Posted by ColinWright 15 hours ago
- No personal data processed is used for AI/model training. Data is exclusively used to confirm your identity.
- All biometric personal data is deleted immediately after processing.
- All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.
- The only subprocessors (8) used to verify your identity are: AWS, Confluent, DBT, ElasticSearch, Google Cloud Platform, MongoDB, Sigma Computing, Snowflake
I have I've worked on projects that require legal to get involved and you do end up with documents that sound excessively broad. I can see how one can paint a much grimmer picture from documents than what's happening in reality. It's good to point it out and force clarity out of these types of services.
[1]: https://www.linkedin.com/feed/update/urn:li:activity:7430615...
It use to be the default belief, throughout all of humanity, on how greed is bad and dangerous; yet for the last 100 years you'd think the complete opposite was the norm.
> when they are only incentivized to lie, cheat, and steal
The fact that they do this is destructive to innovation and I'm not sure why we pretend it enables innovation. There's a thousands multi million dollar companies that I'm confident most users here could implement, but the major reason many don't is because to actually do it is far harder than what those companies build. People who understand that an unlisted link is not an actual security measure, that things need to actually be under lock and key.
I'm not saying we should go so far as make mistakes so punishable that no one can do anything but there needs to be some bar. There's so much gross incompetence that we're not even talking about incompetence; a far ways away from mistakes by competent people.
We are filtering out those with basic ethics. That's not a system we should be encouraging
The best fix that we can work on now in America is repealing the 17th amendment to restrengthen the federal system as a check on populist impulses, which can easily be manipulated by liars.
Even if the CEO believes it right now, what if the team responsible for the automatic-deletion merely did a soft-delete instead of a hard delete "just in case we want to use it for something else one day"?
> - All biometric personal data is deleted immediately after processing.
I'm not a security expert so please correct me. Or if I'm on the right track please add more nuance because I'd like to know more and I'm sure others are interested
Btw, hashes aren't unique. I really do mean that an input doesn't have a unique output. If f(x)=y then there is some z such that f(z)=y.
Remember, a hash is a "one way function". It isn't invertible (that would defeat the purpose!). It is a surjective function. Meaning that reversing the function results in a non-unique output. In the hash style you're thinking of you try to make the output range so large that the likelihood of a collision is low (a salt making it even harder), but in a perceptual hash you want collisions, but only from certain subsets of the input.
In a typical hash your collision input should be in a random location (knowing x doesn't inform us about z). Knowledge of the input shouldn't give you knowledge of a valid collision. But in a perceptual hash you want collisions to be known. To exist in a localized region of the input (all z are near x. Perturbations of x).
If you let your legal team use such broad CYA language, it is usually because you are not sure what's going on and want CYA, or you actually want to keep the door open for broader use with those broader permissive legal terms. On the other hand, if you are sure that you will preserve user's privacy as you are stating in marketing materials, then you should put it in legal writing explicitly.
- someone finally reading the T&Cs
- legal drafting the T&Cs as broadly as possible
- the actual systems running at the time matching what’s in the T&Cs when legal last checked in
Maybe this is a point to make to the Persona CEO. If he wants to avoid a public issue like this then maybe some engineering effort and investment in this direction would be in his best interest.
Thus it is impossible to believe his words.
Infrastructure: AWS and Google Cloud Platform
Database: MongoDB
ETL/ELT: Confluent and DBT
Data Warehouse and Reporting: Sigma Computing and Snowflake
Trust needs to earned. It hasn't been.
The big stick doesn't really exist.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
Better look at their actions than take their slogans at face value. Applies to everyone
But I have such low faith in the platform that I would readily believe that once they think you're not going to continue adding value, they find unpleasant ways to extract the last bit of value that they reserve only for "ex"-users.
Yeah but the OP got spam within hours. That would be pretty unlikely to have coincided with a breach.
But LinkedIn probably sold the data, they have a dark pattern maze of privacy settings and most default to ON.
It amazing really. If you reached out to people and asked them for the information and graph that LinkedIn maintains, most employers would fire them.
I'm ashamed to say I worked at one such place for several months.
Apollo is probably the most comprehensive source for this. It's creepy as fuck.
It helps a lot but I still get a lot of sales goons. A lot of them follow up constantly too "hey what about that meeting invite I sent you why did you not attend"? My deleted email box is full of them (I instantly block them the minute I get an invite to anything from someone I don't know, and I wish Outlook had the ability to ban the entire origin domain too but it doesn't)
What do you mean by "intelligence platform"?
It's "intelligence platform" in the sense that you can gain a ton of information on individuals, organizations, and relationships that drive it all. If you can track how people move and interact between organizations, you can determine who someone is doing business with and even make an educated guess if that's a sale or interview.
