Ha. I was reading this and thought "euhhhh, I did not give all of that to verify my account". So I went to LinkedIn to check if I have the shield. I then saw
- that I just have "work email verified" and that there is a Persona thing I was not even aware of
I used to have a LinkedIn account, a long time ago. To register I created an email address that was unique to LinkedIn, and pretty much unguessable ... certainly not amenable to a dictionary attack.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
Not sure LinkedIn is a European professional network.
Was forced to verify to get access to a new account. Like, an interstitial page that forced verification before even basic access.
Brief context for that: was being granted a salesnav licence, but to my work address with no account attached to it. Plus I had an existing salesnav trial underway on main account and didn't want to give access to that work.
So I reluctantly verified with my passport (!) and got access. Then looked at all the privacy settings to try to access what I'd given, but the full export was only sign up date and one other row in a csv. I switched off all the dark pattern ad settings that were default on, then tried to recall the name of the company. Lack of time meant I haven't been able to follow up. I was deeply uncomfortable with the whole process.
So now I've requested my info and deletion via the details in the post, from the work address.
One other concern is if my verified is ever forced to be my main, I'll be screwed for contacts and years of connections. So I'll try to shut it down soon when I'm sure we're done at work. But tbh I don't think the issues will end there either.
Why do these services have to suck so much. Why does money confer such power instead of goodwill, integrity and trust/trustless systems. Things have to change. Or, just stay off the grid. But that shouldn't have to be the choice. Where are the decentralised services. I'm increasingly serious about this.
This is the kind of activism in privacy appreciate that we need. I knew I did not want to verify but I did verify on Linkedin recently. The fact that the author also gave an action list if you are concerned about your privacy is just commendable.
A good reminder of how things actually work, but the article could use some more balancing…
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
LinkedIn is an American product. The EU has had 20 years to create an equally successful and popular product, which it failed to do. American companies don’t owe your European nationalist ambitions a dime. Use their products at your own discretion.
Of course an American company is subject to American law. And of course an American company will prioritise other local, similar jurisdiction companies. And often times there’s no European option that competes on quality, price, etc to begin with. In other words I don’t see why any of this is somehow uniquely wrong to the OP.
> Here’s what the CLOUD Act does in plain language: it allows US law enforcement to force any US-based company to hand over data, even if that data is stored on a server outside the United States.
European law enforcement agencies have the same powers, which they easily exercise.
The strange thing about LinkedIn organization verification is that it never seems to be revoked. I have many contacts with verifications from companies they no longer work for - sometimes for a very long time.
On the other hand I see many people posting in official capacity for an organization without verification.
When they actively represent their current company but with a random verification from a previous one it gets pretty absurd.
In its current form LinkedIn verification is pretty worthless as a trust signal.
Somehow the fundamentals of places like linkedin, gmail, google, facebook, etc have eluded people.
1. they are selling you as a target.
2. some people, governments, groups, whatever are willing to pay a lot of money to obtain information about you.
3. why would someone pay good money to target you unless they were going to profit from doing so. are they stupid? no.
4. where does that profit come from? If some one is willing to pay $100 to target you, how are they going to recoup that money?
5. From you.
There is simply no other way this can have worked for this long without this being true.
It is a long causal change, so it is fair to ask whether there is any empirical evidence. If this is true we would expect to see ...? Well how about prices going up? Well how about in general people are less able to afford housing, food, cars, etc.
I'm speculating here, but perhaps it is predictability. There is a common time warp fantasy about being able to go back and guess the future. You go back and bet on a sports game. If I can predict what you are going to do then I can place much more profitable bets.
Do the corporations that participate in this scheme provide mutual economic benefit? Do they contribute to the common wealth or are they parasitical?
No one likes to think they have parasites. But we all do these days.
I work in this space for a competitor to Persona, so take my opinion as potentially biased, but I have two points:
1. just because the DPA lists 17 subprocessors, it doesn't mean your data gets sent to all of them. As a company you put all your subprocessors in the DPA, even if you don't use them. We have a long list of subprocessors, but any one individual going through our system is only going to interact with two or three at most. Of course, Persona _could_ be sending your data to all 17 of them, legally, but I'd be surprised if they actually do.
