[HN Gopher] I verified my LinkedIn identity. Here's what I hande...
___________________________________________________________________
I verified my LinkedIn identity. Here's what I handed over
Author : ColinWright
Score : 1361 points
Date : 2026-02-21 07:06 UTC (1 days ago)
HTML web link (thelocalstack.eu)
TEXT w3m dump (thelocalstack.eu)
| globalnode wrote:
| What a sad story. I feel sorry for this person. But it was very
| naive to put that data up in the first place. I recently tried to
| open a FB acct so I could connect with local community but within
| 2 days I was accused of being a bot and asked to start a video
| interview with a verification bot. That didn't happen, local
| community can do without me ;)
| onetokeoverthe wrote:
| insane. interview with a bot.
|
| dropped linkedin after ten years due to an id request.
|
| hurts but if EVERYONE SAID NO it would be better tomorrow.
| 7777777phil wrote:
| > If you've already verified -- like me -- here's what I'd
| recommend
|
| Did you actually follow through with 1-4 and if so what was the
| outcome? how long did it take?
| SanjayMehta wrote:
| LinkedIn locked me out of my account, and wants me to verify via
| this same Persona company. I didn't read the terms but there's no
| way I'm giving Microsoft or its minions my govt id.
|
| What this user missed is the affidavit option: you can get a
| piece of paper attested by a local authority and upload that
| instead, if you really really need a LinkedIn verified account.
|
| Microsoft can go jump.
| LadyCailin wrote:
| The trouble is, now it WILL be harder for you to find a job
| later. These policies are "your choice" like a diabetic taking
| insulin "chooses" to take insulin. If we actually treat things
| like this as a choice, the word loses all meaning.
| SanjayMehta wrote:
| My job hunting days are long over but you're right, LinkedIn
| et al are indulging in a form of blackmail with chicanery
| like this.
|
| Having said that, I've noticed most resumes I receive have
| GitHub links over LinkedIn. We've advertised on LinkedIn with
| mixed results, employee referrals have always been more
| effective.
| Chris_Newton wrote:
| I too found that my LinkedIn account had suddenly become
| "temporarily" disabled a little while ago, for reasons
| unspecified. I too was invited to share my government ID with
| some verification system to get back in again.
|
| I too declined on privacy grounds.
| dizhn wrote:
| My friends were pestering me about having to have an X account
| to know what's going on and that it'll be fine if I don't
| engage with any conversation or even follow anyone. I created
| one, and started the usual "don't show me this" thing for the
| crap that comes up in the field by default.
|
| I think my account was active for 10 minutes when it got
| blocked due to "suspicious activity" and locked. All I have to
| do now to activate is give them more of my information
| including my phone number.
|
| I've had this same exact thing happen with Facebook and
| Instgram too. Facebook was probably no less than 5 years ago so
| this is not new. You can usually confirm your identity (which
| they do not know), using your phone number (which they do not
| have). Read that again. :) They ALL do this.
|
| The kicker is you will not find any sympathy because they start
| with jurisdictions (3rd world) where they can get away with it
| and people will lecture you about how you must have done
| something because Facebook never asked for their phone number
| or blocked them.
|
| I had Airbnb ask for my passport 10 years ago ffs and I did
| give it and they still didn't want to give me the place until
| the proprietor intervened and sorted it out. I had the same
| exact helpful comments about it online that I described above.
| "You must have done something", "You're full of shit, they
| don't ask for passport at all".
|
| This attitude by my "fellow men" is what bothers me most about
| this whole thing.
|
| And now it's global, the same people will probably go "what do
| you have to hide", "you show your passport at the border don't
| you?".
| rrr_oh_man wrote:
| > "what do you have to hide"
|
| I usually say "great, can I install a camera in your
| bathroom? No? Do you have anything to hide? _This_ is what it
| feels like to me. "
| dizhn wrote:
| Right. Have you actually had anyone change their mind about
| it though? I am going to guess no. You probably heard a
| million different versions of how "that is different".
| wolvoleo wrote:
| The problem is your account is still there and you can't even
| delete it from linkedin until you verify :(
| PacificSpecific wrote:
| I wonder what mongo and snowflake are doing with that data. The
| table is a little vague.
|
| I was under the impression they just make database products. Do
| they have a side hustle involving collecting this type of data?
| SahAssar wrote:
| Subprocessor usually just means that you use their products in
| a way that your personal data passes through them. For example,
| let's say you are using cloudflare and aws to host a site, then
| your subprocessors would be cloudflare and aws.
|
| It can be some more nefarious use, but it can also just be that
| they (persona in this case) use their services to process/store
| your data.
| PacificSpecific wrote:
| Ah I see that makes sense. Thanks for the clarification.
| BrandoElFollito wrote:
| Ha. I was reading this and thought "euhhhh, I did not give all of
| that to verify my account". So I went to LinkedIn to check if I
| have the shield. I then saw
|
| - that I just have "work email verified" and that there is a
| Persona thing I was not even aware of
|
| - a post by Brian Krebs at the top of my feed, exactly on that
| topic: https://www.linkedin.com/posts/bkrebs_if-you-are-thinking-
| ab...
| nottorp wrote:
| Yep, I clicked verify experimentally and all they wanted was my
| work email and a code they sent to it.
|
| Of course, that works probably because my work has a linkedin
| account so they know what the official domain is for it.
|
| I guess they'll spam that email but it's not like I care. I
| already receive spam offering me subcontracting services so I
| guess it's published somewhere.
| 8cvor6j844qw_d6 wrote:
| > that I just have "work email verified" and that there is a
| Persona thing I was not even aware of
|
| Good to know that work email verification doesn't involve
| Persona.
|
| That seems like a reasonable middle ground. Work email is a
| much lighter ask than handing over government ID and
| biometrics.
|
| Curious, does your verification status persist after you remove
| the work email (e.g., if you leave that employer)?
| BrandoElFollito wrote:
| > Curious, does your verification status persist after you
| remove the work email (e.g., if you leave that employer)?
|
| I guess so. To me this is a mini-identity check so LinkedIn
| probably assumes that if it was fine so far, it will stay
| that way later.
| xhcuvuvyc wrote:
| You still have a linkedin? Isn't that just all ai slop?
| kg wrote:
| It's still used for job hunting and recruiting unfortunately. I
| got a real message from a real recruiter for a 5k+ employee
| software company on it just last week. My friends and
| colleagues dealing with layoffs have had to update their
| profiles. :(
| probably_wrong wrote:
| If you know a better place to look for open positions in
| Europe, I'm listening.
| uyzstvqs wrote:
| Country-specific local job boards are best. Big tech
| companies (LinkedIn, Indeed, Glassdoor) are terrible for this
| purpose. Always apply directly on a potential employers'
| website, best through email if they accept that. Even
| printing your application and sending it by mail is a far
| better option than applying through LinkedIn or Indeed.
| andreashaerter wrote:
| > You still have a linkedin?
|
| Sadly, LinkedIn has replaced email for initial contact after
| fairs or in-person client meetings. New real-world contacts
| look you up on LinkedIn and then use it to ask for things like
| your email address or mobile number. Because of this, I'm even
| verified :-(.
|
| Even though I use LinkedIn basically the same way Internet
| Explorer was used in 2009 (purely as a Firefox or Chrome
| downloader but not for browsing). LinkedIn is my initial
| contact details exchange, but not the platform to communicate.
|
| > Isn't that just all ai slop?
|
| It is. I basically get zero useful input. Just biased, shallow
| rubbish. If there is valuable content it is usually cross-
| posted from authors who also run blogs I already follow.
|
| Edit: Spelling, grammar, style
| subscribed wrote:
| You don't have to browse it. Just make a miniscule change in
| your profile from time to time, save it, and wait for
| recruiters to contact you.
|
| Once it's a human contact Ai slop doesn't impact you.
| efilife wrote:
| His blog is AI slop.
|
| Previous article: https://thelocalstack.eu/posts/ai-chatbot-
| gdpr-data-request/
|
| All from a single blog post:
|
| > that's not just text, that's biometric data.
|
| > This isn't a chat log. It's a structured psychological
| profile.
|
| > Not raw conversations -- processed insights about who I am,
| how I think, what I fear, and what motivates me.
|
| > They're not just storing what you said -- they're analyzing
| who you are.
|
| > They're not just answering questions -- they're building a
| map of what you're curious about, what you're planning, what
| you're worried about.
|
| > Not because I trusted it -- but because it was convenient not
| to think about trust at all.
|
| > A profile this detailed isn't just a record. It's a tool.
|
| > The oracle isn't neutral. The oracle is taking notes.
|
| > Not because I'm paranoid -- because it's true.
|
| > Do it. Not because you need to delete everything -- but
| because you should know what "free" or even "paid" really
| costs.
|
| While copying and pasting all of this I read this at the end:
|
| > I need to be honest about something: I wrote this post with
| an AI. Not just edited by AI. Written with it.
|
| Wouldn't fool anyone anyway
| throwaway77385 wrote:
| How does this work for the myriad banks I've had to prove my
| identity to in the same way? I'll be attempting steps 1-4 and see
| what Persona comes back with.
| blaze33 wrote:
| > My NFC chip data -- the digital info stored on the chip inside
| my passport
|
| Do we know how they get that? Because my fingerprints are also in
| there, so...
| lkramer wrote:
| They will have an app that asks to scan you passport with your
| phone's NFC reader. It's pretty common for Identity
| Verification.
| duskdozer wrote:
| Wow, that's even worse than I imagined and I was already
| imagining bad things
| subscribed wrote:
| Imagine all the things their phone app can exfiltrate. All
| vaguely categorised in privacy policy of course.
| Msurrow wrote:
| Yeah was thinking the same thing. I wonder if the author didnt
| known that passpory chip == fingerprint.
|
| And FP is a much worse modality to have registered because, as
| opposed to Face image, fingerprint is not affected by age. So
| that will match you 99.999999% for ever. Faces change.
| alansaber wrote:
| I naievely assumed fingerprints were trivial to change but on
| further reading they are a remarkable biomarker
| fuzzy2 wrote:
| Highly unlikely they did. Just because it's in the privacy
| notice doesn't mean they actually gather or store this
| information.
|
| And indeed, fingerprints are only accessible using privileged
| access. Not even you, the passport holder, has access.
| varispeed wrote:
| Just wait when next time they ask for your member length and
| girth or flaps size.
| kotaKat wrote:
| That's the Worldcoin Orb 2.0. Stick it in to identify yourself
| to make a payment.
| subscribed wrote:
| To deposit a payment.
|
| ;)
| nalekberov wrote:
| You can verify yourself using company email address - maybe I am
| being naive to think that it's much safer, but it's way better
| than handing over your ID data.
|
| I never understand why people supply too much info about
| themselves for small gains.
|
| People at LinkedIn wants you to believe that your career is safe
| if you play by their games, but ironically they are one of the
| main reasons why companies nowadays are comfortable with hiring
| and firing fast.
| andreashaerter wrote:
| > You can verify yourself using company email address
|
| LinkedIn does not support smaller companies; it appears to rely
| on some kind of whitelist or known-enterprise system. This
| option is simply not available for at least 90% of users.
| nalekberov wrote:
| > LinkedIn does not support smaller companies.
|
| Pity, but even then is it worth to hand over your very
| personal data to multiple companies for the sake of blue
| tick? Not judging, genuine question.
| ColinWright wrote:
| I used to have a LinkedIn account, a long time ago. To register I
| created an email address that was unique to LinkedIn, and pretty
| much unguessable ... certainly not amenable to a dictionary
| attack.
|
| I ended up deciding that I was getting no value from the account,
| and I heard unpleasant things about the company, so I deleted the
| account.
|
| Within hours I started to get spam to that unique email address.
|
| It would be interesting to run a semi-controlled experiment to
| test whether this was a fluke, or if they leaked, sold, or
| otherwise lost control of my data. But absolutely I will not
| trust them with anything I want to keep private.
|
| I do not trust LinkedIn to keep my data secure ... I believe they
| sold it.
| eastbound wrote:
| Remember when LinkedIn was condemned because they copied
| Gmail's login page saying "Log in with Google", then you
| entered your password, then they retrieved all your contacts,
| even the bank, the mailing lists, your ex, and spammed the hell
| out of them, saying things in your name in the style of "You
| haven't joined in 5 days, I want you to subscribe" ?
| philjackson wrote:
| I don't know how they're still in business after that. They
| also had a massive data breach at one point.
| tokioyoyo wrote:
| Because super-majority doesn't really care if the product
| does what it's intended to in the end.
| StrauXX wrote:
| Do you have a reference with more information on that?
| genghisjahn wrote:
| They used a legit google oauth but with broad rights. They
| did pull the contact and repeatedly spam them as personal
| emails. There were lawsuits.
| dijit wrote:
| On HN itself: https://news.ycombinator.com/item?id=14277202
|
| Confirmed 5 years later in media; https://www.bloomberg.com
| /news/articles/2013-09-20/linkedin-...
| lossyalgo wrote:
| It's all documented on Wikipedia: https://en.wikipedia.org/
| wiki/LinkedIn#Criticism_and_controv...
| jll29 wrote:
| The original version of the LinkedIn mobile app uploaded your
| personal contacts stored on your smart phone and SIM to their
| server (to also "invite" them), without requesting user
| permission.
|
| After that, I never installed it again (but too late), and I
| bought a second (non-smart) phone.
| huhtenberg wrote:
| WhatsApp infamously did just that.
|
| It vacuumed the contacts and spammed them with "Join me on
| WhatsApp". One of the reasons for their initial exponential
| growth.
| pousada wrote:
| Almost everything coming out of Silicon Valley has an
| unethical past(present?) if you look at it a bit more
| closely.
| reformdEngineer wrote:
| Venmo did this too
| Teckla wrote:
| When I created an account on LinkedIn, a long time ago, I
| used the web. When it asked if I wanted to invite other
| people from my list of contacts, I clicked yes. I thought
| it would let me manually enter some contacts, or at worst,
| give me a list to choose from, with some kind of
| permissions prompt. _Somehow_ , it accessed my _entire_
| Gmail contact list, and invited them all. My goodness, that
| was terrifying (I didn 't even know it was _possible_ ) and
| _embarrassing_. Companies are not to be trusted, _ever_.
| Especially now, as they 've proven for decades they have
| zero moral compass, and no qualms about abusing people for
| profit.
| DANmode wrote:
| I remember boycotting them for many years after that, yes.
|
| Now lots of contact forms (not even necessarily job related!)
| are treating it as a required field. Pretty distasteful
| situation.
| Spooky23 wrote:
| My assumption was that it was an intelligence platform first.
| Just like Skype, Microsoft decided to randomly buy it.
|
| It amazing really. If you reached out to people and asked them
| for the information and graph that LinkedIn maintains, most
| employers would fire them.
| vaylian wrote:
| > My assumption was that it was an intelligence platform
| first.
|
| What do you mean by "intelligence platform"?
| estimator7292 wrote:
| Spyware
| caseysoftware wrote:
| "Spyware" doesn't quite capture it.
|
| It's "intelligence platform" in the sense that you can gain
| a ton of information on individuals, organizations, and
| relationships that drive it all. If you can track how
| people move and interact between organizations, you can
| determine who someone is doing business with and even make
| an educated guess if that's a sale or interview.
|
| I started writing about it almost 20 years ago:
| https://caseysoftware.com/blog/linkedin-intelligence-part-
| ii and turned it into a conference presentation called
| "Shattering Secrets with Social Media"
|
| But there have been numerous proofs of concept over the
| years: https://en.wikipedia.org/wiki/Robin_Sage
| trinsic2 wrote:
| Bro if you want people to read your stuff. Don't require
| java script to view the page. Smart people block that
| stuff.
| reciprocity wrote:
| I couldn't agree more.
| ljm wrote:
| There's an entire cottage industry of linkedin scrapers that
| put a lot of effort into guessing your email address to
| enable cold outreach.
|
| I'm ashamed to say I worked at one such place for several
| months.
|
| Apollo is probably the most comprehensive source for this.
| It's creepy as fuck.
| wolvoleo wrote:
| Yes I notice that too. I hide my last name now because at
| my company it's just firstname.lastname so easy to guess.
|
| It helps a lot but I still get a lot of sales goons. A lot
| of them follow up constantly too "hey what about that
| meeting invite I sent you why did you not attend"? My
| deleted email box is full of them (I instantly block them
| the minute I get an invite to anything from someone I don't
| know, and I wish Outlook had the ability to ban the entire
| origin domain too but it doesn't)
| JimDabell wrote:
| Put an emoji after your name in LinkedIn. Something that
| obviously isn't part of your name. All the bots that
| scrape LinkedIn and guess your email address will include
| the emoji when addressing you in an email; no humans
| will. You can then use this in a spam filter.
| notpushkin wrote:
| I think it would be fairly easy to clean up. It should
| help with the dumbest spammers though.
| notpushkin wrote:
| I'm a bit on the fence with this one. Sure, spam is bad,
| but they also enable you to reach out to somebody outside
| of the LinkedIn's walled garden (personally, without
| automation).
|
| If it enables a tiny startup trying to solve the exact
| problem I have to reach out to me - I'd say it's a net
| positive (but not by a huge margin), and having to
| blacklist @mongodb.com with their certifications bullshit
| is a price I'm ready to pay. If more spammers get their
| hands on this kind of dataset though it'll probably be a
| disaster.
| dijit wrote:
| Linkedin has been breached _a lot_ over time.
|
| But I have such low faith in the platform that I would readily
| believe that once they think you're not going to continue
| adding value, they find unpleasant ways to extract the last bit
| of value that they reserve only for "ex"-users.
| wolvoleo wrote:
| > Linkedin has been breached a lot over time.
|
| Yeah but the OP got spam within hours. That would be pretty
| unlikely to have coincided with a breach.
|
| But LinkedIn probably sold the data, they have a dark pattern
| maze of privacy settings and most default to ON.
| bachmeier wrote:
| This is a good example of why it's insane that nobody at
| Mozilla cares that they hire CEOs that have only a LinkedIn
| page. If you want to visit the website of the Mozilla CEO, you
| have to create an account and log in. No big deal if it's a CEO
| of a plastics manufacturing company, but when the mission is
| fighting against the behavior of companies like LinkedIn, it
| makes me wonder why Mozilla exists.
