I'll note that Persona's CEO responded on LinkedIn [1] pointing out that:
- No personal data processed is used for AI/model training. Data is exclusively used to confirm your identity.
- All biometric personal data is deleted immediately after processing.
- All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
- The only subprocessors (8) used to verify your identity are: AWS, Confluent, DBT, ElasticSearch, Google Cloud Platform, MongoDB, Sigma Computing, Snowflake
The full list of sub-processors seems to be a catch-all for all the services they provide, which includes background checks, document processing, etc. identity verification being just one of them.
I have I've worked on projects that require legal to get involved and you do end up with documents that sound excessively broad. I can see how one can paint a much grimmer picture from documents than what's happening in reality. It's good to point it out and force clarity out of these types of services.
Persona Identity, Inc. is a Peter Thiel-backed venture that offers Know Your Customer (KYC) and Anti-Money Laundering (AML) solutions that leverage biometric identity checks to estimate a user’s age that use a proprietary “liveliness check” meant to distinguish between real people and AI-generated identities.
Once a user verifies their identity with Persona, the software performs 269 distinct verification checks and scours the internet and government sources for potential matches, such as by matching your face to politically exposed persons (PEPs), and generating risk and similarity scores for each individual. IP addresses, browser fingerprints, device fingerprints, government ID numbers, phone numbers, names, faces, and even selfie backgrounds are analyzed and retained for up to three years.
There are so many keywords in there that should raise a red flag, but funded by Peter Thiel should probably be enough.
All of which is meaningless if it's not reflected properly in their legal documents/terms. I've had interactions with the Flock CEO here on Hacker News and he also tried to reassure us that nothing fishy is/was going on. Take it with a grain of salt.
Why anyone would trust the executives at any company when they are only incentivized to lie, cheat, and steal is beyond me. It's a lesson every generation is hellbent on learning again and against and again.
It use to be the default belief, throughout all of humanity, on how greed is bad and dangerous; yet for the last 100 years you'd think the complete opposite was the norm.
> when they are only incentivized to lie, cheat, and steal
The fact that they are allowed to do this is beyond me.
The fact that they do this is destructive to innovation and I'm not sure why we pretend it enables innovation. There's a thousands multi million dollar companies that I'm confident most users here could implement, but the major reason many don't is because to actually do it is far harder than what those companies build. People who understand that an unlisted link is not an actual security measure, that things need to actually be under lock and key.
I'm not saying we should go so far as make mistakes so punishable that no one can do anything but there needs to be some bar. There's so much gross incompetence that we're not even talking about incompetence; a far ways away from mistakes by competent people.
We are filtering out those with basic ethics. That's not a system we should be encouraging
Because the liars who have already profited from lying will defend the current system.
The best fix that we can work on now in America is repealing the 17th amendment to restrengthen the federal system as a check on populist impulses, which can easily be manipulated by liars.
Yes, by state legislatures. The concept was the Senate would reflect the states' interests, whereas the House would reflect the people's interests, in matters of federal legislation.
For those unaware, the German Federal democratic system works in a similar way. They have two houses: the Bundestag (directly elected) and the Bundesrat (appointed by state legistatures). As a outsider, their democracy appears to be very high functioning, which demonstrates this form of democracy can work well.
> their democracy appears to be very high functioning, which demonstrates this form of democracy can work well
This probably depends on your definition of "working well".
In March 2025, after the last Federal elections were held in Germany (February 2025), but before the new parliament was constituted (within 30 days of the results?), the new governing coalition engineered a constitutional amendment which required a supermajority which they would not have in the new parliament, so instead they held the vote in the old parliament.
I added that last line as a honeypot, as part of my ongoing project on HN. No matter what I say positive about some country, culture, or institution, someone will pop into the conversation to say: "Yes, but what about this one incident. See, X is not so great after all." I think we need an equivalent of Brandolini's law for counterpoint of negativity in all HN discussions. It is as though people think they are disproving a maths proof by counterpoint. That's not the way the Real World of Human Society works. Weirdly, I see the same pattern on Wiki pages about living people. There is always a section of a bunch of random one-off events trying to discredit the person.