I started writing about it almost 20 years ago: https://caseysoftware.com/blog/linkedin-intelligence-part-ii and turned it into a conference presentation called "Shattering Secrets with Social Media"
But there have been numerous proofs of concept over the years: https://en.wikipedia.org/wiki/Robin_Sage
Otherwise, LinkedIn can be quite useful in searching for a job, researching a company, or getting to know potential coworkers or hires.
Email spam is, to my mind, an inevitability. You should expect waves of spam, no matter what address you use; your email provider should offer reasonable filtering of the spam. Using a unique un-guessable email address, like any security through obscurity, can only get you so far.
It identifies users that visit your site and then shows their email, phone number and living place based on their Li profile ;))
After that, I never installed it again (but too late), and I bought a second (non-smart) phone.
It vacuumed the contacts and spammed them with "Join me on WhatsApp". One of the reasons for their initial exponential growth.
Confirmed 5 years later in media; https://www.bloomberg.com/news/articles/2013-09-20/linkedin-...
I also saw... not sure what to call them, but honeypot friend requests? I used to get regular requests from profiles I didn't recognize with a generic pretty woman (I'd assume stock photography). Since I ignored them, they would re-request on intervals that were exactly 90 or 180 days. I occasionally glanced at them and there seemed to be no rhyme nor reason to their friends. I'd assume this was also some type of scraping, probably for friends-only profile data.
Too much time / energy on your hands? You gave them a unique email ID (which is always the most sensible thing), that's it.
The non-sensible thing was to sign up kn the first place. Nobody needs these narcisstic, BS spewing pseudo-networking places.
I mean I got my last job through LinkedIn. I'm currently interviewing at a few places, half of which came from LinkedIn. So I personally clearly do need LinkedIn, unless you want to hire me.
Was forced to verify to get access to a new account. Like, an interstitial page that forced verification before even basic access.
Brief context for that: was being granted a salesnav licence, but to my work address with no account attached to it. Plus I had an existing salesnav trial underway on main account and didn't want to give access to that work.
So I reluctantly verified with my passport (!) and got access. Then looked at all the privacy settings to try to access what I'd given, but the full export was only sign up date and one other row in a csv. I switched off all the dark pattern ad settings that were default on, then tried to recall the name of the company. Lack of time meant I haven't been able to follow up. I was deeply uncomfortable with the whole process.
So now I've requested my info and deletion via the details in the post, from the work address.
One other concern is if my verified is ever forced to be my main, I'll be screwed for contacts and years of connections. So I'll try to shut it down soon when I'm sure we're done at work. But tbh I don't think the issues will end there either.
Why do these services have to suck so much. Why does money confer such power instead of goodwill, integrity and trust/trustless systems. Things have to change. Or, just stay off the grid. But that shouldn't have to be the choice. Where are the decentralised services. I'm increasingly serious about this.
I'm forced to verify to access my existing account.
I cannot delete it, nor opt out of 'being used for AI content' without first handing them over even more information I'm sure will be used for completely benign purposes.
About 24 hours later, when logging in to pick up where I left off, I'm redirected to a page that tells me that my account has been locked. For the safety of my account, I needed to verify my identity to continue.
I refused to do so, for the same reasons this article highlights. So I wanted to delete my account and never return. Guess what? You can't delete your account without first verifying.
It took me a few frustrating months of trying to email their DPO (data protection officer) and filling out forms, constantly being routed to regular support with very unhelpful support staff. I actually contacted the Irish data protection agency thing (I'm not Irish, but european), and while waiting for them to process the case, I miraculously got a reply from LinkedIn that my account deletion was being processed.
Quite an infuriating experience.
Kids in Oz were getting around social media age restrictions by holding up celeb photos. I doubt that'll work in this case, but I'd be tempted to start thinking of ways to circumvent.
At the risk of losing the account, it's a very bad situation they are forcing people into.
I understand, and even agree, that how this is being handled has some pretty creepy aspects. But one thing missing from the comments I see here and elsewhere is: How else should verification be handled? We have a real problem with AI/bots online these days, trust will be at a premium. How can we try to assure it? I can think of one way: Everyone must pay to be a member (there will still be fraud, but it will cost!). How else can we verify with a better set of tradeoffs?
There is some info from Persona CEO on (of course) LinkedIn, in response to a post from security researcher Brian Krebs: https://www.linkedin.com/posts/bkrebs_if-you-are-thinking-ab... . I note he's not verified, but he does pay for the service.
Many European countries have secure electronic identifications that are trusted by the government, banks etc.
Linkedin could easily use this to verify the identities.
Example of services where you can verify the identity with 35 different providers using a single API:
https://www.signicat.com/products/identity-proofing/eid-hub or https://www.scrive.com/products/eid-hub
I doubt it would take more than a sprint to integrate with this or other services.