| barbazoo wrote:
| It's hard to be perfect.
| AndrewKemendo wrote:
| The surest sign of incompetence is somebody claiming they
| are forced into a requirement for perfection when the
| requirement is simply a basic adherence to virtue
| bachmeier wrote:
| Yes, in the same way it's hard for Tim Cook to not run his
| company on Windows 11.
| saghm wrote:
| Good thing quality isn't binary! It's pretty attainable to
| at be halfway decent
| mkl95 wrote:
| The CEO role at Mozilla is unstable. Even if Mozilla didn't
| require a LinkedIn page, chances are their CEOs would have an
| up to date account. Also, Mozilla's ARR is mostly their
| Google partnership.
| bachmeier wrote:
| If you visit the Mozilla website right now, you will see
| "Break free from big tech -- our products put you in
| control of a safer, more private internet experience."
| pousada wrote:
| Marketing slogans are just that, words that sound good.
|
| Better look at their actions than take their slogans at
| face value. Applies to everyone
| rdiddly wrote:
| "Doctor, heal thyself!"
| Thorrez wrote:
| I don't think Mozilla requires a LinkedIn page. bachmeier
| is complaining that Mozilla's CEO doesn't have a personal
| webpage, and only has a LinkedIn page. By not having a
| personal webpage, and having a LinkedIn page, it appears
| that Mozilla's CEO doesn't really care about the open web.
| Keekgette wrote:
| > It would be interesting to run a semi-controlled experiment
| to test whether this was a fluke, or if they leaked, sold, or
| otherwise lost control of my data.
|
| Too much time / energy on your hands? You gave them a unique
| email ID (which is always the most sensible thing), that's it.
|
| The non-sensible thing was to sign up kn the first place.
| Nobody needs these narcisstic, BS spewing pseudo-networking
| places.
| post-it wrote:
| > Nobody needs these narcisstic, BS spewing pseudo-networking
| places.
|
| I mean I got my last job through LinkedIn. I'm currently
| interviewing at a few places, half of which came from
| LinkedIn. So I personally clearly do need LinkedIn, unless
| you want to hire me.
| mati365 wrote:
| ofc it's sold. Take a look at this: https://www.rb2b.com/
|
| It identifies users that visit your site and then shows their
| email, phone number and living place based on their Li profile
| ;))
| anjel wrote:
| rb2b website has an incredibly ironic "we respect your
| privacy" GPDR banner along the bottom of their landing page.
| bdangubic wrote:
| You can replace _LinkedIn_ in your post with every social media
| etc company and it will ring as true as your current post
| sqircles wrote:
| LinkedIn has a wild past. I'm surprised that it seems like no
| one remembers. Scanning users e-mail inboxes, creating fake
| users, etc.
| lossyalgo wrote:
| It's all documented on Wikipedia too: https://en.wikipedia.or
| g/wiki/LinkedIn#Criticism_and_controv...
| nine_k wrote:
| A LinkedIn account's sole purpose is publishing, dissemination,
| and advertising information about you and your company.
| Anything that you badly want to keep private certainly does not
| belong there, much like it does not belong to a large roadside
| billboard.
|
| Otherwise, LinkedIn can be quite useful in searching for a job,
| researching a company, or getting to know potential coworkers
| or hires.
|
| Email spam is, to my mind, an inevitability. You should expect
| waves of spam, no matter what address you use; your email
| provider should offer reasonable filtering of the spam. Using a
| unique un-guessable email address, like any security through
| obscurity, can only get you so far.
| trinsic2 wrote:
| You sound like someone that wants to normalize bad behavior.
| Good luck with that. I would never use a social networking
| site to find people or jobs. I'm not going to put support
| behind a entity that doesn't respect privacy and the fact
| that they are people who don't care, like you, are the
| problem and why we are in the situation we are in as a
| country at this point.
| nine_k wrote:
| I won't call it a social networking site. I'd call it a
| business-card-exchange site, plus a corporate-flyers-
| handout site, and of course a self-promotion site.
|
| Selling emails is of course bad, but expecting your email
| that you give to any big corporation to stay private for a
| long time is, alas, naive. I've read the fine print; in
| most EULAs it includes a ton of clauses about sharing your
| contacts with a bunch of third parties, etc. LinkedIn, in
| particular, explicitly says that it may share your contacts
| with advertising partners.
|
| In other words, if you need to enter this space, wear a
| hazmat suit, expect no niceties.
| griffineyes wrote:
| It's definitely not a fluke. I was getting between 20 and 30
| spam emails per day. Simply out of curiosity I deleted my
| linkedin account and the spam abated. After a week the spam
| reduced to a trickle and now after a few months I only get a
| few spam emails per week. Shortly after discovering that
| LinkedIn was the problem I deleted Indeed as well. Indeed has a
| fairly robust data deletion program.
| drnick1 wrote:
| This is precisely why I give each website an alias such as
| website@example.com. If I start receiving spam to that address,
| I revoke the alias and name and shame the website online
| whenever I get the chance. Not that I would use LinkedIn
| anyway.
| anjel wrote:
| proxy emails are rejected more and more. Same with google tel
| numbers. The internet feels more and more like the garbage
| compactor scene in Star Wars.
| drnick1 wrote:
| How would the website know that it is a "proxy email?" I am
| using my own domain name and email server, and don't
| believe I ever received a rejection.
| x0x0 wrote:
| It could be, but I think it's also as likely it was the
| scrapers treating that as a trigger event of some type. eg you
| got a job and might have regrets.
|
| I also saw... not sure what to call them, but honeypot friend
| requests? I used to get regular requests from profiles I didn't
| recognize with a generic pretty woman (I'd assume stock
| photography). Since I ignored them, they would re-request on
| intervals that were exactly 90 or 180 days. I occasionally
| glanced at them and there seemed to be no rhyme nor reason to
| their friends. I'd assume this was also some type of scraping,
| probably for friends-only profile data.
| driverdan wrote:
| LinkedIn definitely sells/shares/leaks email address. I'm not
| sure which but I also have the same problem. I created my
| account with a unique email I've only used for LI. I
| occasionally get B2B and recruiter spam sent to that email.
| rixed wrote:
| I don't remember where I got this from, but I've heard long ago
| about a company which TOS stated vehemently that they would
| never sell the contacts of their customers... Only to sell them
| once the accounts are closed because, well, technically those
| were no longer customers.
|
| So maybe that's what happened?
| elAhmo wrote:
| From the article:
|
| > Let that sink in. You scanned your European passport for a
| European professional network, and your data went exclusively to
| North American companies. Not a single EU-based subprocessor in
| the chain.
|
| Not sure LinkedIn is a European professional network.
| guenthert wrote:
| Yeah, he might have wanted to use Xing. Of course, he'd be
| pretty lonely there.
| vdfs wrote:
| Viadeo is slightly more popular
| black_puppydog wrote:
| I think the author was talking about their own professional
| network being based in Europe, as opposed by LinkedIn, the
| platform that they're using to contact said network.
| llm_nerd wrote:
| Their use of LinkedIn is for local and semi-local professional
| networks. It's like if you use Nextdoor for your street.
|
| And of course those Europeans use LinkedIn for the network
| effect (even though LinkedIn is just a pathetic sad dead mall
| now, so most are doing so for an illusion), because other prior
| waves of Europeans also used LinkedIn, and so on. Domestic or
| regional alternatives falter because everyone demands they be
| on the "one" site.
|
| The centralization of tech, largely to the US for a variety of
| reasons, has been an enormous, colossal mistake.
|
| It's at this point I have to laud what China did. They simply
| banned foreign options in many spaces and healthy domestic
| options sprouted up overnight. Many countries need to start
| doing this, especially given that US tech is effectively an arm
| of a very hostile government that is waging intense diplomatic
| and trade warfare worldwide, _especially_ against allies.
| jll29 wrote:
| I would prefer to live in a free country, where I can choose
| my services from among a couple of options. But the
| government you appeal to should install and execute laws to
| protect citizens by forcing foreign players to abide by local
| rulse or be forced to declare that they are not, in large red
| letters so no-one can say they did not know (legalese small-
| print does not suffice as we know).
| urikaduri wrote:
| Is there really a choice? Network effect means that the
| company that sells you cars also owns the road, and only
| allows its cars to drive on it.
|
| What you want is the social graph, but you are forced to
| also use FBs shitty app to access it. These social media
| apps never had a single useful feature besides the graph
| itself.
| 1over137 wrote:
| >I would prefer to live in a free country...
|
| Well if you're in a country Trump has threatened to invade,
| or already invaded, having a free country might _require_
| banning these American companies.
| 201984 wrote:
| >Let that sink in
|
| That's a hallmark of GPT spam, so it's not surprising there's
| hallucinations.
| cbeach wrote:
| and "That blue badge might not be worth what you're trading
| for it. A checkmark is cosmetic. Biometric data is forever."
|
| I like the article, but I think it was nearly wholly LLM-
| generated. It's a shame that this contrived writing style is
| becoming so commonplace. Just annoying, more than anything.
| 201984 wrote:
| GPTZero (not sure how reliable it is) said it was 100%
| generated.
| dvfjsdhgfv wrote:
| Since some job offers require a linked in link, I maintain an
| empty page explaining why maintaining a LI account is a privacy
| and security hole. It turns out it works.
| prox wrote:
| Did you need to verify your account first?
| dvfjsdhgfv wrote:
| No, and it's difficult for me to understand why anyone would
| ever want that.
| _pdp_ wrote:
| On EU data sovereignty:
|
| The OP is right. For that reason we started migrating all of our
| cloud-based services out of USA into EU data centers with EU
| companies behind them. We are basically 80% there. The last 20%
| remaining are not the difficult ones - they are just not really
| that important to care that much at this point but the long terms
| intention is a 100% disconnect.
|
| On IDV security:
|
| When you send your document to an IDV company (be that in USA or
| elsewhere) they do not have the automatic right to train on your
| data without explicit consent. They have been a few pretty big
| class action lawsuits in the past around this but I also believe
| that the legal frameworks are simply not strong enough to deter
| abuse or negligence.
|
| That being said, everyone reading this must realise that with
| large datasets it is practically very likely to miss-label data
| and it is hard to prove that this is not happening at scale. At
| the end of the day it will be a query running against a database
| and with huge volumes it might catch more than it should. Once
| the data is selected for training and trained on, it is
| impossible to undo the damage. You can delete the training
| artefact after the fact of course but the weights of the models
| are already re-balanced with the said data unless you train from
| scratch which nobody does.
|
| I think everyone should assume that their data, be that source
| code, biometrics, or whatever, is already used for training
| without consent and we don't have the legal frameworks to protect
| you against such actions - in fact we have the opposite. The only
| control you have is not to participate.
| tamimio wrote:
| This process will be done in a way that you won't even have to do
| it in 3min, it will be part of you phone wallet, and whenever you
| sign up you will be required to verify it there, essentially, all
| big tech will be having a copy of your biometric, and
| consequently, all three letter agencies too. Welcome to the
| tyranny of big tech!
| luxpir wrote:
| I really appreciate this write-up.
|
| Was forced to verify to get access to a new account. Like, an
| interstitial page that forced verification before even basic
| access.
|
| Brief context for that: was being granted a salesnav licence, but
| to my work address with no account attached to it. Plus I had an
| existing salesnav trial underway on main account and didn't want
| to give access to that work.
|
| So I reluctantly verified with my passport (!) and got access.
| Then looked at all the privacy settings to try to access what I'd
| given, but the full export was only sign up date and one other
| row in a csv. I switched off all the dark pattern ad settings
| that were default on, then tried to recall the name of the
| company. Lack of time meant I haven't been able to follow up. I
| was deeply uncomfortable with the whole process.
|
| So now I've requested my info and deletion via the details in the
| post, from the work address.
|
| One other concern is if my verified is ever forced to be my main,
| I'll be screwed for contacts and years of connections. So I'll
| try to shut it down soon when I'm sure we're done at work. But
| tbh I don't think the issues will end there either.
|
| Why do these services have to suck so much. Why does money confer
| such power instead of goodwill, integrity and trust/trustless
| systems. Things have to change. Or, just stay off the grid. But
| that shouldn't have to be the choice. Where are the decentralised
| services. I'm increasingly serious about this.
| SomeUserName432 wrote:
| > Was forced to verify to get access to a new account. Like, an
| interstitial page that forced verification before even basic
| access.
|
| I'm forced to verify to access my existing account.
|
| I cannot delete it, nor opt out of 'being used for AI content'
| without first handing them over even more information I'm sure
| will be used for completely benign purposes.
| luxpir wrote:
| That's concerning.
|
| Kids in Oz were getting around social media age restrictions
| by holding up celeb photos. I doubt that'll work in this
| case, but I'd be tempted to start thinking of ways to
| circumvent.
|
| At the risk of losing the account, it's a very bad situation
| they are forcing people into.
| kioshix wrote:
| About a year ago I wanted to check out LinkedIn. Signed up
| with my real name, added my employer and past employers,
| verified my current work email address etc.
|
| About 24 hours later, when logging in to pick up where I left
| off, I'm redirected to a page that tells me that my account
| has been locked. For the safety of my account, I needed to
| verify my identity to continue.
|
| I refused to do so, for the same reasons this article
| highlights. So I wanted to delete my account and never
| return. Guess what? You can't delete your account without
| first verifying.
|
| It took me a few frustrating months of trying to email their
| DPO (data protection officer) and filling out forms,
| constantly being routed to regular support with very
| unhelpful support staff. I actually contacted the Irish data
| protection agency thing (I'm not Irish, but european), and
| while waiting for them to process the case, I miraculously
| got a reply from LinkedIn that my account deletion was being
| processed.
|
| Quite an infuriating experience.
| pteraspidomorph wrote:
| I had this problem with Facebook 15 years ago. Nothing new,
| but as always, people will avert their eyes until it begins
| to affect them personally.
| stateofinquiry wrote:
| Thank you for sharing this.
|
| I understand, and even agree, that how this is being handled
| has some pretty creepy aspects. But one thing missing from the
| comments I see here and elsewhere is: How else should
| verification be handled? We have a real problem with AI/bots
| online these days, trust will be at a premium. How can we try
| to assure it? I can think of one way: Everyone must pay to be a
| member (there will still be fraud, but it will cost!). How else
| can we verify with a better set of tradeoffs?
|
| There is some info from Persona CEO on (of course) LinkedIn, in
| response to a post from security researcher Brian Krebs:
| https://www.linkedin.com/posts/bkrebs_if-you-are-thinking-ab...
| . I note he's not verified, but he does pay for the service.
| anttihaapala wrote:
| How about everyone gets a digital certification from their
| own government that this is the person named this and that.
| No need to share cranial measurements and iris scans.
| stateofinquiry wrote:
| Well, different trade offs there. On the plus side, sounds
| pretty simple. On the other hand...
|
| Digital certification from the gov sounds a lot like
| "digital ID", which has run into considerable resistance in
| the UK and EU in just the last few months. As a general
| observation I find most EU citizens I interact with much
| more trusting of government than ... well, any other group
| of folks I have interacted with (I have the privilege of
| having lived and worked in S. America, N. America, sub
| Saharan Africa and now an EU country). If it does not fly
| well here, I don't think its general solution that most
| people would be comfortable with.
|
| https://blogs.lse.ac.uk/europpblog/2025/10/09/britcard-uk-
| di...
| dwedge wrote:
| Having lived in borh the UK and Poland I was very
| surprised (given history) to find how comfortable, in
| comparison, Poles are with ID requirements, tax ID to
| join gyms and football clubs compared to the UK whicb
| still resists mandatory ID. There does seem to be a UK EU
| divide here
| throwaway063_1 wrote:
| > How else should verification be handled?
|
| Many European countries have secure electronic
| identifications that are trusted by the government, banks
| etc.
|
| Linkedin could easily use this to verify the identities.
|
| Example of services where you can verify the identity with 35
| different providers using a single API:
|
| https://www.signicat.com/products/identity-proofing/eid-hub
| or https://www.scrive.com/products/eid-hub
|
| I doubt it would take more than a sprint to integrate with
| this or other services.
| kwar13 wrote:
| zero knowledge proofs, with services such as
| https://zkpassport.id/ (i am not affiliated)
| drnick1 wrote:
| > How else should verification be handled?
|
| There should be no verification. The idea of a single
| platform where every worker is listed, identified, and
| connected to other people he/she knows IRL is scary. It
| shouldn't exist.
| jofla_net wrote:
| > Why do these services have to suck so much.
|
| They can do what they please. Its due to the network effects.
| The tie-ins of tech are so strong, I'd wager that %99 of why
| they succeed has nothing to do with competency or making a
| product for the user, just that people are too immobile to jump
| ship for too many reasons. Its staggering how much stronger
| this is than what people give credit for. Its as if you
| registered all your cells with a particular pain medication
| provider, and the idea of switching pills makes one go into
| acute neurosis.
| jll29 wrote:
| Someone needs to reimplement a "clean" version of its
| functionality: professional networking is too important to be
| left to the data hoarders/government surveillance cluster of
| organizations.
|
| Besides, its UX has decayed to a "Facebook for the employed",
| where John Doe praises himself for mastering a mandatory
| training at work or taking Introduction to HTML at "Harvard"
| via Coursera.
| dwedge wrote:
| Nobody is coming to save us. A federated LinkedIn would be
| great but will not take over. We just need to stop using
| these services
| mcmcmc wrote:
| The problem is a competitor will never be able to succeed
| without doing the same thing. Try to compete as a "free"
| service and you'll have to sell ads, try to charge and
| you'll never get enough signups to fund the business.
| SilverElfin wrote:
| Let's not forget Persona is linked to Peter Thiel. When Thiel
| and his friends support the government snatching citizens off
| the streets, there is unacceptable risk with forcing job
| seekers and the like to create accounts on LinkedIn.
| ibejoeb wrote:
| >Thiel and his friends support the government snatching
| citizens off the streets
|
| What's the story here?
| dygd wrote:
| The Palantir app helping ICE raids in Minneapolis:
| https://news.ycombinator.com/item?id=46633378
|
| ICE using Palantir tool that feeds on Medicaid data:
| https://news.ycombinator.com/item?id=46756117
| trilogic wrote:
| Great article, thank you.