2. the article makes it sound like biometric data is some kind of secret, but especially your _face_ is going to be _everywhere_ on the internet. Who are we kidding here? Why would _that_ be the problem? Your search/click behavior or connection metadata would seem a lot more private to me.
Wow that is insane. Persona is even linked to Peter Thiel.
If LinkedIn asks me to verify then I'll just leave. I'd be very happy for it to fall over anyway so there is space for a new more ethical platform. Especially since Microsoft acquired it, all bets are off.
LinkedIn is Tiktokified social media brainrot disguised as serious work. „Hey - you‘re not wasting time, you‘re building your network and gather industry knowledge!“
LinkedIn is full if so called professionals who make a living by leveraging their brand. If you‘re not one of them, leave
I've been getting "Emails aren’t getting through to one of your email addresses. Please update or confirm your email." -- even tho I get messages from them every day. When you press the button to confirm the (working) email it states "Something went wrong".
It happened last week too, I was able to fix it via their chat-help (human). Yesterday, their chat-help (human) was not able fix it and has to open a ticket. I pay for LinkedIn-Premium. So maybe this is just a scam to route me into Verification. Their help documents (https://www.linkedin.com/help/linkedin/answer/a1423367) for verifying emails doesn't match the current user experience.
Then, in a classic tech-paradox, their phone support person told me they would email me -- on the same address their system reports emails are not getting through to. It felt like 1996 levels of understanding.
I'll note that Persona's CEO responded on LinkedIn [1] pointing out that:
- No personal data processed is used for AI/model training. Data is exclusively used to confirm your identity.
- All biometric personal data is deleted immediately after processing.
- All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
- The only subprocessors (8) used to verify your identity are: AWS, Confluent, DBT, ElasticSearch, Google Cloud Platform, MongoDB, Sigma Computing, Snowflake
The full list of sub-processors seems to be a catch-all for all the services they provide, which includes background checks, document processing, etc. identity verification being just one of them.
I have I've worked on projects that require legal to get involved and you do end up with documents that sound excessively broad. I can see how one can paint a much grimmer picture from documents than what's happening in reality. It's good to point it out and force clarity out of these types of services.
It seems to me that if you let Persona verify your identity you're essentially providing data enrichment for the US government. In exchange for what? A blue tick from a feeder platform like LinkedIn, Reddit or Discord? No thanks.
On the other hand it can be hard to escape if it's for something that actually matters. Coursera is a customer. You might want your course achievements authenticated. The Canada Media Fund arranges monies for Canadian creators when their work lines up with various government sponsored DEI incentives. If you're in this world you will surely use Persona as required by them. Maybe you're applying for a trading account with Wealthsimple and have to have your ID verified. Or you want to rent a Lime Scooter and have to use them as part of the age verification process.
KYC platforms have a place. But we need legal guarantees around the use of our data. And places like Canada and Europe that are having discussions about digital sovereignty need to prioritize the creation of local alternatives.
I am about to talk about "vibes" and "feelings" so please take this with a grain of salt:
Does anyone else get the impression that they feel like the nefarious surveillance state is now real and definitely not for their benefit?
It's been a long running trope of the men in black, and the state listening to your phone calls, etc. Even after Snowdon's leaks, where we learned that there are these massive dragnets scooping up personal information, it didn't feel real. It felt distant and possibly could have been a "probably good thing" that is it was needed to catch "the real bad guys".
It feels different now. Since last year, it feels like the walls are closing in a bit and that now the US is becoming... well, I can't find the words, but it's not good.
Score Breakdown
+0.70
PreamblePreamble
High A: Advocacy for informed consent, transparency about digital rights F: Framing identity verification as a rights trade-off requiring scrutiny
Editorial
+0.80
Structural
+0.25
SETL
+0.66
Combined
ND
Context Modifier
ND
Article directly advocates for human dignity and informed choice in data handling. Editorial tone emphasizes recognition of person as subject of data rights, not object. Structural signals weaker: no on-site mechanisms for enforcing user protection.
