I verified my LinkedIn identity. Here's what I handed over

Original Article ↗ Hacker News Discussion ↗

LinkedIn verification experiences

  • Multiple users report being locked out of new or long‑standing accounts and told they must verify via Persona (ID upload + selfie) to regain access; some say they could not even delete their accounts without first verifying.
  • A few note an affidavit option (attested document from a local authority) as a non‑ID alternative, but it’s rarely surfaced.
  • Others say they only had to verify a work email (no Persona involved), typically when their employer has a known LinkedIn presence.
  • Some feel coerced: verification appears at interstitial screens or is effectively required during vulnerable moments (job search, sales accounts, ISP‑flagged “abuse” IPs).

Scope of data and subprocessors

  • Commenters are alarmed by Persona’s documented collection: passport scans (including NFC chip), selfies, biometric templates, device fingerprinting, geolocation, behavioral signals (“hesitation detection”).
  • The long list of non‑EU subprocessors (AWS, GCP, MongoDB, Snowflake, etc.) intensifies concern that data may be widely replicated and reused across data pipelines.
  • Others clarify that a DPA lists all potential subprocessors for all product lines; any single verification flow likely touches only a subset.

Trust, legal basis, and law‑enforcement access

  • Several highlight that Persona relies on “legitimate interest,” not user consent, in its GDPR framing, seen as maximizing future reuse of data.
  • Users worry about the US CLOUD Act making EU passports and biometrics “one subpoena away,” regardless of storage location.
  • Persona’s CEO response (claiming no AI training, rapid biometric deletion, ~30‑day retention, and limited subprocessors) is treated skeptically because it’s not fully reflected in binding terms and can change.

Job market dependence and network effects

  • Many feel LinkedIn is effectively mandatory for white‑collar job hunting and recruiting, despite its “AI slop” feed and privacy issues; others report doing fine via local boards, referrals, or HN.
  • Some recruiters and companies reportedly treat the absence of a LinkedIn profile as “sketchy,” reinforcing lock‑in.
  • Verification badges may slightly help filter bots and scam applicants, but many consider the trade‑off (biometrics for a checkmark) unacceptable.

Broader KYC, biometrics, and surveillance concerns

  • Users note similar ID demands from banks, OpenAI, Discord, Airbnb, social media, and governments (border control, e‑ID systems), arguing that IT has effectively become “surveillance tech.”
  • Some in the IDV/KYC industry argue face images are already ubiquitous and less sensitive than behavioral or graph data; critics counter that centralizing searchable biometric + PII is qualitatively more dangerous.
  • Several see IDV vendors as de‑facto enrichment layers for state surveillance (especially US agencies, ICE, Five Eyes) and view KYC itself as structurally “evil.”

EU vs US, sovereignty, and regulation

  • Strong debate over whether Europe “failed to build its own LinkedIn” vs. being structurally steered into dependence on US platforms and cloud.
  • Some advocate EU‑based ID and cloud services; others say jurisdiction alone doesn’t solve abuse, calling instead for strict purpose limitation, retention caps, and criminal liability for executives who misuse biometric data.

Critique of the article and “AI slop” style

  • Multiple commenters think the article’s rhetoric (“let that sink in,” punchy one‑liners) reads like LLM‑generated copy, which they find off‑putting even if the core privacy analysis is valuable.
  • Nonetheless, many appreciate the concrete action steps (data access + deletion requests, regulator complaints) and say they used them against LinkedIn/Persona.