|
| Hiding all this very important info (which literally affects the
| users life) behind an insignificant boring click! Even the most
| paranoid user will give up in certain use cases, (like with covid
| 19 which even though didn't agree, you needed to travel, work
| making it compulsory). Every company that uses deciving
| techniques like this should be banned in Europe.
| srameshc wrote:
| This is the kind of activism in privacy appreciate that we need.
| I knew I did not want to verify but I did verify on Linkedin
| recently. The fact that the author also gave an action list if
| you are concerned about your privacy is just commendable.
| Kaijo wrote:
| I hate LinkedIn but need it for a few things, mostly accessing
| certain clients and projects as a freelancer. Last October my ISP
| (Vodafone UK) assigned me a datacenter-classified IPv6 address
| with 80+ abuse reports on reputation databases, for bots, DDoS,
| crawlers. Before I realized this I started getting locked out,
| suspended, restricted from just about every web service I use,
| having to solve captchas for simple Google searches, etc.
|
| I resolved everything except LinkedIn. They required Persona
| verification to restore access, but I'd already recently verified
| with Persona, so clicking the re-verification links just returned
| a Catch-22 "you've already verified with us." LinkedIn support is
| unreachable unless you're signed into an account. I tried direct
| emails, webforms, DMs to LinkedIn Help on Twitter, all completely
| ignored.
|
| Eventually some cooldown timer must have expired, because Persona
| finally let me re-verify last week. Upon regaining access, I was
| encouraged me to verify with Persona AGAIN, this time for the
| verified badge.
|
| I now have a taste of what "digital underclass" means, and look
| forward to the day when no part of my income depends on horrible
| platforms that make me desperate for the opportunity to give away
| my personal data!
| rrr_oh_man wrote:
| > look forward to the day when no part of my income depends on
| horrible platforms that make me desperate for the opportunity
| to give away my personal data
|
| We are moving into the opposite direction. Drink a verification
| can.
| prox wrote:
| I also feel that digital companies get away with "no human
| representatives". I should always have access to a human. It
| should be law. It will screw over a lot of companies and I am
| all for it since they don't know what service looks like if it
| looked them in the eyes.
| casenmgreen wrote:
| Having this problem with Amazon right now, trying to get a
| GDPR deletion done.
| jll29 wrote:
| The rule for not replying to GDPR requests (e.g. sent by
| registered letter) holds within a month: the maximum fine
| for this is 4% of last years total revenue or 20 mio EUR,
| whichever is the larger number.
|
| For US companies use their (typically Dublin) European HQs.
| Nextgrid wrote:
| > the maximum fine for this is 4% of last years total
| revenue or 20 mio EUR, whichever is the larger number.
|
| The maximum fine wasn't even achieved by Facebook, after
| years and many blatant GDPR cases. Do you really think
| someone is getting a fine for not replying to a subject
| access request in due time? If so I have a very good
| bridge to sell you, and that bridge has more probability
| to exist than Amazon getting any kind of GDPR fine for
| not acknowledging a SAR.
| wolvoleo wrote:
| Yes but the Irish privacy authority is just a front for
| US interests. Because the country makes so much money
| from big tech tax avoidance.
| AlienRobot wrote:
| I heard this being described as an "accountability sink." A
| system designed in such way that when something bad happens,
| there is nobody to be held accountable. It feels pervasive in
| the modern world.
| blfr wrote:
| LinkedIn (like Teams) is a Microsoft product. And it shows.
|
| However, they have a very generous free trial for
| sales/recruitment. You could probably activate it and get real
| support.
| Kaijo wrote:
| Thanks for mentioning this. I have activated a one-month
| LinkedIn Premium free trial, hopefully as another layer of
| protection while I re-establish myself and fortify my
| profile.
| wolvoleo wrote:
| The nasty part of that is also that you can't even delete your
| account without getting back into it so you need to doxx
| yourself to even delete it :(
| csmpltn wrote:
| A good reminder of how things actually work, but the article
| could use some more balancing...
|
| > Let that sink in. You scanned your European passport for a
| European professional network, and your data went exclusively to
| North American companies. Not a single EU-based subprocessor in
| the chain.
|
| LinkedIn is an American product. The EU has had 20 years to
| create an equally successful and popular product, which it failed
| to do. American companies don't owe your European nationalist
| ambitions a dime. Use their products at your own discretion.
|
| Of course an American company is subject to American law. And of
| course an American company will prioritise other local, similar
| jurisdiction companies. And often times there's no European
| option that competes on quality, price, etc to begin with. In
| other words I don't see why any of this is somehow uniquely wrong
| to the OP.
|
| > Here's what the CLOUD Act does in plain language: it allows US
| law enforcement to force any US-based company to hand over data,
| even if that data is stored on a server outside the United
| States.
|
| European law enforcement agencies have the same powers, which
| they easily exercise.
| 47282847 wrote:
| > European law enforcement agencies have the same powers.
|
| No they don't, not in the way that is implied here. A German
| court can subpoena German companies. Even for 100% subsidiaries
| in other European or non-European countries, one needs to
| request legal assistance. Which then is evaluated based on
| local jurisdiction of the subsidiary, not the parent. Microsoft
| Germany as operator is subject to US law and access. See
| Wikipedia "American exceptionalism" for further examples.
| kleiba wrote:
| One detail you might have overlooked: even if you're an
| American company - if you offer your services in Europe
| (through the web or otherwise), you're subject to European laws
| and regulations, including the GDPR.
| rrr_oh_man wrote:
| "Sue me" is what a purely cis-Atlantean company might say.
| wolvoleo wrote:
| Which is of course exactly what is happening with the likes
| of Google and Meta.
| rrr_oh_man wrote:
| ...both of which have offices in the EU.
| csmpltn wrote:
| Google and Meta don't need to show up to court :)
| birdsongs wrote:
| > In other words I don't see why any of this is somehow
| uniquely wrong to the OP.
|
| Did you read the article? It's a dark pattern. It is an act
| that takes 3 minutes to perform. Yet it takes multiple days of
| reading legal documents to understand what actually happens. I
| would argue this feels wrong, to most people who interact with
| technology.
|
| We have a set of laws here that companies are obliged to
| follow, regardless of where they are incorporated, so we expect
| that. We are used to having some basic human rights here,
| perhaps unlike most Americans these days.
|
| Data processes and ownership of biometric data should be made
| explicitly clear. It shouldn't take days of reading to
| understand. It feels wrong to me too.
| gib444 wrote:
| The "pull yourselves up by your bootstraps" advice has more
| weight when the person saying it hasn't taken control of all
| bootstraps for a good 75 years. This is this toxicity in the
| toxic relationship between the US and EU. Foot in our faces
| telling us to pick ourselves up. Ditto South America.
| csmpltn wrote:
| Victim mentality? Explain what stops Europe from producing a
| worthy LinkedIn competitor that challenges LinkedIn's
| hegemony.
| gib444 wrote:
| > Victim mentality
|
| Oh please.
| foxglacier wrote:
| He's right though. Blaming someone else for your own
| failures is victim mentality - regardless of whether they
| really are the cause or not. Notice how China managed to
| break free from US tech dominance, no matter how
| difficult it was, by making itself strong and capable
| instead of accepting helplessness which is victim
| mentality.
| Barrin92 wrote:
| >Notice how China managed to break free from US tech
| dominance, no matter how difficult it was
|
| They did this because in the Chinese narrative Americans
| are a bunch of hegemonic brutes and self sufficiency was
| a matter of survival. Europeans don't use LinkedIn
| because they're victimized, they use American products
| because there was a belief that the United States is a
| civilized country whose companies and government can be
| relied on.
|
| That Americans of all people now adopt the rhetoric of
| the Chinese about themselves and Europe, which has some
| terrifying and unflattering implications about their own
| self image should make people think about what they're
| saying. Europe didn't go for a different route because of
| victim-hood, but because the rule of law and the so-
| called Western values do still mean something on the old
| continent.
|
| If Americans now openly say, Europe you losers you should
| have treated us the way the Communist party told you to,
| fair enough but mind you that's how people talk who are
| at the end of their own civilization, I'm German I know
| the attitude very well.
| gib444 wrote:
| I will not take the bait. We all know the meaning of
| victim of mentality and know it doesn't apply in this
| discussion.
| csmpltn wrote:
| > I will not take the bait.
|
| I simply asked you to qualify what makes the EU a victim
| of the US, and why that's somehow the reason for things
| never being built or done in the EU.
| poszlem wrote:
| I see this sentiment constantly. It is genuinely hilarious to
| watch Americans lecture the world about the free market while
| feigning shock that Europe hasn't produced its own tech giants.
|
| Claiming "the EU had 20 years to build an equally successful
| product" is the geopolitical equivalent of a deeply
| dysfunctional 1950s household. For decades, the husband
| insisted he handle all the enterprise and security so he could
| remain the undisputed head of the family. Then, after
| squandering his focus on a two-decade drunken military bender
| in the Middle East, he stumbles home, realizes he's
| overextended, and screams at his wife for not having her own
| Silicon Valley corner office, completely ignoring that he was
| the one who ruthlessly bought out her ventures and demanded her
| dependence in the first place.
|
| America engineered a digitally dependent Europe because it
| funneled global data straight to US monopolies. To blame
| Europeans for playing the exact role the US forced them into is
| historical gaslighting. And pretending the CLOUD Act's global,
| extraterritorial overreach is the same as local EU law
| enforcement is just the icing on the delusion cake.
| register wrote:
| Thank you for your words I couldn't say any better. I agree
| on everything but one thing. I definetely don't find this
| hilarious. I find it frightening and disgusting.
| Saline9515 wrote:
| The US is not just alone, EU governments are fully
| cooperating, happily.
|
| A Microsoft official explained during a french parliamentary
| session that he couldn't guarantee that the State data was
| safe from US requests. It created a shockwave, as everyone
| discovered what was evident from the start.
|
| Of course, nothing happened, and they renewed every contract
| since then. We could talk about the F35 procurement.
| wolvoleo wrote:
| They renewed every contract, _but_ the French government is
| hard at work at replacements for Microsoft stuff, called
| 'la suite'. The Germans are doing the same under the name
| 'opendesk' and the suite shares a lot of common tools in
| fact.
|
| This predates Trump II by the way, they did have more
| foresight than a lot of EU institutions.
|
| Things have changed for sure but big ships take long to
| turn.
| glitchc wrote:
| This is sabre rattling and everyone knows it. A
| municipality in Germany already tried switching to open
| source. They're back on Office and Sharepoint.
| wolvoleo wrote:
| This is a lot bigger than one municipality. And with the
| Munich thing there was a lot of dodgy lobbying going on.
| Like Microsoft suddenly moving their HQ there. Then a new
| mayor came in that was suddenly all pro-Microsoft.
|
| La suite is a lot bigger than that. And parts are
| actually being used already. They recently started using
| the meeting component called visio.
| Saline9515 wrote:
| There are already credible alternatives, from the EU,
| which do not require rebuilding everything from scratch.
| OnlyOffice, for instance. The french government's job
| isn't to write a new office SaaS suite.
| wolvoleo wrote:
| Exactly! It's the same with the military dependency.
|
| America _wanted_ a weak Europe, to be dependent on them so
| they would have geopolitical influence. They basically bought
| influence. They didn 't want us to have nukes to defend
| ourselves from the Russians (the French are frowned upon and
| the British don't really have their own, they are beholden to
| the US). It also gave them a huge market for their products
| and services (and no there was no imbalance if you take
| services into account which Trump doesn't).
|
| Then Trump comes and complains that we're not investing
| equally. Well no, but this was exactly as his predecessors
| designed. Now we will build it up but of course we will need
| to build our own nuclear umbrella and we will no longer give
| the US its influence it previously had, obviously.
|
| We also don't need quite as much military expenditure anyway
| because we're just looking to defend ourselves, not trample
| oil-producing countries. The only times we did that were
| exactly due to the US' bought influence.
| gib444 wrote:
| > America wanted a weak Europe, to be dependent on them so
| they would have geopolitical influence
|
| 100% in agreement
| csmpltn wrote:
| Oh, the EU is a victim now? And the EU's laziness, bloat and
| uselessness is the US's fault now?
|
| And where's all of this evidence of this hidden extraordinary
| European talent and ability that just needs to be unleashed
| given some more lawyers and regulation?
|
| This is a joke.
| gib444 wrote:
| Very well said.
|
| > To blame Europeans for playing the exact role the US forced
| them into is historical gaslighting.
|
| Hear hear
| register wrote:
| That response reeks of astonishing arrogance. It doesn't
| surprise me that nearly 50% of Americans voted for Donald Trump
| he perfectly embodies that mindset. Do you genuinely believe
| you are superior to the rest of the world? What you call
| "innovation" or a "better product" is often nothing more than
| the creation of dominant market positions through massive,
| capital deployment, followed by straightforward rent
| extraction. The European Union has every right to regulate
| markets operating within its jurisdiction, especially when
| there are credible concerns about anti-competitive practices
| and abuse of dominance. From what I've seen, there may be
| sufficient grounds to consider collective legal action against
| LinkedIn at the European level. As for so-called "European
| nationalist ambitions," rest assured: Europe does not lack
| capable lawyers or regulatory expertise. I will be forwarding
| the relevant material to contacts of mine working within the
| European institutions in Brussels.
| rrook wrote:
| Maybe 30% of Americans voted for Donald Trump. This response
| reeks of ignorance and hubris.
|
| > Do you genuinely believe you are superior to the rest of
| the world?
|
| This assertion wasn't made, in any way, by the person you're
| replying to, and it sounds as though it's being asked in
| anger. This entire conversation has been about data privacy
| and stewardship. The OP has pointed out, correctly, that
| there's nothing that has prevented a EU based professional
| social network from existing in a way that is satisfying for
| EU based data policy.
|
| If you sign up on an American website, you've decided to do
| business with Americans in America. Why are you entitled to
| something that the people you are doing business with are not
| subject to?
| pixl97 wrote:
| >Maybe 30% of Americans voted for Donald Trump
|
| If you don't vote, you don't count.
| register wrote:
| Trump received 77,284,118 votes, representing 49.8% of the
| ballots cast for president. The 30% figure you mention
| refes to the share of the total voting-eligible population,
| including those who did not vote. A national poll conducted
| on February 16-18 found that 42.4% approve of Trump's job
| performance, while 54.6% disapprove. Whether you accept it
| or not and whether you are a Democrat or Republican Trump
| now is the face of America and most of Europeans are of the
| same opinion.
|
| Regardless of the fact that LinkedIn is an American
| company, it is required to comply with the GDPR when
| operating within the European Union. I am not a lawyer, but
| I don't believe that there is evidence of full compliance
| here.
| rrook wrote:
| We can have a more detailed discussion around political
| alignments in America, but you've already agreed that
| your original statement was false. I mention the 30%
| figure specifically because you said "nearly 50% of
| Americans voted for donald trump".
|
| American companies "complying" with is only required
| insofar as the EU authorities can do anything about it -
| and that's the same dynamic that exists across all geo
| boundaries on the internet, that's not specifically
| American - see China and its great firewall. If an
| American company is taking steps to be in compliance with
| GDPR, it's because there is benefit in doing so.
|
| WRT GDPR, I'd ask a clarification before continuing - you
| said "operating within the EU" - what does that mean? If
| I deploy a website, from America, onto American servers,
| and you can reach them from within the EU, am I
| "operating within the EU"? I'm not trying to be coy by
| asking this, I actually don't know the extent to which I
| agree or disagree with you.
| Ylpertnodi wrote:
| It's the law.
| PKop wrote:
| The strong do what they can, the weak suffer what they must.
| gib444 wrote:
| Indeed. But Americans are told they never use that strength
| to their advantage. It's all just the working 23 hours a
| day, determination and chasing the American dream that has
| resulted in supreme economic success.
|
| Military is just for defence against baddies and liberating
| countries from dictators etc
| PKop wrote:
| > Americans are told
|
| Yes or that using strength to one's advantage is
| necessarily bad.
| Saline9515 wrote:
| Why can't the EU deploy capital? Regulation doesn't create
| better products, more aggressive marketing techniques, or
| deeply entrepreneurial mindsets which favor innovation and
| growth.
|
| While OP is quite aggressive here, there is a nugget of
| truth: innovation doesn't happen because "we have the best
| lawyers" or "the best regulations". Maybe some self-criticism
| would be warranted to solve the problem.
|
| Also nothing forces Europeans to use LinkedIn. I deleted my
| account long ago after getting search requests from NSA-
| adjacent private intel companies.
| register wrote:
| Here's another JD Vance who doesn't understand what
| international rules are and justifies that with (lack of)
| innovation
|
| Below you can find the relevant GDPR excerpt. But before
| that, let me add to the coment below that US companies only
| comply with what EU institutions can enforce and what suits
| them; which is normal, since China does the same. Well, it
| couldn't have been said better: in fact, we're beginning to
| view you the same way we view China. And China innovates a
| lot, right?
|
| "Article 3 - Territorial scope (GDPR)
|
| This Regulation applies to the processing of personal data
| in the context of the activities of an establishment of a
| controller or a processor in the Union, regardless of
| whether the processing takes place in the Union or not.
|
| This Regulation applies to the processing of personal data
| of data subjects who are in the Union by a controller or
| processor not established in the Union, where the
| processing activities are related to: (a) the offering of
| goods or services, irrespective of whether a payment of the
| data subject is required, to such data subjects in the
| Union; or (b) the monitoring of their behaviour as far as
| their behaviour takes place within the Union.
|
| This Regulation applies to the processing of personal data
| by a controller not established in the Union, but in a
| place where Member State law applies by virtue of public
| international law."
| rrook wrote:
| You'd be well served to stop the political name calling,
| it's childish.
|
| I view the dynamic from the opposite direction. You might
| think that that the EU is starting to view America the
| same way it views china, but in actuality the EU is
| starting to behave more like China. The wheels of a great
| firewall for the EU have been turning for some time
| already.
| Saline9515 wrote:
| First I'm not american, I'm simply displeased to see my
| fellow Europeans seething about the consequences, while
| refusing to address the causes.
|
| You speak about China: their government is very eager to
| favor local alternatives, which helps fund the local
| ecosystem.
|
| In contrast, Euro countries don't generally procure
| office software from elsewhere than US companies
| (especially, Microsoft). It's always talk, talk, when the
| time for action comes, everyone looks at their shoes and
| signs the contract from the US company.