+0.70
Article 1Freedom, Equality, Brotherhood
Medium A: Asserts equality of individuals in relation to corporate power F: Frames users as equal stakeholders entitled to transparency
Editorial
+0.65
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article calls out asymmetry in knowledge (user vs Persona/LinkedIn) but does not directly invoke Article 1 language. Advocacy for dignity implicit in tone.
+0.40
Article 2Non-Discrimination
Medium F: Implies discrimination concern: 16 US vendors, 0 EU vendors despite European data origin
Editorial
+0.40
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Geographic disparity highlighted ('16 in the United States. 1 in Canada. Zero in the EU') raises potential discrimination concern but no explicit Article 2 claim. Indirect framing only.
+0.50
Article 3Life, Liberty, Security
Medium A: Advocates for individual security right to control one's biometric data
Editorial
+0.50
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article emphasizes security concern ('biometric data is forever', 'Fifty dollars' liability cap for breach of face/passport data) but does not invoke Article 3 directly.
ND
Article 4No Slavery
No observable content addressing slavery or servitude.
ND
Article 5No Torture
No observable content addressing torture or cruel treatment.
+0.55
Article 6Legal Personhood
Medium A: Advocates recognition of individuals as data subjects with rights to know and control data F: Frames users as passive unknowing subjects of corporate data processing
Editorial
+0.55
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article emphasizes that users are processed as 'the face being scanned' without full awareness, implicating right to recognition as person before law.
+0.75
Article 7Equality Before Law
High A: Advocates for equal protection under law against corporate data misuse F: Frames enforcement disparity (no EU subprocessors despite EU data, US CLOUD Act reach)
Editorial
+0.70
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Central to article: critique of unequal protection under law. European data subject has no EU legal recourse if US government seizes data. CLOUD Act creates disparity in practical protection.
+0.78
Article 8Right to Remedy
High A: Advocates for right to effective remedy for privacy violation F: Frames remedy as inadequate ($50 liability cap, mandatory arbitration, no EU legal recourse)
Editorial
+0.85
Structural
+0.30
SETL
+0.68
Combined
ND
Context Modifier
ND
Strong editorial advocacy. Article explicitly critiques insufficient remedy mechanisms (binding arbitration, US-only recourse, $50 cap). Structural signal weak: site itself offers no remedy mechanism for readers exposed to similar violations.
ND
Article 9No Arbitrary Detention
No observable content addressing arbitrary arrest or detention.
+0.60
Article 10Fair Hearing
Low F: Frames user's data case as requiring fair hearing/transparent process
Editorial
+0.60
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Implicit: user should have right to fair hearing if disputing Persona's use of data. Not directly addressed but tone suggests advocacy for procedural fairness.
ND
Article 11Presumption of Innocence
No observable content addressing criminal presumption of innocence.
+0.83
Article 12Privacy
High A: Advocacy for privacy right against arbitrary interference F: Frames data collection, cross-referencing, and use as arbitrary interference P: Persona's collection of hesitation/copy-paste detection critiqued as unjustified
Editorial
+0.90
Structural
+0.25
SETL
+0.76
Combined
ND
Context Modifier
ND
Core article focus. Strong editorial: 'I scanned my passport for a checkmark. They ran a background check.' and detailed cataloging of surveillance mechanisms. Domain-level privacy stance (no tracking, no ads) provides positive structural modifier.
+0.80
Article 13Freedom of Movement
Medium A: Advocates for freedom of movement/privacy in digital identity F: Frames geographic data (geolocation, postal address) as inferred and stored without explicit purpose
Editorial
+0.75
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article details geolocation inference and postal address collection. Advocates for freedom from geographic surveillance but does not invoke Article 13 directly.
ND
Article 14Asylum
No observable content addressing asylum or nationality rights.
ND
Article 15Nationality
No observable content addressing nationality acquisition or deprivation.
+0.70
Article 16Marriage & Family
Medium A: Advocates for consent in family/private matters related to identity F: Frames use of personal data without full disclosure as violation of privacy
Editorial
+0.70
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article emphasizes consent gap: user did not consent to AI training use ('legitimate interests' basis), cross-referencing against credit/government databases. Implicit critique of forced data intimacy.
