I'll note that Persona's CEO responded on LinkedIn [1] pointing out that:
- No personal data processed is used for AI/model training. Data is exclusively used to confirm your identity.
- All biometric personal data is deleted immediately after processing.
- All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
- The only subprocessors (8) used to verify your identity are: AWS, Confluent, DBT, ElasticSearch, Google Cloud Platform, MongoDB, Sigma Computing, Snowflake
The full list of sub-processors seems to be a catch-all for all the services they provide, which includes background checks, document processing, etc. identity verification being just one of them.
I have I've worked on projects that require legal to get involved and you do end up with documents that sound excessively broad. I can see how one can paint a much grimmer picture from documents than what's happening in reality. It's good to point it out and force clarity out of these types of services.
All of which is meaningless if it's not reflected properly in their legal documents/terms. I've had interactions with the Flock CEO here on Hacker News and he also tried to reassure us that nothing fishy is/was going on. Take it with a grain of salt.
Why anyone would trust the executives at any company when they are only incentivized to lie, cheat, and steal is beyond me. It's a lesson every generation is hellbent on learning again and against and again.
It use to be the default belief, throughout all of humanity, on how greed is bad and dangerous; yet for the last 100 years you'd think the complete opposite was the norm.
> when they are only incentivized to lie, cheat, and steal
The fact that they are allowed to do this is beyond me.
The fact that they do this is destructive to innovation and I'm not sure why we pretend it enables innovation. There's a thousands multi million dollar companies that I'm confident most users here could implement, but the major reason many don't is because to actually do it is far harder than what those companies build. People who understand that an unlisted link is not an actual security measure, that things need to actually be under lock and key.
I'm not saying we should go so far as make mistakes so punishable that no one can do anything but there needs to be some bar. There's so much gross incompetence that we're not even talking about incompetence; a far ways away from mistakes by competent people.
We are filtering out those with basic ethics. That's not a system we should be encouraging
Because the liars who have already profited from lying will defend the current system.
The best fix that we can work on now in America is repealing the 17th amendment to restrengthen the federal system as a check on populist impulses, which can easily be manipulated by liars.
Yes, by state legislatures. The concept was the Senate would reflect the states' interests, whereas the House would reflect the people's interests, in matters of federal legislation.
Yup exactly, if this is the truth then put it on the terms/privacy policy etc... exec's say anything these days with zero consequences for lieing in a public forum.
But why believe that when their policy says any of it may not be true, or could change at any time?
Even if the CEO believes it right now, what if the team responsible for the automatic-deletion merely did a soft-delete instead of a hard delete "just in case we want to use it for something else one day"?
> - All biometric personal data is deleted immediately after processing.
The implication is that biometric data leaves the device. Is that even a requirement? Shouldn't that be processed on device, in memory, and only some hash + salt leave? Isn't this how passwords work?
I'm not a security expert so please correct me. Or if I'm on the right track please add more nuance because I'd like to know more and I'm sure others are interested
I'm not an expert but i imagine bio data being much less exact than a password. Hashes work on passwords because you can be sure that only the exact date would allow entry, but something like a face scan or fingerprint is never _exactly_ the same. One major tenant that makes hashes secure is that changing any singlw bit of input changes the entirety of the output. So hashes will by definition never allow the fuzzy authentication that's required with biodata. Maybe there's a different way to keep that secure? I'm not sure but you'd never be able to open your phone again if it requires a 100% match against your original data.
I'd assume they'd use something akin to a perceptual hash.
Btw, hashes aren't unique. I really do mean that an input doesn't have a unique output. If f(x)=y then there is some z such that f(z)=y.
Remember, a hash is a "one way function". It isn't invertible (that would defeat the purpose!). It is a surjective function. Meaning that reversing the function results in a non-unique output. In the hash style you're thinking of you try to make the output range so large that the likelihood of a collision is low (a salt making it even harder), but in a perceptual hash you want collisions, but only from certain subsets of the input.
In a typical hash your collision input should be in a random location (knowing x doesn't inform us about z). Knowledge of the input shouldn't give you knowledge of a valid collision. But in a perceptual hash you want collisions to be known. To exist in a localized region of the input (all z are near x. Perturbations of x).
> that require legal to get involved and you do end up with documents that sound excessively broad
If you let your legal team use such broad CYA language, it is usually because you are not sure what's going on and want CYA, or you actually want to keep the door open for broader use with those broader permissive legal terms.
On the other hand, if you are sure that you will preserve user's privacy as you are stating in marketing materials, then you should put it in legal writing explicitly.
As an industry we really need a better way to tell what’s going g where than:
- someone finally reading the T&Cs
- legal drafting the T&Cs as broadly as possible
- the actual systems running at the time matching what’s in the T&Cs when legal last checked in
Maybe this is a point to make to the Persona CEO. If he wants to avoid a public issue like this then maybe some engineering effort and investment in this direction would be in his best interest.
I'm not convinced there's any significant overlap between "people who are worried about which subprocessors have their data" and "people who don't think that eight subprocessors is a lot"
Can you say more? Why isn't it neutral or slightly positive? I would assume that a KYC provider would want to protect their reputation more than the average company. If I were choosing a KYC provider I would definitely want to choose the one that had not been subject to any privacy scandals, and there are no network effects or monopoly power to protect them.
I am wondering what the 'sub-processor' means here. Am I right in assuming that the Persona architecture uses Kafka, S3 data lake in AWS and GCP, Elastic Search, MongoDB for configuration or user metadata, and Snowflake for analytics, thus all these end up on sub-processle list as the data physically touches these company's products or infra hosted outside Persona? I hope all these aren't providing their own identity services and all of them aren't seeing my passport for further validation.
Right, because as seen over the last several years, the Big Tech CEOs should totally be trusted on their promises, especially if it is related to how our sensitive personal data is stored and processed. This goes even wtihout knowing who is one of the better known "personas" investing in Persona.
this is just "trust me bro" with more words. even if true, the point is not what they do right now, the point is what they CAN do, which clearly as pointed in terms is a lot more than that.
Associate it with the specific service they don't want you using, or transactions they don't want you making, or conversations and connections they don't want you having.
I used to have a LinkedIn account, a long time ago. To register I created an email address that was unique to LinkedIn, and pretty much unguessable ... certainly not amenable to a dictionary attack.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
This is a good example of why it's insane that nobody at Mozilla cares that they hire CEOs that have only a LinkedIn page. If you want to visit the website of the Mozilla CEO, you have to create an account and log in. No big deal if it's a CEO of a plastics manufacturing company, but when the mission is fighting against the behavior of companies like LinkedIn, it makes me wonder why Mozilla exists.
The CEO role at Mozilla is unstable. Even if Mozilla didn't require a LinkedIn page, chances are their CEOs would have an up to date account. Also, Mozilla's ARR is mostly their Google partnership.
If you visit the Mozilla website right now, you will see "Break free from big tech — our products put you in control of a safer, more private internet experience."
The surest sign of incompetence is somebody claiming they are forced into a requirement for perfection when the requirement is simply a basic adherence to virtue
But I have such low faith in the platform that I would readily believe that once they think you're not going to continue adding value, they find unpleasant ways to extract the last bit of value that they reserve only for "ex"-users.
Yes I notice that too. I hide my last name now because at my company it's just firstname.lastname so easy to guess.
It helps a lot but I still get a lot of sales goons. A lot of them follow up constantly too "hey what about that meeting invite I sent you why did you not attend"? My deleted email box is full of them (I instantly block them the minute I get an invite to anything from someone I don't know, and I wish Outlook had the ability to ban the entire origin domain too but it doesn't)
It's "intelligence platform" in the sense that you can gain a ton of information on individuals, organizations, and relationships that drive it all. If you can track how people move and interact between organizations, you can determine who someone is doing business with and even make an educated guess if that's a sale or interview.
A LinkedIn account's sole purpose is publishing, dissemination, and advertising information about you and your company. Anything that you badly want to keep private certainly does not belong there, much like it does not belong to a large roadside billboard.
Otherwise, LinkedIn can be quite useful in searching for a job, researching a company, or getting to know potential coworkers or hires.
Email spam is, to my mind, an inevitability. You should expect waves of spam, no matter what address you use; your email provider should offer reasonable filtering of the spam. Using a unique un-guessable email address, like any security through obscurity, can only get you so far.
You sound like someone that wants to normalize bad behavior. Good luck with that. I would never use a social networking site to find people or jobs. I'm not going to put support behind a entity that doesn't respect privacy and the fact that they are people who don't care, like you, are the problem and why we are in the situation we are in as a country at this point.
It’s definitely not a fluke. I was getting between 20 and 30 spam emails per day. Simply out of curiosity I deleted my linkedin account and the spam abated. After a week the spam reduced to a trickle and now after a few months I only get a few spam emails per week. Shortly after discovering that LinkedIn was the problem I deleted Indeed as well. Indeed has a fairly robust data deletion program.
Remember when LinkedIn was condemned because they copied Gmail’s login page saying “Log in with Google”, then you entered your password, then they retrieved all your contacts, even the bank, the mailing lists, your ex, and spammed the hell out of them, saying things in your name in the style of “You haven’t joined in 5 days, I want you to subscribe” ?
The original version of the LinkedIn mobile app uploaded your personal contacts stored on your smart phone and SIM to their server (to also "invite" them), without requesting user permission.
After that, I never installed it again (but too late), and I bought a second (non-smart) phone.
When I created an account on LinkedIn, a long time ago, I used the web. When it asked if I wanted to invite other people from my list of contacts, I clicked yes. I thought it would let me manually enter some contacts, or at worst, give me a list to choose from, with some kind of permissions prompt. Somehow, it accessed my entire Gmail contact list, and invited them all. My goodness, that was terrifying (I didn't even know it was possible) and embarrassing. Companies are not to be trusted, ever. Especially now, as they've proven for decades they have zero moral compass, and no qualms about abusing people for profit.
It could be, but I think it's also as likely it was the scrapers treating that as a trigger event of some type. eg you got a job and might have regrets.
I also saw... not sure what to call them, but honeypot friend requests? I used to get regular requests from profiles I didn't recognize with a generic pretty woman (I'd assume stock photography). Since I ignored them, they would re-request on intervals that were exactly 90 or 180 days. I occasionally glanced at them and there seemed to be no rhyme nor reason to their friends. I'd assume this was also some type of scraping, probably for friends-only profile data.
This is precisely why I give each website an alias such as website@example.com. If I start receiving spam to that address, I revoke the alias and name and shame the website online whenever I get the chance. Not that I would use LinkedIn anyway.
> It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data.
Too much time / energy on your hands? You gave them a unique email ID (which is always the most sensible thing), that's it.
The non-sensible thing was to sign up kn the first place. Nobody needs these narcisstic, BS spewing pseudo-networking places.
> Nobody needs these narcisstic, BS spewing pseudo-networking places.
I mean I got my last job through LinkedIn. I'm currently interviewing at a few places, half of which came from LinkedIn. So I personally clearly do need LinkedIn, unless you want to hire me.
Was forced to verify to get access to a new account. Like, an interstitial page that forced verification before even basic access.
Brief context for that: was being granted a salesnav licence, but to my work address with no account attached to it. Plus I had an existing salesnav trial underway on main account and didn't want to give access to that work.
So I reluctantly verified with my passport (!) and got access. Then looked at all the privacy settings to try to access what I'd given, but the full export was only sign up date and one other row in a csv. I switched off all the dark pattern ad settings that were default on, then tried to recall the name of the company. Lack of time meant I haven't been able to follow up. I was deeply uncomfortable with the whole process.
So now I've requested my info and deletion via the details in the post, from the work address.
One other concern is if my verified is ever forced to be my main, I'll be screwed for contacts and years of connections. So I'll try to shut it down soon when I'm sure we're done at work. But tbh I don't think the issues will end there either.
Why do these services have to suck so much. Why does money confer such power instead of goodwill, integrity and trust/trustless systems. Things have to change. Or, just stay off the grid. But that shouldn't have to be the choice. Where are the decentralised services. I'm increasingly serious about this.
> Was forced to verify to get access to a new account. Like, an interstitial page that forced verification before even basic access.
I'm forced to verify to access my existing account.
I cannot delete it, nor opt out of 'being used for AI content' without first handing them over even more information I'm sure will be used for completely benign purposes.
About a year ago I wanted to check out LinkedIn. Signed up with my real name, added my employer and past employers, verified my current work email address etc.
About 24 hours later, when logging in to pick up where I left off, I'm redirected to a page that tells me that my account has been locked. For the safety of my account, I needed to verify my identity to continue.
I refused to do so, for the same reasons this article highlights. So I wanted to delete my account and never return. Guess what? You can't delete your account without first verifying.
It took me a few frustrating months of trying to email their DPO (data protection officer) and filling out forms, constantly being routed to regular support with very unhelpful support staff. I actually contacted the Irish data protection agency thing (I'm not Irish, but european), and while waiting for them to process the case, I miraculously got a reply from LinkedIn that my account deletion was being processed.
Kids in Oz were getting around social media age restrictions by holding up celeb photos. I doubt that'll work in this case, but I'd be tempted to start thinking of ways to circumvent.
At the risk of losing the account, it's a very bad situation they are forcing people into.
I understand, and even agree, that how this is being handled has some pretty creepy aspects. But one thing missing from the comments I see here and elsewhere is: How else should verification be handled? We have a real problem with AI/bots online these days, trust will be at a premium. How can we try to assure it? I can think of one way: Everyone must pay to be a member (there will still be fraud, but it will cost!). How else can we verify with a better set of tradeoffs?
There should be no verification. The idea of a single platform where every worker is listed, identified, and connected to other people he/she knows IRL is scary. It shouldn't exist.
How about everyone gets a digital certification from their own government that this is the person named this and that. No need to share cranial measurements and iris scans.
Well, different trade offs there. On the plus side, sounds pretty simple. On the other hand...
Digital certification from the gov sounds a lot like "digital ID", which has run into considerable resistance in the UK and EU in just the last few months. As a general observation I find most EU citizens I interact with much more trusting of government than ... well, any other group of folks I have interacted with (I have the privilege of having lived and worked in S. America, N. America, sub Saharan Africa and now an EU country). If it does not fly well here, I don't think its general solution that most people would be comfortable with.
Having lived in borh the UK and Poland I was very surprised (given history) to find how comfortable, in comparison, Poles are with ID requirements, tax ID to join gyms and football clubs compared to the UK whicb still resists mandatory ID. There does seem to be a UK EU divide here
They can do what they please. Its due to the network effects. The tie-ins of tech are so strong, I'd wager that %99 of why they succeed has nothing to do with competency or making a product for the user, just that people are too immobile to jump ship for too many reasons. Its staggering how much stronger this is than what people give credit for. Its as if you registered all your cells with a particular pain medication provider, and the idea of switching pills makes one go into acute neurosis.
Someone needs to reimplement a "clean" version of its functionality: professional networking is too important to be left to the data hoarders/government surveillance cluster of organizations.
Besides, its UX has decayed to a "Facebook for the employed", where John Doe praises himself for mastering a mandatory training at work or taking Introduction to HTML at "Harvard" via Coursera.
The problem is a competitor will never be able to succeed without doing the same thing. Try to compete as a "free" service and you'll have to sell ads, try to charge and you'll never get enough signups to fund the business.
Let’s not forget Persona is linked to Peter Thiel. When Thiel and his friends support the government snatching citizens off the streets, there is unacceptable risk with forcing job seekers and the like to create accounts on LinkedIn.
It seems to me that if you let Persona verify your identity you're essentially providing data enrichment for the US government. In exchange for what? A blue tick from a feeder platform like LinkedIn, Reddit or Discord? No thanks.
On the other hand it can be hard to escape if it's for something that actually matters. Coursera is a customer. You might want your course achievements authenticated. The Canada Media Fund arranges monies for Canadian creators when their work lines up with various government sponsored DEI incentives. If you're in this world you will surely use Persona as required by them. Maybe you're applying for a trading account with Wealthsimple and have to have your ID verified. Or you want to rent a Lime Scooter and have to use them as part of the age verification process.