There should be no verification. The idea of a single platform where every worker is listed, identified, and connected to other people he/she knows IRL is scary. It shouldn't exist.
Digital certification from the gov sounds a lot like "digital ID", which has run into considerable resistance in the UK and EU in just the last few months. As a general observation I find most EU citizens I interact with much more trusting of government than ... well, any other group of folks I have interacted with (I have the privilege of having lived and worked in S. America, N. America, sub Saharan Africa and now an EU country). If it does not fly well here, I don't think its general solution that most people would be comfortable with.
https://blogs.lse.ac.uk/europpblog/2025/10/09/britcard-uk-di...
They can do what they please. Its due to the network effects. The tie-ins of tech are so strong, I'd wager that %99 of why they succeed has nothing to do with competency or making a product for the user, just that people are too immobile to jump ship for too many reasons. Its staggering how much stronger this is than what people give credit for. Its as if you registered all your cells with a particular pain medication provider, and the idea of switching pills makes one go into acute neurosis.
Besides, its UX has decayed to a "Facebook for the employed", where John Doe praises himself for mastering a mandatory training at work or taking Introduction to HTML at "Harvard" via Coursera.
What's the story here?
ICE using Palantir tool that feeds on Medicaid data: https://news.ycombinator.com/item?id=46756117
On the other hand it can be hard to escape if it's for something that actually matters. Coursera is a customer. You might want your course achievements authenticated. The Canada Media Fund arranges monies for Canadian creators when their work lines up with various government sponsored DEI incentives. If you're in this world you will surely use Persona as required by them. Maybe you're applying for a trading account with Wealthsimple and have to have your ID verified. Or you want to rent a Lime Scooter and have to use them as part of the age verification process.
KYC platforms have a place. But we need legal guarantees around the use of our data. And places like Canada and Europe that are having discussions about digital sovereignty need to prioritize the creation of local alternatives.
Yes. In hell.
Persona was not hacked. No database was breached. Frontend code source maps were leaked,
which means unminified variable names were exposed revealing all the names of our features.
These names are already publicly listed in @Persona_IDV's help center and API documentation.LinkedIn is full if so called professionals who make a living by leveraging their brand. If you‘re not one of them, leave
It’s used for keeping contacts, having your online resume in a standard place, and maybe messaging people.
The feed is a sideshow. It enrages a lot of people because it’s full of slop, but you need to treat it like almost everyone else: Ignore it. It’s a sideshow.
Also, I don’t recall where this setting is, but make the default behavior such that if someone finds you and tries to connect with you, they actually follow you instead. This cuts down aggressively on spammers because in order to actually connect with you they would have to view your profile, open the … menu, and then click connect. If they aren’t paying attention they’ll just follow you instead of connect which means you can broadcast to them but they can’t broadcast to you.
I do ignore the connections from random students though tbf.
Generally speaking, unless you operate at an elite level or at an elite institution, you're not getting a ton of worthwhile cold intros from recruiters.
Probably depends on the field but this definitely isn't always true. I've got my last two jobs through recruiters, and speaking to colleagues a lot of them do too.
> they can see your extended network, they know where you work, they find out all information you have shared with on your profile
This is public anyway though? Isn't that the point of LinkedIn?
> You also start to consume their content since you are connected.
I don't because I don't read LinkedIn. I pretty much only use it to get jobs. Although I have actually started posting technical stuff I've done there because people actually read it (I guess other people do read LinkedIn tbf!)
> Generally speaking, unless you operate at an elite level or at an elite institution, you're not getting a ton of worthwhile cold intros from recruiters.
I'm definitely not elite level and I would say ~20% of the jobs I get from LinkedIn recruiters are of interest. That's pretty good! Almost all of them are at least relevant to my field (silicon verification). Sometimes I get stuff about mechanical engineering validation, or software jobs that aren't relevant but that's pretty rare. It must depend on the field. Maybe the country too?
You can limit this. I don't think it's necessarily the point of LinkedIn - i.e. for others to connect with you and then have full visibility into all of the details of everyone you know and whatever you have on your profile. It's a bit naive to assume that operating in this manner doesn't make you a prime target for scammers, social engineers, hackers, &c., or even worse - solicitors.
> My experience is different
Yea, everyone has different experiences. I'm just describing how the platform generally works, as a matter of fact.
1. they are selling you as a target.
2. some people, governments, groups, whatever are willing to pay a lot of money to obtain information about you.
3. why would someone pay good money to target you unless they were going to profit from doing so. are they stupid? no.
4. where does that profit come from? If some one is willing to pay $100 to target you, how are they going to recoup that money?
5. From you.
There is simply no other way this can have worked for this long without this being true.