|
| Even the European commission does the same, and filed a
| lawsuit against their own regulatory body after it
| pointed out that MS Office 365 wasn't fully compliant
| with the EC's own privacy rules! Rules for thee, not for
| me, as always with the EC.[0]
|
| So yeah, regulations and laws don't replace political
| will and action. Especially when we talk about the EU,
| where hypocrisy and lobbying is at its highest.
|
| [0] https://www.freevacy.com/news/official-journal-of-
| the-europe...
| register wrote:
| The point here isn't that Europe lacks innovation and is
| too bureaucratic. I have no problem admitting that. The
| crux of the matter is that, in response to my complaint
| about the possible failure to comply with a European law,
| the reply was: LinkedIn answers to American laws, you
| have no alternative to LinkedIn, and therefore there's no
| point in opposing it. You just have to put up with it;
| it's your own fault for not innovating.
|
| The scenario being portrayed is one in which the law of
| the strongest prevails over the rule of law. As a
| European, coming from the continent that gave birth to
| the rule of law, I find all of this appalling. And I am
| sorry to hear that a fellow European thinks along the
| same lines. I don't believe this is realism; rather, it
| is surrender.
| Saline9515 wrote:
| The law is just mere words if you don't have an army, the
| guns, and the will to back it up. It has never been
| different. Louis XIV's wrote "The last argument of kings"
| on his cannons, in the 17th century.
|
| Guess who holds the guns that protect Europe right now?
| So yeah, either comply, leave (what I did), or create an
| alternative. The EU had Viadeo[0], it could have pushed
| it to have an alternative. It didn't.
|
| [0]: https://en.wikipedia.org/wiki/Viadeo
| foxglacier wrote:
| Is LinkedIn established in a place where Member State law
| applies? I guess not? You can't just go around pretending
| your law applies to people in other countries because
| none of the necessary institutions in those countries
| will respect your law.
| register wrote:
| The GDPR applies to the personal data of individuals in
| the European Union, regardless of where the data is
| processed. You can easily find the relevant law online.
| csmpltn wrote:
| European governments and institutions have conveniently
| exempted themselves from GDPR.
|
| And just because it's a law somewhere on earth, doesn't
| make it reasonable or enforceable or legal.
|
| 1. American and European laws have different standards
| for data processing 2. EU citizens willingly go into a
| contract with an American company, buying and using
| American services 3. EU citizens complain American law is
| different than European law, whilst continuing to use
| American products 4. EU citizens expect their laws and
| regulations to apply to American companies
|
| Nobody can reasonably expect American companies to just
| bend over for whatever the lawmakers in Europe demand.
| It's an absurd scenario that only the EU can come up
| with.
| csmpltn wrote:
| Oh no! Not your "relevant material" and your "contacts
| working within the European institutions in Brussels".
|
| Listen, I'm truly sorry to be so direct but you sound like
| exactly the kind of person that needs to hear this.
|
| > Europe does not lack capable lawyers or regulatory
| expertise. I will be forwarding the relevant material to
| contacts of mine working within the European institutions in
| Brussels.
|
| Who do you think - between the current US government and the
| kinds of global, powerful tech behemoths being discussed in
| this article - gives a single flying fuck about more European
| lawyers and more European regulation? You literally didn't
| get the first thing about the point I made. You perfectly
| played out that classic trope we've all come to know. How
| about instead of lawyers and regulation Europe actually
| produces a successful competitor that challenges LinkedIn in
| any successful manner? What makes you think an army of
| lawyers and some more regulation are going to change simple,
| obvious facts about Europe's decline in productivity,
| innovation, etc?
|
| Listen. The reason not a single worthy competitor has come
| out of Europe is because Europe just doesn't have what it
| takes. And it never will have what it takes, because the
| mindset is exactly what you're demonstrating here: EU is not
| out to actually build anything useful, it's about hiring
| armies of lawyers and creating paperwork and regulation
| nobody has asked for. Your funds and money should go to
| technology, competitiveness, tech education - not this
| lawfare nonsense. The EU right now doesn't have the right
| people, the work ethic, the funds, the innovation, the will
| to challenge and dream big, the incentives to bet big on
| tech. You know it, I know it, everybody else knows it. But
| please, tell us more about how we need a bit more lawyers
| twiddling their thumbs on the tax payers' bill.
|
| You need to understand something quickly: Europe depends
| sorely on the US and China. You don't change that through
| lawyers. Europe is behind on every front.
| wolvoleo wrote:
| Building a site like LinkedIn is really easy. Europe can
| easily do this. All it is is yet another social media site
| of which there are tons. There is nothing special about
| LinkedIn.
|
| The reason we didn't was critical mass. Everyone was
| already on linkedin and there wasn't really a reason to
| pick something else until the US started becoming a
| nuisance. It's marketing, not technical.
|
| I'm sure an EU alternative will come up now that the US is
| no longer a trustworthy partner. A lot of people like
| myself now have ethical issues with using american products
| (especially from big tech) and there's a lot of demand for
| EU-local stuff that wasn't there before.
| register wrote:
| Completely agree.
| csmpltn wrote:
| > I'm sure an EU alternative will come up now that the US
| is no longer a trustworthy partner. A lot of people like
| myself now have ethical issues with using american
| products (especially from big tech) and there's a lot of
| demand for EU-local stuff that wasn't there before.
|
| This is all hot air. If it's so easy to build, it
| would've been built by now. I bet you that there won't be
| a single successful European LinkedIn competitor - not
| for the past 20 years, not now, and not for the next 20.
| Europe is fundamentally at a deep state of decay at every
| level. The only way anything might be built, is by
| banning the competition. At which point you might as-well
| just forget about a social network for professionals
| entirely, because you're probably working at a gulag and
| there's no job hopping to be done anyways :)
| Aldipower wrote:
| There _was_ a successfully LinkedIn competitor at least
| in Germany. Xing. But they made a lot of wrong decision..
| lejalv wrote:
| I have an issue with _any_ US-American product.
|
| I guess Americans wouldn't like to buy from Nazi Germany
| in 1942 and so do I with buying US-American in 2026
| register wrote:
| Sure, in fact it's USA that is well behind Europe in
| happines (World Happiness Ranking) , life expectancy ,
| infant mortality rate, general literacy ( PISA scores ),
| homicide rate, mass shootings frequency, violent crimes,
| inequality, democracy ( as reported by the Democracy Index)
| , press freedom ( World Press Freedom Index), just to name
| the first indexes that came to my mind.
| philipallstar wrote:
| > That response reeks of astonishing arrogance. It doesn't
| surprise me that nearly 50% of Americans voted for Donald
| Trump he perfectly embodies that mindset. Do you genuinely
| believe you are superior to the rest of the world? What you
| call "innovation" or a "better product" is often nothing more
| than the creation of dominant market positions through
| massive, capital deployment, followed by straightforward rent
| extraction. The European Union has every right to regulate
| markets operating within its jurisdiction, especially when
| there are credible concerns about anti-competitive practices
| and abuse of dominance. From what I've seen, there may be
| sufficient grounds to consider collective legal action
| against LinkedIn at the European level. As for so-called
| "European nationalist ambitions," rest assured: Europe does
| not lack capable lawyers or regulatory expertise. I will be
| forwarding the relevant material to contacts of mine working
| within the European institutions in Brussels.
|
| This all seems to miss the point, which is: why does the US
| create so much stuff that Europe doesn't? Turning that useful
| reflective question into an attack on Americans sounds
| perfect if you want to refuse to work it out and change
| accordingly.
| wolvoleo wrote:
| > This all seems to miss the point, which is: why does the
| US create so much stuff that Europe doesn't? Turning that
| useful reflective question into an attack on Americans
| sounds perfect if you want to refuse to work it out and
| change accordingly.
|
| Because the US had so much venture capital, during the time
| of the low interest rates it was basically free money so
| they could afford to throw it to the wall and see what
| sticks. 90% of them would sink but it didn't matter. That
| doesn't fly here.
|
| Then, they used that money to subsidise adoption, and then
| once the users were hooked into rent extraction as the OP
| mentioned. We call this process enshittification these
| days, and it's a really predatory business practice.
|
| European companies don't do that as much because we have
| more guardrails against it, and more importantly we didn't
| have random cash sloshing up the walls. American could do
| that especially because of the petrodollar. Once the dollar
| loses its international status it will be a lot harder to
| do (and it already is due to the rising interest rates).
|
| It was no surprise that exactly with the rising interest
| rates all the companies started tightening up their
| subscriptions. Netflix, amazon, all exploding in cost and
| introducing ads. Same with meta's platforms.
| Barrin92 wrote:
| >why does the US create so much stuff that Europe doesn't?
|
| because the "stuff" in question is social networks who
| live, as the name suggests, off network effects. To have a
| European LinkedIn would require everyone in Europe to
| switch at the same time. Which can be trivially arranged,
| we just would need the courage to ban LinkedIn and every
| other American social media company. We'd have a clone up
| and running in a month. You only need to look to China who
| did exactly this.
| csmpltn wrote:
| > "We just would need the courage to ban LinkedIn and
| every other American social media company. We'd have a
| clone up and running in a month. You only need to look to
| China who did exactly this."
|
| That's socialist dictatorship. Why do you want the EU to
| be more like China, instead of the EU being more like the
| US? It will result in further isolation and decline of
| Europe which sorely depends both on the US (and China)
| for survival.
| Ylpertnodi wrote:
| > American companies don't owe your European nationalist
| ambitions a dime. Use their products at your own discretion.
|
| As a fairly vociferous eu person....I fully agree.
|
| However, gdpr covers _all_ eu residents, so if US companies don
| 't want to obey eu law, that'sa fine, too.
| csmpltn wrote:
| Nobody is forcing you to use LinkedIn. LinkedIn is an
| American product, made by an American company in America,
| subject to American law. When you create an account - you
| agree to American terms and conditions, arbitrated by
| American courts.
|
| LinkedIn doesn't need to obey to EU law. It needs to obey to
| American law, which allows LinkedIn to do business with
| anybody (other than people from sanctioned countries) whilst
| complying with US law. EU's laws don't matter in the US. The
| EU can sue LinkedIn, but LinkedIn can just safely ignore any
| lawsuits and ignore sanctions, because they are an American
| company subject to American laws.
|
| EU citizens are willingly subscribing to an American service,
| then complain the American service doesn't abide by EU laws.
| That's laughable at every level, to any individual with a
| modicum of intelligence. If you don't agree to the terms,
| don't use LinkedIn. You are not entitled to anything.
| loglog wrote:
| Operator of the LinkedIn Website:
|
| LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2,
| Ireland
| holistio wrote:
| > LinkedIn doesn't need to obey to EU law.
|
| Yes, they do.
|
| > If you don't agree to the terms, don't use LinkedIn.
|
| We agree on that.
| buzer wrote:
| > you agree to American terms and conditions, arbitrated by
| American courts.
|
| "Designated Countries. We use the term "Designated
| Countries" to refer to countries in the European Union
| (EU), European Economic Area (EEA), and Switzerland."
|
| "If you reside in the "Designated Countries", you are
| entering into this Contract with LinkedIn Ireland Unlimited
| Company ("LinkedIn Ireland") and LinkedIn Ireland will be
| the controller of your personal data provided to, or
| collected by or for, or processed in connection with our
| Services."
|
| "If you live in the Designated Countries, the laws of
| Ireland govern all claims related to LinkedIn's provision
| of the Services" "With respect to jurisdiction, you and
| LinkedIn agree to choose the courts of the country to which
| we direct your Services where you have habitual residence
| for all disputes arising out of or relating to this User
| Agreement, or in the alternative, you may choose the
| responsible court in Ireland."
|
| Source: https://www.linkedin.com/legal/user-agreement
|
| I'm not sure from where you got your information.
| csmpltn wrote:
| Nobody cares. They keep a skeleton crew office in the EU
| for compliance purposes only. Whether they have an office
| in the EU or not is inconsequential. If they closed it
| tomorrow, the EU would literally have nothing to go
| after...
| lejalv wrote:
| You're saying they are buccaneers, and validating that as
| the fundamental working principle of American capitalism.
| csmpltn wrote:
| Call them whatever you want. All I'm saying is that
| Europeans are hypocrites for fucking over their greatest
| ally via unenforceable and anti-competitive regulation
| that's not worth the paper it's written in (and that
| European institutions have even exempted themselves
| from). The one ally that they desperately depend on for
| safety and security, technology, medicine, research, etc.
| Supernaut wrote:
| > They keep a skeleton crew office in the EU for
| compliance purposes only
|
| According to LinkedIn, they have over 2,000 employees in
| Dublin alone.
| yunnpp wrote:
| I agree that people should just stay off LinkedIn. Keep
| your local job boards alive. That being said:
|
| > LinkedIn doesn't need to obey to EU law.
|
| This is false. A company must follow the law of the
| jurisdictions where it operates.
| lp4v4n wrote:
| >The EU has had 20 years to create an equally successful and
| popular product, which it failed to do. American companies
| don't owe your European nationalist ambitions a dime. Use their
| products at your own discretion.
|
| I can see not everybody here will agree with me, but I find
| this take absolutely reasonable. The European space has the
| capacity and the resources to create a product that replaces
| something as trivial as Linkedin, and yet it takes the lazy
| approach of just using American products.
|
| It's the same thing with China's manufactured products, at some
| point the rest of the world just accepted that everything gets
| done in China and then keep complaining about how abusive China
| can be.
|
| The most recent issue is the military question. Europe relied
| for decades on the "cheap" protection of the USA. Now the USA
| gave the middle finger to Europe and Europe acts shocked, but
| Europe is not so shocked when it comes to the military budget
| it did not spend on self defense during all the time the
| Americans provided protection.
| csmpltn wrote:
| > "The most recent issue is the military question. Europe
| relied for decades on the "cheap" protection of the USA. Now
| the USA gave the middle finger to Europe and Europe acts
| shocked, but Europe is not so shocked when it comes to the
| military budget it did not spend on self defense during all
| the time the Americans provided protection."
|
| Fully agree. Europe expects some kids from nowheresville
| Tennessee to die in a ditch defending Ukraine. The war will
| be over the second they need to draft 18 year-olds at scale
| from anywhere in western Europe to go defend "Europe". Nobody
| in France will die defending Poland, nobody in Greece will
| die defending Latvia. The EU is such a joke.
| holistio wrote:
| Nobody is expecting anyone from Tennessee, but I know
| that's what the likes of Musk are making you believe.
| register wrote:
| But Britain lost 457 soldiers, Germany 62, France 90, Spain
| 97, Italy 53, Denmark 43 to aid USA in Afghanistan.
| csmpltn wrote:
| It's okay, in Europe you don't need to fight extreme
| Islamism. You've fully embraced it.
| cbeach wrote:
| > The EU has had 20 years to create an equally successful and
| popular product, which it failed to do. American companies
| don't owe your European nationalist ambitions a dime.
|
| So true.
|
| There's a lot of passive-aggressive anti-US rhetoric and
| fearmongering on HN at the moment, while America is simply
| doing what it's always done - innovating and thriving.
|
| As a European, I wish our continent was able to be more like
| America, as opposed to jealously coveting its outcomes.
| deaux wrote:
| The content is of course 100% true and needs to be repeated over
| and over, every single day.
|
| The straight-from-LLM writing style is incredibly grating and
| does a massive disservice to its importance. It really does not
| take that long to rewrite it a bit.
|
| I hope at least he wrote it on his local Llama instance, else
| it's truly peak irony.
|
| > Here's the thing about the DPF: it's the replacement for
| Privacy Shield, which the European Court of Justice killed in
| 2020. The reason? US surveillance laws made it impossible to
| guarantee European data was safe.
|
| > The DPF exists because the US signed an Executive Order (14086)
| promising to behave better. But an Executive Order is not a law.
| It's a presidential decision. It can be changed or revoked by any
| future president with a pen stroke.
|
| This understates the reality: the DPF is already dead. Double
| dead, two separate headshots.
|
| Its validity is based on the existence of a US oversight board
| and redress mechanism that is required to remain _free of
| executive influence_.
|
| 1. This board is required to have at least 3 members. It has had
| 1 member since Trump fired three Democrat members in Jan 2025
| (besides a 2-week reinstatement period).
|
| 2. Trump's EO 14215 of Feb 2025 has brought (among other
| agencies) the FTC - which enforces compliance with the DPF -
| under presidential supervision. This is still in effect.
|
| Of course, everyone that matters knows this, but it doesn't
| matter, as it was all a bunch of pretend from day 1. Rules for
| thee but not for me, as always. But what else can we expect in a
| world where the biggest economy is ruled by a serial rapist.
| alansaber wrote:
| Even the title is AI slop. Surprised these slop posts do so
| well on HN of all platforms but I guess they're just high
| volume. AI-ese is becoming its own dominant language group at
| this point
| jarek-foksa wrote:
| LinkedIn support will also blatantly lie to you when you ask them
| whether Persona is GDPR compliant and needed to activate your
| account.
|
| Last year I was trying to setup a business LinkedIn page for SEO
| purposes, which meant I also had to create a personal account.
| After being told several times that I absolutely need to scan my
| ID card with that dodgy app I simply replied that I can't do it
| due to security concerns. After several weeks they unlocked my
| account anyway, but I suspect this would not happen if algorithms
| determined that I actually needed that account to find a job and
| pay my bills.
| weinzierl wrote:
| The strange thing about LinkedIn organization verification is
| that it never seems to be revoked. I have many contacts with
| verifications from companies they no longer work for - sometimes
| for a very long time.
|
| On the other hand I see many people posting in official capacity
| for an organization without verification.
|
| When they actively represent their current company but with a
| random verification from a previous one it gets pretty absurd.
|
| In its current form LinkedIn verification is pretty worthless as
| a trust signal.
| jihadjihad wrote:
| > The legal basis? Not consent.
|
| > The reason? US surveillance laws [...]
|
| This slop in every blog post? Fucking tiresome.
| xenator wrote:
| More interesting that LinkedIn use fingerprinting everywhere and
| connect your personal data to every device you are using and
| connect to other services connected to their network.
| alansaber wrote:
| ... i'm pretty sure every website does this lol. Aggressive
| fingerprinting is so easy to implement and so high ROI from a
| security/marketing perspective.
