizens I interact with much more trusting of government than
... well, any other group of folks I have interacted with (I have
the privilege of having lived and worked in S. America, N.
America, sub Saharan Africa and now an EU country). If it does
not fly well here, I don't think its general solution that most
people would be comfortable with.
HTML [1]: https://blogs.lse.ac.uk/europpblog/2025/10/09/britcard-u...
dwedge wrote 2 days ago:
Having lived in borh the UK and Poland I was very surprised
(given history) to find how comfortable, in comparison, Poles
are with ID requirements, tax ID to join gyms and football
clubs compared to the UK whicb still resists mandatory ID.
There does seem to be a UK EU divide here
SomeUserName432 wrote 2 days ago:
> Was forced to verify to get access to a new account. Like, an
interstitial page that forced verification before even basic access.
I'm forced to verify to access my existing account.
I cannot delete it, nor opt out of 'being used for AI content'
without first handing them over even more information I'm sure will
be used for completely benign purposes.
pteraspidomorph wrote 1 day ago:
I had this problem with Facebook 15 years ago. Nothing new, but as
always, people will avert their eyes until it begins to affect them
personally.
kioshix wrote 2 days ago:
About a year ago I wanted to check out LinkedIn. Signed up with my
real name, added my employer and past employers, verified my
current work email address etc.
About 24 hours later, when logging in to pick up where I left off,
I'm redirected to a page that tells me that my account has been
locked. For the safety of my account, I needed to verify my
identity to continue.
I refused to do so, for the same reasons this article highlights.
So I wanted to delete my account and never return. Guess what? You
can't delete your account without first verifying.
It took me a few frustrating months of trying to email their DPO
(data protection officer) and filling out forms, constantly being
routed to regular support with very unhelpful support staff. I
actually contacted the Irish data protection agency thing (I'm not
Irish, but european), and while waiting for them to process the
case, I miraculously got a reply from LinkedIn that my account
deletion was being processed.
Quite an infuriating experience.
luxpir wrote 2 days ago:
That's concerning.
Kids in Oz were getting around social media age restrictions by
holding up celeb photos. I doubt that'll work in this case, but I'd
be tempted to start thinking of ways to circumvent.
At the risk of losing the account, it's a very bad situation they
are forcing people into.
tamimio wrote 2 days ago:
This process will be done in a way that you wonât even have to do it
in 3min, it will be part of you phone wallet, and whenever you sign up
you will be required to verify it there, essentially, all big tech will
be having a copy of your biometric, and consequently, all three letter
agencies too. Welcome to the tyranny of big tech!
_pdp_ wrote 2 days ago:
On EU data sovereignty:
The OP is right. For that reason we started migrating all of our
cloud-based services out of USA into EU data centers with EU companies
behind them. We are basically 80% there. The last 20% remaining are not
the difficult ones - they are just not really that important to care
that much at this point but the long terms intention is a 100%
disconnect.
On IDV security:
When you send your document to an IDV company (be that in USA or
elsewhere) they do not have the automatic right to train on your data
without explicit consent. They have been a few pretty big class action
lawsuits in the past around this but I also believe that the legal
frameworks are simply not strong enough to deter abuse or negligence.
That being said, everyone reading this must realise that with large
datasets it is practically very likely to miss-label data and it is
hard to prove that this is not happening at scale. At the end of the
day it will be a query running against a database and with huge volumes
it might catch more than it should. Once the data is selected for
training and trained on, it is impossible to undo the damage. You can
delete the training artefact after the fact of course but the weights
of the models are already re-balanced with the said data unless you
train from scratch which nobody does.
