If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first.
-
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@briankrebs What's more, LinkedIn locks out users for no reason, forcing Persona verification to regain the account. Officially they claim to allow providing a notarized affidavit instead of Persona for verification, but my experience was that after providing the affidavit (to an unlisted email; once locked out, there's no documented support contact) I was then told to go through Persona again.
I was seemingly locked out for simply having changed my 2FA to not use their app, but a code.
-
@briankrebs What's more, LinkedIn locks out users for no reason, forcing Persona verification to regain the account. Officially they claim to allow providing a notarized affidavit instead of Persona for verification, but my experience was that after providing the affidavit (to an unlisted email; once locked out, there's no documented support contact) I was then told to go through Persona again.
I was seemingly locked out for simply having changed my 2FA to not use their app, but a code.
@briankrebs I found Reddit threads full of other frustrated users suddenly locked out and finding their professional networks held hostage to error prone and privacy invading identity verification, without means of appeal. If not for those threads I wouldn't have been able to reach customer support, as the only documented support is gated by login. And of course, it would be a violation of their policies to create another account.
-
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
This explains why Koch is promoting Ai to the gullible in an alliance with Microsoft.
https://www.forbes.com/sites/mattdurot/2025/07/17/bill-gates-charles-koch-and-three-other-billionaires-are-giving-1-billion-to-enhance-economic-mobility-in-the-us/To manipulate elections
https://www.nytimes.com/2025/12/20/us/politics/koch-network-2024-election-trump.htmlGetting people accustomed to giving up their jobs to slave owners using detention center labor is going to be a tough sell.
https://jacobin.com/2024/09/alabama-convict-labor-fast-foodhttps://www.epi.org/publication/rooted-racism-prison-labor/
https://www.denverpost.com/2026/02/16/colorado-prison-labor-slavery-ruling-servitude/
Workers have AI threats hanging over their heads
https://fortune.com/2026/02/17/why-your-boss-loves-ai-and-you-hate-it-profits-end-of-capitalism/https://www.weforum.org/stories/2026/02/ai-improving-wages-job-quality/
-
This explains why Koch is promoting Ai to the gullible in an alliance with Microsoft.
https://www.forbes.com/sites/mattdurot/2025/07/17/bill-gates-charles-koch-and-three-other-billionaires-are-giving-1-billion-to-enhance-economic-mobility-in-the-us/To manipulate elections
https://www.nytimes.com/2025/12/20/us/politics/koch-network-2024-election-trump.htmlGetting people accustomed to giving up their jobs to slave owners using detention center labor is going to be a tough sell.
https://jacobin.com/2024/09/alabama-convict-labor-fast-foodhttps://www.epi.org/publication/rooted-racism-prison-labor/
https://www.denverpost.com/2026/02/16/colorado-prison-labor-slavery-ruling-servitude/
Workers have AI threats hanging over their heads
https://fortune.com/2026/02/17/why-your-boss-loves-ai-and-you-hate-it-profits-end-of-capitalism/https://www.weforum.org/stories/2026/02/ai-improving-wages-job-quality/
@Npars01 @briankrebs "convict leasing?!?!"
-
@Npars01 @briankrebs "convict leasing?!?!"
https://www.theguardian.com/us-news/2025/jun/14/trump-administration-epa-prison-company-donations
https://theintercept.com/2025/07/10/corecivic-trump-big-beautiful-bill/
Convict Leasing has a long and storied legacy in the USA.
https://www.pbs.org/newshour/show/documentary-relays-forgotten-tales-of-post-civil-war-slavery
"Slavery by Another Name"
CoreCivic and Geo Corp donated to the GOP to get convict leasing for detention centers.
https://www.thirteen.org/programs/slavery-by-another-name/slavery-another-name-slavery-video/
https://monthlyreview.org/articles/its-still-slavery-by-another-name/
https://www.pulitzer.org/winners/douglas-blackmon
https://www.pbs.org/articles/10-must-watch-black-history-documentaries
-
https://www.theguardian.com/us-news/2025/jun/14/trump-administration-epa-prison-company-donations
https://theintercept.com/2025/07/10/corecivic-trump-big-beautiful-bill/
Convict Leasing has a long and storied legacy in the USA.