| xenator wrote:
| Unfortunately true, but this time shady KYC is involved
| ozim wrote:
| I verified my account and I handed over the same info as I handed
| over when I was getting MSFT Azure cert exam.
|
| So it was nothing special for me.
| port11 wrote:
| "I handed over a lot of personal information to my bank, so
| every website wanting the same level of access is nothing
| special to me."
| ozim wrote:
| No point is, it is the same company handling data with
| exactly the same process.
|
| They do it for all MSFT related stuff I guess.
| port11 wrote:
| Sure, but a subsidiary has their own Terms, Privacy Policy,
| list of sub-processors, etc.
| bromuk wrote:
| As a European citizen I hope it becomes law to have this data
| processed in the EU rather than the US.
| Wilder7977 wrote:
| My wife works for a competitor of the company mentioned. They
| are in EU. Still run everything on AWS. The data collected is
| usually even more than what stated, full video recording of the
| session with audio etc.
|
| AWS EU region is not doing much, and I suspect most companies
| run on US providers. EU needs independent platform for this to
| matter.
| al_borland wrote:
| It would be even better if the law enforced that this kind of
| data could only be used for the stated business need (the basic
| identity verification), and not be stored or used/shared with
| anyone else. If anyone is caught violating a law like this,
| throw the entire c-suite in prison for 10 years.
|
| I'm so tired of all these covert ops run by these businesses.
| They aren't going to stop until there is a heavy price to pay.
| uyzstvqs wrote:
| Why? I don't want companies and governments to datamine and
| abuse my data at all. Be it in the US or EU, it's going to be
| no-way either-way.
| zeroq wrote:
| > And look at who's doing "Data Extraction and Analysis" --
| Anthropic, OpenAI, and Groqcloud. Three AI companies are
| processing your passport and selfie data.
|
| That's quite cool, it means that soon models will be able to
| create a fake ID photos with _real data_.
|
| I'm so excited about it! /s
| ricardo81 wrote:
| So basically 'Their "global network of data partners"' means once
| you submit that information, it's a free for all.
|
| There's so many angles of grind with this kind of thing that big
| tech has gradually normalised.
| thepancake wrote:
| Here's where you went wrong: you're on LinkedIn. Since it's your
| first time, this one is free, I'll be collecting micropayments
| for future advice, rest assured.
| unglaublich wrote:
| Through extensive data harvesting, and exchanging and partnering
| across thousands of such data miners, I suspect that by now, the
| graph of identities and fingerpinted devices must be practically
| complete. That means that all your actions on the internet can be
| tracked back, via device fingerprinting and cookie networks, to
| your physical identity. Great milestone for the surveillance
| states.
| aanet wrote:
| Thanks for writing this up. I didn't realize the privacy rot went
| so deep.
|
| Aside from their AI-slopped newsfeed (F@#$!!!) which should have
| died long ago, this is atrocious. "Enshittification" was created
| just for this. Sorry, I got sidetracked.
|
| Isn't there anyone from LinkedIn here??
| huqedato wrote:
| Passport photo... OMG. You can't image what they can do with
| that. That's precisely why I closed my linkedin years ago.
| Joyfield wrote:
| How did they get your MAC address?
| fuzzy2 wrote:
| They probably did not. Privacy notices are usually written by
| non-technical people. They include a lot more than what is
| actually stored. I'd also be very surprised if they actually
| interacted with the digital passport (NFC) as part of the
| process.
|
| I was once part of the process of creating one. After two
| rounds, business decided too much money is wasted here and all
| the nonsense will stay. Better to have too much listed than too
| little.
| eel wrote:
| I'm glad the absurdity of verification is getting attention. I
| was "forced" to verify by Linkedin to unlock my account. It was
| last year, and I had left my previous job, but I had not yet
| lined up a new job. So one of the only times in my career I might
| actually get value from Linkedin, they locked me out, removed my
| profile, and told me if I wanted back in, I'd have to verify. I
| felt helpless and disgusted.
|
| I gave in and verified. Persona was the vendor then too. Their
| web app required me to look straight forward into my camera, then
| turn my head to the left and right. To me it felt like a blatant
| data collection scheme rather than something that is providing
| security. I couldn't find anyone talking about this online at the
| time.
|
| I ended up finding a job through my Linkedin network that I don't
| think I could have found any other way. I don't know if it was
| worth getting "verified".
|
| ---
|
| Related: something else that I find weird. After the Linkedin
| verification incident, my family went to Europe. When we returned
| to the US, the immigration agent had my wife and I look into a
| web cam, then he greeted my wife and I by name without handling
| our passports. He had to ask for the passport of our 7 month old
| son. They clearly have some kind of photo recognition software.
| Where did they get the data for that? I am not enrolled in Global
| Entry nor TSA PreCheck. I doubt my passport photo alone is enough
| data for photo recognition.
| kccqzy wrote:
| The thing about looking straight into the camera and turning
| your head seems to originate from Chinese apps, including some
| payment apps, bank apps, and government apps. It's especially
| disgusting since it imitates the animation used by Apple Face
| ID, but of course it's not at all implemented like Face ID.
| egorfine wrote:
| > I'm glad the absurdity of verification is getting attention
|
| It's not. The developers' bubble we're in on the HN is
| invisibly tiny compared to the real life. And normies are not
| only perfectly happy uploading all their PII to Persona - they
| won't even understand what's wrong with that.
| eel wrote:
| It's a start. I agree HN is a bubble and doesn't reflect real
| life as a whole. But I do think HN has a significant bearing
| on US tech. I've been reading HN for nearly 19 years and in
| that time almost every new major tech, unicorn, or big
| culture shift is discussed here before it is mainstream.
|
| There has also been a backlash against verification in other
| communities like Reddit (also a bubble), mainly stemming from
| Discord's recent announcement.
|
| The discourse is good, and while I wish every user and
| potential user understood all the pros, cons, and
| ramifications, I'm also happy we are finally talking about it
| in our bubbles.
| aleksandrm wrote:
| LinkedIn is no longer a "professional network". I'm actually
| considering DELETING my account.
| ivanjermakov wrote:
| What are the alternatives? Reaching out to recruiters directly?
| stevehawk wrote:
| being unemployed forever
| 8organicbits wrote:
| What's holding you back?
|
| As a blogging platform it seems like a mess of fake posturing.
| Recruiters use it, but that mostly means you get lots of spam.
| You can find a job without LinkedIn. I deleted my account about
| a decade ago and feel increasingly justified every time I read
| about the current state of affairs.
|
| After deleting I got a job from HN "who's hiring", joined a
| friend's company, and now freelance.
| WhereIsTheTruth wrote:
| LinkedIn is the ultimate intelligence test: if you register, you
| have lost
| talkingtab wrote:
| Somehow the fundamentals of places like linkedin, gmail, google,
| facebook, etc have eluded people.
|
| 1. they are selling you as a target.
|
| 2. some people, governments, groups, whatever are willing to pay
| a lot of money to obtain information about you.
|
| 3. why would someone pay good money to target you unless they
| were going to profit from doing so. are they stupid? no.
|
| 4. where does that profit come from? If some one is willing to
| pay $100 to target you, how are they going to recoup that money?
|
| 5. From you.
|
| There is simply no other way this can have worked for this long
| without this being true.
|
| It is a long causal change, so it is fair to ask whether there is
| any empirical evidence. If this is true we would expect to see
| ...? Well how about prices going up? Well how about in general
| people are less able to afford housing, food, cars, etc.
|
| I'm speculating here, but perhaps it is predictability. There is
| a common time warp fantasy about being able to go back and guess
| the future. You go back and bet on a sports game. If I can
| predict what you are going to do then I can place much more
| profitable bets.
|
| Do the corporations that participate in this scheme provide
| mutual economic benefit? Do they contribute to the common wealth
| or are they parasitical?
|
| No one likes to think they have parasites. But we all do these
| days.
| locknitpicker wrote:
| > Somehow the fundamentals of places like linkedin, gmail,
| google, facebook, etc have eluded people.
|
| LinkedIn is slightly different, as it's fundamentally framed as
| a job board and recruiting platform. The paying customers are
| recruiters, and the product is access to the prospective
| candidates. Hence, LinkedIn offering for free services such as
| employee verification, work history verificarion, employee
| vouching, etc.
| mark_l_watson wrote:
| Beautifully written, I saved your post to send the next friend
| or relative who asks me why I am so hard-over on privacy. I
| enjoyed working at Google hears ago as a contractor, and they
| are my 'favorite' tech company - the only mega-tech company
| who's services I regularly use, but I am constantly mindful of
| their business model as I use YouTube, GCP, and their various
| dev APIs.
| andrewjf wrote:
| being "hard-over on privacy" and regularly using google
| services is an astounding level of cognitive dissonance.
| mark_l_watson wrote:
| Except, I only use services I pay for and set tight privacy
| settings.
|
| EDIT: sorry for the initial short reply, your comment
| deserved a more reasoned response: I build my digital life
| on two primary service providers:
|
| Proton: mail, cloud storage, and Luma private LLM chat
| (integrated web search tool with a strong Mistral model: my
| default tool that replaces plain web searches, 90% of my
| routine 'LLM chat' use)
|
| Google: Gemini APIs, occasional use of Gemini for deep
| research, very occasional use of AntiGravity for coding
| using Claude and Gemini models, YouTube Plus for
| entertainment (philosophy talks, nature videos, Qi Gong
| exercise, etc. etc.)
|
| Also some use of:
|
| DuckDuckGo: when I still do web search, DDG is my default.
| noefingway wrote:
| well said. You are the product not the consumer. "Soylent green
| is people!"
| port11 wrote:
| Here's the problem I have with your take (even if I agree):
| LinkedIn _has a product_ to sell. You're not supposed to be the
| product, because companies pay to advertise job postings, they
| sell career tools, sales tools, etc.
|
| At what point is that not enough for them to stop doing data
| brokerage or sharing?
| Aurornis wrote:
| > 1. they are selling you as a target.
|
| This is why people sign up for LinkedIn.
|
| They want to be targeted by companies for jobs. Or when they're
| applying for a job, they want to be easily found by people at
| that company so they can see more information.
|
| If you don't want those things, you don't need a LinkedIn page.
|
| > Do the corporations that participate in this scheme provide
| mutual economic benefit? Do they contribute to the common
| wealth or are they parasitical?
|
| You wrote a long hand wavey post but you stopped short of
| answering your own question.
|
| The corporations who pay LinkedIn are doing so to recruit
| people for jobs. I've purchased LinkedIn premium for this
| purpose at different times.
|
| After "targeting" those LinkedIn users, I eventually hired some
| of them for jobs. There's your mutual economic benefit. This is
| why people use LinkedIn.
|
| > It is a long causal change, so it is fair to ask whether
| there is any empirical evidence. If this is true we would
| expect to see ...? Well how about prices going up? Well how
| about in general people are less able to afford housing, food,
| cars, etc.
|
| You think the root cause of inflation is... social media
| companies? This is an extraordinary claim that requires
| extraordinary evidence. You're just observing two different
| things and convinced they're correlated, while ignoring the
| obvious rebuttal that inflation existed and affordability
| changes happened before social media.
|
| > Somehow the fundamentals of places like linkedin, gmail,
| google, facebook, etc have eluded people.
|
| I think most people understand the fundamentals of LinkedIn
| better than you do, to be honest. It's not a mystery why people
| sign up and maintain profiles.
| themafia wrote:
| You assume that targeting is to find the best worker for the
| correct pay.
|
| What if it's just to find the most desperate worker for the
| lowest pay possible?
| Aurornis wrote:
| I'm not assuming anything. It's a job market. Like all
| markets they operate on supply and demand.
|
| In your example, so what if they give the job to the most
| desperate worker instead of a different one at a higher
| price? Are we supposed to prefer that the desperate worker
| _does not_ get the job and instead it goes to someone else
| at a higher rate?
|
| If someone is desperate for a job because they really need
| work, I'd prefer that a platform help them get matched with
| jobs. Wouldn't you? I think you're so focused on penalizing
| corporations that you're missing the obvious.
| themafia wrote:
| Like all markets they can be monopolized. You are
| assuming quite a bit by presuming that the market works
| perfectly according to rather basic economic principles.
|
| There are all kinds of reasons someone could be more
| desperate. Perhaps they have a significant skills gap.
| Perhaps they don't have citizenship. Perhaps their health
| care options are artificially limited. You invoke supply
| and demand but you narrow your focus to a single
| interface when it's obvious that wouldn't be appropriate.
|
| It's not about "penalizing corporations" it's about
| "being honest about their motives." Unlike many on HN I
| refuse to handwave away this thorny and uncomfortable
| process.
| bell-cot wrote:
| a.) But it's cool and shiny and all the cool kids are there AND
| IT'S FREE!!!
|
| b.) And more-or-less pretty much nobody ever that I remember
| suffered real consequences for doing what all the cool kids
| were doing.
|
| c.) Thinking about all that logic stuff makes me unhappy and my
| head hurt so I won't do that.
| qmr wrote:
| Well don't do that then.
| ozgung wrote:
| I think at this point we should all accept the fact that
| Information Tech = Spy Tech = Surveillance Tech. This is not
| about Linkedin or bad implementation by some 3rd party company.
| This is on purpose. Bad news is that countries started to make id
| verification mandatory for social media usage. That is also
| coordinated and for surveillance purposes.
|
| Actually Steve Blank has a great talk on the roots of Silicon
| Valley. SV basically built upon military tech meeting private
| equity. That's why it's wildly different than say Berlin startup
| scene, and their products are global and free.
|
| https://www.youtube.com/watch?v=ZTC_RxWN_xo
| 8cvor6j844qw_d6 wrote:
| Seeing some of my colleagues verify through Persona on LinkedIn,
| and I can't quite figure out what they're getting out of it.
|
| Every hiring process I've been through already requires proof of
| identity at some point. Background checks, I-9s, whatever it may
| be. So you're essentially handing your ID to a third party just
| to get a badge that doesn't skip any steps you'd have to do
| anyway.
| Nextgrid wrote:
| The badge _could_ (I don 't know, haven't done it yet) help you
| differentiate yourself in a sea of monkeys slinging ChatGPT'd
| profiles from a third-world boiler room.
|
| (whether it actually does or the monkeys now got a steady
| source of fake/stolen IDs is another matter)
| Aurornis wrote:
| It does provide an advantage when applying to remote jobs at
| some companies. They try to filter scammer applicants out early
| and the verified profile is one signal they look for.
|
| Depends on the company, but in a competitive job market any
| extra signal can help.
|
| There are a crazy number of fake LinkedIn profiles out there
| that are used for scamming companies or people.
| ttflee wrote:
| I guess the day that a corporate AI could easily fake all my
| online existence is drawing nigh.
| pisanvs wrote:
| so their "shady" network of subprocessors are just the companies
| that already have all of your data? wow. I'm pretty sure I use
| most if not all of them in my own stack.
|
| In any case, I don't know how much more ad money they'll extract
| from knowing what I look like. Maybe beauty products?
| lionkor wrote:
| It can be simple things like using your race, hair color, etc.
| to infer things about you and treat you differently.
| tqi wrote:
| > Persona extracts the mathematical geometry of your face from
| your selfie and from your passport photo. This isn't just a
| picture -- it's a numerical map of the distances between your
| eyes, the shape of your jawline, the geometry of your features.
| It's data that uniquely identifies you. And unlike a password,
| you can't change your face if it gets compromised
|
| Is there anything special about a passport photo, or can that be
| done from any photo of your face?
| rpdillon wrote:
| When I read selfie, I was thinking of one of those motion-based
| selfies where it's really a short video. And from the video,
| you can extract those measurements. I'm assuming it wasn't
| extracted from the passport photo, but rather the passport
| photo was used to verify that the selfie is of the same person
| that the passport belongs to.
| stevehawk wrote:
| Because it's Persona you can also count on every ICE body cam
| that is having facial recognition performed by Palantir has
| access to this data.
| JohnMakin wrote:
| I was randomly forced to do this about a year ago, gave them
| everything except a passport (Tried providing other doc but
| support is either bots or overseas), got rejected, and lost a 15
| year old legitimate business account.
|
| Could never find any explanation why I was targeted by this - it
| said it detected "suspicious activity" but I only ever interacted
| with recruiters, and only occasionally. Supposedly it is deleted
| after if you don't go all the way through, but I do not believe
| it. This data ends up in very weird places and they can go fuck
| themselves for it afaic.
| laszlojamf wrote:
| I work in this space for a competitor to Persona, so take my
| opinion as potentially biased, but I have two points: 1. just
| because the DPA lists 17 subprocessors, it doesn't mean your data
| gets sent to all of them. As a company you put all your
| subprocessors in the DPA, even if you don't use them. We have a
| long list of subprocessors, but any one individual going through
| our system is only going to interact with two or three at most.
| Of course, Persona _could_ be sending your data to all 17 of
| them, legally, but I'd be surprised if they actually do. 2. the
| article makes it sound like biometric data is some kind of
| secret, but especially your _face_ is going to be _everywhere_ on
| the internet. Who are we kidding here? Why would _that_ be the
| problem? Your search/click behavior or connection metadata would
| seem a lot more private to me.
| junon wrote:
| > Why would _that_ be the problem
|
| Because it should still be my choice as to what you do with it,
| which data you associate with it, and how you store it.
| Removing that choice is anti-privacy.
| johndhi wrote:
| It's way less your choice what happens with a photo of your
| face in pretty much every other situation.
|
| When your face is on your LinkedIn profile, anyone can
| download it and do whatever they want with it. Legally. Here,
| the vendor has to tell you how they use it.
| junon wrote:
| Someone downloading it randomly is not the same as me
| volunteering information said random person wouldn't
| otherwise have and having that information be stored next
| to my image in a database that can be breached.
|
| All for a checkmark next to my profile that says I'm a real
| human.
| troupo wrote:
| > We have a long list of subprocessors, but any one individual
| going through our system is only going to interact with two or
| three at most.
|
| So, in aggregate, _all_ 17 data leeches are getting info. They
| are not getting info on _all_ you users, but different subsets
| hit different subsets of the "subprocessors" you use.
|
| And there's literally no way of knowing whether or not my data
| hits "two" or "three" or all 17 "at the most".