I think everyone should assume that their data, be that source code,
biometrics, or whatever, is already used for training without consent
and we don't have the legal frameworks to protect you against such
actions - in fact we have the opposite. The only control you have is
not to participate.
dvfjsdhgfv wrote 2 days ago:
Since some job offers require a linked in link, I maintain an empty
page explaining why maintaining a LI account is a privacy and security
hole. It turns out it works.
prox wrote 2 days ago:
Did you need to verify your account first?
dvfjsdhgfv wrote 2 days ago:
No, and it's difficult for me to understand why anyone would ever
want that.
elAhmo wrote 2 days ago:
From the article:
> Let that sink in. You scanned your European passport for a European
professional network, and your data went exclusively to North American
companies. Not a single EU-based subprocessor in the chain.
Not sure LinkedIn is a European professional network.
201984 wrote 2 days ago:
>Let that sink in
That's a hallmark of GPT spam, so it's not surprising there's
hallucinations.
cbeach wrote 1 day ago:
and "That blue badge might not be worth what youâre trading for
it. A checkmark is cosmetic. Biometric data is forever."
I like the article, but I think it was nearly wholly LLM-generated.
It's a shame that this contrived writing style is becoming so
commonplace. Just annoying, more than anything.
201984 wrote 1 day ago:
GPTZero (not sure how reliable it is) said it was 100% generated.
llm_nerd wrote 2 days ago:
Their use of LinkedIn is for local and semi-local professional
networks. It's like if you use Nextdoor for your street.
And of course those Europeans use LinkedIn for the network effect
(even though LinkedIn is just a pathetic sad dead mall now, so most
are doing so for an illusion), because other prior waves of Europeans
also used LinkedIn, and so on. Domestic or regional alternatives
falter because everyone demands they be on the "one" site.
The centralization of tech, largely to the US for a variety of
reasons, has been an enormous, colossal mistake.
It's at this point I have to laud what China did. They simply banned
foreign options in many spaces and healthy domestic options sprouted
up overnight. Many countries need to start doing this, especially
given that US tech is effectively an arm of a very hostile government
that is waging intense diplomatic and trade warfare worldwide,
especially against allies.
jll29 wrote 2 days ago:
I would prefer to live in a free country, where I can choose my
services from
among a couple of options. But the government you appeal to should
install and execute laws to protect citizens by forcing foreign
players to abide by local rulse or be forced to declare that they
are not, in large red letters so no-one can say they did not know
(legalese small-print does not suffice as we know).
1over137 wrote 1 day ago:
>I would prefer to live in a free countryâ¦
Well if youâre in a country Trump has threatened to invade, or
already invaded, having a free country might require banning
these American companies.
urikaduri wrote 2 days ago:
Is there really a choice? Network effect means that the company
that sells you cars also owns the road, and only allows its cars
to drive on it.
What you want is the social graph, but you are forced to also use
FBs shitty app to access it.
These social media apps never had a single useful feature besides
the graph itself.
black_puppydog wrote 2 days ago:
I think the author was talking about their own professional network
being based in Europe, as opposed by LinkedIn, the platform that
they're using to contact said network.
guenthert wrote 2 days ago:
Yeah, he might have wanted to use Xing. Of course, he'd be pretty
lonely there.
vdfs wrote 2 days ago:
Viadeo is slightly more popular
ColinWright wrote 2 days ago:
I used to have a LinkedIn account, a long time ago. To register I
created an email address that was unique to LinkedIn, and pretty much
unguessable ... certainly not amenable to a dictionary attack.
I ended up deciding that I was getting no value from the account, and I
heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test
whether this was a fluke, or if they leaked, sold, or otherwise lost
control of my data. But absolutely I will not trust them with anything
I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold
it.
rixed wrote 1 day ago:
I don't remember where I got this from, but I've heard long ago about
a company which TOS stated vehemently that they would never sell the
contacts of their customers... Only to sell them once the accounts
are closed because, well, technically those were no longer customers.
So maybe that's what happened?
driverdan wrote 1 day ago:
LinkedIn definitely sells/shares/leaks email address. I'm not sure
which but I also have the same problem. I created my account with a
unique email I've only used for LI. I occasionally get B2B and
recruiter spam sent to that email.
x0x0 wrote 1 day ago:
It could be, but I think it's also as likely it was the scrapers
treating that as a trigger event of some type. eg you got a job and
might have regrets.