To react to your specific incident, I think a more nuanced view would be to say that all highly functioning democracies have incidents that are "perfectly legal, but appear as an abuse of process". I don't really think that detracts from the overall statement that Germany is a highly functioning democracy. Moreover, highly functional democracies regularly change parliamentary rules to reduce incidents like this.
> No matter what I say positive about some country, culture, or institution, someone will pop into the conversation to say: "Yes, but what about this one incident. See, X is not so great after all."
Isn't this what's called "balanced reporting"? Life is shades of grey.
Aside: not that long ago, half of Western Europe used to look up to Germany as it was the home of "Made in Germany" and the place where the trains ran on time ... <chuckle> ... VW emissions and Deutsche Bahn, how times change.
> I think a more nuanced view would be to say that all highly functioning democracies have incidents that are "perfectly legal, but appear as an abuse of process". I don't really think that detracts from the overall statement that Germany is a highly functioning democracy.
I suspect we may need to hear your definition of "a highly functioning democracy" to assess that claim.
If - hypothetically - your political worst enemies were to pull the same stunt immediately after losing an election, binding the winners of said election, would you be as supportive?
> To react to your specific incident, I think a more nuanced view would be to say that all highly functioning democracies have incidents that are "perfectly legal, but appear as an abuse of process". I don't really think that detracts from the overall statement that Germany is a highly functioning democracy. Moreover, highly functional democracies regularly change parliamentary rules to reduce incidents like this.
I agree with the repealing of the debt brake (it was a dumb idea that lead to badness, exported right across the EU), but there's no question that how it happened was pretty un-democratic. Like, procedurally it's fine but it was essentially making a big change in a lame-duck session of Parliament.
None of this disputes the notion that Germany is a high functioning democracy, but I guarantee that this action will be brought up again and again by populists in the future, as an example of how the "elites" don't care about democracy. The sad part is, they will be entirely correct in this particular case.
Another idea for the debt brake: What if they set strict limits, like a max of 3% for 7 years, or 5% for 5 years. Literally, you have a "bank of GDP percent points". You can gain them by running a surplus and spend them by running a deficit. Start the initial bank balance at 25%.
> but I guarantee that this action will be brought up again and again by populists in the future, as an example of how the "elites" don't care about democracy.
lol what the fuck, no. Can't believe you look at the current system and think "you know what, political parties should be able to choose senators not the citizens." Good lord.
Yup exactly, if this is the truth then put it on the terms/privacy policy etc... exec's say anything these days with zero consequences for lieing in a public forum.
Absolutely. I don't know what legal jurisdiction they are subject to, but I could imagine that someone tries to sue an EU division/outpost in an EU court under a GPDR-type of petition, these posts would be submitted as evidence. One could easily argue the CEO is acting on behalf of the company by posting using their real name. (Let's presume there is no identity fraud for these posts.)
And don't forget that Elon Musk was tried in the US for defamation after making a bunch of posts on Twitter against some UK citizens. Assuming that you are posting under your real name, you are definitely legally responsible for those words.
And if it is not a publicly traded company? Can the CEO in question making statements and assurances on a forum or linkedin or X in communication with a user cause the company to be in a binding position?
But why believe that when their policy says any of it may not be true, or could change at any time?
Even if the CEO believes it right now, what if the team responsible for the automatic-deletion merely did a soft-delete instead of a hard delete "just in case we want to use it for something else one day"?
My favourite 'thing' in the modern world is that 'we don't process and store your data' has taken to mean - 'we don't process and store your data - our partner does'.
Which might not even be stated explicitly, it might be that they just move it somewhere and then pass it on again, at which point its outside the legal jurisdiction of your country's ability to enforce data protection measures.
