OpenAI, the US government and Persona built an identity surveillance machine

Posted by rzk 4 hours ago

OpenAI, the US government and Persona built an identity surveillance machine(vmfunc.re)

Related ongoing thread: Discord cuts ties with identity verification software, Persona - https://news.ycombinator.com/item?id=47136036 - Feb 2026 (282 comments)

371 points | 117 comments

cloverich 3 hours ago|

Going to copy paste my comment from today's other thread[3] that linked to this:

Note also there's a direct response from Persona's security team here[1], and a lot of back and forth from Rick on Twitter[2].

[1]: https://withpersona.com/blog/post-incident-review-source-map...

[2]: https://x.com/Persona_IDV/status/2025048195773198385?s=20

[3]: https://news.ycombinator.com/item?id=47136036

aeldidi 3 hours ago||

The withpersona.com URL seems to return 404.

cloverich 3 hours ago|||

fixed ty

kelvinjps10 2 hours ago||

They did good damage control with that post

dylan604 2 hours ago||

"what is Fivecast ONYX? an AI-powered surveillance platform purchased by ICE for $4.2 million and CBP for additional license costs. according to Fivecast’s own documentation and EFF’s reporting, they do automated collection of multimedia data from social media and dark web, build “digital footprints” from biographical data, tracks shifts in sentiment and emotion, assigns risk scores, searches across 300+ platforms and 28+ billion data points, identifies people with “violent tendencies”"

Glad to know that my tinfoil hat wasn't too tight when social media came to be and this obvious use was predicted. How quickly will not having social media accounts become a crime?

varenc 2 hours ago||

According to Persona's damage control article[0], the subdomain had "onyx" in its name because that's the internal code name for the project, and it's named after the pokémon Onyx. No connection to Fivecast ONYX.

[0] https://withpersona.com/blog/post-incident-review-source-map...

crimsoneer 2 hours ago||

I don't really understand why ICE would have a Persona OPenAI connection...?

pseudosaid 1 hour ago||

Really? Sounds like they are a customer.

a_victorp 2 hours ago|||

It's already frowned upon when crossing the border

tamimio 2 hours ago||

We need a list of these 300+ platforms

4midori 3 hours ago||

In response to a data request, Persona says:

Hi there,

Thank you for reaching out to Persona.

Please note that Persona primarily operates as a "service provider" or "processor" for its customers. We act as a "business" or "controller" only for specific services, such as identity verification for LinkedIn, FoxCorp, and Reusable Persona. To learn more about how Persona manages your personal data, please refer to our privacy notices, which can be accessed through the following link: https://withpersona.com/legal/privacy-notices

If you wish to exercise your privacy rights related to services where Persona is a "service provider" or "processor," please contact the entity using our service, as they are the "controller" of the data. We will assist the relevant customer to fulfill your data subject rights, but we do not handle such requests directly on their behalf.

For any privacy rights request related to services where Persona acts as a "business" or "controller," including identity verification for LinkedIn, FoxCorp, Reusable Persona, and personal data related to our sales, marketing activities, or website browsing on withpersona.com, please use our Data Subject Request (DSAR) available at the following link: https://withpersona.com/dsar

For all other inquiries, we will respond as soon as possible.

###

TL;DR we're not responsible, go talk to LinkedIn.

plagiarist 2 hours ago|

This is the same complete bullshit trying to remove oneself from political donation emails. "Oh, okay, we will remove you from that one." Days later it's a "different campaign." Sometimes it's the exact same people from weeks ago who have just renamed their campaign and started sending again.

We need far stronger laws for all of it, which will never happen because the rot and corruption has fully metastasized.

raincole 3 hours ago||

https://withpersona.com/customers/openai

Persona's side of the story.

pharos92 3 hours ago||

It seems like at every technological step, we're sold the dream and delivered the meme. We always end up with the worst possible combination of players, ideas and outcomes; with the promise of what the said technology delivers in terms of additional freedom or free time never realised. How many more broken social contracts can society endure before it crumbles?

dlenski 3 hours ago||

It's "socializing the losses and privatizing the gains"… but now alarmingly supercharged well beyond purely financial realms, and into really basic and fundamental matters of individual physical autonomy and liberty.

xg15 2 hours ago|||

> How many more broken social contracts can society endure before it crumbles?

Having any kind of agency in those things would be a start.

If <FAANG bigcorp of your choice> announces with great fanfare "We're building this totally awesome new technology that will make everything better! And the best thing? You won't have to do anything, we will auto-update all your devices/accounts/etc with it for free! Trust us!", then whether you personally believe their enthusiastic predictions or not doesn't really matter a lot - you will get it anyway, unless you spend a lot of energy to deliberately avoid the new technology.

asdfman123 18 minutes ago|||

It's already crumbling. That's why we have AI-powered fascism in the first place. Society destabilizes and a significant fraction of the population says "perhaps authoritarianism is a good thing." It's never worth it, though.

whynotmaybe 3 hours ago|||

Ever read 1984?