I also saw... not sure what to call them, but honeypot friend
requests? I used to get regular requests from profiles I didn't
recognize with a generic pretty woman (I'd assume stock photography).
Since I ignored them, they would re-request on intervals that were
exactly 90 or 180 days. I occasionally glanced at them and there
seemed to be no rhyme nor reason to their friends. I'd assume this
was also some type of scraping, probably for friends-only profile
data.
drnick1 wrote 1 day ago:
This is precisely why I give each website an alias such as
website@example.com. If I start receiving spam to that address, I
revoke the alias and name and shame the website online whenever I get
the chance. Not that I would use LinkedIn anyway.
anjel wrote 1 day ago:
proxy emails are rejected more and more. Same with google tel
numbers. The internet feels more and more like the garbage
compactor scene in Star Wars.
drnick1 wrote 1 day ago:
How would the website know that it is a "proxy email?" I am using
my own domain name and email server, and don't believe I ever
received a rejection.
griffineyes wrote 1 day ago:
Itâs definitely not a fluke. I was getting between 20 and 30 spam
emails per day. Simply out of curiosity I deleted my linkedin account
and the spam abated. After a week the spam reduced to a trickle and
now after a few months I only get a few spam emails per week. Shortly
after discovering that LinkedIn was the problem I deleted Indeed as
well. Indeed has a fairly robust data deletion program.
nine_k wrote 1 day ago:
A LinkedIn account's sole purpose is publishing, dissemination, and
advertising information about you and your company. Anything that you
badly want to keep private certainly does not belong there, much like
it does not belong to a large roadside billboard.
Otherwise, LinkedIn can be quite useful in searching for a job,
researching a company, or getting to know potential coworkers or
hires.
Email spam is, to my mind, an inevitability. You should expect waves
of spam, no matter what address you use; your email provider should
offer reasonable filtering of the spam. Using a unique un-guessable
email address, like any security through obscurity, can only get you
so far.
trinsic2 wrote 1 day ago:
You sound like someone that wants to normalize bad behavior. Good
luck with that. I would never use a social networking site to find
people or jobs. I'm not going to put support behind a entity that
doesn't respect privacy and the fact that they are people who don't
care, like you, are the problem and why we are in the situation we
are in as a country at this point.
nine_k wrote 1 day ago:
I won't call it a social networking site. I'd call it a
business-card-exchange site, plus a corporate-flyers-handout
site, and of course a self-promotion site.
Selling emails is of course bad, but expecting your email that
you give to any big corporation to stay private for a long time
is, alas, naïve. I've read the fine print; in most EULAs it
includes a ton of clauses about sharing your contacts with a
bunch of third parties, etc. LinkedIn, in particular, explicitly
says that it may share your contacts with advertising partners.
In other words, if you need to enter this space, wear a hazmat
suit, expect no niceties.
sqircles wrote 1 day ago:
LinkedIn has a wild past. I'm surprised that it seems like no one
remembers. Scanning users e-mail inboxes, creating fake users, etc.
lossyalgo wrote 1 day ago:
It's all documented on Wikipedia too:
HTML [1]: https://en.wikipedia.org/wiki/LinkedIn#Criticism_and_contr...
bdangubic wrote 1 day ago:
You can replace LinkedIn in your post with every social media etc
company and it will ring as true as your current post
mati365 wrote 1 day ago:
ofc it's sold. Take a look at this: [1] It identifies users that
visit your site and then shows their email, phone number and living
place based on their Li profile ;))
HTML [1]: https://www.rb2b.com/
anjel wrote 1 day ago:
rb2b website has an incredibly ironic "we respect your privacy"
GPDR banner along the bottom of their landing page.
