I Verified My LinkedIn Identity. Here's What I Actually Handed Over.
Original: I Verified My LinkedIn Identity. Here's What I Actually Handed Over. View original →
What You Actually Hand Over for That Blue Badge
The LinkedIn blue checkmark—proof that "this person is real"—seemed worth having in an era of fake recruiters and AI-generated profiles. Author Rene Pot tapped "verify," scanned their passport, took a selfie, and got the badge in three minutes. Then they did something almost nobody does: they read the privacy policy.
You're Not Verifying with LinkedIn—You're Verifying with Persona
Clicking "verify" redirects you to Persona Identities, Inc., a San Francisco-based identity verification company. LinkedIn is their client. You are the subject being scanned.
For a three-minute check, Persona collected:
- Full name, passport photo (both sides), NFC chip data
- Real-time selfie and facial geometry (biometric data)
- National ID number, nationality, sex, birthdate
- Email, phone, postal address
- IP address, device type, MAC address, browser, OS, geolocation
- Behavioral biometrics: hesitation detection and copy-paste detection during the process
They Also Ran a Background Check
Persona cross-referenced collected data against government databases, national ID registries, credit agencies, utility companies, mobile network providers, and postal databases. A three-minute LinkedIn badge check turned into a full background investigation.
Your Face Is Training Data
Buried on page 6 of the privacy policy: uploaded identity document images are used to train AI models. The legal basis is not consent—it's legitimate interest, meaning Persona decided unilaterally that this is acceptable under GDPR. Whether feeding European passports into machine learning models passes the rights-balancing test is an open legal question.
17 Companies Touch Your Data
Persona's public subprocessor list includes 17 companies (including Anthropic) that process your personal data. In any merger, acquisition, or bankruptcy, your biometric data transfers to the buyer. Law enforcement can also access it.
LinkedIn itself only receives your name, birth year, ID type, verification result, and a blurred ID image. But 17 other companies get significantly more. The badge costs three minutes. The data costs considerably more.
Related Articles
Researchers revealed how to bypass K-ID, Discord's age verification provider. They can generate legitimate-appearing metadata without actual biometric data, fooling the system.
Anthropic's Claude Code Cowork (multi-agent collaboration) feature was found to create a ~10GB VM bundle on macOS using Apple's Virtualization Framework without warning users. The GitHub issue garnered 200+ points on Hacker News.
A software engineer building a custom controller app for his DJI robot vacuum inadvertently discovered a backend security bug using an AI coding assistant that exposed live camera feeds, microphone audio, and floor maps from nearly 7,000 devices across 24 countries.
Comments (0)
No comments yet. Be the first to comment!