|
| > but especially your _face_ is going to be _everywhere_ on the
| internet. Who are we kidding here? Why would _that_ be the
| problem?
|
| If you don't see this as a problem, you are a part of the
| problem
| laszlojamf wrote:
| I agree that DPA:s, as they are written today, aren't good. I
| was just pointing out that the reality probably isn't as bad
| as the article made it sound.
|
| > If you don't see this as a problem, you are a part of the
| problem
|
| I think you're misunderstanding me. I'm just saying that
| there are way bigger fish to fry in terms of privacy on the
| internet than passport data. In the end, your face is on
| every store's CCTV camera, your every friends phone, and
| every school yearbook since you were a kid. Unless you ask
| all of them to also delete it once they are done with it.
| fainpul wrote:
| But it makes a big difference if some CCTV camera captures
| my face and comes up with "unknown person" or if it finds
| my associated passport and other information.
|
| By the way, ever since facebook was a thing I always asked
| my friends _not_ to tag me in any photos and took similar
| measures at every opportunity to keep my data somewhat
| private.
| troupo wrote:
| > I agree that DPA:s, as they are written today, aren't
| good.
|
| That is, multiple regulations already _explicitly_ restrict
| the amount of data you can collect and pass on to third
| parties.
|
| And yet you're here saying "it's not that bad, we don't
| send eggregious amounts of data to all 17 data brokers at
| once, inly to 2 or 3 at a time, no big deal"
|
| > In the end, your face is on every store's CCTV camera,
| your every friends phone
|
| If you don't see how this is a problem already, and is now
| exacerbated by huge databases cross-referencing your entire
| life, _you are a part of the problem_
| pavel_lishin wrote:
| > _your _face_ is going to be _everywhere_ on the internet._
|
| Why is that your assumption?
| laszlojamf wrote:
| Unless you have friends without phones and live in a city
| without cameras, I think that's a pretty fair assumption
| Aldipower wrote:
| Those records are not connected to your ID and personal
| data.
| ataru wrote:
| The problem with anyone using my face to identify me is that
| it's hard for me to leave home without it.
| laszlojamf wrote:
| yes, that's why people _can_ identify you by it.
| Identification was the _purpose_ here.
| einrealist wrote:
| Why not show a summary of who actually received the data? It
| should be easy to implement. You could also add what data is
| retained and an estimate of how long it is kept for. It could
| be a summary page that I can print as a PDF after the process
| is complete.
|
| I'd consider that a feature that would increase trust in such a
| platform. These platforms require trust, right?
| testing22321 wrote:
| So they'll send the data to whichever of the 17 pay them for
| it.
|
| Obviously our faces are public, but there's no easy way to tie
| it to all my PII unless I give it to them.
| egorfine wrote:
| > I work in this space for a competitor to Persona
|
| So that means you are participating in the evil that KYC
| services are.
| tryauuum wrote:
| > your _face_ is going to be _everywhere_ on the internet. Who
| are we kidding here? Why would _that_ be the problem?
|
| It's a strange logic. "Evil thing X will happen anyway so it's
| acceptable for me to work in a company doing evil thing X". You
| should be ashamed of building searchable databases of faces
| efavdb wrote:
| The privacy concerns are real.
|
| The need / demand for some verification system might be growing
| though as I've heard fraudulent job application (people applying
| for jobs using fake identities... for whatever reason) is a
| growing trend.
| petemc_ wrote:
| Persona do not seem to be competent guardians of such a trove of
| private information.
|
| https://vmfunc.re/blog/persona
| illithid0 wrote:
| Thank you so much for sharing this. Not only is it a great
| post, but the site invokes such warm feelings of an internet
| long lost.
| wolvoleo wrote:
| True, I love the little cat chasing the mouse in particular.
| moss_dog wrote:
| That's Neko!
| https://en.wikipedia.org/wiki/Neko_%28software%29
| cloverich wrote:
| You can follow the discussions between that blogger and the CEO
| btw - https://x.com/rickcsong/status/2025038040599810385
| Persona was not hacked. No database was breached. Frontend
| code source maps were leaked, which means unminified
| variable names were exposed revealing all the names of our
| features. These names are already publicly listed in
| @Persona_IDV's help center and API documentation.
| remixer-dec wrote:
| as much as I like the design and the post, that website causes
| a massive memory leak in Firefox for Mac
| foxglacier wrote:
| "reveals", not "causes". The memory leak, if it truly exists,
| was already present. It's not a website's fault for
| triggering it.
| KomoD wrote:
| just a warning: when you press "continue" it starts blasting
| music
| cess11 wrote:
| TFA should have mentioned that this junk has ties to security
| services in Five Eyes, through Paravision.
|
| https://en.wikipedia.org/wiki/Paravision_(identity_verificat...
| smashah wrote:
| They are making the apparatus to destroy our freedoms.
| anoncow wrote:
| What should an ideal work website or social network be like?
| deadbabe wrote:
| Text only, single font size, no whitespace.
| anoncow wrote:
| Should it use real names?
| wolvoleo wrote:
| Wow that is insane. Persona is even linked to Peter Thiel.
|
| If LinkedIn asks me to verify then I'll just leave. I'd be very
| happy for it to fall over anyway so there is space for a new more
| ethical platform. Especially since Microsoft acquired it, all
| bets are off.
| bicepjai wrote:
| In the era of agents, just create your own website. Also it is
| insane that this is happening.
| Exoristos wrote:
| Yes. Then, you only have to convince Bing Copilot (et al.) to
| eventually list that website of yours.
| flkiwi wrote:
| This is only going to become more common. Companies are
| implementing checks using similar services (a) to prevent
| employment scams (where the person who interviews is not the
| person who works; usually the latter is a low-paid offshore
| individual) and (b) basic security authentication. It won't be
| long before this sort of biometric validation starts showing up
| to authenticate users on regular websites and similar services,
| if it hasn't already. I think the last one I had to do was to
| authenticate when activating a bank card.
| wolvoleo wrote:
| Why would they need to do that? If you start working there you
| need to show up with your actual ID anyway.
| flkiwi wrote:
| Remote, multi location workforces, supervisors and workers
| thousands of miles apart.
| dzink wrote:
| If you fly to US, Singapore, and many other countries these days,
| your face will be photographed and the photo will be matched to
| your passport photo via facial recognition (the machine tells you
| that outright, and does the action on the spot). They also take
| your right hand fingerprints.
| Cider9986 wrote:
| OK.
| wolvoleo wrote:
| I think flying to a country is a whole lot different than a
| little tickmark on a website, sorry.
|
| Don't forget that if you fly to a country you are also bound by
| their laws. They can do anything to you as long as they can
| make it stick under their laws. It's one thing that people
| often don't realise when flying somewhere, you are basically
| giving a blanket submission to their laws!
|
| For this reason I have a long blacklist of countries I won't
| visit because they have laws I do not accept.
| dzink wrote:
| I don't say it to justify what linkedin is doing - there is
| no justification for that. I say it to warn those who are
| conscious of it that there are more places that will harvest
| the data and use it.
| wolvoleo wrote:
| Sorry for my misunderstanding of your point.
| Cider9986 wrote:
| I am curious, would you be willing to share the list?
| cluckindan wrote:
| Just wait until GitHub starts requiring this.
| dhayabaran wrote:
| Apollo is one of many. The broader pattern is the same across the
| industry -- companies collect data with one set of promises and
| then the data ends up accessible through channels users never
| consented to.
|
| I've been documenting this pattern in AI apps specifically. The
| number of companies shipping to production with Firebase rules
| set to "allow read: if true" or Supabase databases with no Row
| Level Security is staggering. The identity data people hand over
| during verification often ends up in databases with zero access
| controls.
|
| LinkedIn at least has a security team. Most AI startups shipping
| verification flows don't.
| game_the0ry wrote:
| Off topic -- the design for that blog is really slick. Added it
| to my "design swipe file."
|
| Less off topic -- there are some black hat marketers that (I
| think) buy or create verified profiles with attractive women,
| then they use the accounts for b2b sales through linkedin DMs. I
| find that amusing. Neutered corpo bois are apparently big poon
| hounds. Makes sense when you think about it -- that type of guy
| is craving female attention and probably does not have the balls
| to do anything in real life, so a polite DM from a fake linkedin
| thot would be appealing.
| sanex wrote:
| Those 17 sub processors are probably the most vanilla cloud
| computing companies you're going to find. Maybe you can complain
| about using one of the three LLM providers for doing OCR but
| there have been quite a few posts here about how LLMs are great
| for OCR.
| brainless wrote:
| I am in India and this is the reason I have not verified till
| now. I do not know how LinkedIn has the audacity to ask for this
| level of personal detail. This seems dystopian to me.
|
| LinkedIn is a social network and I wish there was an alternative.
| sdkfjhdsjk wrote:
| I am in the USA (regrettably--my nation was conquered and
| subjugated long ago) and it IS dystopian, but there IS an
| alternative.
|
| The alternative is stay far away from digital slavery. Keep out
| of the slaughterhouse. Never approach it, and denounce it with
| every breath and fiber of your being.
|
| Do you have a phone? It's a surveillance device. Its entire
| purpose from day one was to enslave you. Do not participate.
|
| The question is, how much are you willing to give up in order
| to obtain freedom? What lengths will you go to? How badly do
| you really want it?
| replwoacause wrote:
| Good write up I guess, but I'm just so tired of all the AI-isms
| in every damn thing.
|
| "Your European passport is one quiet subpoena away"
|
| Why does the subpoena need to be quiet? If I search my chats with
| ChatGPT for the word "quiet", I get a ridiculous number of
| results. "Quietly this, quietly that". It's almost like the new
| em dash.
|
| There's many others all over this blog post I won't bother
| calling out.
|
| "Understanding what I actually agreed to took me an entire
| weekend reading 34 pages of legal documents."
|
| Yeah I'll bet it did. Or it took an hour of back and forth with
| ChatGPT loaded up with those 34 pages.
|
| I get it, we all use AI, but I'm just so tired of seeing the
| unmistakable mark of AI language all over every single thing. For
| some reason it just makes me think "this person is lazy". The CEO
| of a company my friend works for used Claude to write an
| important letter to business partners recently and we were all
| galled at her lack of awareness of how AI-sloppified the thing
| was. I guess people just don't care anymore.
| ziml77 wrote:
| > Or it took an hour of back and forth with ChatGPT loaded up
| with those 34 pages.
|
| That's exactly what I was thinking when I read that line. And
| there's nothing necessarily wrong with using AI to help
| decipher large legal documents, just be honest about it.
| roywiggins wrote:
| Or just verify and write up its findings yourself, this is
| like pasting notes from a research assistant in verbatim. It
| comes across as pretty lazy!
| ceroxylon wrote:
| I also find AI trope-ification articles exhausting to read,
| there's a reason I've fine tuned my system prompts to wipe all
| of it away. This reads like "Hey Gemini, I verified my passport
| on LinkedIn, write an impassioned expose on Persona's privacy
| policy".
|
| When people leave in things like staccato language and Blogspot
| era emphasis, I feel like I might as well copy the Persona
| privacy policy and prompt my own AI(s) on the topic and read
| that instead.
| kopollo wrote:
| The only thing left is for them to want our asses.
| veltas wrote:
| Persona just got hacked so we're off to a good start.
| tagyro wrote:
| I almost fell for a very sophisticated phishing attack last
| December and most of the "verifiable" information was from my
| LinkedIn account.
|
| For each role I had described some of the tasks and
| accomplishments and this was used in the phishing message.
|
| Since then, I removed my photo, changed my name only to initials
| and removed all the role-specific information.
|
| It's a bit of a bummer as I'm currently in the process of looking
| for a new job and unfortunately having a LinkedIn profile is
| still required in some places, but once I find it, I'll delete my
| profile.
| randycupertino wrote:
| I'm routinely shocked how biased people I work with are against
| individuals without a linkedin page. So many hiring managers
| across 15 years in my industry won't consider people without
| pages. One guy goes on rants how people are "sketchy" if they
| don't have a verified page and a lot of skill endorsements and
| testimonials! He'll pull up our vendors pages and check them
| out during meetings, complain if it isn't available or
| complete. I used to keep mine very minimal and locked down but
| I felt pressure from peers to flesh is out and keep it public
| which I hate.
| Aurornis wrote:
| I agree for in-person jobs.
|
| For remote jobs with remote interviews, not having a LinkedIn
| page or having a LinkedIn page full of generic information
| that can be disproven by a quick background check are common
| traits of scam applicants.
|
| A friend's employer started requiring more verification after
| they hired a group of remote workers who would some times
| connect from North Korean IPs when they made a mistake with
| their VPN.
| sigwinch wrote:
| Last year, someone's experience when LinkedIn required
| interacting with Persona:
|
| https://news.ycombinator.com/item?id=44435997
| DonThomasitos wrote:
| LinkedIn is Tiktokified social media brainrot disguised as
| serious work. ,,Hey - you're not wasting time, you're building
| your network and gather industry knowledge!"
|
| LinkedIn is full if so called professionals who make a living by
| leveraging their brand. If you're not one of them, leave
| dboreham wrote:
| Kind of. I've had a strict policy since LinkedIn launched of
| only connecting with people I've actually met and had at least
| some meaningful conversation with. Most of my contacts are
| former work colleagues. I think this makes my feed and audience
| a bit less spammy and grifty.
| ericmay wrote:
| Never connect with anyone you haven't met. If a work
| colleague or someone is on a call and doesn't use video, no
| connection either. Don't upload and store your resume on
| LinkedIn. There is no reason to do so.
|
| Also, I don't recall where this setting is, but make the
| default behavior such that if someone finds you and tries to
| connect with you, they actually follow you instead. This cuts
| down aggressively on spammers because in order to actually
| connect with you they would have to view your profile, open
| the ... menu, and then click connect. If they aren't paying
| attention they'll just follow you instead of connect which
| means you can broadcast to them but they can't broadcast to
| you.
| IshKebab wrote:
| Why? It's pretty useful for connecting with recruiters in
| my experience, and I don't think anyone can actually do
| anything just because they have a connection with you.
|
| I do ignore the connections from random students though
| tbf.
| ericmay wrote:
| Connecting with recruiters is mostly a waste of time, and
| generally anyone can just fake being a recruiter. Once
| someone has a connection with you they can see your
| extended network, they know where you work, they find out
| all information you have shared with on your profile, &c.
| The recruiter may be using you to connect with someone
| else. You also start to consume their content since you
| are connected. Better to let them follow you and then
| when it's time to reach out to offer you a job/send an
| in-mail.
|
| Generally speaking, unless you operate at an elite level
| or at an elite institution, you're not getting a ton of
| worthwhile cold intros from recruiters.
| IshKebab wrote:
| > Connecting with recruiters is mostly a waste of time
|
| Probably depends on the field but this definitely isn't
| always true. I've got my last two jobs through
| recruiters, and speaking to colleagues a lot of them do
| too.
|
| > they can see your extended network, they know where you
| work, they find out all information you have shared with
| on your profile
|
| This is public anyway though? Isn't that the point of
| LinkedIn?
|
| > You also start to consume their content since you are
| connected.
|
| I don't because I don't read LinkedIn. I pretty much only
| use it to get jobs. Although I have actually started
| posting technical stuff I've done there because people
| actually read it (I guess other people _do_ read LinkedIn
| tbf!)
|
| > Generally speaking, unless you operate at an elite
| level or at an elite institution, you're not getting a
| ton of worthwhile cold intros from recruiters.
|
| I'm definitely not elite level and I would say ~20% of
| the jobs I get from LinkedIn recruiters are of interest.
| That's pretty good! Almost all of them are at least
| relevant to my field (silicon verification). Sometimes I
| get stuff about mechanical engineering validation, or
| software jobs that aren't relevant but that's pretty
| rare. It must depend on the field. Maybe the country too?
| ericmay wrote:
| > This is public anyway though? Isn't that the point of
| LinkedIn?
|
| You can limit this. I don't think it's necessarily the
| point of LinkedIn - i.e. for others to connect with you
| and then have full visibility into all of the details of
| everyone you know and whatever you have on your profile.
| It's a bit naive to assume that operating in this manner
| doesn't make you a prime target for scammers, social
| engineers, hackers, &c., or even worse - solicitors.
|
| > My experience is different
|
| Yea, everyone has different experiences. I'm just
| describing how the platform generally works, as a matter
| of fact.
| nicbou wrote:
| I use it as write-only media and I had an okay experience. I
| have met a lot of people IRL through LinkedIn.
| Aurornis wrote:
| Most people don't log in to LinkedIn to check the feed. They
| don't interact with the feed at all.
|
| It's used for keeping contacts, having your online resume in a
| standard place, and maybe messaging people.
|
| The feed is a sideshow. It enrages a lot of people because it's
| full of slop, but you need to treat it like almost everyone
| else: Ignore it. It's a sideshow.
| keithluu wrote:
| I believe OpenAI used Persona during the verification step that
| you must complete to use their SOTA models in the API. Not sure
| if it's still the case now.
|
| Anyway, I found that too much of a hassle and switched to other
| LLM providers.
| 8cvor6j844qw_d6 wrote:
| Similar experience here.
|
| A few months back I was evaluating one of the GPT-5 models for
| a side project. Turns out streaming via the API requires org
| verification, and I decided to look elsewhere.
|
| In hindsight, a good decision given what just came out about
| Persona.
| Aldipower wrote:
| I just registered at platform.OpenAI.com two days ago for MCP
| Apps registration and had to do the Persona process! Now I
| could cry.
| yapyap wrote:
| welp, yikes
| skywhopper wrote:
| This is all bad, but I feel compelled to call out the
| "geolocation (inferred from your IP)" tidbit, because I can vouch
| that in the era of IPv4 scarcity, this value is often wildly
| wrong. When I'm at home, for the past 10 years, living in three
| different cities in that time, my ISP-granted IP address
| registered as incorrect locations (often by hundreds of miles)
| more often than not. And my mobile phone is always wrong, showing
| me in Colorado, St Louis, or North Carolina depending on the day.
| None of those locations are even close to correct.
|
| It's truly a shame we are allowing these companies to steal and
| share and abuse our personal data, and it's even worse that even
| the very basics of that data are so often blatantly wrong.
| afh1 wrote:
| >The legal basis? Not consent.