Keekgette wrote 2 days ago:
> It would be interesting to run a semi-controlled experiment to test
whether this was a fluke, or if they leaked, sold, or otherwise lost
control of my data.
Too much time / energy on your hands? You gave them a unique email ID
(which is always the most sensible thing), that's it.
The non-sensible thing was to sign up kn the first place. Nobody
needs these narcisstic, BS spewing pseudo-networking places.
post-it wrote 1 day ago:
> Nobody needs these narcisstic, BS spewing pseudo-networking
places.
I mean I got my last job through LinkedIn. I'm currently
interviewing at a few places, half of which came from LinkedIn. So
I personally clearly do need LinkedIn, unless you want to hire me.
bachmeier wrote 2 days ago:
This is a good example of why it's insane that nobody at Mozilla
cares that they hire CEOs that have only a LinkedIn page. If you want
to visit the website of the Mozilla CEO, you have to create an
account and log in. No big deal if it's a CEO of a plastics
manufacturing company, but when the mission is fighting against the
behavior of companies like LinkedIn, it makes me wonder why Mozilla
exists.
mkl95 wrote 1 day ago:
The CEO role at Mozilla is unstable. Even if Mozilla didn't require
a LinkedIn page, chances are their CEOs would have an up to date
account. Also, Mozilla's ARR is mostly their Google partnership.
Thorrez wrote 1 day ago:
I don't think Mozilla requires a LinkedIn page. bachmeier is
complaining that Mozilla's CEO doesn't have a personal webpage,
and only has a LinkedIn page. By not having a personal webpage,
and having a LinkedIn page, it appears that Mozilla's CEO doesn't
really care about the open web.
bachmeier wrote 1 day ago:
If you visit the Mozilla website right now, you will see "Break
free from big tech â our products put you in control of a
safer, more private internet experience."
rdiddly wrote 1 day ago:
"Doctor, heal thyself!"
pousada wrote 1 day ago:
Marketing slogans are just that, words that sound good.
Better look at their actions than take their slogans at face
value. Applies to everyone
barbazoo wrote 1 day ago:
Itâs hard to be perfect.
saghm wrote 1 day ago:
Good thing quality isn't binary! It's pretty attainable to at be
halfway decent
bachmeier wrote 1 day ago:
Yes, in the same way it's hard for Tim Cook to not run his
company on Windows 11.
AndrewKemendo wrote 1 day ago:
The surest sign of incompetence is somebody claiming they are
forced into a requirement for perfection when the requirement is
simply a basic adherence to virtue
dijit wrote 2 days ago:
Linkedin has been breached a lot over time.
But I have such low faith in the platform that I would readily
believe that once they think you're not going to continue adding
value, they find unpleasant ways to extract the last bit of value
that they reserve only for "ex"-users.
wolvoleo wrote 2 days ago:
> Linkedin has been breached a lot over time.
Yeah but the OP got spam within hours. That would be pretty
unlikely to have coincided with a breach.
But LinkedIn probably sold the data, they have a dark pattern maze
of privacy settings and most default to ON.
Spooky23 wrote 2 days ago:
My assumption was that it was an intelligence platform first. Just
like Skype, Microsoft decided to randomly buy it.
It amazing really. If you reached out to people and asked them for
the information and graph that LinkedIn maintains, most employers
would fire them.
ljm wrote 2 days ago:
There's an entire cottage industry of linkedin scrapers that put a
lot of effort into guessing your email address to enable cold
outreach.
I'm ashamed to say I worked at one such place for several months.
Apollo is probably the most comprehensive source for this. It's
creepy as fuck.
notpushkin wrote 1 day ago:
Iâm a bit on the fence with this one. Sure, spam is bad, but
they also enable you to reach out to somebody outside of the
LinkedInâs walled garden (personally, without automation).