Even if such a scheme is not legal, the fact that your data moves through multiple countries with different data protection measures, enforcing your rights seems basically impossible.
"We don't sell your data" translates to "we sell OUR data about you".
They would never admit the data belongs to you while selling it. When they sell it, they declare themselves the owners of that data, which they derived from things you uploaded or told them, so they're never selling your data according to their lawyers.
Another thing they like to do is sell the use or access to this data, without transferring the legal rights to the data, so they can say with a straight face they never sold the data. Google loves this loophole and people here even defend it.
> that require legal to get involved and you do end up with documents that sound excessively broad
If you let your legal team use such broad CYA language, it is usually because you are not sure what's going on and want CYA, or you actually want to keep the door open for broader use with those broader permissive legal terms.
On the other hand, if you are sure that you will preserve user's privacy as you are stating in marketing materials, then you should put it in legal writing explicitly.
In the terms of Mandy Rice-Davies [1], "well he would, wouldn't he?"
Especially, his claim that the data isn't used for training by companies that are publicly known to have illegally acquired data to train their models doesn't look very serious.
Can you say more? Why isn't it neutral or slightly positive? I would assume that a KYC provider would want to protect their reputation more than the average company. If I were choosing a KYC provider I would definitely want to choose the one that had not been subject to any privacy scandals, and there are no network effects or monopoly power to protect them.
Because KYC is evil in itself and if the linked article does not explain to you why is that then I certainly cannot.
> KYC provider would want to protect their reputation more than the average company
False. It is exactly the opposite. See, there are no repercussions for leaking customers data, while properly securing said data is expensive and creates operational friction. Thus, there are NO incentives to protect data while there ARE incentives to care as less as possible.
Bear in mind that KYC is a service that no one wants, anll customers are forced and everybody hates it: customers, users, companies.
I want KYC. I want AML. I want reversible transactions. I also want all of those things to be well regulated by a responsive and reasonable regulatory body.
They may have cases where they break down, but their net social impact is positive.
We're talking about LinkedIn, not banking. KYC and AML with respect to banks is a privacy tradeoff that is required by law, after public debate from legally elected representatives. With LinkedIn, it's none of that.
> - All biometric personal data is deleted immediately after processing.
The implication is that biometric data leaves the device. Is that even a requirement? Shouldn't that be processed on device, in memory, and only some hash + salt leave? Isn't this how passwords work?
I'm not a security expert so please correct me. Or if I'm on the right track please add more nuance because I'd like to know more and I'm sure others are interested
I'm not an expert but i imagine bio data being much less exact than a password. Hashes work on passwords because you can be sure that only the exact date would allow entry, but something like a face scan or fingerprint is never _exactly_ the same. One major tenant that makes hashes secure is that changing any singlw bit of input changes the entirety of the output. So hashes will by definition never allow the fuzzy authentication that's required with biodata. Maybe there's a different way to keep that secure? I'm not sure but you'd never be able to open your phone again if it requires a 100% match against your original data.
I'd assume they'd use something akin to a perceptual hash.
Btw, hashes aren't unique. I really do mean that an input doesn't have a unique output. If f(x)=y then there is some z such that f(z)=y.
Remember, a hash is a "one way function". It isn't invertible (that would defeat the purpose!). It is a surjective function. Meaning that reversing the function results in a non-unique output. In the hash style you're thinking of you try to make the output range so large that the likelihood of a collision is low (a salt making it even harder), but in a perceptual hash you want collisions, but only from certain subsets of the input.
In a typical hash your collision input should be in a random location (knowing x doesn't inform us about z). Knowledge of the input shouldn't give you knowledge of a valid collision. But in a perceptual hash you want collisions to be known. To exist in a localized region of the input (all z are near x. Perturbations of x).
> Remember, a hash is a "one way function". It isn't invertible (that would defeat the purpose!). It is a surjective function. Meaning that reversing the function results in a non-unique output.