Who wins at the end?

ramuel 3 hours ago||

Winston, obviously. He left behind his free-thinking and became unwavering to Big Brother. Truly a winner

dylan604 3 hours ago||

Why, oh why, didn't I take the blue pill?

ctoth 1 hour ago|||

The story here is that a FedRAMP-authorized system had 53MB of Vite dev source maps exposed on a production government endpoint. That's not "sold the dream, delivered the meme," that's a specific auditable compliance failure. Meanwhile a fintech engineer explaining that this is all standard legally-mandated KYC infrastructure got flagged to death. The interesting question isn't whether technology betrays us, it's why US law requires this surveillance apparatus in the first place and why the security assessment apparently missed checking for /vite-dev/ on a government system.

Also every technological step? Ever? Really? This wouldn't happen to be typed on a computer from a climate-controlled room on a nice global network or anything?

vpShane 1 hour ago|||

Birds of a flock crap on everybody together.

> How many more broken social contracts can society endure before it crumbles?

I wouldn't call this much of a society if people's eyes are open.

What's that song name, they don't care about us?

nehal3m 3 hours ago|||

All these memes are burning through our natural reserves at an ever increasing rate so it will crumble when the bread baskets fail anyway.

storus 1 hour ago|||

I think that's a natural outcome of a model where sociopaths climb to the top, with a layer of sycophants beneath them that shield normal workers from perceiving the amount of depravity going on at the top which would make them unable to continue and tank the business. AI might remove the reliance on regular folks and give sociopaths direct execution of all ideas they have without any moral opposition, and that would explain a lot of the rush for AI everywhere we see nowadays.

asdfman123 14 minutes ago|||

I would be careful with this kind of reasoning, because it suggests corruption within a corporate model is inevitable, giving it implicit permission to continue existing. It's not inevitable.

nemooperans 45 minutes ago|||

This is the part that doesn't get enough attention. The historical check on concentrated power wasn't just democracy or law — it was that executing any large-scale agenda required thousands of people who could refuse, drag their feet, or leak. AI doesn't just automate tasks — it removes the human friction that was always an informal veto on the worst ideas.

The surveillance apparatus isn't new. What's new is that you need fewer people with moral objections in the loop to operate it.

ferguess_k 3 hours ago||

From my understanding, we are pretty close to a Dystopian world where all elites of a certain group collaborate to run a Super Leviathan. We still gotta choose our flavors, which may not be feasible in maybe 5-10 years when those leviathans clash into each other.

measurablefunc 3 hours ago|||

Goliath's Curse by Luke Kemp covers it pretty well I think.

ferguess_k 3 hours ago||

Thanks for the recommendation.

dylan604 3 hours ago|||

It's not like this is surprising, there have been plenty of sci-fi books/movies that have predicted this very thing. How many movies have the haves lived above ground/off planet, while the have nots have lived underground or stuck on a apocalyptic planet.

This is just furthering the previous history. Currently, the lords have just been able to keep the serfs appeased to a longer extent. Every time in history or in sci-fi, the serfs reach a breaking point and rise up.

ferguess_k 3 hours ago|||

I don't think they are going to rise up this time. Maybe laying down flat is more realistic.

mistrial9 2 hours ago||||

> Every time in history or in sci-fi, the serfs reach a breaking point and rise up.

this is a completely "WEIRD" outlook.. more than half of humanity has no illusions about "proletarians" they do not even discuss it that way

source: born and raised WEIRD

measurablefunc 3 hours ago|||

This time is different. The global system is not going to fall apart like isolated kingdoms in the past.

dylan604 2 hours ago|||

You seem very confident. This seems to imply you feel the haves will know when to leave enough on the table for the have nots to still feel like they are a part of the haves. I'm not so confident in that.

atmavatar 1 hour ago|||

Far more likely is that we head back to a feudal era where data mining tech is used to identify and eliminate potential rabble-rousers. Once enough production is automated, all remaining have-nots are exterminated.

neuralRiot 35 minutes ago||

The weak link is that for “the haves” to have, the “have -nots” are needed. To have or to not is just a comparison, a millionaire needs the poor to be rich and to feel special otherwise when everyone is special nobody is.

measurablefunc 2 hours ago|||

People in technologically advanced societies have more than enough & the people who are not as advanced can not do anything that will have any effect on the people who own the fighter jets, missiles, robot factories, & "internet" satellites. The current system has no historical precedent. It is very close to an almost perfect panopticon w/ an associated media & police apparatus to keep everyone docile & complacent. Like I said, this time is different.

neuralRiot 41 minutes ago|||

“ Whatever it is you’re seeking won’t come in the form you’re expecting – Haruki Murakami”

Ancalagon 3 hours ago||

Why do so many engineers willingly build things bad for society?

mikestew 3 hours ago||

Because it generally pays well. I'd wax philosophically, but you can come to your own conclusions from that little nugget.

popalchemist 2 hours ago||

Enough said. Since the "death of God" (per Nietzsche - the collapse of the metaphysics underpinning our morals and therefore cultural norms and behaviors) the modus operandi has been the utilitarian "get what's yours."

Reprehensible.