If it enables a tiny startup trying to solve the exact problem I
have to reach out to me â Iâd say itâs a net positive (but
not by a huge margin), and having to blacklist @mongodb.com with
their certifications bullshit is a price Iâm ready to pay. If
more spammers get their hands on this kind of dataset though
itâll probably be a disaster.
wolvoleo wrote 2 days ago:
Yes I notice that too. I hide my last name now because at my
company it's just firstname.lastname so easy to guess.
It helps a lot but I still get a lot of sales goons. A lot of
them follow up constantly too "hey what about that meeting invite
I sent you why did you not attend"? My deleted email box is full
of them (I instantly block them the minute I get an invite to
anything from someone I don't know, and I wish Outlook had the
ability to ban the entire origin domain too but it doesn't)
JimDabell wrote 1 day ago:
Put an emoji after your name in LinkedIn. Something that
obviously isnât part of your name. All the bots that scrape
LinkedIn and guess your email address will include the emoji
when addressing you in an email; no humans will. You can then
use this in a spam filter.
notpushkin wrote 1 day ago:
I think it would be fairly easy to clean up. It should help
with the dumbest spammers though.
vaylian wrote 2 days ago:
> My assumption was that it was an intelligence platform first.
What do you mean by "intelligence platform"?
caseysoftware wrote 1 day ago:
"Spyware" doesn't quite capture it.
It's "intelligence platform" in the sense that you can gain a ton
of information on individuals, organizations, and relationships
that drive it all. If you can track how people move and interact
between organizations, you can determine who someone is doing
business with and even make an educated guess if that's a sale or
interview.
I started writing about it almost 20 years ago: [1] and turned it
into a conference presentation called "Shattering Secrets with
Social Media"
But there have been numerous proofs of concept over the years:
HTML [1]: https://caseysoftware.com/blog/linkedin-intelligence-par...
HTML [2]: https://en.wikipedia.org/wiki/Robin_Sage
trinsic2 wrote 1 day ago:
Bro if you want people to read your stuff. Don't require java
script to view the page. Smart people block that stuff.
reciprocity wrote 1 day ago:
I couldn't agree more.
estimator7292 wrote 2 days ago:
Spyware
eastbound wrote 2 days ago:
Remember when LinkedIn was condemned because they copied Gmailâs
login page saying âLog in with Googleâ, then you entered your
password, then they retrieved all your contacts, even the bank, the
mailing lists, your ex, and spammed the hell out of them, saying
things in your name in the style of âYou havenât joined in 5
days, I want you to subscribeâ ?
DANmode wrote 1 day ago:
I remember boycotting them for many years after that, yes.
Now lots of contact forms (not even necessarily job related!) are
treating it as a required field. Pretty distasteful situation.
jll29 wrote 2 days ago:
The original version of the LinkedIn mobile app uploaded your
personal contacts stored on your smart phone and SIM to their
server (to also "invite" them), without requesting user permission.
After that, I never installed it again (but too late), and I bought
a second (non-smart) phone.
Teckla wrote 1 day ago:
When I created an account on LinkedIn, a long time ago, I used
the web. When it asked if I wanted to invite other people from my
list of contacts, I clicked yes. I thought it would let me
manually enter some contacts, or at worst, give me a list to
choose from, with some kind of permissions prompt. Somehow, it
accessed my entire Gmail contact list, and invited them all. My
goodness, that was terrifying (I didn't even know it was
possible) and embarrassing. Companies are not to be trusted,
ever. Especially now, as they've proven for decades they have
zero moral compass, and no qualms about abusing people for
profit.
huhtenberg wrote 2 days ago:
WhatsApp infamously did just that.
It vacuumed the contacts and spammed them with "Join me on
WhatsApp". One of the reasons for their initial exponential
growth.
reformdEngineer wrote 1 day ago:
Venmo did this too
pousada wrote 1 day ago:
Almost everything coming out of Silicon Valley has an unethical
past(present?) if you look at it a bit more closely.