This is a bit of a nitpick and not even relevant to the topic, but that's not the reason cryptographic hashes are (assumed to be) one-way functions. You could in principle have a function f: X -> Y that's not invertible but for which the set of every x that give a particular y could be tractably computed given y. In that case f would not be a one-way function in the computational sense.
Cryptographic hashes are practically treated as one-way functions because the inverse computation would take an intractable amount of time.
Yeah that's a good addition. I think often the words we use can really make things more confusing. Like I hate when people say invertible but in reference to a function that isn't bijective. Why not say reversible? (No complaints with the convention of image/preimage)
Which it's very similar to the problem created by saying "one way". It just isn't one way. Going the other direction is perfectly possible but incredibly hard to find the origin. The visual metaphor I like to use for people is it's like you walk out of a room and into a hallway of doors that are all identical looking. Ignoring the fact that you could just physically turn around, it'd be very hard to figure out which one you actually came from.
But maybe what I like least is that we end up having so many terms for the same general concept. It's one thing when they're discovered independently but I'm pretty confident the computer scientists that pioneered hashes were quite familiar with the mathematics and nomenclature.
> inverse computation would take an intractable amount of time.
I'm not convinced there's any significant overlap between "people who are worried about which subprocessors have their data" and "people who don't think that eight subprocessors is a lot"
The issue isn't the vendors themselves necessarily but the quantity of them. Plenty of boring things over the years have had security vulnerabilities that end up with data getting leaked, so each additional one is just more risk even if you trust them not to be actively malicious. All it takes is one well-meaning but careless vendor to make the whole house of cards collapse.
This is not the concern for me. I thought the risk was obvious to everyone. Tho I've been tempted because it means I'll "have more interactions" or whatever LinkedIn pitches with, I didn't want to put a public signal out there with yes: "This is my real name, real job, real city" - to me it's like a pre-vetted database of marks for identity theft criminals or whatnot. You know?
I thought everyone, at least in security would be somewhat concerned about this, but they're not. I get the benefits, and I want to enjoy those benefits too. I'd much prefer if I could privately confirm my name using IDs (zero problem with that) but then not have to show it or an exact profile photo. I'm sure there's a cryptographic way for my identity to be proven to any who I chose to prove it to who required such bona fides. I dislike the surface of "proven identity for everyone". You know?
This to me is the far more important thing than: "security focused biometric company processed my data, therefore being rational and modern I will now have a meltdown." Everytime you drive, use a payment method linked to your name, use your plan phone, your laptop, go to a venue that ID scans, make a rental, catch a flight, cross a border, etc, your ID (or telemetric equivalents sufficient to ID you) is processed by some digital entity. If you will revolt against the principle of "my government issued and not-truly-mine-anyway ID documents, or other provided bona fides are being read by digital entities contracted to do that", it seems nonsensical.
I think the bigger risk is always taking a photo of your passport and putting it on the internet, which is basically what the current LI verification means. Casual OSINT on a verified profile likely reveals the exact birthday (or cross-referenced on other platforms), via "happy birthday" type posts. How old am I type image AI can give you rough years.
> I'm sure there's a cryptographic way for my identity to be proven to any who I chose to prove it to
There is. The pattern is: generate a keypair locally, derive a DID (decentralized identifier) from the public key, and then selectively prove your identity to specific verifiers using digital signatures. No central authority ever holds your private key.
The key difference from the LinkedIn model: you never hand biometric data to a third party. Instead, you hold a cryptographic identity that you control. If someone needs to verify you, they check a signature — not a database. You can prove you're the same entity across interactions without revealing anything about who you are in the physical world.
This is exactly the approach behind things like W3C DIDs and Verifiable Credentials. The crypto has been solved for years; the adoption problem is that platforms like LinkedIn have no incentive to give users self-sovereign identity when the current model lets them be the middleman.
I've been building an open implementation of this for AI agents (where the identity problem is arguably even worse — there's no passport to scan): https://github.com/The-Nexus-Guard/aip. But the same cryptographic primitives apply to human identity too.