|
| You read and agreed with the terms explicitly stating the data
| would be used to do those things, and it was not at all necessary
| for you to do that. What else do you want? It seems like consent
| isn't the issue. You just don't like what this company does, and
| still volunteer your data for them to do just that. Now you
| regret it and write a blog post?
|
| One thing is to be tricked or misled, or for a government to
| force your face to be scanned and shared with a third party.
| Another is to have terms explicitly saying this will be done,
| requiring explicit agreement, and no one forcing you to do it.
| SilverElfin wrote:
| > no one forcing you to do it
|
| This is where I disagree. You basically have to use LinkedIn to
| participate in today's job market. These large platforms that
| are protected by network effects should be highly regulated so
| they cannot abuse your privacy and rights.
| p-e-w wrote:
| Most privacy issues with today's technology industry are
| caused by companies behaving like private service providers,
| when in practice they are somewhere between public utilities
| and government agencies in terms of their necessity and
| inevitability.
|
| In many companies, you don't need to bother applying without
| a LinkedIn profile. You're not even going to be considered
| for a position, full stop.
| rmccue wrote:
| They consented to their data being used to verify their
| identity, not to train an AI on their data. Each separate
| purpose the data is being processed for needs its own basis.
| wat10000 wrote:
| The plans were on file in a disused lavatory with a sign in the
| door saying Beware of the Leopard.
| jungturk wrote:
| "Consent" and "Legitimate Interest" are legal terminology -
| they're two bases defined in GDPR and have different
| implications and requirements for balancing user and processor
| interests.
|
| When the author says that Persona claims the "legitimate
| interest" basis for these data, they're saying that Persona is
| trying to achieve maximum flexibility for using the data (since
| "consent" generally requires specific agreement on a specific
| use for the data, and the burden of maintaining the consent
| records, where "legitimate interest" does not).
|
| https://www.bulletproof.co.uk/blog/consent-vs-legitimate-int...
| hliyan wrote:
| Here's what I found the most frightenting:
|
| > Hesitation detection -- they tracked whether I paused during
| the process
|
| > They use uploaded images of identity documents -- that's my
| passport -- to train their AI.
|
| > Persona's Terms of Service cap their liability at $50 USD.
|
| > They also include mandatory binding arbitration -- no court, no
| jury, no class action.
| rambojohnson wrote:
| everyone on linkedin sounds like chatgpt / claude.
| aestetix wrote:
| Peter Thiel knows about the anti-christ...
| edoceo wrote:
| I've been getting "Emails aren't getting through to one of your
| email addresses. Please update or confirm your email." -- even
| tho I get messages from them every day. When you press the button
| to confirm the (working) email it states "Something went wrong".
|
| It happened last week too, I was able to fix it via their chat-
| help (human). Yesterday, their chat-help (human) was not able fix
| it and has to open a ticket. I pay for LinkedIn-Premium. So maybe
| this is just a scam to route me into Verification. Their help
| documents
| (https://www.linkedin.com/help/linkedin/answer/a1423367) for
| verifying emails doesn't match the current user experience.
|
| Then, in a classic tech-paradox, their phone support person told
| me they would email me -- on the same address their system
| reports emails are not getting through to. It felt like 1996
| levels of understanding.
|
| We need to get back to de-centralised.
| b00ty4breakfast wrote:
| I have no proof but I have suspicions that call-center systems
| are designed like this on purpose. low-level employees are
| hamstrung in what they can do, so then they have to hand it off
| to someone else, with varying degrees of ceremony, which either
| involves submitting a "ticket" or transferring you to some
| other department who may or may not have higher privileges wrt
| what they can do to help you.
|
| Then you might hit a wall where nobody can do anything because
| you're trapped in the gears of some byzantine IT system that
| decides what can and can't happen at any given time with any
| given situation.
|
| Then there's the labyrinth of the phone system itself littered
| low-bit smooth jazz and awful menus not often alleviated by AI
| voice recognition (which in my experience can sometimes be
| _worse_ than the older voice systems) and the back and forth
| from one department to the next either because of the above or
| because someone or something keeps sending you to the wrong
| people to get your problems addressed.
|
| If it's not engineered, it's some kinda emergent eldritch
| abomination that has slowly accreted over the decades.
| 1over137 wrote:
| > Emails aren't getting through to one of your email addresses
|
| Do you block remote image loading? They are probably measuring
| via tracking pixels.
| edoceo wrote:
| Good idea -- I've not loaded images since...ever, I still
| prefer the text/plain part. Like an idiot I assumed they were
| getting an error message from the MTA. But then what if they
| deliver but I never open?
| puszczyk wrote:
| This is a good write-up and useful content, but edit-wise it
| could be simplified significantly. Additionally, phrases like
| "let that sink in" are characteristic of poor LinkedIn content,
| which is a bit of an irony :)
| tagami wrote:
| Thank you for doing and sharing what I was hesitant to do. Now I
| know with good reason why.
| the_real_cher wrote:
| Modern day LinkedIn is a terrible company that violates privacy
| as bad as any other social media company.
|
| Also, the content on LinkedIn is terrible and fake.
|
| Need to start shunning these bad actors.
| lacoolj wrote:
| This is a little unnerving because I know I've had to provide
| similar ID verification somewhere online, but I can't remember
| where. And based on everything here, it was almost certainly
| Persona.
|
| I guess I'll just be in the corner crossing my fingers none of it
| is found in a hostile foreign land or used against me.
| aylmao wrote:
| I'll note that Persona's CEO responded on LinkedIn [1] pointing
| out that: - No personal data processed is used
| for AI/model training. Data is exclusively used to confirm your
| identity. - All biometric personal data is deleted
| immediately after processing. - All other personal data
| processed is automatically deleted within 30 days. Data is
| retained during this period to help users troubleshoot. -
| The only subprocessors (8) used to verify your identity are: AWS,
| Confluent, DBT, ElasticSearch, Google Cloud Platform, MongoDB,
| Sigma Computing, Snowflake
|
| The full list of sub-processors seems to be a catch-all for all
| the services they provide, which includes background checks,
| document processing, etc. identity verification being just one of
| them.
|
| I have I've worked on projects that require legal to get involved
| and you do end up with documents that sound excessively broad. I
| can see how one can paint a much grimmer picture from documents
| than what's happening in reality. It's good to point it out and
| force clarity out of these types of services.
|
| [1]:
| https://www.linkedin.com/feed/update/urn:li:activity:7430615...
| lysace wrote:
| All of those statements require trust and/or the credible
| threat of a big stick.
|
| Trust needs to earned. It hasn't been.
|
| The big stick doesn't really exist.
| paulnpace wrote:
| Whelp, so long as the CEO says it's fine, we've no reason to
| worry about what's in the legal verbiage.
| majormajor wrote:
| But why believe that when their policy says any of it may not
| be true, or could change at any time?
|
| Even if the CEO believes it right now, what if the team
| responsible for the automatic-deletion merely did a soft-delete
| instead of a hard delete "just in case we want to use it for
| something else one day"?
| BorisMelnik wrote:
| I dont believe that for one second. I can think of many
| examples of times CEO's have said things publicly that were
| not or ended up being not true!
| saghm wrote:
| I'm not convinced there's any significant overlap between
| "people who are worried about which subprocessors have their
| data" and "people who don't think that eight subprocessors is a
| lot"
| __float wrote:
| I mean, two of them are cloud vendors. The rest just seem
| like very boring components of a (somewhat) modern data
| pipeline.
| y-c-o-m-b wrote:
| All of which is meaningless if it's not reflected properly in
| their legal documents/terms. I've had interactions with the
| Flock CEO here on Hacker News and he also tried to reassure us
| that nothing fishy is/was going on. Take it with a grain of
| salt.
| shimman wrote:
| Why anyone would trust the executives at any company when
| they are only incentivized to lie, cheat, and steal is beyond
| me. It's a lesson every generation is hellbent on learning
| again and against and again.
|
| It use to be the default belief, throughout all of humanity,
| on how greed is bad and dangerous; yet for the last 100 years
| you'd think the complete opposite was the norm.
| godelski wrote:
| > when they are only incentivized to lie, cheat, and steal
|
| The fact that they are allowed to do this is beyond me.
|
| The fact that they do this is destructive to innovation and
| I'm not sure why we pretend it enables innovation. There's
| a thousands multi million dollar companies that I'm
| confident most users here could implement, but the major
| reason many don't is because to actually do it is far
| harder than what those companies build. People who
| understand that an unlisted link is not an actual security
| measure, that things need to actually be under lock and
| key.
|
| I'm not saying we should go so far as make mistakes so
| punishable that no one can do anything but there needs to
| be some bar. There's so much _gross incompetence_ that we
| 're not even talking about incompetence; a far ways away
| from mistakes by competent people.
|
| We are filtering out those with basic ethics. That's not a
| system we should be encouraging
| judahmeek wrote:
| Because the liars who have already profited from lying
| will defend the current system.
|
| The best fix that we can work on now in America is
| repealing the 17th amendment to restrengthen the federal
| system as a check on populist impulses, which can easily
| be manipulated by liars.
| touristtam wrote:
| So your senators were appointed before that? No election
| needed?
| bitwize wrote:
| Yes, by state legislatures. The concept was the Senate
| would reflect the states' interests, whereas the House
| would reflect the people's interests, in matters of
| federal legislation.
| throwaway2037 wrote:
| For those unaware, the German Federal democratic system
| works in a similar way. They have two houses: the
| Bundestag (directly elected) and the Bundesrat (appointed
| by state legistatures). As a outsider, their democracy
| appears to be very high functioning, which demonstrates
| this form of democracy can work well.
| logifail wrote:
| > their democracy appears to be very high functioning,
| which demonstrates this form of democracy can work well
|
| This probably depends on your definition of "working
| well".
|
| In March 2025, _after_ the last Federal elections were
| held in Germany (February 2025), but _before_ the new
| parliament was constituted (within 30 days of the
| results?), the _new_ governing coalition engineered a
| constitutional amendment which required a supermajority
| _which they would not have in the new parliament_ , so
| instead they held the vote in the old parliament.
|
| https://www.nytimes.com/2025/03/18/world/europe/germany-
| debt...
|
| This was perfectly legal, although if you explain it to
| an outsider it might seem like an abuse of process.
| shimman wrote:
| lol what the fuck, no. Can't believe you look at the
| current system and think "you know what, political
| parties should be able to choose senators not the
| citizens." Good lord.
| godelski wrote:
| > Because the liars who have already profited from lying
| will defend the current system.
|
| Okay? And so _we_ just have to deal with it? Give up?
| Throw in the towel? Not push back? >
| repealing the 17th amendment
|
| Did you read your first sentence?
|
| * _By your own logic,*_ the liars who have already
| profited from lying will appoint those who will help them
| defend the current system.
| nashashmi wrote:
| Can a ceo's word on linkedin and X be used to make claims
| against them?
| throwaway2037 wrote:
| Absolutely. I don't know what legal jurisdiction they are
| subject to, but I could imagine that someone tries to sue
| an EU division/outpost in an EU court under a GPDR-type of
| petition, these posts would be submitted as evidence. One
| could easily argue the CEO is acting on behalf of the
| company by posting using their real name. (Let's presume
| there is no identity fraud for these posts.)
|
| And don't forget that Elon Musk was tried in the US for
| defamation after making a bunch of posts on Twitter against
| some UK citizens. Assuming that you are posting under your
| real name, you are definitely legally responsible for those
| words.
| jeffybefffy519 wrote:
| Yup exactly, if this is the truth then put it on the
| terms/privacy policy etc... exec's say anything these days
| with zero consequences for lieing in a public forum.
| kwar13 wrote:
| this is just "trust me bro" with more words. even if true, the
| point is not what they do right now, the point is what they CAN
| do, which clearly as pointed in terms is a lot more than that.
| egorfine wrote:
| A KYC provider is a company that doesn't start with neutral
| trust. It starts with a huge negative trust.
|
| Thus it is impossible to believe his words.
| flumpcakes wrote:
| What does the (I assume) acronym KYC mean?
| tripdout wrote:
| Know Your Customer
| egorfine wrote:
| Kill Your Customer.
| astura wrote:
| Know your customer
|
| https://en.wikipedia.org/wiki/Know_your_customer
| jcheng wrote:
| Can you say more? Why isn't it neutral or slightly positive?
| I would assume that a KYC provider would want to protect
| their reputation more than the average company. If I were
| choosing a KYC provider I would definitely want to choose the
| one that had not been subject to any privacy scandals, and
| there are no network effects or monopoly power to protect
| them.
| egorfine wrote:
| > Why isn't it neutral or slightly positive?
|
| Because KYC is evil in itself and if the linked article
| does not explain to you why is that then I certainly
| cannot.
|
| > KYC provider would want to protect their reputation more
| than the average company
|
| False. It is exactly the opposite. See, there are no
| repercussions for leaking customers data, while properly
| securing said data is expensive and creates operational
| friction. Thus, there are NO incentives to protect data
| while there ARE incentives to care as less as possible.
|
| Bear in mind that KYC is a service that no one wants, anll
| customers are forced and everybody hates it: customers,
| users, companies.
| chowells wrote:
| I want KYC. I want AML. I want reversible transactions. I
| also want all of those things to be well regulated by a
| responsive and reasonable regulatory body.
|
| They may have cases where they break down, but their net
| social impact is positive.
| mikkupikku wrote:
| We're talking about LinkedIn, not banking. KYC and AML
| with respect to banks is a privacy tradeoff that is
| required by law, after public debate from legally elected
| representatives. With LinkedIn, it's none of that.
| SilverElfin wrote:
| Why would we believe they are deleted after processing and not
| shared with the government?
| astura wrote:
| What's the government going to do with a picture of the ID
| they, themselves issued to you?
| JoshTriplett wrote:
| Associate it with the specific service they don't want you
| using, or transactions they don't want you making, or
| conversations and connections they don't want you having.
| attila-lendvai wrote:
| it's one service collecting ID's issued by _dozens_ of
| governments.
|
| the already too centralized is being made even more
| centralized here.
| SilverElfin wrote:
| As an example, the state government may issue a particular
| ID that I use in several different places. But the federal
| government did not issue that ID to me.
| Jolter wrote:
| Keep in mind for most users of the service, the ID was not
| issued by the US government.
| Biganon wrote:
| TIL the US government issued my Swiss passport
| vinay_ys wrote:
| > that require legal to get involved and you do end up with
| documents that sound excessively broad
|
| If you let your legal team use such broad CYA language, it is
| usually because you are not sure what's going on and want CYA,
| or you actually want to keep the door open for broader use with
| those broader permissive legal terms. On the other hand, if you
| are sure that you will preserve user's privacy as you are
| stating in marketing materials, then you should put it in legal
| writing explicitly.
| godelski wrote:
| > - All biometric personal data is deleted immediately after
| processing.
|
| The implication is that biometric data leaves the device. Is
| that even a requirement? Shouldn't that be processed on device,
| in memory, and only some hash + salt leave? Isn't this how
| passwords work?
|
| I'm not a security expert so please correct me. Or if I'm on
| the right track please add more nuance because I'd like to know
| more and I'm sure others are interested
| wholinator2 wrote:
| I'm not an expert but i imagine bio data being much less
| exact than a password. Hashes work on passwords because you
| can be sure that only the exact date would allow entry, but
| something like a face scan or fingerprint is never _exactly_
| the same. One major tenant that makes hashes secure is that
| changing any singlw bit of input changes the entirety of the
| output. So hashes will by definition never allow the fuzzy
| authentication that's required with biodata. Maybe there's a
| different way to keep that secure? I'm not sure but you'd
| never be able to open your phone again if it requires a 100%
| match against your original data.
| godelski wrote:
| I'd assume they'd use something akin to a perceptual hash.
|
| Btw, hashes aren't unique. I really do mean that an input
| doesn't have a unique output. If f(x)=y then there is some
| z such that f(z)=y.
|
| Remember, a hash is a "one way function". It isn't
| invertible (that would defeat the purpose!). It is a
| surjective function. Meaning that reversing the function
| results in a non-unique output. In the hash style you're
| thinking of you try to make the output range so large that
| the likelihood of a collision is low (a salt making it even
| harder), but in a perceptual hash you want collisions, but
| only from certain subsets of the input.
|
| In a typical hash your collision input should be in a
| random location (knowing x doesn't inform us about z).
| Knowledge of the input shouldn't give you knowledge of a
| valid collision. But in a perceptual hash you want
| collisions to be known. To exist in a localized region of
| the input (all z are near x. Perturbations of x).
|
| https://en.wikipedia.org/wiki/Perceptual_hashing
| Delk wrote:
| > Remember, a hash is a "one way function". It isn't
| invertible (that would defeat the purpose!). It is a
| surjective function. Meaning that reversing the function
| results in a non-unique output.
|
| This is a bit of a nitpick and not even relevant to the
| topic, but that's not the reason cryptographic hashes are
| (assumed to be) one-way functions. You could in principle
| have a function f: X -> Y that's not invertible but for
| which the _set_ of every x that give a particular y could
| be tractably computed given y. In that case f would not
| be a one-way function in the computational sense.
|
| Cryptographic hashes are practically treated as one-way
| functions because the inverse computation would take an
| intractable amount of time.
| rawgabbit wrote:
| This reads like their entire software stack. I don't understand
| the role ElasticSearch plays; are people still using it for
| search?
|
| Infrastructure: AWS and Google Cloud Platform
|
| Database: MongoDB
|
| ETL/ELT: Confluent and DBT
|
| Data Warehouse and Reporting: Sigma Computing and Snowflake
| smw wrote:
| What possible use legitimate use is Snowflake in verifying your
| identity? ES?
| rawgabbit wrote:
| It's probably used to aggregate all their data sources to
| compile profiles. They then match the passport against their
| database of profiles. To say, yup, this passport is for real
| person; not a deceased person whose identity was stolen for
| example.
| barryhennessy wrote:
| As an industry we really need a better way to tell what's going
| g where than:
|
| - someone finally reading the T&Cs
|
| - legal drafting the T&Cs as broadly as possible
|
| - the actual systems running at the time matching what's in the
| T&Cs when legal last checked in
|
| Maybe this is a point to make to the Persona CEO. If he wants
| to avoid a public issue like this then maybe some engineering
| effort and investment in this direction would be in his best
| interest.