StrauXX wrote 2 days ago:
Do you have a reference with more information on that?
lossyalgo wrote 1 day ago:
It's all documented on Wikipedia:
HTML [1]: https://en.wikipedia.org/wiki/LinkedIn#Criticism_and_con...
dijit wrote 2 days ago:
On HN itself: [1] Confirmed 5 years later in media;
HTML [1]: https://news.ycombinator.com/item?id=14277202
HTML [2]: https://www.bloomberg.com/news/articles/2013-09-20/linke...
genghisjahn wrote 2 days ago:
They used a legit google oauth but with broad rights. They did
pull the contact and repeatedly spam them as personal emails.
There were lawsuits.
philjackson wrote 2 days ago:
I don't know how they're still in business after that. They also
had a massive data breach at one point.
tokioyoyo wrote 2 days ago:
Because super-majority doesn't really care if the product does
what it's intended to in the end.
nalekberov wrote 2 days ago:
You can verify yourself using company email address - maybe I am being
naive to think that itâs much safer, but itâs way better than
handing over your ID data.
I never understand why people supply too much info about themselves for
small gains.
People at LinkedIn wants you to believe that your career is safe if you
play by their games, but ironically they are one of the main reasons
why companies nowadays are comfortable with hiring and firing fast.
andreashaerter wrote 2 days ago:
> You can verify yourself using company email address
LinkedIn does not support smaller companies; it appears to rely on
some kind of whitelist or known-enterprise system. This option is
simply not available for at least 90% of users.
nalekberov wrote 2 days ago:
> LinkedIn does not support smaller companies.
Pity, but even then is it worth to hand over your very personal
data to multiple companies for the sake of blue tick? Not judging,
genuine question.
varispeed wrote 2 days ago:
Just wait when next time they ask for your member length and girth or
flaps size.
kotaKat wrote 2 days ago:
That's the Worldcoin Orb 2.0. Stick it in to identify yourself to
make a payment.
subscribed wrote 2 days ago:
To deposit a payment.
;)
blaze33 wrote 2 days ago:
> My NFC chip data â the digital info stored on the chip inside my
passport
Do we know how they get that? Because my fingerprints are also in
there, so...
fuzzy2 wrote 1 day ago:
Highly unlikely they did. Just because itâs in the privacy notice
doesnât mean they actually gather or store this information.
And indeed, fingerprints are only accessible using privileged access.
Not even you, the passport holder, has access.
Msurrow wrote 2 days ago:
Yeah was thinking the same thing. I wonder if the author didnt known
that passpory chip == fingerprint.
And FP is a much worse modality to have registered because, as
opposed to Face image, fingerprint is not affected by age. So that
will match you 99.999999% for ever. Faces change.
alansaber wrote 2 days ago:
I naievely assumed fingerprints were trivial to change but on
further reading they are a remarkable biomarker
lkramer wrote 2 days ago:
They will have an app that asks to scan you passport with your
phone's NFC reader. It's pretty common for Identity Verification.
duskdozer wrote 2 days ago:
Wow, that's even worse than I imagined and I was already imagining
bad things
subscribed wrote 2 days ago:
Imagine all the things their phone app can exfiltrate. All
vaguely categorised in privacy policy of course.
throwaway77385 wrote 2 days ago:
How does this work for the myriad banks I've had to prove my identity
to in the same way?
I'll be attempting steps 1-4 and see what Persona comes back with.
xhcuvuvyc wrote 2 days ago:
You still have a linkedin? Isn't that just all ai slop?
efilife wrote 1 day ago:
His blog is AI slop.
Previous article: [1] All from a single blog post:
> thatâs not just text, thatâs biometric data.
> This isnât a chat log. Itâs a structured psychological profile.
> Not raw conversations â processed insights about who I am, how I
think, what I fear, and what motivates me.
> Theyâre not just storing what you said â theyâre analyzing
who you are.
> Theyâre not just answering questions â theyâre building a map
of what youâre curious about, what youâre planning, what youâre
worried about.
> Not because I trusted it â but because it was convenient not to
think about trust at all.