I like this but want to marry it with real world, too. How would you do that? LinkedIn would verify biometrics and then sign your DID? ANd you'd use that biometric-attested ID to prove to who you want?
I guess from a psychological and UX point of view tho, large platforms like LI have lots of "trust" in people's eyes (accurate or not) and so if LI says "verified" we can trust that. It's not just a conspiracy for linkedin to intermediate themselves, it's human sociology. I would just like LI to remove the "self-dox pwn" from verified badges, attest but let me redact.
As an industry we really need a better way to tell what’s going g where than:
- someone finally reading the T&Cs
- legal drafting the T&Cs as broadly as possible
- the actual systems running at the time matching what’s in the T&Cs when legal last checked in
Maybe this is a point to make to the Persona CEO. If he wants to avoid a public issue like this then maybe some engineering effort and investment in this direction would be in his best interest.
I am wondering what the 'sub-processor' means here. Am I right in assuming that the Persona architecture uses Kafka, S3 data lake in AWS and GCP, Elastic Search, MongoDB for configuration or user metadata, and Snowflake for analytics, thus all these end up on sub-processle list as the data physically touches these company's products or infra hosted outside Persona? I hope all these aren't providing their own identity services and all of them aren't seeing my passport for further validation.
Right, because as seen over the last several years, the Big Tech CEOs should totally be trusted on their promises, especially if it is related to how our sensitive personal data is stored and processed. This goes even wtihout knowing who is one of the better known "personas" investing in Persona.
Associate it with the specific service they don't want you using, or transactions they don't want you making, or conversations and connections they don't want you having.
As an example, the state government may issue a particular ID that I use in several different places. But the federal government did not issue that ID to me.
If he's really so confident these assurances will stand scrutiny then why doesn't he put them in the agreement and provide legal assurance to that effect?
this is just "trust me bro" with more words. even if true, the point is not what they do right now, the point is what they CAN do, which clearly as pointed in terms is a lot more than that.
It's probably used to aggregate all their data sources to compile profiles. They then match the passport against their database of profiles. To say, yup, this passport is for real person; not a deceased person whose identity was stolen for example.
2) 'After processing' is wide enough to drive a truck through. What if processing takes a year? What if processing is defined as something involving recurring checks?
3) You have no contract with Persona or even LinkedIn beyond the fact that you agreed to LinkedIn's TOS (but didn't even read).
4) The company that acquires or takes-private Persona might have a very different of how it handles this.
5) What does verifying do for you, the user? I understand its value to LinkedIn and their ability to sell your attention to advertisers, but what do YOU gain?
If you bring a billion anywhere you won't get systemic political power unless you seek it. Political power isn't about having money, but money gives you the operational range you need to seek political power.
There's a lot of money in Dubai, so if your operation is to just hope to impress and be offered power without much effort on your end, 1 billion won't be enough. Perhaps 100 or 1,000 billion could work? Hard to tell.
If you only have 1 billion though, you need to play your cards in a smarter way. Who can you become friends with? What clubs and parties do you need to attend to make it happen? Which politicians and royals can you get dirt on? Who can you bribe for information? What gifts can you give to gain someones trust? 1 billion is enough operational range for this.
Perhaps the billionaire can't buy your willingness to do something, but they can very much affect the material world around you, and therefore, you.
If you rent they can probably find a way to kick you out of your apartment. If someone around you _is_ willing to take an order, influencing what people around you do very much influences you. If they want something from you, and you're not willing to sell it, there will be people willing to steal it, etc.
Money very much is proxy of power. Perhaps not everything can be bought, sure. But money gives you operational range to attempt to impose your will when it doesn't.
Elections are important, but they're just one part of the political system. A lot of machinations and politics occurs outside the scope of elections or even of the public eye.