KYC platforms have a place. But we need legal guarantees around the use of our data. And places like Canada and Europe that are having discussions about digital sovereignty need to prioritize the creation of local alternatives.
Persona was not hacked. No database was breached. Frontend code source maps were leaked,
which means unminified variable names were exposed revealing all the names of our features.
These names are already publicly listed in @Persona_IDV's help center and API documentation.
LinkedIn is Tiktokified social media brainrot disguised as serious work. „Hey - you‘re not wasting time, you‘re building your network and gather industry knowledge!“
LinkedIn is full if so called professionals who make a living by leveraging their brand. If you‘re not one of them, leave
Most people don’t log in to LinkedIn to check the feed. They don’t interact with the feed at all.
It’s used for keeping contacts, having your online resume in a standard place, and maybe messaging people.
The feed is a sideshow. It enrages a lot of people because it’s full of slop, but you need to treat it like almost everyone else: Ignore it. It’s a sideshow.
Kind of. I've had a strict policy since LinkedIn launched of only connecting with people I've actually met and had at least some meaningful conversation with. Most of my contacts are former work colleagues. I think this makes my feed and audience a bit less spammy and grifty.
Never connect with anyone you haven’t met. If a work colleague or someone is on a call and doesn’t use video, no connection either. Don’t upload and store your resume on LinkedIn. There is no reason to do so.
Also, I don’t recall where this setting is, but make the default behavior such that if someone finds you and tries to connect with you, they actually follow you instead. This cuts down aggressively on spammers because in order to actually connect with you they would have to view your profile, open the … menu, and then click connect. If they aren’t paying attention they’ll just follow you instead of connect which means you can broadcast to them but they can’t broadcast to you.
Why? It's pretty useful for connecting with recruiters in my experience, and I don't think anyone can actually do anything just because they have a connection with you.
I do ignore the connections from random students though tbf.
Connecting with recruiters is mostly a waste of time, and generally anyone can just fake being a recruiter. Once someone has a connection with you they can see your extended network, they know where you work, they find out all information you have shared with on your profile, &c. The recruiter may be using you to connect with someone else. You also start to consume their content since you are connected. Better to let them follow you and then when it's time to reach out to offer you a job/send an in-mail.
Generally speaking, unless you operate at an elite level or at an elite institution, you're not getting a ton of worthwhile cold intros from recruiters.
> Connecting with recruiters is mostly a waste of time
Probably depends on the field but this definitely isn't always true. I've got my last two jobs through recruiters, and speaking to colleagues a lot of them do too.
> they can see your extended network, they know where you work, they find out all information you have shared with on your profile
This is public anyway though? Isn't that the point of LinkedIn?
> You also start to consume their content since you are connected.
I don't because I don't read LinkedIn. I pretty much only use it to get jobs. Although I have actually started posting technical stuff I've done there because people actually read it (I guess other people do read LinkedIn tbf!)
> Generally speaking, unless you operate at an elite level or at an elite institution, you're not getting a ton of worthwhile cold intros from recruiters.
I'm definitely not elite level and I would say ~20% of the jobs I get from LinkedIn recruiters are of interest. That's pretty good! Almost all of them are at least relevant to my field (silicon verification). Sometimes I get stuff about mechanical engineering validation, or software jobs that aren't relevant but that's pretty rare. It must depend on the field. Maybe the country too?
> This is public anyway though? Isn't that the point of LinkedIn?
You can limit this. I don't think it's necessarily the point of LinkedIn - i.e. for others to connect with you and then have full visibility into all of the details of everyone you know and whatever you have on your profile. It's a bit naive to assume that operating in this manner doesn't make you a prime target for scammers, social engineers, hackers, &c., or even worse - solicitors.
> My experience is different
Yea, everyone has different experiences. I'm just describing how the platform generally works, as a matter of fact.
Somehow the fundamentals of places like linkedin, gmail, google, facebook, etc have eluded people.
1. they are selling you as a target.
2. some people, governments, groups, whatever are willing to pay a lot of money to obtain information about you.
3. why would someone pay good money to target you unless they were going to profit from doing so. are they stupid? no.
4. where does that profit come from? If some one is willing to pay $100 to target you, how are they going to recoup that money?
5. From you.
There is simply no other way this can have worked for this long without this being true.
It is a long causal change, so it is fair to ask whether there is any empirical evidence. If this is true we would expect to see ...? Well how about prices going up? Well how about in general people are less able to afford housing, food, cars, etc.
I'm speculating here, but perhaps it is predictability. There is a common time warp fantasy about being able to go back and guess the future. You go back and bet on a sports game. If I can predict what you are going to do then I can place much more profitable bets.
Do the corporations that participate in this scheme provide mutual economic benefit? Do they contribute to the common wealth or are they parasitical?
No one likes to think they have parasites. But we all do these days.
Here’s the problem I have with your take (even if I agree): LinkedIn has a product to sell. You’re not supposed to be the product, because companies pay to advertise job postings, they sell career tools, sales tools, etc.
At what point is that not enough for them to stop doing data brokerage or sharing?
Beautifully written, I saved your post to send the next friend or relative who asks me why I am so hard-over on privacy. I enjoyed working at Google hears ago as a contractor, and they are my ‘favorite’ tech company - the only mega-tech company who’s services I regularly use, but I am constantly mindful of their business model as I use YouTube, GCP, and their various dev APIs.
They want to be targeted by companies for jobs. Or when they’re applying for a job, they want to be easily found by people at that company so they can see more information.
If you don’t want those things, you don’t need a LinkedIn page.
> Do the corporations that participate in this scheme provide mutual economic benefit? Do they contribute to the common wealth or are they parasitical?
You wrote a long hand wavey post but you stopped short of answering your own question.
The corporations who pay LinkedIn are doing so to recruit people for jobs. I’ve purchased LinkedIn premium for this purpose at different times.
After “targeting” those LinkedIn users, I eventually hired some of them for jobs. There’s your mutual economic benefit. This is why people use LinkedIn.
> It is a long causal change, so it is fair to ask whether there is any empirical evidence. If this is true we would expect to see ...? Well how about prices going up? Well how about in general people are less able to afford housing, food, cars, etc.
You think the root cause of inflation is… social media companies? This is an extraordinary claim that requires extraordinary evidence. You’re just observing two different things and convinced they’re correlated, while ignoring the obvious rebuttal that inflation existed and affordability changes happened before social media.
> Somehow the fundamentals of places like linkedin, gmail, google, facebook, etc have eluded people.
I think most people understand the fundamentals of LinkedIn better than you do, to be honest. It’s not a mystery why people sign up and maintain profiles.
I’m not assuming anything. It’s a job market. Like all markets they operate on supply and demand.
In your example, so what if they give the job to the most desperate worker instead of a different one at a higher price? Are we supposed to prefer that the desperate worker does not get the job and instead it goes to someone else at a higher rate?
If someone is desperate for a job because they really need work, I’d prefer that a platform help them get matched with jobs. Wouldn’t you? I think you’re so focused on penalizing corporations that you’re missing the obvious.
> Somehow the fundamentals of places like linkedin, gmail, google, facebook, etc have eluded people.
LinkedIn is slightly different, as it's fundamentally framed as a job board and recruiting platform. The paying customers are recruiters, and the product is access to the prospective candidates. Hence, LinkedIn offering for free services such as employee verification, work history verificarion, employee vouching, etc.
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
Not sure LinkedIn is a European professional network.
I think the author was talking about their own professional network being based in Europe, as opposed by LinkedIn, the platform that they're using to contact said network.
Their use of LinkedIn is for local and semi-local professional networks. It's like if you use Nextdoor for your street.
And of course those Europeans use LinkedIn for the network effect (even though LinkedIn is just a pathetic sad dead mall now, so most are doing so for an illusion), because other prior waves of Europeans also used LinkedIn, and so on. Domestic or regional alternatives falter because everyone demands they be on the "one" site.
The centralization of tech, largely to the US for a variety of reasons, has been an enormous, colossal mistake.
It's at this point I have to laud what China did. They simply banned foreign options in many spaces and healthy domestic options sprouted up overnight. Many countries need to start doing this, especially given that US tech is effectively an arm of a very hostile government that is waging intense diplomatic and trade warfare worldwide, especially against allies.
I would prefer to live in a free country, where I can choose my services from
among a couple of options. But the government you appeal to should install and execute laws to protect citizens by forcing foreign players to abide by local rulse or be forced to declare that they are not, in large red letters so no-one can say they did not know (legalese small-print does not suffice as we know).
Is there really a choice? Network effect means that the company that sells you cars also owns the road, and only allows its cars to drive on it.
What you want is the social graph, but you are forced to also use FBs shitty app to access it.
These social media apps never had a single useful feature besides the graph itself.
I've been getting "Emails aren’t getting through to one of your email addresses. Please update or confirm your email." -- even tho I get messages from them every day. When you press the button to confirm the (working) email it states "Something went wrong".
It happened last week too, I was able to fix it via their chat-help (human). Yesterday, their chat-help (human) was not able fix it and has to open a ticket. I pay for LinkedIn-Premium. So maybe this is just a scam to route me into Verification. Their help documents (https://www.linkedin.com/help/linkedin/answer/a1423367) for verifying emails doesn't match the current user experience.
Then, in a classic tech-paradox, their phone support person told me they would email me -- on the same address their system reports emails are not getting through to. It felt like 1996 levels of understanding.
I have no proof but I have suspicions that call-center systems are designed like this on purpose. low-level employees are hamstrung in what they can do, so then they have to hand it off to someone else, with varying degrees of ceremony, which either involves submitting a "ticket" or transferring you to some other department who may or may not have higher privileges wrt what they can do to help you.
Then you might hit a wall where nobody can do anything because you're trapped in the gears of some byzantine IT system that decides what can and can't happen at any given time with any given situation.
Then there's the labyrinth of the phone system itself littered low-bit smooth jazz and awful menus not often alleviated by AI voice recognition (which in my experience can sometimes be worse than the older voice systems) and the back and forth from one department to the next either because of the above or because someone or something keeps sending you to the wrong people to get your problems addressed.
If it's not engineered, it's some kinda emergent eldritch abomination that has slowly accreted over the decades.
This is the kind of activism in privacy appreciate that we need. I knew I did not want to verify but I did verify on Linkedin recently. The fact that the author also gave an action list if you are concerned about your privacy is just commendable.
Ha. I was reading this and thought "euhhhh, I did not give all of that to verify my account". So I went to LinkedIn to check if I have the shield. I then saw
- that I just have "work email verified" and that there is a Persona thing I was not even aware of
Yep, I clicked verify experimentally and all they wanted was my work email and a code they sent to it.
Of course, that works probably because my work has a linkedin account so they know what the official domain is for it.
I guess they'll spam that email but it's not like I care. I already receive spam offering me subcontracting services so I guess it's published somewhere.
Wow that is insane. Persona is even linked to Peter Thiel.
If LinkedIn asks me to verify then I'll just leave. I'd be very happy for it to fall over anyway so there is space for a new more ethical platform. Especially since Microsoft acquired it, all bets are off.
A good reminder of how things actually work, but the article could use some more balancing…
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
LinkedIn is an American product. The EU has had 20 years to create an equally successful and popular product, which it failed to do. American companies don’t owe your European nationalist ambitions a dime. Use their products at your own discretion.
Of course an American company is subject to American law. And of course an American company will prioritise other local, similar jurisdiction companies. And often times there’s no European option that competes on quality, price, etc to begin with. In other words I don’t see why any of this is somehow uniquely wrong to the OP.
> Here’s what the CLOUD Act does in plain language: it allows US law enforcement to force any US-based company to hand over data, even if that data is stored on a server outside the United States.
European law enforcement agencies have the same powers, which they easily exercise.
> European law enforcement agencies have the same powers.
No they don’t, not in the way that is implied here. A German court can subpoena German companies. Even for 100% subsidiaries in other European or non-European countries, one needs to request legal assistance. Which then is evaluated based on local jurisdiction of the subsidiary, not the parent. Microsoft Germany as operator is subject to US law and access. See Wikipedia “American exceptionalism” for further examples.
>The EU has had 20 years to create an equally successful and popular product, which it failed to do. American companies don’t owe your European nationalist ambitions a dime. Use their products at your own discretion.
I can see not everybody here will agree with me, but I find this take absolutely reasonable. The European space has the capacity and the resources to create a product that replaces something as trivial as Linkedin, and yet it takes the lazy approach of just using American products.
It's the same thing with China's manufactured products, at some point the rest of the world just accepted that everything gets done in China and then keep complaining about how abusive China can be.
The most recent issue is the military question. Europe relied for decades on the "cheap" protection of the USA. Now the USA gave the middle finger to Europe and Europe acts shocked, but Europe is not so shocked when it comes to the military budget it did not spend on self defense during all the time the Americans provided protection.
> "The most recent issue is the military question. Europe relied for decades on the "cheap" protection of the USA. Now the USA gave the middle finger to Europe and Europe acts shocked, but Europe is not so shocked when it comes to the military budget it did not spend on self defense during all the time the Americans provided protection."
Fully agree. Europe expects some kids from nowheresville Tennessee to die in a ditch defending Ukraine. The war will be over the second they need to draft 18 year-olds at scale from anywhere in western Europe to go defend "Europe". Nobody in France will die defending Poland, nobody in Greece will die defending Latvia. The EU is such a joke.
Good, because they're not coming. Send the blue-haired vegan gender dysmorphic battalions from Berlin instead. Or the "home at 14:30" battalion from Stockholm.
One detail you might have overlooked: even if you're an American company - if you offer your services in Europe (through the web or otherwise), you're subject to European laws and regulations, including the GDPR.
> In other words I don’t see why any of this is somehow uniquely wrong to the OP.
Did you read the article? It's a dark pattern. It is an act that takes 3 minutes to perform. Yet it takes multiple days of reading legal documents to understand what actually happens. I would argue this feels wrong, to most people who interact with technology.
We have a set of laws here that companies are obliged to follow, regardless of where they are incorporated, so we expect that. We are used to having some basic human rights here, perhaps unlike most Americans these days.
Data processes and ownership of biometric data should be made explicitly clear. It shouldn't take days of reading to understand. It feels wrong to me too.
That response reeks of astonishing arrogance. It doesn’t surprise me that nearly 50% of Americans voted for Donald Trump he perfectly embodies that mindset.
Do you genuinely believe you are superior to the rest of the world? What you call “innovation” or a “better product” is often nothing more than the creation of dominant market positions through massive, capital deployment, followed by straightforward rent extraction.
The European Union has every right to regulate markets operating within its jurisdiction, especially when there are credible concerns about anti-competitive practices and abuse of dominance. From what I’ve seen, there may be sufficient grounds to consider collective legal action against LinkedIn at the European level. As for so-called “European nationalist ambitions,” rest assured: Europe does not lack capable lawyers or regulatory expertise. I will be forwarding the relevant material to contacts of mine working within the European institutions in Brussels.
Maybe 30% of Americans voted for Donald Trump. This response reeks of ignorance and hubris.
> Do you genuinely believe you are superior to the rest of the world?
This assertion wasn't made, in any way, by the person you're replying to, and it sounds as though it's being asked in anger. This entire conversation has been about data privacy and stewardship. The OP has pointed out, correctly, that there's nothing that has prevented a EU based professional social network from existing in a way that is satisfying for EU based data policy.
If you sign up on an American website, you've decided to do business with Americans in America. Why are you entitled to something that the people you are doing business with are not subject to?
Trump received 77,284,118 votes, representing 49.8% of the ballots cast for president. The 30% figure you mention refes to the share of the total voting-eligible population, including those who did not vote.
A national poll conducted on February 16–18 found that 42.4% approve of Trump’s job performance, while 54.6% disapprove. Whether you accept it or not and whether you are a Democrat or Republican Trump now is the face of America and most of Europeans are of the same opinion.
Regardless of the fact that LinkedIn is an American company, it is required to comply with the GDPR when operating within the European Union. I am not a lawyer, but I don't believe that there is evidence of full compliance here.