| singleshot_ wrote:
| Why would anyone believe this?
| YorickPeterse wrote:
| Ah yes, because companies never lie about how they process your
| data...
| mdani wrote:
| I am wondering what the 'sub-processor' means here. Am I right
| in assuming that the Persona architecture uses Kafka, S3 data
| lake in AWS and GCP, Elastic Search, MongoDB for configuration
| or user metadata, and Snowflake for analytics, thus all these
| end up on sub-processle list as the data physically touches
| these company's products or infra hosted outside Persona? I
| hope all these aren't providing their own identity services and
| all of them aren't seeing my passport for further validation.
| whatever1 wrote:
| Facebook at some period was pushing users to enable 2fa for
| security reasons, and guess what they did with the phone
| numbers they collected.
| hansmayer wrote:
| Right, because as seen over the last several years, the Big
| Tech CEOs should totally be trusted on their promises,
| especially if it is related to how our sensitive personal data
| is stored and processed. This goes even wtihout knowing who is
| one of the better known "personas" investing in Persona.
| dataflow wrote:
| If he's really so confident these assurances will stand
| scrutiny then why doesn't he put them in the agreement and
| provide legal assurance to that effect?
| pyrale wrote:
| > pointing out that
|
| Certainly, you mean: "claiming that".
|
| In the terms of Mandy Rice-Davies [1], "well he would, wouldn't
| he?" Especially, his claim that the data isn't used for
| training by companies that are publicly known to have illegally
| acquired data to train their models doesn't look very serious.
|
| [1]:
| https://en.wikipedia.org/wiki/Well_he_would,_wouldn%27t_he%3...
| keepamovin wrote:
| This is not the concern for me. I thought the risk was obvious
| to everyone. Tho I've been tempted because it means I'll "have
| more interactions" or whatever LinkedIn pitches with, I didn't
| want to put a public signal out there with yes: "This is my
| real name, real job, real city" - to me it's like a pre-vetted
| database of marks for identity theft criminals or whatnot. You
| know?
|
| I thought everyone, at least in security would be somewhat
| concerned about this, but they're not. I get the benefits, and
| I want to enjoy those benefits too. I'd much prefer if I could
| privately confirm my name using IDs (zero problem with that)
| but then not have to show it or an exact profile photo. I'm
| sure there's a cryptographic way for my identity to be proven
| to any who I chose to prove it to who required such bona fides.
| I dislike the surface of "proven identity for everyone". You
| know?
|
| This to me is the far more important thing than: "security
| focused biometric company processed my data, therefore being
| rational and modern I will now have a meltdown." Everytime you
| drive, use a payment method linked to your name, use your plan
| phone, your laptop, go to a venue that ID scans, make a rental,
| catch a flight, cross a border, etc, your ID (or telemetric
| equivalents sufficient to ID you) is processed by some digital
| entity. If you will revolt against the principle of "my
| government issued and not-truly-mine-anyway ID documents, or
| other provided bona fides are being read by digital entities
| contracted to do that", it seems nonsensical.
|
| I think the bigger risk is always taking a photo of your
| passport and putting it on the internet, which is basically
| what the current LI verification means. Casual OSINT on a
| verified profile likely reveals the exact birthday (or cross-
| referenced on other platforms), via "happy birthday" type
| posts. _How old am I_ type image AI can give you rough years.
| the_nexus_guard wrote:
| > I'm sure there's a cryptographic way for my identity to be
| proven to any who I chose to prove it to
|
| There is. The pattern is: generate a keypair locally, derive
| a DID (decentralized identifier) from the public key, and
| then selectively prove your identity to specific verifiers
| using digital signatures. No central authority ever holds
| your private key.
|
| The key difference from the LinkedIn model: you never hand
| biometric data to a third party. Instead, you hold a
| cryptographic identity that you control. If someone needs to
| verify you, they check a signature -- not a database. You can
| prove you're the same entity across interactions without
| revealing anything about who you are in the physical world.
|
| This is exactly the approach behind things like W3C DIDs and
| Verifiable Credentials. The crypto has been solved for years;
| the adoption problem is that platforms like LinkedIn have no
| incentive to give users self-sovereign identity when the
| current model lets them be the middleman.
|
| I've been building an open implementation of this for AI
| agents (where the identity problem is arguably even worse --
| there's no passport to scan): https://github.com/The-Nexus-
| Guard/aip. But the same cryptographic primitives apply to
| human identity too.
| wackget wrote:
| "The only subprocessors used to verify your identity are"...
| some of the biggest data mining companies on the planet.
| Excellent.
| torginus wrote:
| My favourite 'thing' in the modern world is that 'we don't
| process and store your data' has taken to mean - 'we don't
| process and store your data - our partner does'.
|
| Which might not even be stated explicitly, it might be that
| they just move it somewhere and then pass it on again, at which
| point its outside the legal jurisdiction of your country's
| ability to enforce data protection measures.
|
| Even if such a scheme is not legal, the fact that your data
| moves through multiple countries with different data protection
| measures, enforcing your rights seems basically impossible.
| mikkupikku wrote:
| _" We don't sell your data"_ translates to _" we sell OUR
| data about you"_.
|
| They would never admit the data belongs to you while selling
| it. When they sell it, they declare themselves the owners of
| that data, which they derived from things you uploaded or
| told them, so they're never selling _your_ data according to
| their lawyers.
|
| Another thing they like to do is sell the use or access to
| this data, without transferring the legal rights to the data,
| so they can say with a straight face they never sold the
| data. Google loves this loophole and people here even defend
| it.
| frm88 wrote:
| _Persona Identity, Inc. is a Peter Thiel-backed venture that
| offers Know Your Customer (KYC) and Anti-Money Laundering (AML)
| solutions that leverage biometric identity checks to estimate a
| user's age that use a proprietary "liveliness check" meant to
| distinguish between real people and AI-generated identities._
|
| _Once a user verifies their identity with Persona, the
| software performs 269 distinct verification checks and scours
| the internet and government sources for potential matches, such
| as by matching your face to politically exposed persons (PEPs),
| and generating risk and similarity scores for each individual.
| IP addresses, browser fingerprints, device fingerprints,
| government ID numbers, phone numbers, names, faces, and even
| selfie backgrounds are analyzed and retained for up to three
| years._
|
| There are so many keywords in there that should raise a red
| flag, but funded by Peter Thiel should probably be enough.
|
| https://www.therage.co/persona-age-verification/
| peter_retief wrote:
| My ISP and my bank decided they needed my biometrics to have an
| account, same sort of thing
| g8oz wrote:
| It seems to me that if you let Persona verify your identity
| you're essentially providing data enrichment for the US
| government. In exchange for what? A blue tick from a feeder
| platform like LinkedIn, Reddit or Discord? No thanks.
|
| On the other hand it can be hard to escape if it's for something
| that actually matters. Coursera is a customer. You might want
| your course achievements authenticated. The Canada Media Fund
| arranges monies for Canadian creators when their work lines up
| with various government sponsored DEI incentives. If you're in
| this world you will surely use Persona as required by them. Maybe
| you're applying for a trading account with Wealthsimple and have
| to have your ID verified. Or you want to rent a Lime Scooter and
| have to use them as part of the age verification process.
|
| KYC platforms have a place. But we need legal guarantees around
| the use of our data. And places like Canada and Europe that are
| having discussions about digital sovereignty need to prioritize
| the creation of local alternatives.
| egorfine wrote:
| > KYC platforms have a place
|
| Yes. In hell.
| tokenless wrote:
| > On the other hand it can be hard to escape if it's for
| something that actually matters.
|
| E.g. Job applications, rental references, clearance at existing
| jobs, citizenship and visa applications, digital signing for
| things like business contracts.
| IOT_Apprentice wrote:
| So LinkedIn's 1st CEO Reid Hoffman who was all up in
| relationships with Epstein & Bone Saw, yakking it up with
| monsters is the place to store your employment history? To
| provide a blue checkmark? To feed into copliot & be sold to AI
| weapons vendors & gruesome thugs like Palantir's CEO & Chairman?
| Yikes.
| snowhale wrote:
| the Persona CEO response addresses the AI training concern but
| totally sidesteps the CLOUD Act issue. doesn't matter where data
| is stored -- if Persona or any of their US-based subprocessors
| get a US national security letter, that data is accessible.
| "deleted within 30 days" also means it exists for up to 30 days,
| which is plenty of time for a legal demand.
| flumpcakes wrote:
| I am about to talk about "vibes" and "feelings" so please take
| this with a grain of salt:
|
| Does anyone else get the impression that they feel like the
| nefarious surveillance state is now real and definitely not for
| their benefit?
|
| It's been a long running trope of the men in black, and the state
| listening to your phone calls, etc. Even after Snowdon's leaks,
| where we learned that there are these massive dragnets scooping
| up personal information, it didn't _feel_ real. It felt distant
| and possibly could have been a "probably good thing" that is it
| was needed to catch "the real bad guys".
|
| It feels different now. Since last year, it feels like the walls
| are closing in a bit and that now the US is becoming... well, I
| can't find the words, but it's not good.
| weird_tentacles wrote:
| You are slooowwly waking up.
| kburman wrote:
| I don't get the whole idea of treating identity verification as a
| private enterprise problem. I realize it's easy to just blame
| LinkedIn or Microsoft here, but the core issue is architectural.
| We are trying to solve a public utility problem by building
| private honeypots.
|
| The government should provide an API or interface to validate a
| user, essentially acting just like an SSO. Instead of forcing
| users to upload raw passport scans to a third-party data broker,
| LinkedIn should just hit a government endpoint that returns an
| anonymized token or a simple boolean confirming "yes, this is a
| real, unique person." It gives platforms the sybil resistance
| they need without leaking the underlying PII.
| egorfine wrote:
| We have exactly that in Ukraine. And in Poland. And in many
| other countries.
|
| This does not conform to the requirements of american KYC/AML
| provisions that require KYC service to store and leak PII.
| mamma_mia wrote:
| I've never used linkedin and have been more than fine, I feel
| that like with most social media that noise makes it seem more
| important than it is
| ollybrinkman wrote:
| The deeper issue here is that centralized identity verification
| creates honeypots. You hand over real identity data to verify
| yourself, and now that data lives in LinkedIn's systems
| indefinitely. The alternative direction is zero-knowledge proofs
| for identity -- prove you're a real person without revealing
| which person. Projects like World ID are going this direction.
| The irony is that for AI agents, none of this matters: they don't
| have identities to verify, which is actually a feature.
| dave_sid wrote:
| Linkedin is the sleaziest thing I've seen on the internet since
| it was invented. The sight of it makes my skin crawl. The way
| they have desperately tried to onboard you via data that they
| seem to have that they shouldn't. The way users even present
| themselves, posting updates that probably make them want to vomit
| themselves and shower in disgust even tho it's not their fault,
| we need to find work. The bloody badge that you have to wear on
| your forehead to say you are available for work. The thought of
| the money they are raking in from recruiters and corporations.
| The way they try to be a little bit more like Facebook to make it
| look a little more 'fun'. I hate it.
|
| Well they made it. They conquered the recruitment scene and I
| can't think of a company I'd wish had gone out of business
| sooner.
|
| Am I wrong?
| Exoristos wrote:
| I do find them the most loathsome of the social media platforms
| I visit. But here's another point -- recent investigations have
| shown they're not as good a resource for finding jobs
| anymore[0].
|
| 0. https://www.inc.com/joe-procopio/you-cant-find-a-job-
| because...
| dave_sid wrote:
| Interesting article.
| po1nt wrote:
| >Count them. 17 companies. 16 in the United States. 1 in Canada.
| Zero in the EU.
|
| We regulated innovation out of the market. Why are you surprises
| that the only companies finding your data valuable are in the US?
| danpritch wrote:
| Maybe it's just me but I don't count tracking people as
| innovation. Tell me what's innovative about it.
| po1nt wrote:
| Tracking people is dystopian. But only collection of data
| allowed us to train the AI. I don't think EU has issues with
| tracking people unless a private party does it.
| CrzyLngPwd wrote:
| Blue tick is the thin end of the wedge, as is "think of the
| children" ID demands.
|
| It won't be long before we'll be required to verify ID for every
| major website.
| chickensong wrote:
| First mistake was using LinkedIn. More mistakes were made.
| sunaookami wrote:
| AI slop blogspam
| cco wrote:
| People who found this post interesting may also find this blog
| post about Persona a good read as well:
| https://vmfunc.re/blog/persona/
|
| tl;dr Persona shares your identity data directly with the federal
| governments of the US and Canada and likely is sharing data/works
| with ICE on the same.
| trinsic2 wrote:
| If you are using Linked in for anything at this point, you are
| just asking for trouble. They have no interest in maintaining a
| healthy business ecosystem and you can see that with the way they
| try to close you into their system and the amount of AI slop that
| is on that platform.
| VerifiedReports wrote:
| The link isn't working, but anyone handing over unnecessary data
| to LinkedIn (AKA Facebook Pro) is probably too gullible to be
| online safely at this point.
| ceramati wrote:
| Why can't we have an ATproto LinkedIn? It seems pretty well
| suited.
| zquestz wrote:
| In your "WHAT YOU SHOULD DO" section, you missed the most
| important thing.
|
| Stop using LinkedIn, and stop using these terrible services that
| rip away our privacy.
| ndom91 wrote:
| Isn't Persona the same sub processor Discord is using for their
| new age-verification :thinking:
| codr7 wrote:
| LinkedIn is creepy even compared to Facebook imo.
|
| And the content is the worst trash you'll find online, bottom of
| the barrel.
| hajix007 wrote:
| Good to know, ty!
| heliumtera wrote:
| You have you identity away but at least you have a blue
| checkmark! It could be a purple checkmark, thing about that!
| mcintyre1994 wrote:
| I have a LinkedIn account and I occasionally have recruiters cold
| phone call me. They always tell me they got my phone number from
| LinkedIn. The first time this happened I deleted my number off
| LinkedIn, which was not shared according to their settings but
| was being used for 2FA. I still occasionally get these calls, and
| I'm unsure if LinkedIn is still letting people buy access to my
| deleted phone number, or if the recruiters are just lying and
| getting my number from some creepy stolen data service.
| umairnadeem123 wrote:
| The unique email technique ColinWright describes is the gold
| standard for tracking data leaks and I wish more people did it. I
| use a catch-all domain for this exact purpose - every service
| gets service@mydomain format. The pattern is pretty clear:
| services that get acquired are the worst offenders. The new
| parent company inherits the data and applies their own, usually
| worse, privacy practices. LinkedIn being acquired by Microsoft
| and then the spam starting tracks perfectly with this. The legal
| framework treats acquisitions as a continuity of service even
| when the privacy practices change completely.
| fireant wrote:
| KYC data is the most dangerous data that can leak right now. If
| your CC leaks, you will know almost immediately and can revoke it
| and generally will get your money back. Password leaks can be
| neutered with 2FA. Medical data leak can perhaps be used in a
| complex extortion, but generally for most people this data is
| worthless.
|
| KYC data on the other hand allows third party criminals who have
| bought your KYC on the black market to perform money laundering
| in your name (by opening bank accounts) and taking debt in your
| name. Generally you won't even know this is happening until it's
| too late and debt collectors come. And it's not like you can
| revoke your biometrics/liveness check/selfie and who knows if
| revoking your passport/id card would actually work.
|
| IMO it's much better if a dedicated KYC processor, like Persona,
| with actual security team/mindset, handles this rather than
| random website inside their zendesk instance. But there still
| needs to be extremely strict regulation surrounding this data.
|
| Also while CC data will be getting less dangerous over time due
| to AI fraud detection and mandated 3DS, KYC data will IMO be
| getting more dangerous over time because more fintech/govtech
| will rely on it.
| simpleusername wrote:
| I suddenly had my account locked down unless I provide my
| government ID, just like
| https://news.ycombinator.com/item?id=44435997.
|
| Never did LinkedIn state it was Persona carrying out the
| validation, and in the email they stated the data would be
| promptly deleted. I'm now learning this is not true; companies
| removed from LinkedIn store my data for however long they want.
|
| I feel this is solid grounds for a lawsuit, particularly in
| states such as California.
| Crowberry wrote:
| I did that process on a whim after being buggered for weeks on
| end by LinkedIn. I immediately regretted it and realised that I
| had shared my private data for a fucking linkedin badge... I
| didn't look into it back then but this article confirms my
| suspicions and dreaded feeling!
| ymolodtsov wrote:
| Being uselessly worried about stuff like this is such a European
| thing. Wrote an extensive blog post. Is there any actual harm
| happening? No, not even a hint of it, just some hypotheticals.
|
| It's better to dedicate your time to interesting problems.
| bambax wrote:
| I've been maintaining a fake LinkedIn profile for over 10 years
| (in addition to the real one). It has a significant amount of
| connections (people with the "open to work" badge tend to accept
| connection requests from total strangers).
|
| This fake profile often receives offers from recruiters; it's
| quite fun.
|
| I wonder if I could get it verified using a fake passport photo?
| I'd try it but I'm afraid of being found out and losing it.
| Teocali wrote:
| the moment I saw "Persona" n the verification page, I noped out.
| hluska wrote:
| I log into LinkedIn approximately once every five years. While
| this is apparently 'career suicide', I have never lost an
| opportunity as a result.
|
| Serious question:
|
| Why do we keep putting up with this bullshit? Of course they
| share data and of course Persona does fucked up shit with the
| data they generate about you. LinkedIn is the same company that
| leaked everyone's passwords. There is absolutely no reason to
| trust LinkedIn besides mass hysteria. Seriously folks; we can all
| stop using it and then it will die.
|
| In LinkedIn tradition, I should end this with wild claims and
| hashtags. #LinkedInKickedMyCat #winning #lackofcreativity
| #bueller.
| b8 wrote:
| I wish more states would make this illegal like Illinois does.
| rixed wrote:
| > they sit invisibly between you and the platforms you trust.
|
| Is Linkedin that "platform you trust"?
|
| Aren't they the company that used some dark pattern to get your
| mail account password so they could swallow your contacts at
| registration?
|
| If you trust Linkedin you are already in trouble even before you
| start scanning anything.
| mehulashah wrote:
| This is sick.
___________________________________________________________________
(page generated 2026-02-22 16:00 UTC)