If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first.
-
The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:
"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake
All biometric personal data is deleted immediately after processing.
All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.
The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."
@briankrebs Okay, so this is just one company, right? On face value, I believe him, but what about Amazon, Snowflake, MongoDB and the others? And how much harm can you do in 30 days? Let's see what the clarification does.
-
@briankrebs And what assurances do they have that Snowflake etc aren't keeping copies? You don't master a cloud supply chain.
@davep You don't trust big capital? Wow.
-
R AodeRelay shared this topic
-
@briankrebs And what assurances do they have that Snowflake etc aren't keeping copies? You don't master a cloud supply chain.
@davep
️ -
@briankrebs I'm feeling relieved that I never put myself on LinkedIn.
@angiebaby i have to say the value proposition is dramatically below sea level now
-
@briankrebs I've been applying for over a year. I'd just really like a job at this point.
@chad @briankrebs brother i have been there. 14mo looking for a place that even understands what i can do, but the hiring pipeline is completely irrevocably fscked. the only interviews i got were from constant contact and/or having an insider.
i included canada in my search because it would be great for one of my kids in particular considering the us gov doesn't want to acknowledge she exists, found out fast canada isn't competitive or accommodating; nothing like H1B program very limited spots.
-
The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:
"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake
All biometric personal data is deleted immediately after processing.
All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.
The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."
Persona is linked to Thiel IIRC. I guess I trust them less far than I could throw Thiel.
-
The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:
"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake
All biometric personal data is deleted immediately after processing.
All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.
The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."
@briankrebs As @aral pointed out, for goons like this "deleting data" often amounts to a "SET deleted = 'true' WHERE uid = 'customer23'" or something similar.
I trust the CEO of Persona about as far as I can throw Peter Thiel's bank account.
-
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
-
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@briankrebs I wish @thelocalstack had opened up with the clarification that they are in the .EU. I think it's totally valid to center their .EU experience in their blog. But since there is a global audience, it's worth pointing out that in the US, Personna is not used, CLEAR is used. I doubt CLEAR is any better and probably worse. But, I would have liked to see it added to avoide confusion from folks.
-
@briankrebs I wish @thelocalstack had opened up with the clarification that they are in the .EU. I think it's totally valid to center their .EU experience in their blog. But since there is a global audience, it's worth pointing out that in the US, Personna is not used, CLEAR is used. I doubt CLEAR is any better and probably worse. But, I would have liked to see it added to avoide confusion from folks.
@adoug @briankrebs
Fair point on the EU context, though the .eu domain does signal it.
On CLEAR: you’re right, and it’s worth a dedicated look. My post was never meant to make accusations, I was documenting exactly what the privacy disclosure says. The goal was clarity, not condemnation.
The terms are theirs, not mine. -
@celeste Unless I'm missing something, the post I linked to and cited from was published 4 days before yours. It's not about the reported frontend exposure.
@briankrebs@infosec.exchange mustve misread the timestamp; mb
-
@briankrebs@infosec.exchange mustve misread the timestamp; mb
@briankrebs@infosec.exchange ah it was actually the same day as my writeup, what a coincidence
-
@kkarhan @briankrebs I am in a dispute with an Irish government department re this exact issue. I am saying that they cannot send personal data to the US and they are being deliberately dumb
@humanhorseshoes @briankrebs nodds in agreement
I just think that the Irish DPA is deliberatly playing stupid…
-
@humanhorseshoes @briankrebs nodds in agreement
I just think that the Irish DPA is deliberatly playing stupid…
@kkarhan @briankrebs I am a repeat customer, they don't like me. If they respond at all.
-
@kkarhan @briankrebs I am a repeat customer, they don't like me. If they respond at all.
@humanhorseshoes @briankrebs just like I annoy my #ISP due to their procrastination and bad service into constantly reimbursing my bill and giving me free mobile data.
- Cuz being an annoying business customer is something that I become when I don't get what I paid for...
-
The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:
"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake
All biometric personal data is deleted immediately after processing.
All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.
The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."
@briankrebs and I am Marie of Romania
-
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
I did everything right. I left LinkedIn two days ago.
-
J Jeri Dansky shared this topic