We can have a more detailed discussion around political alignments in America, but you've already agreed that your original statement was false. I mention the 30% figure specifically because you said "nearly 50% of Americans voted for donald trump".
American companies "complying" with is only required insofar as the EU authorities can do anything about it - and that's the same dynamic that exists across all geo boundaries on the internet, that's not specifically American - see China and its great firewall. If an American company is taking steps to be in compliance with GDPR, it's because there is benefit in doing so.
WRT GDPR, I'd ask a clarification before continuing - you said "operating within the EU" - what does that mean? If I deploy a website, from America, onto American servers, and you can reach them from within the EU, am I "operating within the EU"? I'm not trying to be coy by asking this, I actually don't know the extent to which I agree or disagree with you.
Why can't the EU deploy capital? Regulation doesn't create better products, more aggressive marketing techniques, or deeply entrepreneurial mindsets which favor innovation and growth.
While OP is quite aggressive here, there is a nugget of truth: innovation doesn't happen because "we have the best lawyers" or "the best regulations". Maybe some self-criticism would be warranted to solve the problem.
Also nothing forces Europeans to use LinkedIn. I deleted my account long ago after getting search requests from NSA-adjacent private intel companies.
Here's another JD Vance who doesn't understand what international rules are and justifies that with (lack of) innovation
Below you can find the relevant GDPR excerpt. But before that, let me add to the coment below that US companies only comply with what EU institutions can enforce and what suits them; which is normal, since China does the same. Well, it couldn’t have been said better: in fact, we’re beginning to view you the same way we view China. And China innovates a lot, right?
"Article 3 – Territorial scope (GDPR)
This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law."
First I'm not american, I'm simply displeased to see my fellow Europeans seething about the consequences, while refusing to address the causes.
You speak about China: their government is very eager to favor local alternatives, which helps fund the local ecosystem.
In contrast, Euro countries don't generally procure office software from elsewhere than US companies (especially, Microsoft). It's always talk, talk, when the time for action comes, everyone looks at their shoes and signs the contract from the US company.
Even the European commission does the same, and filed a lawsuit against their own regulatory body after it pointed out that MS Office 365 wasn't fully compliant with the EC's own privacy rules! Rules for thee, not for me, as always with the EC.[0]
So yeah, regulations and laws don't replace political will and action. Especially when we talk about the EU, where hypocrisy and lobbying is at its highest.
The point here isn’t that Europe lacks innovation and is too bureaucratic. I have no problem admitting that. The crux of the matter is that, in response to my complaint about the possible failure to comply with a European law, the reply was: LinkedIn answers to American laws, you have no alternative to LinkedIn, and therefore there’s no point in opposing it. You just have to put up with it; it’s your own fault for not innovating.
The scenario being portrayed is one in which the law of the strongest prevails over the rule of law. As a European, coming from the continent that gave birth to the rule of law, I find all of this appalling. And I am sorry to hear that a fellow European thinks along the same lines. I don’t believe this is realism; rather, it is surrender.
The law is just mere words if you don't have an army, the guns, and the will to back it up. It has never been different. Louis XIV's wrote "The last argument of kings" on his cannons, in the 17th century.
Guess who holds the guns that protect Europe right now? So yeah, either comply, leave (what I did), or create an alternative. The EU had Viadeo[0], it could have pushed it to have an alternative. It didn't.
You’d be well served to stop the political name calling, it’s childish.
I view the dynamic from the opposite direction. You might think that that the EU is starting to view America the same way it views china, but in actuality the EU is starting to behave more like China. The wheels of a great firewall for the EU have been turning for some time already.
Oh no! Not your "relevant material" and your "contacts working within the European institutions in Brussels".
Listen, I'm truly sorry to be so direct but you sound like exactly the kind of person that needs to hear this.
> Europe does not lack capable lawyers or regulatory expertise. I will be forwarding the relevant material to contacts of mine working within the European institutions in Brussels.
Who do you think - between the current US government and the kinds of global, powerful tech behemoths being discussed in this article - gives a single flying fuck about more European lawyers and more European regulation? You literally didn't get the first thing about the point I made. You perfectly played out that classic trope we've all come to know. How about instead of lawyers and regulation Europe actually produces a successful competitor that challenges LinkedIn in any successful manner? What makes you think an army of lawyers and some more regulation are going to change simple, obvious facts about Europe's decline in productivity, innovation, etc?
Listen. The reason not a single worthy competitor has come out of Europe is because Europe just doesn't have what it takes. And it never will have what it takes, because the mindset is exactly what you're demonstrating here: EU is not out to actually build anything useful, it's about hiring armies of lawyers and creating paperwork and regulation nobody has asked for. Your funds and money should go to technology, competitiveness, tech education - not this lawfare nonsense. The EU right now doesn't have the right people, the work ethic, the funds, the innovation, the will to challenge and dream big, the incentives to bet big on tech. You know it, I know it, everybody else knows it. But please, tell us more about how we need a bit more lawyers twiddling their thumbs on the tax payers' bill.
You need to understand something quickly: Europe depends sorely on the US and China. You don't change that through lawyers. Europe is behind on every front.
Building a site like LinkedIn is really easy. Europe can easily do this. All it is is yet another social media site of which there are tons. There is nothing special about LinkedIn.
The reason we didn't was critical mass. Everyone was already on linkedin and there wasn't really a reason to pick something else until the US started becoming a nuisance. It's marketing, not technical.
I'm sure an EU alternative will come up now that the US is no longer a trustworthy partner. A lot of people like myself now have ethical issues with using american products (especially from big tech) and there's a lot of demand for EU-local stuff that wasn't there before.
> I'm sure an EU alternative will come up now that the US is no longer a trustworthy partner. A lot of people like myself now have ethical issues with using american products (especially from big tech) and there's a lot of demand for EU-local stuff that wasn't there before.
This is all hot air. If it's so easy to build, it would've been built by now. I bet you that there won't be a single successful European LinkedIn competitor - not for the past 20 years, not now, and not for the next 20. Europe is fundamentally at a deep state of decay at every level. The only way anything might be built, is by banning the competition. At which point you might as-well just forget about a social network for professionals entirely, because you're probably working at a gulag and there's no job hopping to be done anyways :)
Sure, in fact it's USA that is well behind Europe in happines (World Happiness Ranking) , life expectancy , infant mortality rate, general literacy ( PISA scores ), homicide rate, mass shootings frequency, violent crimes, inequality, democracy ( as reported by the Democracy Index) , press freedom ( World Press Freedom Index), just to name the first indexes that came to my mind.
> That response reeks of astonishing arrogance. It doesn’t surprise me that nearly 50% of Americans voted for Donald Trump he perfectly embodies that mindset. Do you genuinely believe you are superior to the rest of the world? What you call “innovation” or a “better product” is often nothing more than the creation of dominant market positions through massive, capital deployment, followed by straightforward rent extraction. The European Union has every right to regulate markets operating within its jurisdiction, especially when there are credible concerns about anti-competitive practices and abuse of dominance. From what I’ve seen, there may be sufficient grounds to consider collective legal action against LinkedIn at the European level. As for so-called “European nationalist ambitions,” rest assured: Europe does not lack capable lawyers or regulatory expertise. I will be forwarding the relevant material to contacts of mine working within the European institutions in Brussels.
This all seems to miss the point, which is: why does the US create so much stuff that Europe doesn't? Turning that useful reflective question into an attack on Americans sounds perfect if you want to refuse to work it out and change accordingly.
> This all seems to miss the point, which is: why does the US create so much stuff that Europe doesn't? Turning that useful reflective question into an attack on Americans sounds perfect if you want to refuse to work it out and change accordingly.
Because the US had so much venture capital, during the time of the low interest rates it was basically free money so they could afford to throw it to the wall and see what sticks. 90% of them would sink but it didn't matter. That doesn't fly here.
Then, they used that money to subsidise adoption, and then once the users were hooked into rent extraction as the OP mentioned. We call this process enshittification these days, and it's a really predatory business practice.
European companies don't do that as much because we have more guardrails against it, and more importantly we didn't have random cash sloshing up the walls. American could do that especially because of the petrodollar. Once the dollar loses its international status it will be a lot harder to do (and it already is due to the rising interest rates).
It was no surprise that exactly with the rising interest rates all the companies started tightening up their subscriptions. Netflix, amazon, all exploding in cost and introducing ads. Same with meta's platforms.
Indeed. But Americans are told they never use that strength to their advantage. It's all just the working 23 hours a day, determination and chasing the American dream that has resulted in supreme economic success.
Military is just for defence against baddies and liberating countries from dictators etc
The "pull yourselves up by your bootstraps" advice has more weight when the person saying it hasn't taken control of all bootstraps for a good 75 years. This is this toxicity in the toxic relationship between the US and EU. Foot in our faces telling us to pick ourselves up. Ditto South America.
Nobody is forcing you to use LinkedIn. LinkedIn is an American product, made by an American company in America, subject to American law. When you create an account - you agree to American terms and conditions, arbitrated by American courts.
LinkedIn doesn't need to obey to EU law. It needs to obey to American law, which allows LinkedIn to do business with anybody (other than people from sanctioned countries) whilst complying with US law. EU's laws don't matter in the US. The EU can sue LinkedIn, but LinkedIn can just safely ignore any lawsuits and ignore sanctions, because they are an American company subject to American laws.
EU citizens are willingly subscribing to an American service, then complain the American service doesn't abide by EU laws. That's laughable at every level, to any individual with a modicum of intelligence. If you don't agree to the terms, don't use LinkedIn. You are not entitled to anything.
> you agree to American terms and conditions, arbitrated by American courts.
"Designated Countries. We use the term “Designated Countries” to refer to countries in the European Union (EU), European Economic Area (EEA), and Switzerland."
"If you reside in the “Designated Countries”, you are entering into this Contract with LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”) and LinkedIn Ireland will be the controller of your personal data provided to, or collected by or for, or processed in connection with our Services."
"If you live in the Designated Countries, the laws of Ireland govern all claims related to LinkedIn's provision of the Services" "With respect to jurisdiction, you and LinkedIn agree to choose the courts of the country to which we direct your Services where you have habitual residence for all disputes arising out of or relating to this User Agreement, or in the alternative, you may choose the responsible court in Ireland."
Nobody cares. They keep a skeleton crew office in the EU for compliance purposes only. Whether they have an office in the EU or not is inconsequential. If they closed it tomorrow, the EU would literally have nothing to go after...
Call them whatever you want. All I'm saying is that Europeans are hypocrites for fucking over their greatest ally via unenforceable and anti-competitive regulation that's not worth the paper it's written in (and that European institutions have even exempted themselves from). The one ally that they desperately depend on for safety and security, technology, medicine, research, etc.
I see this sentiment constantly. It is genuinely hilarious to watch Americans lecture the world about the free market while feigning shock that Europe hasn't produced its own tech giants.
Claiming "the EU had 20 years to build an equally successful product" is the geopolitical equivalent of a deeply dysfunctional 1950s household. For decades, the husband insisted he handle all the enterprise and security so he could remain the undisputed head of the family. Then, after squandering his focus on a two-decade drunken military bender in the Middle East, he stumbles home, realizes he's overextended, and screams at his wife for not having her own Silicon Valley corner office, completely ignoring that he was the one who ruthlessly bought out her ventures and demanded her dependence in the first place.
America engineered a digitally dependent Europe because it funneled global data straight to US monopolies. To blame Europeans for playing the exact role the US forced them into is historical gaslighting. And pretending the CLOUD Act's global, extraterritorial overreach is the same as local EU law enforcement is just the icing on the delusion cake.
The US is not just alone, EU governments are fully cooperating, happily.
A Microsoft official explained during a french parliamentary session that he couldn't guarantee that the State data was safe from US requests. It created a shockwave, as everyone discovered what was evident from the start.
Of course, nothing happened, and they renewed every contract since then. We could talk about the F35 procurement.
They renewed every contract, but the French government is hard at work at replacements for Microsoft stuff, called 'la suite'. The Germans are doing the same under the name 'opendesk' and the suite shares a lot of common tools in fact.
This predates Trump II by the way, they did have more foresight than a lot of EU institutions.
Things have changed for sure but big ships take long to turn.
There are already credible alternatives, from the EU, which do not require rebuilding everything from scratch. OnlyOffice, for instance. The french government's job isn't to write a new office SaaS suite.
This is a lot bigger than one municipality. And with the Munich thing there was a lot of dodgy lobbying going on. Like Microsoft suddenly moving their HQ there. Then a new mayor came in that was suddenly all pro-Microsoft.
La suite is a lot bigger than that. And parts are actually being used already. They recently started using the meeting component called visio.
Oh, the EU is a victim now? And the EU's laziness, bloat and uselessness is the US's fault now?
And where's all of this evidence of this hidden extraordinary European talent and ability that just needs to be unleashed given some more lawyers and regulation?
Exactly! It's the same with the military dependency.
America wanted a weak Europe, to be dependent on them so they would have geopolitical influence. They basically bought influence. They didn't want us to have nukes to defend ourselves from the Russians (the French are frowned upon and the British don't really have their own, they are beholden to the US). It also gave them a huge market for their products and services (and no there was no imbalance if you take services into account which Trump doesn't).
Then Trump comes and complains that we're not investing equally. Well no, but this was exactly as his predecessors designed. Now we will build it up but of course we will need to build our own nuclear umbrella and we will no longer give the US its influence it previously had, obviously.
We also don't need quite as much military expenditure anyway because we're just looking to defend ourselves, not trample oil-producing countries. The only times we did that were exactly due to the US' bought influence.
Thank you for your words I couldn't say any better. I agree on everything but one thing. I definetely don't find this hilarious. I find it frightening and disgusting.
The deeper issue here is that centralized identity verification creates honeypots. You hand over real identity data to verify yourself, and now that data lives in LinkedIn's systems indefinitely. The alternative direction is zero-knowledge proofs for identity — prove you're a real person without revealing which person. Projects like World ID are going this direction. The irony is that for AI agents, none of this matters: they don't have identities to verify, which is actually a feature.
The strange thing about LinkedIn organization verification is that it never seems to be revoked. I have many contacts with verifications from companies they no longer work for - sometimes for a very long time.
On the other hand I see many people posting in official capacity for an organization without verification.
When they actively represent their current company but with a random verification from a previous one it gets pretty absurd.
In its current form LinkedIn verification is pretty worthless as a trust signal.
Good write up I guess, but I'm just so tired of all the AI-isms in every damn thing.
"Your European passport is one quiet subpoena away"
Why does the subpoena need to be quiet? If I search my chats with ChatGPT for the word "quiet", I get a ridiculous number of results. "Quietly this, quietly that". It's almost like the new em dash.
There's many others all over this blog post I won't bother calling out.
"Understanding what I actually agreed to took me an entire weekend reading 34 pages of legal documents."
Yeah I'll bet it did. Or it took an hour of back and forth with ChatGPT loaded up with those 34 pages.
I get it, we all use AI, but I'm just so tired of seeing the unmistakable mark of AI language all over every single thing. For some reason it just makes me think "this person is lazy". The CEO of a company my friend works for used Claude to write an important letter to business partners recently and we were all galled at her lack of awareness of how AI-sloppified the thing was. I guess people just don't care anymore.
I also find AI trope-ification articles exhausting to read, there's a reason I've fine tuned my system prompts to wipe all of it away. This reads like "Hey Gemini, I verified my passport on LinkedIn, write an impassioned exposé on Persona's privacy policy".
When people leave in things like staccato language and Blogspot era emphasis, I feel like I might as well copy the Persona privacy policy and prompt my own AI(s) on the topic and read that instead.
> Or it took an hour of back and forth with ChatGPT loaded up with those 34 pages.
That's exactly what I was thinking when I read that line. And there's nothing necessarily wrong with using AI to help decipher large legal documents, just be honest about it.
I am about to talk about "vibes" and "feelings" so please take this with a grain of salt:
Does anyone else get the impression that they feel like the nefarious surveillance state is now real and definitely not for their benefit?
It's been a long running trope of the men in black, and the state listening to your phone calls, etc. Even after Snowdon's leaks, where we learned that there are these massive dragnets scooping up personal information, it didn't feel real. It felt distant and possibly could have been a "probably good thing" that is it was needed to catch "the real bad guys".