Additionally, people are typically only "gifted" on one domain -- if one's gifted enough in the domain of intellect to become a SWE, they're typically lacking elsewhere, whether that be in moral scruples or the ability to discern social things such as when they're working for sociopaths.

asdfman123 12 minutes ago|||

Every accusation is a confession

Ancalagon 2 hours ago|||

You'd think empathy would just be enough, its very sad.

konart 3 hours ago|||

Because they do not believe it is bad?

Because they believe that it's going to be build anyone by someone else?

Because they are not entirely aware of what they are building?

kaashif 3 hours ago|||

Money can be exchanged for services.

Hope this helps.

Ancalagon 3 hours ago||||

All these bright engineers can’t figure out the bigger picture of what they’re building?

“Hey boss man, why does this database ‘tracked_individuals’ have columns for license plate numbers, home addresses, and political affiliations?”

Give me a break

bigyabai 5 minutes ago||

Yes, many of them don't. They're fed convincing cover-stories like "we need this to stop CSAM" or "this prevents terrorism", and then put on a security theater about E2EE and military-grade cryptography. They sleep like a baby because most of them genuinely think they're the good guys, hell, even people on HN appear to buy the obvious lie whenever Client Side Scanning or Flock is brought up.

You can hire sociopaths to work the ~1% of jobs that require a complete understanding of your moral bankruptcy. Mark Zuckerberg, Tim Cook, Larry Ellison, none of these people ever apologized for their ethical flexibility because it's precisely what qualifies them for such a lucrative job. Persona can be a shell org with 20 evil engineers while their partners absentmindedly do the integration work.

krapp 3 hours ago|||

Because they're paid enough to retire at 30.

biophysboy 2 hours ago|||

Many tech execs operate under the thesis that china & the democratic party are existential threats that warrant a surveillance/military/police ramp up. Meanwhile, many tech employees are credulous and frequently adopt self-serving geopolitical narratives. The current macro trends don't help (huge defense budgets, bad labor market power, China is in fact more powerful)

Edit:forgot the most obvious... money

FrustratedMonky 3 hours ago|||

Evil pays more.

A common theme in a lot of movies, books, et..

globalnode 16 minutes ago|||

also theyre subject to the same anonymity many other internet users have and so dont feel any consequences for their actions.

bombdailer 3 hours ago|||

Because the highest values of our society are non-values.

GorbachevyChase 3 hours ago|||

The tribe won’t eat their own… probably.

ej88 2 hours ago|||

surprised nobody responded with the most straightforward, occams razor explanation

they think what they're doing is actually good for society

not everyone is in the hackerspace libertarian / socialist sphere

i used to work for a place that used persona despite it adding extra friction to signups (literally resulting in less paying customers to the dismay of PMs) because it was worth it to combat fraud. theres a tradeoff in everything

bigyabai 3 hours ago|||

"Oh boy! I've always wanted to work at [microsoft, apple, google, etc.]!"

mikestew 3 hours ago||

Those aren't the companies OP is necessarily talking about. "I've always wanted to work at Persona!", said no one, ever.

bigyabai 46 minutes ago||

All of them are complicit. You only need ~50 greedy sociopaths to work at Persona, and 10,000 dumb-as-rocks engineers hyped to work at Microsoft/OpenAI and "stop the bad guys" or whatever the boogeyman du-jour is.

We saw it with Bitlocker, we saw it with Client Side Scanning, we see it with Salt Typhoon. Most people that work on weaponized surveillance systems are entirely apathetic, or see themselves as righteous. Even when the system is known to be bugged, obviously flawed, or outright controlled by a foreign adversary.

Nezteb 3 hours ago||

https://en.wikipedia.org/wiki/Bad_apples

Immoral boot-licking human engineers are indistinguishable from LLMs.

Ancalagon 2 hours ago||

What's crazy is I know engineers like this in real life - and they're good engineers! So I know they do exist, but their existence to serve their company or CEO no matter what is completely foreign to me. Like, you're smart enough to understand that large codebase and generally function as a member of society, but you've completely given up your higher level decision making for someone or something that would throw you away in an instant.

edverma2 3 hours ago||

This is a hilarious personal website! Love it. Even better that it's paired with quality content.

spacebacon 1 hour ago|

I felt alive again as I used my physical volume button down to focus on the text.

Havoc 1 hour ago||

Wonder how many lists I'm on for the unholy sin of saying the glorious american leader is a moron

oth001 1 hour ago|

Or for saying Israel shouldn't be committing a genocide.

gslepak 2 hours ago||

Does someone have a version that doesn't force you to listen to unwanted music?

Havoc 2 hours ago|

In FF you can click on a tab on left side to mute it not sure other browsers

int32_64 3 hours ago|

Based on the Anthropic distillation news yesterday I wonder if the AI companies are going to get much tighter with KYC.

disgruntledphd2 2 hours ago|

I get the KYC concerns for API access, but I'm sortof baffled at why they'd need all of the AML stuff, given that they're not payment processors/financial institutions.

Or does Persona provide that by default? Don't know much about their service...

More comments...