Money doesn't just buy ads. It influences the decision of who is a candidate in the first place. It buys operational range. It pays salaries for the right friend of X, the right family member of Y, etc. It buys other bribes, etc.
> their insistence on using a GUI instead of a basic JSON manifest just compounds it
I think this is a big part of the problem. Apple owns the IDE and the programming languages; in theory this should lead to a great experience. In practice, because they insist you only use their languages with their ide, and their ide with their languages, it leads to lousy tool design.
Features that would be best implemented as part of the compiler suite are instead be implemented in the GUI. File formats that could be simplified live on, because everyone is using GUIs in the IDE to edit them anyway.
Fixes that should be prioritized in the IDE get punted because the IDE is not competing with any other IDE, it's the only way to develop the language, people will use it anyway, etc.
> All software of comparable size and complexity have shortcomings that everyone learns to work around.
This is part of the issue IMO. Is this size and complexity warranted?
Rust for example; its a complex language, can target pretty much all platforms under the sun, and yet it's configured with just text files, builds with just terminal commands, and works great with any text editor.
I've seen people in big tech work on codebases millions of files big with everything from VSCode to a russian text editor from the 90s. Linus Trovalds is building Linux with MicroEMACS. Why do I need a behemoth like Xcode to build a To Do app? Why does it have to be this "big and complex"?
Xcode isn't necessarily the problem. Some people like it. That's fine. But apple forces it's use for iOS development. There are workarounds like Tuist, but you are still locked into Xcode for debugging, instruments, and even console output from an iOS device!
Nobody is saying not to use Xcode if you like it, but there should be a choice like there is for almost every other modern platform.
The big part of Xcode is the integrated Interface Builder. With SwiftUI it might slowly become irrelevant, but as of now, there's still no replacement for Xcode's Interface Builder. JetBrains' AppCode is/was a decent replacement for the code editor, but you still had to switch to Xcode for the UI parts.
Practical answer? I don’t know, man. I’m just building a todo list after all. Heck, I build more complex apps than that but front-end work is at such a high level of abstraction that, realistically, I just never bother. I don’t mind a smaller download size, but it’s just a nice-to-have.
The point about Xcode being complex, I disagree with. Honestly I could think of so many additional features to make my workflow easier.
If you told people in 2006 that 20 years later the best open-source IDE would be open-source, web-based and come from Microsoft, they would've thought you're crazy.
Back then Apple had made waves introducing Safari, which was not only great and cross-platform, but had an open-source renderer (WebKit), and JavaScript engine (JSC). Safari was crushing web standards while IE lagged, seemingly trying to purposefully choke the web to stop it from canibalizing Windows software. Apple was betting on web: one of the big features on their brand-new Mac OS 10.4 Tiger was the Dashboard with widgets that were all built with HTML/CSS/JS, and they were shipping a new, free IDE (Dashcode) to build them too.
Mac OS X was heavily marketed for being UNIX vs Microsoft's proprietary and closed Windows NT. They were building Safari and iTunes for Windows, and had just introduced the first Intel Macs; it seemed like they were out to put a fight against a very closed, very walled, and very incompatible Microsoft who had gotten too comfortable with the Wintel and IE monopolies.
Fast-forward two decades, and not only can you now run a native GNU/Linux environment on Windows, but the best IDE out there is web-based and open-source Microsoft software while Apple lags behind on developer experience. They seems to have missed the bus on web technologies too. They went from leading charge with a stellar browser pushing web standards forward, to being an obstacle out of fear Safari might canibalize iOS software.
Apple hasn't gone full early-2000s Microsoft (thankfully) and Microsoft hasn't gone full early-2000s Apple (unfortunately) but times have really changed.
I have I've worked on projects that require legal to get involved and you do end up with documents that sound excessively broad. I can see how one can paint a much grimmer picture from documents than what's happening in reality. It's good to point it out and force clarity out of these types of services.
[1]: https://www.linkedin.com/feed/update/urn:li:activity:7430615...
reply