It feels different now. Since last year, it feels like the walls are closing in a bit and that now the US is becoming... well, I can't find the words, but it's not good.
I don't get the whole idea of treating identity verification as a private enterprise problem. I realize it's easy to just blame LinkedIn or Microsoft here, but the core issue is architectural. We are trying to solve a public utility problem by building private honeypots.
The government should provide an API or interface to validate a user, essentially acting just like an SSO. Instead of forcing users to upload raw passport scans to a third-party data broker, LinkedIn should just hit a government endpoint that returns an anonymized token or a simple boolean confirming "yes, this is a real, unique person." It gives platforms the sybil resistance they need without leaking the underlying PII.
Apollo is one of many. The broader pattern is the same across the industry — companies collect data with one set of promises and then the data ends up accessible through channels users never consented to.
I've been documenting this pattern in AI apps specifically. The number of companies shipping to production with Firebase rules set to "allow read: if true" or Supabase databases with no Row Level Security is staggering. The identity data people hand over during verification often ends up in databases with zero access controls.
LinkedIn at least has a security team. Most AI startups shipping verification flows don't.
I almost fell for a very sophisticated phishing attack last December and most of the "verifiable" information was from my LinkedIn account.
For each role I had described some of the tasks and accomplishments and this was used in the phishing message.
Since then, I removed my photo, changed my name only to initials and removed all the role-specific information.
It's a bit of a bummer as I'm currently in the process of looking for a new job and unfortunately having a LinkedIn profile is still required in some places, but once I find it, I'll delete my profile.
I'm routinely shocked how biased people I work with are against individuals without a linkedin page. So many hiring managers across 15 years in my industry won't consider people without pages. One guy goes on rants how people are "sketchy" if they don't have a verified page and a lot of skill endorsements and testimonials! He'll pull up our vendors pages and check them out during meetings, complain if it isn't available or complete. I used to keep mine very minimal and locked down but I felt pressure from peers to flesh is out and keep it public which I hate.
For remote jobs with remote interviews, not having a LinkedIn page or having a LinkedIn page full of generic information that can be disproven by a quick background check are common traits of scam applicants.
A friend’s employer started requiring more verification after they hired a group of remote workers who would some times connect from North Korean IPs when they made a mistake with their VPN.
This is a little unnerving because I know I've had to provide similar ID verification somewhere online, but I can't remember where. And based on everything here, it was almost certainly Persona.
I guess I'll just be in the corner crossing my fingers none of it is found in a hostile foreign land or used against me.
Subprocessor usually just means that you use their products in a way that your personal data passes through them. For example, let's say you are using cloudflare and aws to host a site, then your subprocessors would be cloudflare and aws.
It can be some more nefarious use, but it can also just be that they (persona in this case) use their services to process/store your data.
The link isn't working, but anyone handing over unnecessary data to LinkedIn (AKA Facebook Pro) is probably too gullible to be online safely at this point.
How does this work for the myriad banks I've had to prove my identity to in the same way?
I'll be attempting steps 1-4 and see what Persona comes back with.
Seeing some of my colleagues verify through Persona on LinkedIn, and I can't quite figure out what they're getting out of it.
Every hiring process I've been through already requires proof of identity at some point. Background checks, I-9s, whatever it may be. So you're essentially handing your ID to a third party just to get a badge that doesn't skip any steps you'd have to do anyway.
It does provide an advantage when applying to remote jobs at some companies. They try to filter scammer applicants out early and the verified profile is one signal they look for.
Depends on the company, but in a competitive job market any extra signal can help.
There are a crazy number of fake LinkedIn profiles out there that are used for scamming companies or people.
The badge could (I don't know, haven't done it yet) help you differentiate yourself in a sea of monkeys slinging ChatGPT'd profiles from a third-world boiler room.
(whether it actually does or the monkeys now got a steady source of fake/stolen IDs is another matter)
This is a good write-up and useful content, but edit-wise it could be simplified significantly. Additionally, phrases like "let that sink in" are characteristic of poor LinkedIn content, which is a bit of an irony :)
I work in this space for a competitor to Persona, so take my opinion as potentially biased, but I have two points:
1. just because the DPA lists 17 subprocessors, it doesn't mean your data gets sent to all of them. As a company you put all your subprocessors in the DPA, even if you don't use them. We have a long list of subprocessors, but any one individual going through our system is only going to interact with two or three at most. Of course, Persona _could_ be sending your data to all 17 of them, legally, but I'd be surprised if they actually do.
2. the article makes it sound like biometric data is some kind of secret, but especially your _face_ is going to be _everywhere_ on the internet. Who are we kidding here? Why would _that_ be the problem? Your search/click behavior or connection metadata would seem a lot more private to me.
Because it should still be my choice as to what you do with it, which data you associate with it, and how you store it. Removing that choice is anti-privacy.
It's way less your choice what happens with a photo of your face in pretty much every other situation.
When your face is on your LinkedIn profile, anyone can download it and do whatever they want with it. Legally. Here, the vendor has to tell you how they use it.
Why not show a summary of who actually received the data? It should be easy to implement. You could also add what data is retained and an estimate of how long it is kept for. It could be a summary page that I can print as a PDF after the process is complete.
I'd consider that a feature that would increase trust in such a platform. These platforms require trust, right?
> your _face_ is going to be _everywhere_ on the internet. Who are we kidding here? Why would _that_ be the problem?
It's a strange logic. "Evil thing X will happen anyway so it's acceptable for me to work in a company doing evil thing X". You should be ashamed of building searchable databases of faces
> We have a long list of subprocessors, but any one individual going through our system is only going to interact with two or three at most.
So, in aggregate, all 17 data leeches are getting info. They are not getting info on all you users, but different subsets hit different subsets of the "subprocessors" you use.
And there's literally no way of knowing whether or not my data hits "two" or "three" or all 17 "at the most".
> but especially your _face_ is going to be _everywhere_ on the internet. Who are we kidding here? Why would _that_ be the problem?
If you don't see this as a problem, you are a part of the problem
I agree that DPA:s, as they are written today, aren't good. I was just pointing out that the reality probably isn't as bad as the article made it sound.
> If you don't see this as a problem, you are a part of the problem
I think you're misunderstanding me. I'm just saying that there are way bigger fish to fry in terms of privacy on the internet than passport data. In the end, your face is on every store's CCTV camera, your every friends phone, and every school yearbook since you were a kid. Unless you ask all of them to also delete it once they are done with it.
But it makes a big difference if some CCTV camera captures my face and comes up with "unknown person" or if it finds my associated passport and other information.
By the way, ever since facebook was a thing I always asked my friends not to tag me in any photos and took similar measures at every opportunity to keep my data somewhat private.
> I agree that DPA:s, as they are written today, aren't good.
That is, multiple regulations already explicitly restrict the amount of data you can collect and pass on to third parties.
And yet you're here saying "it's not that bad, we don't send eggregious amounts of data to all 17 data brokers at once, inly to 2 or 3 at a time, no big deal"
> In the end, your face is on every store's CCTV camera, your every friends phone
If you don't see how this is a problem already, and is now exacerbated by huge databases cross-referencing your entire life, you are a part of the problem
The content is of course 100% true and needs to be repeated over and over, every single day.
The straight-from-LLM writing style is incredibly grating and does a massive disservice to its importance. It really does not take that long to rewrite it a bit.
I hope at least he wrote it on his local Llama instance, else it's truly peak irony.
> Here’s the thing about the DPF: it’s the replacement for Privacy Shield, which the European Court of Justice killed in 2020. The reason? US surveillance laws made it impossible to guarantee European data was safe.
> The DPF exists because the US signed an Executive Order (14086) promising to behave better. But an Executive Order is not a law. It’s a presidential decision. It can be changed or revoked by any future president with a pen stroke.
This understates the reality: the DPF is already dead. Double dead, two separate headshots.
Its validity is based on the existence of a US oversight board and redress mechanism that is required to remain free of executive influence.
1. This board is required to have at least 3 members. It has had 1 member since Trump fired three Democrat members in Jan 2025 (besides a 2-week reinstatement period).
2. Trump's EO 14215 of Feb 2025 has brought (among other agencies) the FTC - which enforces compliance with the DPF - under presidential supervision. This is still in effect.
Of course, everyone that matters knows this, but it doesn't matter, as it was all a bunch of pretend from day 1. Rules for thee but not for me, as always. But what else can we expect in a world where the biggest economy is ruled by a serial rapist.
Even the title is AI slop. Surprised these slop posts do so well on HN of all platforms but I guess they're just high volume. AI-ese is becoming its own dominant language group at this point
You read and agreed with the terms explicitly stating the data would be used to do those things, and it was not at all necessary for you to do that. What else do you want? It seems like consent isn't the issue. You just don't like what this company does, and still volunteer your data for them to do just that. Now you regret it and write a blog post?
One thing is to be tricked or misled, or for a government to force your face to be scanned and shared with a third party. Another is to have terms explicitly saying this will be done, requiring explicit agreement, and no one forcing you to do it.
They consented to their data being used to verify their identity, not to train an AI on their data. Each separate purpose the data is being processed for needs its own basis.
"Consent" and "Legitimate Interest" are legal terminology - they're two bases defined in GDPR and have different implications and requirements for balancing user and processor interests.
When the author says that Persona claims the "legitimate interest" basis for these data, they're saying that Persona is trying to achieve maximum flexibility for using the data (since "consent" generally requires specific agreement on a specific use for the data, and the burden of maintaining the consent records, where "legitimate interest" does not).
This is where I disagree. You basically have to use LinkedIn to participate in today’s job market. These large platforms that are protected by network effects should be highly regulated so they cannot abuse your privacy and rights.
Most privacy issues with today’s technology industry are caused by companies behaving like private service providers, when in practice they are somewhere between public utilities and government agencies in terms of their necessity and inevitability.
In many companies, you don’t need to bother applying without a LinkedIn profile. You’re not even going to be considered for a position, full stop.
Hiding all this very important info (which literally affects the users life) behind an insignificant boring click!
Even the most paranoid user will give up in certain use cases, (like with covid 19 which even though didn´t agree, you needed to travel, work making it compulsory).
Every company that uses deciving techniques like this should be banned in Europe.
Off topic -- the design for that blog is really slick. Added it to my "design swipe file."
Less off topic -- there are some black hat marketers that (I think) buy or create verified profiles with attractive women, then they use the accounts for b2b sales through linkedin DMs. I find that amusing. Neutered corpo bois are apparently big poon hounds. Makes sense when you think about it -- that type of guy is craving female attention and probably does not have the balls to do anything in real life, so a polite DM from a fake linkedin thot would be appealing.
They probably did not. Privacy notices are usually written by non-technical people. They include a lot more than what is actually stored. I’d also be very surprised if they actually interacted with the digital passport (NFC) as part of the process.
I was once part of the process of creating one. After two rounds, business decided too much money is wasted here and all the nonsense will stay. Better to have too much listed than too little.
This is only going to become more common. Companies are implementing checks using similar services (a) to prevent employment scams (where the person who interviews is not the person who works; usually the latter is a low-paid offshore individual) and (b) basic security authentication. It won’t be long before this sort of biometric validation starts showing up to authenticate users on regular websites and similar services, if it hasn’t already. I think the last one I had to do was to authenticate when activating a bank card.
> Persona extracts the mathematical geometry of your face from your selfie and from your passport photo. This isn’t just a picture — it’s a numerical map of the distances between your eyes, the shape of your jawline, the geometry of your features. It’s data that uniquely identifies you. And unlike a password, you can’t change your face if it gets compromised
Is there anything special about a passport photo, or can that be done from any photo of your face?
When I read selfie, I was thinking of one of those motion-based selfies where it's really a short video. And from the video, you can extract those measurements. I'm assuming it wasn't extracted from the passport photo, but rather the passport photo was used to verify that the selfie is of the same person that the passport belongs to.
I hate LinkedIn but need it for a few things, mostly accessing certain clients and projects as a freelancer. Last October my ISP (Vodafone UK) assigned me a datacenter-classified IPv6 address with 80+ abuse reports on reputation databases, for bots, DDoS, crawlers. Before I realized this I started getting locked out, suspended, restricted from just about every web service I use, having to solve captchas for simple Google searches, etc.
I resolved everything except LinkedIn. They required Persona verification to restore access, but I'd already recently verified with Persona, so clicking the re-verification links just returned a Catch-22 "you've already verified with us." LinkedIn support is unreachable unless you're signed into an account. I tried direct emails, webforms, DMs to LinkedIn Help on Twitter, all completely ignored.
Eventually some cooldown timer must have expired, because Persona finally let me re-verify last week. Upon regaining access, I was encouraged me to verify with Persona AGAIN, this time for the verified badge.
I now have a taste of what "digital underclass" means, and look forward to the day when no part of my income depends on horrible platforms that make me desperate for the opportunity to give away my personal data!
I also feel that digital companies get away with “no human representatives”. I should always have access to a human. It should be law. It will screw over a lot of companies and I am all for it since they don’t know what service looks like if it looked them in the eyes.
I heard this being described as an "accountability sink." A system designed in such way that when something bad happens, there is nobody to be held accountable. It feels pervasive in the modern world.
The rule for not replying to GDPR requests (e.g. sent by registered letter) holds within a month: the maximum fine for this is 4% of last years total revenue or 20 mio €, whichever is the larger number.
For US companies use their (typically Dublin) European HQs.
> the maximum fine for this is 4% of last years total revenue or 20 mio €, whichever is the larger number.
The maximum fine wasn't even achieved by Facebook, after years and many blatant GDPR cases. Do you really think someone is getting a fine for not replying to a subject access request in due time? If so I have a very good bridge to sell you, and that bridge has more probability to exist than Amazon getting any kind of GDPR fine for not acknowledging a SAR.
> look forward to the day when no part of my income depends on horrible platforms that make me desperate for the opportunity to give away my personal data
We are moving into the opposite direction. Drink a verification can.
Thanks for mentioning this. I have activated a one-month LinkedIn Premium free trial, hopefully as another layer of protection while I re-establish myself and fortify my profile.
More interesting that LinkedIn use fingerprinting everywhere and connect your personal data to every device you are using and connect to other services connected to their network.
... i'm pretty sure every website does this lol. Aggressive fingerprinting is so easy to implement and so high ROI from a security/marketing perspective.
the Persona CEO response addresses the AI training concern but totally sidesteps the CLOUD Act issue. doesn't matter where data is stored -- if Persona or any of their US-based subprocessors get a US national security letter, that data is accessible. "deleted within 30 days" also means it exists for up to 30 days, which is plenty of time for a legal demand.
I believe OpenAI used Persona during the verification step that you must complete to use their SOTA models in the API. Not sure if it's still the case now.
Anyway, I found that too much of a hassle and switched to other LLM providers.
A few months back I was evaluating one of the GPT-5 models for a side project. Turns out streaming via the API requires org verification, and I decided to look elsewhere.
In hindsight, a good decision given what just came out about Persona.
My wife works for a competitor of the company mentioned. They are in EU. Still run everything on AWS. The data collected is usually even more than what stated, full video recording of the session with audio etc.
AWS EU region is not doing much, and I suspect most companies run on US providers. EU needs independent platform for this to matter.
It would be even better if the law enforced that this kind of data could only be used for the stated business need (the basic identity verification), and not be stored or used/shared with anyone else. If anyone is caught violating a law like this, throw the entire c-suite in prison for 10 years.
I’m so tired of all these covert ops run by these businesses. They aren’t going to stop until there is a heavy price to pay.
The need / demand for some verification system might be growing though as I’ve heard fraudulent job application (people applying for jobs using fake identities… for whatever reason) is a growing trend.
I'm glad the absurdity of verification is getting attention. I was "forced" to verify by Linkedin to unlock my account. It was last year, and I had left my previous job, but I had not yet lined up a new job. So one of the only times in my career I might actually get value from Linkedin, they locked me out, removed my profile, and told me if I wanted back in, I'd have to verify. I felt helpless and disgusted.