+0.80
Article 17Property
High A: Advocates for right to own property/data; critiques arbitrary deprivation F: Frames loss of biometric data control as deprivation
Editorial
+0.80
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article directly advocates for data deletion after verification is complete. Critiques 'unless required by law' exception as enabling indefinite retention under CLOUD Act.
+0.50
Article 18Freedom of Thought
Low F: Implies freedom of thought is at risk if biometric/government data cross-referencing is possible
Editorial
+0.50
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Implicit only. Article notes cross-referencing against government databases and credit agencies but does not directly invoke Article 18.
+0.86
Article 19Freedom of Expression
High A: Advocates for freedom to seek, receive, impart information about data rights P: Article itself exemplifies free speech by publishing detailed corporate analysis
Editorial
+0.85
Structural
+0.60
SETL
+0.46
Combined
ND
Context Modifier
ND
Article is itself an exercise of Article 19: author investigates, publishes findings about Persona/LinkedIn without visible censorship or corporate pressure. Domain structure (free, ad-free, no tracking) reinforces freedom of expression commitment.
+0.45
Article 20Assembly & Association
Low F: Implies freedom of association at risk if biometric/identity data can be seized by state
Editorial
+0.45
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Implicit only. CLOUD Act mechanism could enable surveillance of who verifies on LinkedIn (association network) but not directly addressed.
+0.55
Article 21Political Participation
Medium F: Frames data collection as barrier to democratic participation (users unaware of data flows)
Editorial
+0.55
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article emphasizes information asymmetry ('The only person in the dark is the one holding their passport') which impacts ability to make informed choices in public sphere.
+0.75
Article 22Social Security
High A: Advocates against automated decision-making (hesitation detection, copy-paste detection, cross-database matching) F: Frames behavioral biometrics as unjustified automation
Editorial
+0.75
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Strong critique of behavioral biometrics ('Behavioral biometrics. On top of the physical biometrics.') and automated cross-referencing against multiple databases without transparency.
ND
Article 23Work & Equal Pay
No observable content addressing labor rights or fair working conditions.
ND
Article 24Rest & Leisure
No observable content addressing rest or leisure.
+0.60
Article 25Standard of Living
Medium F: Frames data control as health/security right; critiques inadequate liability
Editorial
+0.60
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article argues that biometric data breach ($50 liability) is inadequate protection for health security. Implicit claim that users have right to bodily/biometric security.
+0.65
Article 26Education
Medium A: Advocates for education about data rights and corporate practices F: Frames lack of transparency as educational injustice
Editorial
+0.65
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article criticizes that 34 pages of legal documents are required to understand a 3-minute process. Implicit advocacy for right to education about one's own data.
+0.70
Article 27Cultural Participation
Medium A: Advocates for participation in benefits of technology with informed consent F: Frames LinkedIn verification as illusion of benefit without understanding cost
Editorial
+0.70
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article frames 'dopamine hit' of verification badge against actual data cost. Advocates for informed participation in technological systems.
+0.75
Article 28Social & International Order
High A: Advocates for social/international order to protect data rights F: Frames DPF as inadequate protection; CLOUD Act as erosion of order
Editorial
+0.75
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Core theme: critique of international order (DPF replacement for Privacy Shield, Executive Order vulnerability, CLOUD Act override). Advocates for stronger protections.
+0.65
Article 29Duties to Community
Medium F: Frames corporate/state use of data as limiting individual freedoms if unchecked
Editorial
+0.65
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Implicit: article advocates that individual duties to community include scrutiny of corporate data practices, but does not invoke Article 29 directly.
+0.55
Article 30No Destruction of Rights
Low F: Frames corporate/state data practices as potential violation of UDHR rights
Editorial
+0.55
Structural
ND
SETL
ND
Combined
ND
Context Modifier
ND
Article does not invoke Article 30 directly but overall framing is consistent: opposing interpretation that would diminish UDHR rights protections in digital context.