> A profile this detailed isnât just a record. Itâs a tool.
> The oracle isnât neutral. The oracle is taking notes.
> Not because Iâm paranoid â because itâs true.
> Do it. Not because you need to delete everything â but because
you should know what âfreeâ or even âpaidâ really costs.
While copying and pasting all of this I read this at the end:
> I need to be honest about something: I wrote this post with an AI.
Not just edited by AI. Written with it.
Wouldn't fool anyone anyway
HTML [1]: https://thelocalstack.eu/posts/ai-chatbot-gdpr-data-request/
subscribed wrote 2 days ago:
You don't have to browse it. Just make a miniscule change in your
profile from time to time, save it, and wait for recruiters to
contact you.
Once it's a human contact Ai slop doesn't impact you.
andreashaerter wrote 2 days ago:
> You still have a linkedin?
Sadly, LinkedIn has replaced email for initial contact after fairs or
in-person client meetings. New real-world contacts look you up on
LinkedIn and then use it to ask for things like your email address or
mobile number. Because of this, I'm even verified :-(.
Even though I use LinkedIn basically the same way Internet Explorer
was used in 2009 (purely as a Firefox or Chrome downloader but not
for browsing). LinkedIn is my initial contact details exchange, but
not the platform to communicate.
> Isn't that just all ai slop?
It is. I basically get zero useful input. Just biased, shallow
rubbish. If there is valuable content it is usually cross-posted from
authors who also run blogs I already follow.
Edit: Spelling, grammar, style
probably_wrong wrote 2 days ago:
If you know a better place to look for open positions in Europe, I'm
listening.
uyzstvqs wrote 1 day ago:
Country-specific local job boards are best. Big tech companies
(LinkedIn, Indeed, Glassdoor) are terrible for this purpose. Always
apply directly on a potential employers' website, best through
email if they accept that. Even printing your application and
sending it by mail is a far better option than applying through
LinkedIn or Indeed.
kg wrote 2 days ago:
It's still used for job hunting and recruiting unfortunately. I got a
real message from a real recruiter for a 5k+ employee software
company on it just last week. My friends and colleagues dealing with
layoffs have had to update their profiles. :(
BrandoElFollito wrote 2 days ago:
Ha. I was reading this and thought "euhhhh, I did not give all of that
to verify my account". So I went to LinkedIn to check if I have the
shield. I then saw
- that I just have "work email verified" and that there is a Persona
thing I was not even aware of
- a post by Brian Krebs at the top of my feed, exactly on that topic:
HTML [1]: https://www.linkedin.com/posts/bkrebs_if-you-are-thinking-abou...
8cvor6j844qw_d6 wrote 1 day ago:
> that I just have "work email verified" and that there is a Persona
thing I was not even aware of
Good to know that work email verification doesn't involve Persona.
That seems like a reasonable middle ground. Work email is a much
lighter ask than handing over government ID and biometrics.
Curious, does your verification status persist after you remove the
work email (e.g., if you leave that employer)?
BrandoElFollito wrote 1 day ago:
> Curious, does your verification status persist after you remove
the work email (e.g., if you leave that employer)?
I guess so. To me this is a mini-identity check so LinkedIn
probably assumes that if it was fine so far, it will stay that way
later.
nottorp wrote 2 days ago:
Yep, I clicked verify experimentally and all they wanted was my work
email and a code they sent to it.
Of course, that works probably because my work has a linkedin account
so they know what the official domain is for it.
I guess they'll spam that email but it's not like I care. I already
receive spam offering me subcontracting services so I guess it's
published somewhere.
PacificSpecific wrote 2 days ago:
I wonder what mongo and snowflake are doing with that data. The table
is a little vague.
I was under the impression they just make database products. Do they
have a side hustle involving collecting this type of data?
SahAssar wrote 2 days ago:
Subprocessor usually just means that you use their products in a way
that your personal data passes through them. For example, let's say
you are using cloudflare and aws to host a site, then your
subprocessors would be cloudflare and aws.