I gave in and verified. Persona was the vendor then too. Their web app required me to look straight forward into my camera, then turn my head to the left and right. To me it felt like a blatant data collection scheme rather than something that is providing security. I couldn't find anyone talking about this online at the time.
I ended up finding a job through my Linkedin network that I don't think I could have found any other way. I don't know if it was worth getting "verified".
---
Related: something else that I find weird. After the Linkedin verification incident, my family went to Europe. When we returned to the US, the immigration agent had my wife and I look into a web cam, then he greeted my wife and I by name without handling our passports. He had to ask for the passport of our 7 month old son. They clearly have some kind of photo recognition software. Where did they get the data for that? I am not enrolled in Global Entry nor TSA PreCheck. I doubt my passport photo alone is enough data for photo recognition.
The thing about looking straight into the camera and turning your head seems to originate from Chinese apps, including some payment apps, bank apps, and government apps. It’s especially disgusting since it imitates the animation used by Apple Face ID, but of course it’s not at all implemented like Face ID.
> I'm glad the absurdity of verification is getting attention
It's not. The developers' bubble we're in on the HN is invisibly tiny compared to the real life. And normies are not only perfectly happy uploading all their PII to Persona - they won't even understand what's wrong with that.
Yeah was thinking the same thing. I wonder if the author didnt known that passpory chip == fingerprint.
And FP is a much worse modality to have registered because, as opposed to Face image, fingerprint is not affected by age. So that will match you 99.999999% for ever. Faces change.
Linkedin is the sleaziest thing I’ve seen on the internet since it was invented. The sight of it makes my skin crawl. The way they have desperately tried to onboard you via data that they seem to have that they shouldn’t. The way users even present themselves, posting updates that probably make them want to vomit themselves and shower in disgust even tho it’s not their fault, we need to find work. The bloody badge that you have to wear on your forehead to say you are available for work. The thought of the money they are raking in from recruiters and corporations. The way they try to be a little bit more like Facebook to make it look a little more ‘fun’. I hate it.
Well they made it. They conquered the recruitment scene and I can’t think of a company I’d wish had gone out of business sooner.
I do find them the most loathsome of the social media platforms I visit. But here's another point -- recent investigations have shown they're not as good a resource for finding jobs anymore[0].
People who found this post interesting may also find this blog post about Persona a good read as well: https://vmfunc.re/blog/persona/
tl;dr Persona shares your identity data directly with the federal governments of the US and Canada and likely is sharing data/works with ICE on the same.
The OP is right. For that reason we started migrating all of our cloud-based services out of USA into EU data centers with EU companies behind them. We are basically 80% there. The last 20% remaining are not the difficult ones - they are just not really that important to care that much at this point but the long terms intention is a 100% disconnect.
On IDV security:
When you send your document to an IDV company (be that in USA or elsewhere) they do not have the automatic right to train on your data without explicit consent. They have been a few pretty big class action lawsuits in the past around this but I also believe that the legal frameworks are simply not strong enough to deter abuse or negligence.
That being said, everyone reading this must realise that with large datasets it is practically very likely to miss-label data and it is hard to prove that this is not happening at scale. At the end of the day it will be a query running against a database and with huge volumes it might catch more than it should. Once the data is selected for training and trained on, it is impossible to undo the damage. You can delete the training artefact after the fact of course but the weights of the models are already re-balanced with the said data unless you train from scratch which nobody does.
I think everyone should assume that their data, be that source code, biometrics, or whatever, is already used for training without consent and we don't have the legal frameworks to protect you against such actions - in fact we have the opposite. The only control you have is not to participate.
If you are using Linked in for anything at this point, you are just asking for trouble. They have no interest in maintaining a healthy business ecosystem and you can see that with the way they try to close you into their system and the amount of AI slop that is on that platform.
I think at this point we should all accept the fact that Information Tech = Spy Tech = Surveillance Tech. This is not about Linkedin or bad implementation by some 3rd party company. This is on purpose. Bad news is that countries started to make id verification mandatory for social media usage. That is also coordinated and for surveillance purposes.
Actually Steve Blank has a great talk on the roots of Silicon Valley. SV basically built upon military tech meeting private equity. That's why it's wildly different than say Berlin startup scene, and their products are global and free.
so their "shady" network of subprocessors are just the companies that already have all of your data? wow. I'm pretty sure I use most if not all of them in my own stack.
In any case, I don't know how much more ad money they'll extract from knowing what I look like. Maybe beauty products?
As a blogging platform it seems like a mess of fake posturing. Recruiters use it, but that mostly means you get lots of spam. You can find a job without LinkedIn. I deleted my account about a decade ago and feel increasingly justified every time I read about the current state of affairs.
After deleting I got a job from HN "who's hiring", joined a friend's company, and now freelance.
Through extensive data harvesting, and exchanging and partnering across thousands of such data miners, I suspect that by now, the graph of identities and fingerpinted devices must be practically complete. That means that all your actions on the internet can be tracked back, via device fingerprinting and cookie networks, to your physical identity. Great milestone for the surveillance states.
If you fly to US, Singapore, and many other countries these days, your face will be photographed and the photo will be matched to your passport photo via facial recognition (the machine tells you that outright, and does the action on the spot). They also take your right hand fingerprints.
I think flying to a country is a whole lot different than a little tickmark on a website, sorry.
Don't forget that if you fly to a country you are also bound by their laws. They can do anything to you as long as they can make it stick under their laws. It's one thing that people often don't realise when flying somewhere, you are basically giving a blanket submission to their laws!
For this reason I have a long blacklist of countries I won't visit because they have laws I do not accept.
I don’t say it to justify what linkedin is doing - there is no justification for that. I say it to warn those who are conscious of it that there are more places that will harvest the data and use it.
Those 17 sub processors are probably the most vanilla cloud computing companies you're going to find. Maybe you can complain about using one of the three LLM providers for doing OCR but there have been quite a few posts here about how LLMs are great for OCR.
Here's where you went wrong: you're on LinkedIn.
Since it's your first time, this one is free, I'll be collecting micropayments for future advice, rest assured.
I was randomly forced to do this about a year ago, gave them everything except a passport (Tried providing other doc but support is either bots or overseas), got rejected, and lost a 15 year old legitimate business account.
Could never find any explanation why I was targeted by this - it said it detected “suspicious activity” but I only ever interacted with recruiters, and only occasionally. Supposedly it is deleted after if you don’t go all the way through, but I do not believe it. This data ends up in very weird places and they can go fuck themselves for it afaic.
Since some job offers require a linked in link, I maintain an empty page explaining why maintaining a LI account is a privacy and security hole. It turns out it works.
I am in India and this is the reason I have not verified till now. I do not know how LinkedIn has the audacity to ask for this level of personal detail. This seems dystopian to me.
LinkedIn is a social network and I wish there was an alternative.
I am in the USA (regrettably--my nation was conquered and subjugated long ago) and it IS dystopian, but there IS an alternative.
The alternative is stay far away from digital slavery. Keep out of the slaughterhouse. Never approach it, and denounce it with every breath and fiber of your being.
Do you have a phone? It's a surveillance device. Its entire purpose from day one was to enslave you. Do not participate.
The question is, how much are you willing to give up in order to obtain freedom? What lengths will you go to? How badly do you really want it?
You can verify yourself using company email address - maybe I am being naive to think that it’s much safer, but it’s way better than handing over your ID data.
I never understand why people supply too much info about themselves for small gains.
People at LinkedIn wants you to believe that your career is safe if you play by their games, but ironically they are one of the main reasons why companies nowadays are comfortable with hiring and firing fast.
> You can verify yourself using company email address
LinkedIn does not support smaller companies; it appears to rely on some kind of whitelist or known-enterprise system. This option is simply not available for at least 90% of users.
LinkedIn support will also blatantly lie to you when you ask them whether Persona is GDPR compliant and needed to activate your account.
Last year I was trying to setup a business LinkedIn page for SEO purposes, which meant I also had to create a personal account. After being told several times that I absolutely need to scan my ID card with that dodgy app I simply replied that I can't do it due to security concerns. After several weeks they unlocked my account anyway, but I suspect this would not happen if algorithms determined that I actually needed that account to find a job and pay my bills.
LinkedIn locked me out of my account, and wants me to verify via this same Persona company. I didn't read the terms but there's no way I'm giving Microsoft or its minions my govt id.
What this user missed is the affidavit option: you can get a piece of paper attested by a local authority and upload that instead, if you really really need a LinkedIn verified account.
I too found that my LinkedIn account had suddenly become “temporarily” disabled a little while ago, for reasons unspecified. I too was invited to share my government ID with some verification system to get back in again.
My friends were pestering me about having to have an X account to know what's going on and that it'll be fine if I don't engage with any conversation or even follow anyone. I created one, and started the usual "don't show me this" thing for the crap that comes up in the field by default.
I think my account was active for 10 minutes when it got blocked due to "suspicious activity" and locked. All I have to do now to activate is give them more of my information including my phone number.
I've had this same exact thing happen with Facebook and Instgram too. Facebook was probably no less than 5 years ago so this is not new. You can usually confirm your identity (which they do not know), using your phone number (which they do not have). Read that again. :) They ALL do this.
The kicker is you will not find any sympathy because they start with jurisdictions (3rd world) where they can get away with it and people will lecture you about how you must have done something because Facebook never asked for their phone number or blocked them.
I had Airbnb ask for my passport 10 years ago ffs and I did give it and they still didn't want to give me the place until the proprietor intervened and sorted it out. I had the same exact helpful comments about it online that I described above. "You must have done something", "You're full of shit, they don't ask for passport at all".
This attitude by my "fellow men" is what bothers me most about this whole thing.
And now it's global, the same people will probably go "what do you have to hide", "you show your passport at the border don't you?".
Right. Have you actually had anyone change their mind about it though? I am going to guess no. You probably heard a million different versions of how "that is different".
The trouble is, now it WILL be harder for you to find a job later. These policies are “your choice” like a diabetic taking insulin “chooses” to take insulin. If we actually treat things like this as a choice, the word loses all meaning.
My job hunting days are long over but you're right, LinkedIn et al are indulging in a form of blackmail with chicanery like this.
Having said that, I've noticed most resumes I receive have GitHub links over LinkedIn. We've advertised on LinkedIn with mixed results, employee referrals have always been more effective.
What a sad story. I feel sorry for this person. But it was very naive to put that data up in the first place. I recently tried to open a FB acct so I could connect with local community but within 2 days I was accused of being a bot and asked to start a video interview with a verification bot. That didn't happen, local community can do without me ;)
Thanks for writing this up. I didn't realize the privacy rot went so deep.
Aside from their AI-slopped newsfeed (F@#$!!!) which should have died long ago, this is atrocious. "Enshittification" was created just for this.
Sorry, I got sidetracked.
So LinkedIn’s 1st CEO Reid Hoffman who was all up in relationships with Epstein & Bone Saw, yakking it up with monsters is the place to store your employment history? To provide a blue checkmark? To feed into copliot & be sold to AI weapons vendors & gruesome thugs like Palantir’s CEO & Chairman? Yikes.
This is all bad, but I feel compelled to call out the “geolocation (inferred from your IP)” tidbit, because I can vouch that in the era of IPv4 scarcity, this value is often wildly wrong. When I’m at home, for the past 10 years, living in three different cities in that time, my ISP-granted IP address registered as incorrect locations (often by hundreds of miles) more often than not. And my mobile phone is always wrong, showing me in Colorado, St Louis, or North Carolina depending on the day. None of those locations are even close to correct.
It’s truly a shame we are allowing these companies to steal and share and abuse our personal data, and it’s even worse that even the very basics of that data are so often blatantly wrong.
Country-specific local job boards are best. Big tech companies (LinkedIn, Indeed, Glassdoor) are terrible for this purpose. Always apply directly on a potential employers' website, best through email if they accept that. Even printing your application and sending it by mail is a far better option than applying through LinkedIn or Indeed.
Sadly, LinkedIn has replaced email for initial contact after fairs or in-person client meetings. New real-world contacts look you up on LinkedIn and then use it to ask for things like your email address or mobile number. Because of this, I'm even verified :-(.
Even though I use LinkedIn basically the same way Internet Explorer was used in 2009 (purely as a Firefox or Chrome downloader but not for browsing). LinkedIn is my initial contact details exchange, but not the platform to communicate.
> Isn't that just all ai slop?
It is. I basically get zero useful input. Just biased, shallow rubbish. If there is valuable content it is usually cross-posted from authors who also run blogs I already follow.
It's still used for job hunting and recruiting unfortunately. I got a real message from a real recruiter for a 5k+ employee software company on it just last week. My friends and colleagues dealing with layoffs have had to update their profiles. :(
This process will be done in a way that you won’t even have to do it in 3min, it will be part of you phone wallet, and whenever you sign up you will be required to verify it there, essentially, all big tech will be having a copy of your biometric, and consequently, all three letter agencies too. Welcome to the tyranny of big tech!
> And look at who’s doing “Data Extraction and Analysis” — Anthropic, OpenAI, and Groqcloud. Three AI companies are processing your passport and selfie data.
That's quite cool, it means that soon models will be able to create a fake ID photos with real data.
I have I've worked on projects that require legal to get involved and you do end up with documents that sound excessively broad. I can see how one can paint a much grimmer picture from documents than what's happening in reality. It's good to point it out and force clarity out of these types of services.
[1]: https://www.linkedin.com/feed/update/urn:li:activity:7430615...
It use to be the default belief, throughout all of humanity, on how greed is bad and dangerous; yet for the last 100 years you'd think the complete opposite was the norm.
The fact that they do this is destructive to innovation and I'm not sure why we pretend it enables innovation. There's a thousands multi million dollar companies that I'm confident most users here could implement, but the major reason many don't is because to actually do it is far harder than what those companies build. People who understand that an unlisted link is not an actual security measure, that things need to actually be under lock and key.
I'm not saying we should go so far as make mistakes so punishable that no one can do anything but there needs to be some bar. There's so much gross incompetence that we're not even talking about incompetence; a far ways away from mistakes by competent people.
We are filtering out those with basic ethics. That's not a system we should be encouraging
The best fix that we can work on now in America is repealing the 17th amendment to restrengthen the federal system as a check on populist impulses, which can easily be manipulated by liars.
Even if the CEO believes it right now, what if the team responsible for the automatic-deletion merely did a soft-delete instead of a hard delete "just in case we want to use it for something else one day"?
I'm not a security expert so please correct me. Or if I'm on the right track please add more nuance because I'd like to know more and I'm sure others are interested
Btw, hashes aren't unique. I really do mean that an input doesn't have a unique output. If f(x)=y then there is some z such that f(z)=y.
Remember, a hash is a "one way function". It isn't invertible (that would defeat the purpose!). It is a surjective function. Meaning that reversing the function results in a non-unique output. In the hash style you're thinking of you try to make the output range so large that the likelihood of a collision is low (a salt making it even harder), but in a perceptual hash you want collisions, but only from certain subsets of the input.
In a typical hash your collision input should be in a random location (knowing x doesn't inform us about z). Knowledge of the input shouldn't give you knowledge of a valid collision. But in a perceptual hash you want collisions to be known. To exist in a localized region of the input (all z are near x. Perturbations of x).
https://en.wikipedia.org/wiki/Perceptual_hashing
If you let your legal team use such broad CYA language, it is usually because you are not sure what's going on and want CYA, or you actually want to keep the door open for broader use with those broader permissive legal terms. On the other hand, if you are sure that you will preserve user's privacy as you are stating in marketing materials, then you should put it in legal writing explicitly.
- someone finally reading the T&Cs
- legal drafting the T&Cs as broadly as possible
- the actual systems running at the time matching what’s in the T&Cs when legal last checked in
Maybe this is a point to make to the Persona CEO. If he wants to avoid a public issue like this then maybe some engineering effort and investment in this direction would be in his best interest.
Thus it is impossible to believe his words.
https://en.wikipedia.org/wiki/Know_your_customer
Infrastructure: AWS and Google Cloud Platform
Database: MongoDB
ETL/ELT: Confluent and DBT
Data Warehouse and Reporting: Sigma Computing and Snowflake
Trust needs to earned. It hasn't been.