It is a long causal change, so it is fair to ask whether there is any empirical evidence. If this is true we would expect to see ...? Well how about prices going up? Well how about in general people are less able to afford housing, food, cars, etc.
I'm speculating here, but perhaps it is predictability. There is a common time warp fantasy about being able to go back and guess the future. You go back and bet on a sports game. If I can predict what you are going to do then I can place much more profitable bets.
Do the corporations that participate in this scheme provide mutual economic benefit? Do they contribute to the common wealth or are they parasitical?
No one likes to think they have parasites. But we all do these days.
At what point is that not enough for them to stop doing data brokerage or sharing?
This is why people sign up for LinkedIn.
They want to be targeted by companies for jobs. Or when they’re applying for a job, they want to be easily found by people at that company so they can see more information.
If you don’t want those things, you don’t need a LinkedIn page.
> Do the corporations that participate in this scheme provide mutual economic benefit? Do they contribute to the common wealth or are they parasitical?
You wrote a long hand wavey post but you stopped short of answering your own question.
The corporations who pay LinkedIn are doing so to recruit people for jobs. I’ve purchased LinkedIn premium for this purpose at different times.
After “targeting” those LinkedIn users, I eventually hired some of them for jobs. There’s your mutual economic benefit. This is why people use LinkedIn.
> It is a long causal change, so it is fair to ask whether there is any empirical evidence. If this is true we would expect to see ...? Well how about prices going up? Well how about in general people are less able to afford housing, food, cars, etc.
You think the root cause of inflation is… social media companies? This is an extraordinary claim that requires extraordinary evidence. You’re just observing two different things and convinced they’re correlated, while ignoring the obvious rebuttal that inflation existed and affordability changes happened before social media.
> Somehow the fundamentals of places like linkedin, gmail, google, facebook, etc have eluded people.
I think most people understand the fundamentals of LinkedIn better than you do, to be honest. It’s not a mystery why people sign up and maintain profiles.
What if it's just to find the most desperate worker for the lowest pay possible?
In your example, so what if they give the job to the most desperate worker instead of a different one at a higher price? Are we supposed to prefer that the desperate worker does not get the job and instead it goes to someone else at a higher rate?
If someone is desperate for a job because they really need work, I’d prefer that a platform help them get matched with jobs. Wouldn’t you? I think you’re so focused on penalizing corporations that you’re missing the obvious.
LinkedIn is slightly different, as it's fundamentally framed as a job board and recruiting platform. The paying customers are recruiters, and the product is access to the prospective candidates. Hence, LinkedIn offering for free services such as employee verification, work history verificarion, employee vouching, etc.
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
Not sure LinkedIn is a European professional network.
That's a hallmark of GPT spam, so it's not surprising there's hallucinations.
And of course those Europeans use LinkedIn for the network effect (even though LinkedIn is just a pathetic sad dead mall now, so most are doing so for an illusion), because other prior waves of Europeans also used LinkedIn, and so on. Domestic or regional alternatives falter because everyone demands they be on the "one" site.
The centralization of tech, largely to the US for a variety of reasons, has been an enormous, colossal mistake.
It's at this point I have to laud what China did. They simply banned foreign options in many spaces and healthy domestic options sprouted up overnight. Many countries need to start doing this, especially given that US tech is effectively an arm of a very hostile government that is waging intense diplomatic and trade warfare worldwide, especially against allies.
Well if you’re in a country Trump has threatened to invade, or already invaded, having a free country might require banning these American companies.
What you want is the social graph, but you are forced to also use FBs shitty app to access it. These social media apps never had a single useful feature besides the graph itself.
It happened last week too, I was able to fix it via their chat-help (human). Yesterday, their chat-help (human) was not able fix it and has to open a ticket. I pay for LinkedIn-Premium. So maybe this is just a scam to route me into Verification. Their help documents (https://www.linkedin.com/help/linkedin/answer/a1423367) for verifying emails doesn't match the current user experience.
Then, in a classic tech-paradox, their phone support person told me they would email me -- on the same address their system reports emails are not getting through to. It felt like 1996 levels of understanding.
We need to get back to de-centralised.
Then you might hit a wall where nobody can do anything because you're trapped in the gears of some byzantine IT system that decides what can and can't happen at any given time with any given situation.
Then there's the labyrinth of the phone system itself littered low-bit smooth jazz and awful menus not often alleviated by AI voice recognition (which in my experience can sometimes be worse than the older voice systems) and the back and forth from one department to the next either because of the above or because someone or something keeps sending you to the wrong people to get your problems addressed.
If it's not engineered, it's some kinda emergent eldritch abomination that has slowly accreted over the decades.
Do you block remote image loading? They are probably measuring via tracking pixels.