https://www.pbs.org/newshour/show/documentary-relays-forgotten-tales-of-post-civil-war-slavery
"Slavery by Another Name"
CoreCivic and Geo Corp donated to the GOP to get convict leasing for detention centers.
https://www.thirteen.org/programs/slavery-by-another-name/slavery-another-name-slavery-video/
https://monthlyreview.org/articles/its-still-slavery-by-another-name/
https://www.pulitzer.org/winners/douglas-blackmon
https://www.pbs.org/articles/10-must-watch-black-history-documentaries
-
@briankrebs I would never hire a person who uses LinkedIn.
@sigismundninja @briankrebs I would never hire a person. I'd incorporate them as an equal partner in whatever endeavor I was involved in.
-
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@briankrebs wth is #linkedin ?
-
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@briankrebs
Yeah, NO! -
https://www.theguardian.com/us-news/2025/jun/14/trump-administration-epa-prison-company-donations
https://theintercept.com/2025/07/10/corecivic-trump-big-beautiful-bill/
Convict Leasing has a long and storied legacy in the USA.
https://www.pbs.org/newshour/show/documentary-relays-forgotten-tales-of-post-civil-war-slavery
"Slavery by Another Name"
CoreCivic and Geo Corp donated to the GOP to get convict leasing for detention centers.
https://www.thirteen.org/programs/slavery-by-another-name/slavery-another-name-slavery-video/
https://monthlyreview.org/articles/its-still-slavery-by-another-name/
https://www.pulitzer.org/winners/douglas-blackmon
https://www.pbs.org/articles/10-must-watch-black-history-documentaries
@Npars01 @ai6yr @briankrebs
There is no place for private prisons in an ethical society! Rewarding deprivation is industrial scale cuelty. What shame on us all! -
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@briankrebs Yeah. I looked at that precisely once when it came out. No friggin way. Now with AI it's like "verify we can use you as a deep fake." No. Nope. No no no no no.
-
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@briankrebs Glad I closed my LinkedIn account. It's become an unfriendly place, especially with the owner, Microsoft, being so closely involved the the US administration, security services and military. I don't trust them at all.
-
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@briankrebs fuck lol
-
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@briankrebs@infosec.exchange hi, reading through this and i assume you're posting this after my research piece came up since you mention all the checks persona are running. could you please attribute credit?
https://www.malwarebytes.com/blog/news/2026/02/age-verification-vendor-persona-left-frontend-exposed
https://vmfunc.re/blog/persona -
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:
"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake
All biometric personal data is deleted immediately after processing.
All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.
The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."
-
@briankrebs@infosec.exchange hi, reading through this and i assume you're posting this after my research piece came up since you mention all the checks persona are running. could you please attribute credit?
https://www.malwarebytes.com/blog/news/2026/02/age-verification-vendor-persona-left-frontend-exposed
https://vmfunc.re/blog/persona@celeste Unless I'm missing something, the post I linked to and cited from was published 4 days before yours. It's not about the reported frontend exposure.
-
The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:
"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake
All biometric personal data is deleted immediately after processing.
All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.
The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."
@briankrebs still means data is subject to #CloudAct = incompatible with #GDPR & #BDSG!
-
@briankrebs still means data is subject to #CloudAct = incompatible with #GDPR & #BDSG!
@kkarhan @briankrebs Look where Linkedin has its HQ in Europe. Ireland. The shittest DPO in the Union and under political pressure to keep the FDI money coming into Ireland. The one stop shop approach by the EU does NOT work
-
The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:
"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake
All biometric personal data is deleted immediately after processing.
All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.
The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."
@briankrebs And what assurances do they have that Snowflake etc aren't keeping copies? You don't master a cloud supply chain.
-
The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:
"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake
All biometric personal data is deleted immediately after processing.
All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.
The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."
I'd take a pinky-finger promise from a third-party company over any data privacy law!