The big stick doesn't really exist.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
Better look at their actions than take their slogans at face value. Applies to everyone
But I have such low faith in the platform that I would readily believe that once they think you're not going to continue adding value, they find unpleasant ways to extract the last bit of value that they reserve only for "ex"-users.
Yeah but the OP got spam within hours. That would be pretty unlikely to have coincided with a breach.
But LinkedIn probably sold the data, they have a dark pattern maze of privacy settings and most default to ON.
It amazing really. If you reached out to people and asked them for the information and graph that LinkedIn maintains, most employers would fire them.
I'm ashamed to say I worked at one such place for several months.
Apollo is probably the most comprehensive source for this. It's creepy as fuck.
It helps a lot but I still get a lot of sales goons. A lot of them follow up constantly too "hey what about that meeting invite I sent you why did you not attend"? My deleted email box is full of them (I instantly block them the minute I get an invite to anything from someone I don't know, and I wish Outlook had the ability to ban the entire origin domain too but it doesn't)
What do you mean by "intelligence platform"?
It's "intelligence platform" in the sense that you can gain a ton of information on individuals, organizations, and relationships that drive it all. If you can track how people move and interact between organizations, you can determine who someone is doing business with and even make an educated guess if that's a sale or interview.
I started writing about it almost 20 years ago: https://caseysoftware.com/blog/linkedin-intelligence-part-ii and turned it into a conference presentation called "Shattering Secrets with Social Media"
But there have been numerous proofs of concept over the years: https://en.wikipedia.org/wiki/Robin_Sage
Otherwise, LinkedIn can be quite useful in searching for a job, researching a company, or getting to know potential coworkers or hires.
Email spam is, to my mind, an inevitability. You should expect waves of spam, no matter what address you use; your email provider should offer reasonable filtering of the spam. Using a unique un-guessable email address, like any security through obscurity, can only get you so far.
It identifies users that visit your site and then shows their email, phone number and living place based on their Li profile ;))
After that, I never installed it again (but too late), and I bought a second (non-smart) phone.
It vacuumed the contacts and spammed them with "Join me on WhatsApp". One of the reasons for their initial exponential growth.
Confirmed 5 years later in media; https://www.bloomberg.com/news/articles/2013-09-20/linkedin-...
I also saw... not sure what to call them, but honeypot friend requests? I used to get regular requests from profiles I didn't recognize with a generic pretty woman (I'd assume stock photography). Since I ignored them, they would re-request on intervals that were exactly 90 or 180 days. I occasionally glanced at them and there seemed to be no rhyme nor reason to their friends. I'd assume this was also some type of scraping, probably for friends-only profile data.
Too much time / energy on your hands? You gave them a unique email ID (which is always the most sensible thing), that's it.
The non-sensible thing was to sign up kn the first place. Nobody needs these narcisstic, BS spewing pseudo-networking places.
I mean I got my last job through LinkedIn. I'm currently interviewing at a few places, half of which came from LinkedIn. So I personally clearly do need LinkedIn, unless you want to hire me.
Was forced to verify to get access to a new account. Like, an interstitial page that forced verification before even basic access.
Brief context for that: was being granted a salesnav licence, but to my work address with no account attached to it. Plus I had an existing salesnav trial underway on main account and didn't want to give access to that work.
So I reluctantly verified with my passport (!) and got access. Then looked at all the privacy settings to try to access what I'd given, but the full export was only sign up date and one other row in a csv. I switched off all the dark pattern ad settings that were default on, then tried to recall the name of the company. Lack of time meant I haven't been able to follow up. I was deeply uncomfortable with the whole process.
So now I've requested my info and deletion via the details in the post, from the work address.
One other concern is if my verified is ever forced to be my main, I'll be screwed for contacts and years of connections. So I'll try to shut it down soon when I'm sure we're done at work. But tbh I don't think the issues will end there either.
Why do these services have to suck so much. Why does money confer such power instead of goodwill, integrity and trust/trustless systems. Things have to change. Or, just stay off the grid. But that shouldn't have to be the choice. Where are the decentralised services. I'm increasingly serious about this.
I'm forced to verify to access my existing account.
I cannot delete it, nor opt out of 'being used for AI content' without first handing them over even more information I'm sure will be used for completely benign purposes.
About 24 hours later, when logging in to pick up where I left off, I'm redirected to a page that tells me that my account has been locked. For the safety of my account, I needed to verify my identity to continue.
I refused to do so, for the same reasons this article highlights. So I wanted to delete my account and never return. Guess what? You can't delete your account without first verifying.
It took me a few frustrating months of trying to email their DPO (data protection officer) and filling out forms, constantly being routed to regular support with very unhelpful support staff. I actually contacted the Irish data protection agency thing (I'm not Irish, but european), and while waiting for them to process the case, I miraculously got a reply from LinkedIn that my account deletion was being processed.
Quite an infuriating experience.
Kids in Oz were getting around social media age restrictions by holding up celeb photos. I doubt that'll work in this case, but I'd be tempted to start thinking of ways to circumvent.
At the risk of losing the account, it's a very bad situation they are forcing people into.
I understand, and even agree, that how this is being handled has some pretty creepy aspects. But one thing missing from the comments I see here and elsewhere is: How else should verification be handled? We have a real problem with AI/bots online these days, trust will be at a premium. How can we try to assure it? I can think of one way: Everyone must pay to be a member (there will still be fraud, but it will cost!). How else can we verify with a better set of tradeoffs?
There is some info from Persona CEO on (of course) LinkedIn, in response to a post from security researcher Brian Krebs: https://www.linkedin.com/posts/bkrebs_if-you-are-thinking-ab... . I note he's not verified, but he does pay for the service.
Many European countries have secure electronic identifications that are trusted by the government, banks etc.
Linkedin could easily use this to verify the identities.
Example of services where you can verify the identity with 35 different providers using a single API:
https://www.signicat.com/products/identity-proofing/eid-hub or https://www.scrive.com/products/eid-hub
I doubt it would take more than a sprint to integrate with this or other services.
There should be no verification. The idea of a single platform where every worker is listed, identified, and connected to other people he/she knows IRL is scary. It shouldn't exist.
Digital certification from the gov sounds a lot like "digital ID", which has run into considerable resistance in the UK and EU in just the last few months. As a general observation I find most EU citizens I interact with much more trusting of government than ... well, any other group of folks I have interacted with (I have the privilege of having lived and worked in S. America, N. America, sub Saharan Africa and now an EU country). If it does not fly well here, I don't think its general solution that most people would be comfortable with.
https://blogs.lse.ac.uk/europpblog/2025/10/09/britcard-uk-di...
They can do what they please. Its due to the network effects. The tie-ins of tech are so strong, I'd wager that %99 of why they succeed has nothing to do with competency or making a product for the user, just that people are too immobile to jump ship for too many reasons. Its staggering how much stronger this is than what people give credit for. Its as if you registered all your cells with a particular pain medication provider, and the idea of switching pills makes one go into acute neurosis.
Besides, its UX has decayed to a "Facebook for the employed", where John Doe praises himself for mastering a mandatory training at work or taking Introduction to HTML at "Harvard" via Coursera.
What's the story here?
ICE using Palantir tool that feeds on Medicaid data: https://news.ycombinator.com/item?id=46756117
On the other hand it can be hard to escape if it's for something that actually matters. Coursera is a customer. You might want your course achievements authenticated. The Canada Media Fund arranges monies for Canadian creators when their work lines up with various government sponsored DEI incentives. If you're in this world you will surely use Persona as required by them. Maybe you're applying for a trading account with Wealthsimple and have to have your ID verified. Or you want to rent a Lime Scooter and have to use them as part of the age verification process.
KYC platforms have a place. But we need legal guarantees around the use of our data. And places like Canada and Europe that are having discussions about digital sovereignty need to prioritize the creation of local alternatives.
Yes. In hell.
https://vmfunc.re/blog/persona
LinkedIn is full if so called professionals who make a living by leveraging their brand. If you‘re not one of them, leave
It’s used for keeping contacts, having your online resume in a standard place, and maybe messaging people.
The feed is a sideshow. It enrages a lot of people because it’s full of slop, but you need to treat it like almost everyone else: Ignore it. It’s a sideshow.
Also, I don’t recall where this setting is, but make the default behavior such that if someone finds you and tries to connect with you, they actually follow you instead. This cuts down aggressively on spammers because in order to actually connect with you they would have to view your profile, open the … menu, and then click connect. If they aren’t paying attention they’ll just follow you instead of connect which means you can broadcast to them but they can’t broadcast to you.
I do ignore the connections from random students though tbf.
Generally speaking, unless you operate at an elite level or at an elite institution, you're not getting a ton of worthwhile cold intros from recruiters.
Probably depends on the field but this definitely isn't always true. I've got my last two jobs through recruiters, and speaking to colleagues a lot of them do too.
> they can see your extended network, they know where you work, they find out all information you have shared with on your profile
This is public anyway though? Isn't that the point of LinkedIn?
> You also start to consume their content since you are connected.
I don't because I don't read LinkedIn. I pretty much only use it to get jobs. Although I have actually started posting technical stuff I've done there because people actually read it (I guess other people do read LinkedIn tbf!)
> Generally speaking, unless you operate at an elite level or at an elite institution, you're not getting a ton of worthwhile cold intros from recruiters.
I'm definitely not elite level and I would say ~20% of the jobs I get from LinkedIn recruiters are of interest. That's pretty good! Almost all of them are at least relevant to my field (silicon verification). Sometimes I get stuff about mechanical engineering validation, or software jobs that aren't relevant but that's pretty rare. It must depend on the field. Maybe the country too?
You can limit this. I don't think it's necessarily the point of LinkedIn - i.e. for others to connect with you and then have full visibility into all of the details of everyone you know and whatever you have on your profile. It's a bit naive to assume that operating in this manner doesn't make you a prime target for scammers, social engineers, hackers, &c., or even worse - solicitors.
> My experience is different
Yea, everyone has different experiences. I'm just describing how the platform generally works, as a matter of fact.
1. they are selling you as a target.
2. some people, governments, groups, whatever are willing to pay a lot of money to obtain information about you.
3. why would someone pay good money to target you unless they were going to profit from doing so. are they stupid? no.
4. where does that profit come from? If some one is willing to pay $100 to target you, how are they going to recoup that money?
5. From you.
There is simply no other way this can have worked for this long without this being true.
It is a long causal change, so it is fair to ask whether there is any empirical evidence. If this is true we would expect to see ...? Well how about prices going up? Well how about in general people are less able to afford housing, food, cars, etc.
I'm speculating here, but perhaps it is predictability. There is a common time warp fantasy about being able to go back and guess the future. You go back and bet on a sports game. If I can predict what you are going to do then I can place much more profitable bets.
Do the corporations that participate in this scheme provide mutual economic benefit? Do they contribute to the common wealth or are they parasitical?
No one likes to think they have parasites. But we all do these days.
At what point is that not enough for them to stop doing data brokerage or sharing?
This is why people sign up for LinkedIn.
They want to be targeted by companies for jobs. Or when they’re applying for a job, they want to be easily found by people at that company so they can see more information.
If you don’t want those things, you don’t need a LinkedIn page.
> Do the corporations that participate in this scheme provide mutual economic benefit? Do they contribute to the common wealth or are they parasitical?
You wrote a long hand wavey post but you stopped short of answering your own question.
The corporations who pay LinkedIn are doing so to recruit people for jobs. I’ve purchased LinkedIn premium for this purpose at different times.
After “targeting” those LinkedIn users, I eventually hired some of them for jobs. There’s your mutual economic benefit. This is why people use LinkedIn.
> It is a long causal change, so it is fair to ask whether there is any empirical evidence. If this is true we would expect to see ...? Well how about prices going up? Well how about in general people are less able to afford housing, food, cars, etc.
You think the root cause of inflation is… social media companies? This is an extraordinary claim that requires extraordinary evidence. You’re just observing two different things and convinced they’re correlated, while ignoring the obvious rebuttal that inflation existed and affordability changes happened before social media.
> Somehow the fundamentals of places like linkedin, gmail, google, facebook, etc have eluded people.
I think most people understand the fundamentals of LinkedIn better than you do, to be honest. It’s not a mystery why people sign up and maintain profiles.
What if it's just to find the most desperate worker for the lowest pay possible?
In your example, so what if they give the job to the most desperate worker instead of a different one at a higher price? Are we supposed to prefer that the desperate worker does not get the job and instead it goes to someone else at a higher rate?
If someone is desperate for a job because they really need work, I’d prefer that a platform help them get matched with jobs. Wouldn’t you? I think you’re so focused on penalizing corporations that you’re missing the obvious.
LinkedIn is slightly different, as it's fundamentally framed as a job board and recruiting platform. The paying customers are recruiters, and the product is access to the prospective candidates. Hence, LinkedIn offering for free services such as employee verification, work history verificarion, employee vouching, etc.
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
Not sure LinkedIn is a European professional network.
That's a hallmark of GPT spam, so it's not surprising there's hallucinations.
And of course those Europeans use LinkedIn for the network effect (even though LinkedIn is just a pathetic sad dead mall now, so most are doing so for an illusion), because other prior waves of Europeans also used LinkedIn, and so on. Domestic or regional alternatives falter because everyone demands they be on the "one" site.
The centralization of tech, largely to the US for a variety of reasons, has been an enormous, colossal mistake.
It's at this point I have to laud what China did. They simply banned foreign options in many spaces and healthy domestic options sprouted up overnight. Many countries need to start doing this, especially given that US tech is effectively an arm of a very hostile government that is waging intense diplomatic and trade warfare worldwide, especially against allies.
Well if you’re in a country Trump has threatened to invade, or already invaded, having a free country might require banning these American companies.
What you want is the social graph, but you are forced to also use FBs shitty app to access it. These social media apps never had a single useful feature besides the graph itself.
It happened last week too, I was able to fix it via their chat-help (human). Yesterday, their chat-help (human) was not able fix it and has to open a ticket. I pay for LinkedIn-Premium. So maybe this is just a scam to route me into Verification. Their help documents (https://www.linkedin.com/help/linkedin/answer/a1423367) for verifying emails doesn't match the current user experience.
Then, in a classic tech-paradox, their phone support person told me they would email me -- on the same address their system reports emails are not getting through to. It felt like 1996 levels of understanding.
We need to get back to de-centralised.
Then you might hit a wall where nobody can do anything because you're trapped in the gears of some byzantine IT system that decides what can and can't happen at any given time with any given situation.
Then there's the labyrinth of the phone system itself littered low-bit smooth jazz and awful menus not often alleviated by AI voice recognition (which in my experience can sometimes be worse than the older voice systems) and the back and forth from one department to the next either because of the above or because someone or something keeps sending you to the wrong people to get your problems addressed.
If it's not engineered, it's some kinda emergent eldritch abomination that has slowly accreted over the decades.
Do you block remote image loading? They are probably measuring via tracking pixels.
- that I just have "work email verified" and that there is a Persona thing I was not even aware of
- a post by Brian Krebs at the top of my feed, exactly on that topic: https://www.linkedin.com/posts/bkrebs_if-you-are-thinking-ab...
Of course, that works probably because my work has a linkedin account so they know what the official domain is for it.
I guess they'll spam that email but it's not like I care. I already receive spam offering me subcontracting services so I guess it's published somewhere.
And the content is the worst trash you'll find online, bottom of the barrel.
If LinkedIn asks me to verify then I'll just leave. I'd be very happy for it to fall over anyway so there is space for a new more ethical platform. Especially since Microsoft acquired it, all bets are off.
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
LinkedIn is an American product. The EU has had 20 years to create an equally successful and popular product, which it failed to do. American companies don’t owe your European nationalist ambitions a dime. Use their products at your own discretion.
Of course an American company is subject to American law. And of course an American company will prioritise other local, similar jurisdiction companies. And often times there’s no European option that competes on quality, price, etc to begin with. In other words I don’t see why any of this is somehow uniquely wrong to the OP.