It can be some more nefarious use, but it can also just be that they
(persona in this case) use their services to process/store your data.
PacificSpecific wrote 2 days ago:
Ah I see that makes sense. Thanks for the clarification.
SanjayMehta wrote 2 days ago:
LinkedIn locked me out of my account, and wants me to verify via this
same Persona company. I didn't read the terms but there's no way I'm
giving Microsoft or its minions my govt id.
What this user missed is the affidavit option: you can get a piece of
paper attested by a local authority and upload that instead, if you
really really need a LinkedIn verified account.
Microsoft can go jump.
wolvoleo wrote 1 day ago:
The problem is your account is still there and you can't even delete
it from linkedin until you verify :(
dizhn wrote 2 days ago:
My friends were pestering me about having to have an X account to
know what's going on and that it'll be fine if I don't engage with
any conversation or even follow anyone. I created one, and started
the usual "don't show me this" thing for the crap that comes up in
the field by default.
I think my account was active for 10 minutes when it got blocked due
to "suspicious activity" and locked. All I have to do now to activate
is give them more of my information including my phone number.
I've had this same exact thing happen with Facebook and Instgram too.
Facebook was probably no less than 5 years ago so this is not new.
You can usually confirm your identity (which they do not know), using
your phone number (which they do not have). Read that again. :) They
ALL do this.
The kicker is you will not find any sympathy because they start with
jurisdictions (3rd world) where they can get away with it and people
will lecture you about how you must have done something because
Facebook never asked for their phone number or blocked them.
I had Airbnb ask for my passport 10 years ago ffs and I did give it
and they still didn't want to give me the place until the proprietor
intervened and sorted it out. I had the same exact helpful comments
about it online that I described above. "You must have done
something", "You're full of shit, they don't ask for passport at
all".
This attitude by my "fellow men" is what bothers me most about this
whole thing.
And now it's global, the same people will probably go "what do you
have to hide", "you show your passport at the border don't you?".
rrr_oh_man wrote 2 days ago:
> "what do you have to hide"
I usually say "great, can I install a camera in your bathroom? No?
Do you have anything to hide? This is what it feels like to me."
dizhn wrote 2 days ago:
Right. Have you actually had anyone change their mind about it
though? I am going to guess no. You probably heard a million
different versions of how "that is different".
Chris_Newton wrote 2 days ago:
I too found that my LinkedIn account had suddenly become
âtemporarilyâ disabled a little while ago, for reasons
unspecified. I too was invited to share my government ID with some
verification system to get back in again.
I too declined on privacy grounds.
LadyCailin wrote 2 days ago:
The trouble is, now it WILL be harder for you to find a job later.
These policies are âyour choiceâ like a diabetic taking insulin
âchoosesâ to take insulin. If we actually treat things like this
as a choice, the word loses all meaning.
SanjayMehta wrote 2 days ago:
My job hunting days are long over but you're right, LinkedIn et al
are indulging in a form of blackmail with chicanery like this.
Having said that, I've noticed most resumes I receive have GitHub
links over LinkedIn. We've advertised on LinkedIn with mixed
results, employee referrals have always been more effective.
7777777phil wrote 2 days ago:
> If youâve already verified â like me â hereâs what Iâd
recommend
Did you actually follow through with 1-4 and if so what was the
outcome? how long did it take?
globalnode wrote 2 days ago:
What a sad story. I feel sorry for this person. But it was very naive
to put that data up in the first place. I recently tried to open a FB
acct so I could connect with local community but within 2 days I was
accused of being a bot and asked to start a video interview with a
verification bot. That didn't happen, local community can do without me
;)
onetokeoverthe wrote 2 days ago:
insane. interview with a bot.
dropped linkedin after ten years due to an id request.
hurts but if EVERYONE SAID NO it would be better tomorrow.
DIR <- back to front page