I Verified My LinkedIn Identity. Here's What I Actually Handed Over.
Original: I Verified My LinkedIn Identity. Here's What I Actually Handed Over. View original →
What You Actually Hand Over for That Blue Badge
The LinkedIn blue checkmark—proof that "this person is real"—seemed worth having in an era of fake recruiters and AI-generated profiles. Author Rene Pot tapped "verify," scanned their passport, took a selfie, and got the badge in three minutes. Then they did something almost nobody does: they read the privacy policy.
You're Not Verifying with LinkedIn—You're Verifying with Persona
Clicking "verify" redirects you to Persona Identities, Inc., a San Francisco-based identity verification company. LinkedIn is their client. You are the subject being scanned.
For a three-minute check, Persona collected:
- Full name, passport photo (both sides), NFC chip data
- Real-time selfie and facial geometry (biometric data)
- National ID number, nationality, sex, birthdate
- Email, phone, postal address
- IP address, device type, MAC address, browser, OS, geolocation
- Behavioral biometrics: hesitation detection and copy-paste detection during the process
They Also Ran a Background Check
Persona cross-referenced collected data against government databases, national ID registries, credit agencies, utility companies, mobile network providers, and postal databases. A three-minute LinkedIn badge check turned into a full background investigation.
Your Face Is Training Data
Buried on page 6 of the privacy policy: uploaded identity document images are used to train AI models. The legal basis is not consent—it's legitimate interest, meaning Persona decided unilaterally that this is acceptable under GDPR. Whether feeding European passports into machine learning models passes the rights-balancing test is an open legal question.
17 Companies Touch Your Data
Persona's public subprocessor list includes 17 companies (including Anthropic) that process your personal data. In any merger, acquisition, or bankruptcy, your biometric data transfers to the buyer. Law enforcement can also access it.
LinkedIn itself only receives your name, birth year, ID type, verification result, and a blurred ID image. But 17 other companies get significantly more. The badge costs three minutes. The data costs considerably more.
Related Articles
HN focused less on telemetry as an idea and more on whether opt-out controls work when gh runs inside CI, servers, and automation.
HN’s reaction centered on the trust cost of turning everyday employee input into AI training material, not on whether Meta needs more data.
Hacker News treated this as the kind of privacy bug users fear most: no cookies, no login, just a browser implementation detail that could keep sessions linkable. The post says Mozilla fixed it in Firefox 150 and ESR 140.10.0, but the Tor angle is what drove the discussion.
Comments (0)
No comments yet. Be the first to comment!