> Here’s what the CLOUD Act does in plain language: it allows US law enforcement to force any US-based company to hand over data, even if that data is stored on a server outside the United States.
European law enforcement agencies have the same powers, which they easily exercise.
No they don’t, not in the way that is implied here. A German court can subpoena German companies. Even for 100% subsidiaries in other European or non-European countries, one needs to request legal assistance. Which then is evaluated based on local jurisdiction of the subsidiary, not the parent. Microsoft Germany as operator is subject to US law and access. See Wikipedia “American exceptionalism” for further examples.
I can see not everybody here will agree with me, but I find this take absolutely reasonable. The European space has the capacity and the resources to create a product that replaces something as trivial as Linkedin, and yet it takes the lazy approach of just using American products.
It's the same thing with China's manufactured products, at some point the rest of the world just accepted that everything gets done in China and then keep complaining about how abusive China can be.
The most recent issue is the military question. Europe relied for decades on the "cheap" protection of the USA. Now the USA gave the middle finger to Europe and Europe acts shocked, but Europe is not so shocked when it comes to the military budget it did not spend on self defense during all the time the Americans provided protection.
Fully agree. Europe expects some kids from nowheresville Tennessee to die in a ditch defending Ukraine. The war will be over the second they need to draft 18 year-olds at scale from anywhere in western Europe to go defend "Europe". Nobody in France will die defending Poland, nobody in Greece will die defending Latvia. The EU is such a joke.
Did you read the article? It's a dark pattern. It is an act that takes 3 minutes to perform. Yet it takes multiple days of reading legal documents to understand what actually happens. I would argue this feels wrong, to most people who interact with technology.
We have a set of laws here that companies are obliged to follow, regardless of where they are incorporated, so we expect that. We are used to having some basic human rights here, perhaps unlike most Americans these days.
Data processes and ownership of biometric data should be made explicitly clear. It shouldn't take days of reading to understand. It feels wrong to me too.
> Do you genuinely believe you are superior to the rest of the world?
This assertion wasn't made, in any way, by the person you're replying to, and it sounds as though it's being asked in anger. This entire conversation has been about data privacy and stewardship. The OP has pointed out, correctly, that there's nothing that has prevented a EU based professional social network from existing in a way that is satisfying for EU based data policy.
If you sign up on an American website, you've decided to do business with Americans in America. Why are you entitled to something that the people you are doing business with are not subject to?
If you don't vote, you don't count.
Regardless of the fact that LinkedIn is an American company, it is required to comply with the GDPR when operating within the European Union. I am not a lawyer, but I don't believe that there is evidence of full compliance here.
American companies "complying" with is only required insofar as the EU authorities can do anything about it - and that's the same dynamic that exists across all geo boundaries on the internet, that's not specifically American - see China and its great firewall. If an American company is taking steps to be in compliance with GDPR, it's because there is benefit in doing so.
WRT GDPR, I'd ask a clarification before continuing - you said "operating within the EU" - what does that mean? If I deploy a website, from America, onto American servers, and you can reach them from within the EU, am I "operating within the EU"? I'm not trying to be coy by asking this, I actually don't know the extent to which I agree or disagree with you.
While OP is quite aggressive here, there is a nugget of truth: innovation doesn't happen because "we have the best lawyers" or "the best regulations". Maybe some self-criticism would be warranted to solve the problem.
Also nothing forces Europeans to use LinkedIn. I deleted my account long ago after getting search requests from NSA-adjacent private intel companies.
Below you can find the relevant GDPR excerpt. But before that, let me add to the coment below that US companies only comply with what EU institutions can enforce and what suits them; which is normal, since China does the same. Well, it couldn’t have been said better: in fact, we’re beginning to view you the same way we view China. And China innovates a lot, right?
"Article 3 – Territorial scope (GDPR)
This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law."
You speak about China: their government is very eager to favor local alternatives, which helps fund the local ecosystem.
In contrast, Euro countries don't generally procure office software from elsewhere than US companies (especially, Microsoft). It's always talk, talk, when the time for action comes, everyone looks at their shoes and signs the contract from the US company.
Even the European commission does the same, and filed a lawsuit against their own regulatory body after it pointed out that MS Office 365 wasn't fully compliant with the EC's own privacy rules! Rules for thee, not for me, as always with the EC.[0]
So yeah, regulations and laws don't replace political will and action. Especially when we talk about the EU, where hypocrisy and lobbying is at its highest.
[0] https://www.freevacy.com/news/official-journal-of-the-europe...
The scenario being portrayed is one in which the law of the strongest prevails over the rule of law. As a European, coming from the continent that gave birth to the rule of law, I find all of this appalling. And I am sorry to hear that a fellow European thinks along the same lines. I don’t believe this is realism; rather, it is surrender.
Guess who holds the guns that protect Europe right now? So yeah, either comply, leave (what I did), or create an alternative. The EU had Viadeo[0], it could have pushed it to have an alternative. It didn't.
[0]: https://en.wikipedia.org/wiki/Viadeo
I view the dynamic from the opposite direction. You might think that that the EU is starting to view America the same way it views china, but in actuality the EU is starting to behave more like China. The wheels of a great firewall for the EU have been turning for some time already.
Listen, I'm truly sorry to be so direct but you sound like exactly the kind of person that needs to hear this.
> Europe does not lack capable lawyers or regulatory expertise. I will be forwarding the relevant material to contacts of mine working within the European institutions in Brussels.
Who do you think - between the current US government and the kinds of global, powerful tech behemoths being discussed in this article - gives a single flying fuck about more European lawyers and more European regulation? You literally didn't get the first thing about the point I made. You perfectly played out that classic trope we've all come to know. How about instead of lawyers and regulation Europe actually produces a successful competitor that challenges LinkedIn in any successful manner? What makes you think an army of lawyers and some more regulation are going to change simple, obvious facts about Europe's decline in productivity, innovation, etc?
Listen. The reason not a single worthy competitor has come out of Europe is because Europe just doesn't have what it takes. And it never will have what it takes, because the mindset is exactly what you're demonstrating here: EU is not out to actually build anything useful, it's about hiring armies of lawyers and creating paperwork and regulation nobody has asked for. Your funds and money should go to technology, competitiveness, tech education - not this lawfare nonsense. The EU right now doesn't have the right people, the work ethic, the funds, the innovation, the will to challenge and dream big, the incentives to bet big on tech. You know it, I know it, everybody else knows it. But please, tell us more about how we need a bit more lawyers twiddling their thumbs on the tax payers' bill.
You need to understand something quickly: Europe depends sorely on the US and China. You don't change that through lawyers. Europe is behind on every front.
The reason we didn't was critical mass. Everyone was already on linkedin and there wasn't really a reason to pick something else until the US started becoming a nuisance. It's marketing, not technical.
I'm sure an EU alternative will come up now that the US is no longer a trustworthy partner. A lot of people like myself now have ethical issues with using american products (especially from big tech) and there's a lot of demand for EU-local stuff that wasn't there before.
This is all hot air. If it's so easy to build, it would've been built by now. I bet you that there won't be a single successful European LinkedIn competitor - not for the past 20 years, not now, and not for the next 20. Europe is fundamentally at a deep state of decay at every level. The only way anything might be built, is by banning the competition. At which point you might as-well just forget about a social network for professionals entirely, because you're probably working at a gulag and there's no job hopping to be done anyways :)
I guess Americans wouldn't like to buy from Nazi Germany in 1942 and so do I with buying US-American in 2026
This all seems to miss the point, which is: why does the US create so much stuff that Europe doesn't? Turning that useful reflective question into an attack on Americans sounds perfect if you want to refuse to work it out and change accordingly.
Because the US had so much venture capital, during the time of the low interest rates it was basically free money so they could afford to throw it to the wall and see what sticks. 90% of them would sink but it didn't matter. That doesn't fly here.
Then, they used that money to subsidise adoption, and then once the users were hooked into rent extraction as the OP mentioned. We call this process enshittification these days, and it's a really predatory business practice.
European companies don't do that as much because we have more guardrails against it, and more importantly we didn't have random cash sloshing up the walls. American could do that especially because of the petrodollar. Once the dollar loses its international status it will be a lot harder to do (and it already is due to the rising interest rates).
It was no surprise that exactly with the rising interest rates all the companies started tightening up their subscriptions. Netflix, amazon, all exploding in cost and introducing ads. Same with meta's platforms.
Military is just for defence against baddies and liberating countries from dictators etc
Yes or that using strength to one's advantage is necessarily bad.
Oh please.
As a fairly vociferous eu person....I fully agree.
However, gdpr covers all eu residents, so if US companies don't want to obey eu law, that'sa fine, too.
LinkedIn doesn't need to obey to EU law. It needs to obey to American law, which allows LinkedIn to do business with anybody (other than people from sanctioned countries) whilst complying with US law. EU's laws don't matter in the US. The EU can sue LinkedIn, but LinkedIn can just safely ignore any lawsuits and ignore sanctions, because they are an American company subject to American laws.
EU citizens are willingly subscribing to an American service, then complain the American service doesn't abide by EU laws. That's laughable at every level, to any individual with a modicum of intelligence. If you don't agree to the terms, don't use LinkedIn. You are not entitled to anything.
"Designated Countries. We use the term “Designated Countries” to refer to countries in the European Union (EU), European Economic Area (EEA), and Switzerland."
"If you reside in the “Designated Countries”, you are entering into this Contract with LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”) and LinkedIn Ireland will be the controller of your personal data provided to, or collected by or for, or processed in connection with our Services."
"If you live in the Designated Countries, the laws of Ireland govern all claims related to LinkedIn's provision of the Services" "With respect to jurisdiction, you and LinkedIn agree to choose the courts of the country to which we direct your Services where you have habitual residence for all disputes arising out of or relating to this User Agreement, or in the alternative, you may choose the responsible court in Ireland."
Source: https://www.linkedin.com/legal/user-agreement
I'm not sure from where you got your information.
According to LinkedIn, they have over 2,000 employees in Dublin alone.
> LinkedIn doesn't need to obey to EU law.
This is false. A company must follow the law of the jurisdictions where it operates.
Yes, they do.
> If you don't agree to the terms, don't use LinkedIn.
We agree on that.
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Claiming "the EU had 20 years to build an equally successful product" is the geopolitical equivalent of a deeply dysfunctional 1950s household. For decades, the husband insisted he handle all the enterprise and security so he could remain the undisputed head of the family. Then, after squandering his focus on a two-decade drunken military bender in the Middle East, he stumbles home, realizes he's overextended, and screams at his wife for not having her own Silicon Valley corner office, completely ignoring that he was the one who ruthlessly bought out her ventures and demanded her dependence in the first place.
America engineered a digitally dependent Europe because it funneled global data straight to US monopolies. To blame Europeans for playing the exact role the US forced them into is historical gaslighting. And pretending the CLOUD Act's global, extraterritorial overreach is the same as local EU law enforcement is just the icing on the delusion cake.
A Microsoft official explained during a french parliamentary session that he couldn't guarantee that the State data was safe from US requests. It created a shockwave, as everyone discovered what was evident from the start.
Of course, nothing happened, and they renewed every contract since then. We could talk about the F35 procurement.
This predates Trump II by the way, they did have more foresight than a lot of EU institutions.
Things have changed for sure but big ships take long to turn.
La suite is a lot bigger than that. And parts are actually being used already. They recently started using the meeting component called visio.
And where's all of this evidence of this hidden extraordinary European talent and ability that just needs to be unleashed given some more lawyers and regulation?
This is a joke.
America wanted a weak Europe, to be dependent on them so they would have geopolitical influence. They basically bought influence. They didn't want us to have nukes to defend ourselves from the Russians (the French are frowned upon and the British don't really have their own, they are beholden to the US). It also gave them a huge market for their products and services (and no there was no imbalance if you take services into account which Trump doesn't).
Then Trump comes and complains that we're not investing equally. Well no, but this was exactly as his predecessors designed. Now we will build it up but of course we will need to build our own nuclear umbrella and we will no longer give the US its influence it previously had, obviously.
We also don't need quite as much military expenditure anyway because we're just looking to defend ourselves, not trample oil-producing countries. The only times we did that were exactly due to the US' bought influence.
100% in agreement
> To blame Europeans for playing the exact role the US forced them into is historical gaslighting.
Hear hear
On the other hand I see many people posting in official capacity for an organization without verification.
When they actively represent their current company but with a random verification from a previous one it gets pretty absurd.
In its current form LinkedIn verification is pretty worthless as a trust signal.
"Your European passport is one quiet subpoena away"
Why does the subpoena need to be quiet? If I search my chats with ChatGPT for the word "quiet", I get a ridiculous number of results. "Quietly this, quietly that". It's almost like the new em dash.
There's many others all over this blog post I won't bother calling out.
"Understanding what I actually agreed to took me an entire weekend reading 34 pages of legal documents."
Yeah I'll bet it did. Or it took an hour of back and forth with ChatGPT loaded up with those 34 pages.
I get it, we all use AI, but I'm just so tired of seeing the unmistakable mark of AI language all over every single thing. For some reason it just makes me think "this person is lazy". The CEO of a company my friend works for used Claude to write an important letter to business partners recently and we were all galled at her lack of awareness of how AI-sloppified the thing was. I guess people just don't care anymore.
When people leave in things like staccato language and Blogspot era emphasis, I feel like I might as well copy the Persona privacy policy and prompt my own AI(s) on the topic and read that instead.
That's exactly what I was thinking when I read that line. And there's nothing necessarily wrong with using AI to help decipher large legal documents, just be honest about it.
There's so many angles of grind with this kind of thing that big tech has gradually normalised.
We regulated innovation out of the market. Why are you surprises that the only companies finding your data valuable are in the US?
Does anyone else get the impression that they feel like the nefarious surveillance state is now real and definitely not for their benefit?
It's been a long running trope of the men in black, and the state listening to your phone calls, etc. Even after Snowdon's leaks, where we learned that there are these massive dragnets scooping up personal information, it didn't feel real. It felt distant and possibly could have been a "probably good thing" that is it was needed to catch "the real bad guys".
It feels different now. Since last year, it feels like the walls are closing in a bit and that now the US is becoming... well, I can't find the words, but it's not good.
The government should provide an API or interface to validate a user, essentially acting just like an SSO. Instead of forcing users to upload raw passport scans to a third-party data broker, LinkedIn should just hit a government endpoint that returns an anonymized token or a simple boolean confirming "yes, this is a real, unique person." It gives platforms the sybil resistance they need without leaking the underlying PII.
I've been documenting this pattern in AI apps specifically. The number of companies shipping to production with Firebase rules set to "allow read: if true" or Supabase databases with no Row Level Security is staggering. The identity data people hand over during verification often ends up in databases with zero access controls.
LinkedIn at least has a security team. Most AI startups shipping verification flows don't.
https://news.ycombinator.com/item?id=44435997
For each role I had described some of the tasks and accomplishments and this was used in the phishing message.
Since then, I removed my photo, changed my name only to initials and removed all the role-specific information.
It's a bit of a bummer as I'm currently in the process of looking for a new job and unfortunately having a LinkedIn profile is still required in some places, but once I find it, I'll delete my profile.
For remote jobs with remote interviews, not having a LinkedIn page or having a LinkedIn page full of generic information that can be disproven by a quick background check are common traits of scam applicants.
A friend’s employer started requiring more verification after they hired a group of remote workers who would some times connect from North Korean IPs when they made a mistake with their VPN.
I guess I'll just be in the corner crossing my fingers none of it is found in a hostile foreign land or used against me.
Did you actually follow through with 1-4 and if so what was the outcome? how long did it take?
I was under the impression they just make database products. Do they have a side hustle involving collecting this type of data?
It can be some more nefarious use, but it can also just be that they (persona in this case) use their services to process/store your data.
> Hesitation detection — they tracked whether I paused during the process
> They use uploaded images of identity documents — that’s my passport — to train their AI.
> Persona’s Terms of Service cap their liability at $50 USD.
> They also include mandatory binding arbitration — no court, no jury, no class action.
Every hiring process I've been through already requires proof of identity at some point. Background checks, I-9s, whatever it may be. So you're essentially handing your ID to a third party just to get a badge that doesn't skip any steps you'd have to do anyway.
Depends on the company, but in a competitive job market any extra signal can help.
There are a crazy number of fake LinkedIn profiles out there that are used for scamming companies or people.
(whether it actually does or the monkeys now got a steady source of fake/stolen IDs is another matter)
Because it should still be my choice as to what you do with it, which data you associate with it, and how you store it. Removing that choice is anti-privacy.
When your face is on your LinkedIn profile, anyone can download it and do whatever they want with it. Legally. Here, the vendor has to tell you how they use it.
Why is that your assumption?
I'd consider that a feature that would increase trust in such a platform. These platforms require trust, right?
So that means you are participating in the evil that KYC services are.
It's a strange logic. "Evil thing X will happen anyway so it's acceptable for me to work in a company doing evil thing X". You should be ashamed of building searchable databases of faces
So, in aggregate, all 17 data leeches are getting info. They are not getting info on all you users, but different subsets hit different subsets of the "subprocessors" you use.
And there's literally no way of knowing whether or not my data hits "two" or "three" or all 17 "at the most".
> but especially your _face_ is going to be _everywhere_ on the internet. Who are we kidding here? Why would _that_ be the problem?
If you don't see this as a problem, you are a part of the problem
> If you don't see this as a problem, you are a part of the problem
I think you're misunderstanding me. I'm just saying that there are way bigger fish to fry in terms of privacy on the internet than passport data. In the end, your face is on every store's CCTV camera, your every friends phone, and every school yearbook since you were a kid. Unless you ask all of them to also delete it once they are done with it.
By the way, ever since facebook was a thing I always asked my friends not to tag me in any photos and took similar measures at every opportunity to keep my data somewhat private.
That is, multiple regulations already explicitly restrict the amount of data you can collect and pass on to third parties.
And yet you're here saying "it's not that bad, we don't send eggregious amounts of data to all 17 data brokers at once, inly to 2 or 3 at a time, no big deal"
> In the end, your face is on every store's CCTV camera, your every friends phone
If you don't see how this is a problem already, and is now exacerbated by huge databases cross-referencing your entire life, you are a part of the problem
Obviously our faces are public, but there’s no easy way to tie it to all my PII unless I give it to them.
The straight-from-LLM writing style is incredibly grating and does a massive disservice to its importance. It really does not take that long to rewrite it a bit.
I hope at least he wrote it on his local Llama instance, else it's truly peak irony.
> Here’s the thing about the DPF: it’s the replacement for Privacy Shield, which the European Court of Justice killed in 2020. The reason? US surveillance laws made it impossible to guarantee European data was safe.
> The DPF exists because the US signed an Executive Order (14086) promising to behave better. But an Executive Order is not a law. It’s a presidential decision. It can be changed or revoked by any future president with a pen stroke.
This understates the reality: the DPF is already dead. Double dead, two separate headshots.
Its validity is based on the existence of a US oversight board and redress mechanism that is required to remain free of executive influence.
1. This board is required to have at least 3 members. It has had 1 member since Trump fired three Democrat members in Jan 2025 (besides a 2-week reinstatement period).
2. Trump's EO 14215 of Feb 2025 has brought (among other agencies) the FTC - which enforces compliance with the DPF - under presidential supervision. This is still in effect.
Of course, everyone that matters knows this, but it doesn't matter, as it was all a bunch of pretend from day 1. Rules for thee but not for me, as always. But what else can we expect in a world where the biggest economy is ruled by a serial rapist.
You read and agreed with the terms explicitly stating the data would be used to do those things, and it was not at all necessary for you to do that. What else do you want? It seems like consent isn't the issue. You just don't like what this company does, and still volunteer your data for them to do just that. Now you regret it and write a blog post?
One thing is to be tricked or misled, or for a government to force your face to be scanned and shared with a third party. Another is to have terms explicitly saying this will be done, requiring explicit agreement, and no one forcing you to do it.
When the author says that Persona claims the "legitimate interest" basis for these data, they're saying that Persona is trying to achieve maximum flexibility for using the data (since "consent" generally requires specific agreement on a specific use for the data, and the burden of maintaining the consent records, where "legitimate interest" does not).
https://www.bulletproof.co.uk/blog/consent-vs-legitimate-int...
This is where I disagree. You basically have to use LinkedIn to participate in today’s job market. These large platforms that are protected by network effects should be highly regulated so they cannot abuse your privacy and rights.
In many companies, you don’t need to bother applying without a LinkedIn profile. You’re not even going to be considered for a position, full stop.
Hiding all this very important info (which literally affects the users life) behind an insignificant boring click! Even the most paranoid user will give up in certain use cases, (like with covid 19 which even though didn´t agree, you needed to travel, work making it compulsory). Every company that uses deciving techniques like this should be banned in Europe.
Less off topic -- there are some black hat marketers that (I think) buy or create verified profiles with attractive women, then they use the accounts for b2b sales through linkedin DMs. I find that amusing. Neutered corpo bois are apparently big poon hounds. Makes sense when you think about it -- that type of guy is craving female attention and probably does not have the balls to do anything in real life, so a polite DM from a fake linkedin thot would be appealing.
I was once part of the process of creating one. After two rounds, business decided too much money is wasted here and all the nonsense will stay. Better to have too much listed than too little.
Is there anything special about a passport photo, or can that be done from any photo of your face?
I resolved everything except LinkedIn. They required Persona verification to restore access, but I'd already recently verified with Persona, so clicking the re-verification links just returned a Catch-22 "you've already verified with us." LinkedIn support is unreachable unless you're signed into an account. I tried direct emails, webforms, DMs to LinkedIn Help on Twitter, all completely ignored.
Eventually some cooldown timer must have expired, because Persona finally let me re-verify last week. Upon regaining access, I was encouraged me to verify with Persona AGAIN, this time for the verified badge.
I now have a taste of what "digital underclass" means, and look forward to the day when no part of my income depends on horrible platforms that make me desperate for the opportunity to give away my personal data!
For US companies use their (typically Dublin) European HQs.
The maximum fine wasn't even achieved by Facebook, after years and many blatant GDPR cases. Do you really think someone is getting a fine for not replying to a subject access request in due time? If so I have a very good bridge to sell you, and that bridge has more probability to exist than Amazon getting any kind of GDPR fine for not acknowledging a SAR.
We are moving into the opposite direction. Drink a verification can.
However, they have a very generous free trial for sales/recruitment. You could probably activate it and get real support.
Stop using LinkedIn, and stop using these terrible services that rip away our privacy.
Anyway, I found that too much of a hassle and switched to other LLM providers.
A few months back I was evaluating one of the GPT-5 models for a side project. Turns out streaming via the API requires org verification, and I decided to look elsewhere.
In hindsight, a good decision given what just came out about Persona.
AWS EU region is not doing much, and I suspect most companies run on US providers. EU needs independent platform for this to matter.
I’m so tired of all these covert ops run by these businesses. They aren’t going to stop until there is a heavy price to pay.
The need / demand for some verification system might be growing though as I’ve heard fraudulent job application (people applying for jobs using fake identities… for whatever reason) is a growing trend.
I gave in and verified. Persona was the vendor then too. Their web app required me to look straight forward into my camera, then turn my head to the left and right. To me it felt like a blatant data collection scheme rather than something that is providing security. I couldn't find anyone talking about this online at the time.
I ended up finding a job through my Linkedin network that I don't think I could have found any other way. I don't know if it was worth getting "verified".
---
Related: something else that I find weird. After the Linkedin verification incident, my family went to Europe. When we returned to the US, the immigration agent had my wife and I look into a web cam, then he greeted my wife and I by name without handling our passports. He had to ask for the passport of our 7 month old son. They clearly have some kind of photo recognition software. Where did they get the data for that? I am not enrolled in Global Entry nor TSA PreCheck. I doubt my passport photo alone is enough data for photo recognition.
It's not. The developers' bubble we're in on the HN is invisibly tiny compared to the real life. And normies are not only perfectly happy uploading all their PII to Persona - they won't even understand what's wrong with that.
Do we know how they get that? Because my fingerprints are also in there, so...
And indeed, fingerprints are only accessible using privileged access. Not even you, the passport holder, has access.
And FP is a much worse modality to have registered because, as opposed to Face image, fingerprint is not affected by age. So that will match you 99.999999% for ever. Faces change.
Well they made it. They conquered the recruitment scene and I can’t think of a company I’d wish had gone out of business sooner.
Am I wrong?
0. https://www.inc.com/joe-procopio/you-cant-find-a-job-because...
tl;dr Persona shares your identity data directly with the federal governments of the US and Canada and likely is sharing data/works with ICE on the same.
The OP is right. For that reason we started migrating all of our cloud-based services out of USA into EU data centers with EU companies behind them. We are basically 80% there. The last 20% remaining are not the difficult ones - they are just not really that important to care that much at this point but the long terms intention is a 100% disconnect.
On IDV security:
When you send your document to an IDV company (be that in USA or elsewhere) they do not have the automatic right to train on your data without explicit consent. They have been a few pretty big class action lawsuits in the past around this but I also believe that the legal frameworks are simply not strong enough to deter abuse or negligence.
That being said, everyone reading this must realise that with large datasets it is practically very likely to miss-label data and it is hard to prove that this is not happening at scale. At the end of the day it will be a query running against a database and with huge volumes it might catch more than it should. Once the data is selected for training and trained on, it is impossible to undo the damage. You can delete the training artefact after the fact of course but the weights of the models are already re-balanced with the said data unless you train from scratch which nobody does.
I think everyone should assume that their data, be that source code, biometrics, or whatever, is already used for training without consent and we don't have the legal frameworks to protect you against such actions - in fact we have the opposite. The only control you have is not to participate.
Actually Steve Blank has a great talk on the roots of Silicon Valley. SV basically built upon military tech meeting private equity. That's why it's wildly different than say Berlin startup scene, and their products are global and free.
https://www.youtube.com/watch?v=ZTC_RxWN_xo
In any case, I don't know how much more ad money they'll extract from knowing what I look like. Maybe beauty products?
As a blogging platform it seems like a mess of fake posturing. Recruiters use it, but that mostly means you get lots of spam. You can find a job without LinkedIn. I deleted my account about a decade ago and feel increasingly justified every time I read about the current state of affairs.
After deleting I got a job from HN "who's hiring", joined a friend's company, and now freelance.
Don't forget that if you fly to a country you are also bound by their laws. They can do anything to you as long as they can make it stick under their laws. It's one thing that people often don't realise when flying somewhere, you are basically giving a blanket submission to their laws!
For this reason I have a long blacklist of countries I won't visit because they have laws I do not accept.
It won't be long before we'll be required to verify ID for every major website.
Could never find any explanation why I was targeted by this - it said it detected “suspicious activity” but I only ever interacted with recruiters, and only occasionally. Supposedly it is deleted after if you don’t go all the way through, but I do not believe it. This data ends up in very weird places and they can go fuck themselves for it afaic.
> The reason? US surveillance laws […]
This slop in every blog post? Fucking tiresome.
So it was nothing special for me.
They do it for all MSFT related stuff I guess.
Also, the content on LinkedIn is terrible and fake.
Need to start shunning these bad actors.
LinkedIn is a social network and I wish there was an alternative.
The alternative is stay far away from digital slavery. Keep out of the slaughterhouse. Never approach it, and denounce it with every breath and fiber of your being.
Do you have a phone? It's a surveillance device. Its entire purpose from day one was to enslave you. Do not participate.
The question is, how much are you willing to give up in order to obtain freedom? What lengths will you go to? How badly do you really want it?
I never understand why people supply too much info about themselves for small gains.
People at LinkedIn wants you to believe that your career is safe if you play by their games, but ironically they are one of the main reasons why companies nowadays are comfortable with hiring and firing fast.
LinkedIn does not support smaller companies; it appears to rely on some kind of whitelist or known-enterprise system. This option is simply not available for at least 90% of users.
Pity, but even then is it worth to hand over your very personal data to multiple companies for the sake of blue tick? Not judging, genuine question.
Last year I was trying to setup a business LinkedIn page for SEO purposes, which meant I also had to create a personal account. After being told several times that I absolutely need to scan my ID card with that dodgy app I simply replied that I can't do it due to security concerns. After several weeks they unlocked my account anyway, but I suspect this would not happen if algorithms determined that I actually needed that account to find a job and pay my bills.
https://en.wikipedia.org/wiki/Paravision_(identity_verificat...
;)
What this user missed is the affidavit option: you can get a piece of paper attested by a local authority and upload that instead, if you really really need a LinkedIn verified account.
Microsoft can go jump.
I too declined on privacy grounds.
I think my account was active for 10 minutes when it got blocked due to "suspicious activity" and locked. All I have to do now to activate is give them more of my information including my phone number.
I've had this same exact thing happen with Facebook and Instgram too. Facebook was probably no less than 5 years ago so this is not new. You can usually confirm your identity (which they do not know), using your phone number (which they do not have). Read that again. :) They ALL do this.
The kicker is you will not find any sympathy because they start with jurisdictions (3rd world) where they can get away with it and people will lecture you about how you must have done something because Facebook never asked for their phone number or blocked them.
I had Airbnb ask for my passport 10 years ago ffs and I did give it and they still didn't want to give me the place until the proprietor intervened and sorted it out. I had the same exact helpful comments about it online that I described above. "You must have done something", "You're full of shit, they don't ask for passport at all".
This attitude by my "fellow men" is what bothers me most about this whole thing.
And now it's global, the same people will probably go "what do you have to hide", "you show your passport at the border don't you?".
I usually say "great, can I install a camera in your bathroom? No? Do you have anything to hide? This is what it feels like to me."
Having said that, I've noticed most resumes I receive have GitHub links over LinkedIn. We've advertised on LinkedIn with mixed results, employee referrals have always been more effective.
dropped linkedin after ten years due to an id request.
hurts but if EVERYONE SAID NO it would be better tomorrow.
Aside from their AI-slopped newsfeed (F@#$!!!) which should have died long ago, this is atrocious. "Enshittification" was created just for this. Sorry, I got sidetracked.
Isn't there anyone from LinkedIn here??
It’s truly a shame we are allowing these companies to steal and share and abuse our personal data, and it’s even worse that even the very basics of that data are so often blatantly wrong.
Sadly, LinkedIn has replaced email for initial contact after fairs or in-person client meetings. New real-world contacts look you up on LinkedIn and then use it to ask for things like your email address or mobile number. Because of this, I'm even verified :-(.
Even though I use LinkedIn basically the same way Internet Explorer was used in 2009 (purely as a Firefox or Chrome downloader but not for browsing). LinkedIn is my initial contact details exchange, but not the platform to communicate.
> Isn't that just all ai slop?
It is. I basically get zero useful input. Just biased, shallow rubbish. If there is valuable content it is usually cross-posted from authors who also run blogs I already follow.
Edit: Spelling, grammar, style
Once it's a human contact Ai slop doesn't impact you.
Previous article: https://thelocalstack.eu/posts/ai-chatbot-gdpr-data-request/
All from a single blog post:
> that’s not just text, that’s biometric data.
> This isn’t a chat log. It’s a structured psychological profile.
> Not raw conversations — processed insights about who I am, how I think, what I fear, and what motivates me.
> They’re not just storing what you said — they’re analyzing who you are.
> They’re not just answering questions — they’re building a map of what you’re curious about, what you’re planning, what you’re worried about.
> Not because I trusted it — but because it was convenient not to think about trust at all.
> A profile this detailed isn’t just a record. It’s a tool.
> The oracle isn’t neutral. The oracle is taking notes.
> Not because I’m paranoid — because it’s true.
> Do it. Not because you need to delete everything — but because you should know what “free” or even “paid” really costs.
While copying and pasting all of this I read this at the end:
> I need to be honest about something: I wrote this post with an AI. Not just edited by AI. Written with it.
Wouldn't fool anyone anyway
That's quite cool, it means that soon models will be able to create a fake ID photos with real data.
I'm so excited about it! /s