Thinking of verifying your LinkedIn account so you can get that coveted blue checkmark badge?
You may want to hear this first.
One observant anonymous user is warning other LinkedIn users that the Microsoft-owned social network for professionals utilizes a third-party verification service that, in turn, shares users’ data with other companies.
Inc highlighted a story posted on The Local Stack, a blog that covers “surveillance capitalism” from an individual who simply goes by the name “rogi.”
According to the report by rogi, after going through the LinkedIn verification process to confirm his identity, he took a deeper look into the privacy policy and terms of service for the process, which is carried out by a third-party vendor called Persona.
Persona may sound familiar if you’ve been following the ongoing controversies around age and ID verification policy. For example, both Roblox and Discord also use Persona for their age verification process.
What would ethical age verification look like online?
According to rogi, what concerned him was exactly what Persona could do with his data. Persona accessed rogi’s full name, passport photo, selfie, facial biometric data, NFC chip data (or the info stored on the chip inside his passport), his nationality, sex, birthday, age, email, phone number, physical address, IP address, geolocation, device type, MAC address, browser, OS version, and language.
Mashable Light Speed
But that’s not all. Persona also reportedly utilized “hesitation detection,” which tracked just how long it took rogi to complete the process and where he paused, as well as copy and paste detection.
What’s more, Rogi claimed that this data not only gets shared with LinkedIn and Persona, but also with Persona’s “global network of data partners,” which includes further third-party vendors, also known as subprocessors. If requested, Persona may even hand over data to law enforcement, according to their terms of service. Persona’s subprocessors include Amazon’s AWS, Google Cloud Platform, and even a few AI companies such as OpenAI and Anthropic.
After rogi’s The Local Stack post on LinkedIn and Persona went viral, the co-founder and CEO of Persona Rick Song addressed the report in a comment on LinkedIn.
“No personal data processed is used for AI/model training,” Song said in a comment. “Data is exclusively used to confirm your identity.”
Discord age verification: How it works, when it happens
Song also said that all biometric data is deleted right after processing, and all other personal data is deleted within 30 days. Song also denied that AI companies such as OpenAI and Anthropic were subprocessors used to verify a user’s identity, even though those companies are included on a Persona webpage that lists the company’s subprocessors.
“The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading,” Song said. “Our customers select which products are used which determines which subprocessors are used. We are adding a clarification to this list to make this clearer in the future.”
In other words, just because a company is listed on this page, that doesn’t necessarily mean that LinkedIn user data in particular will be shared with them.
Persona’s growing usage among some of the internet’s most popular platforms is certainly putting the company under a microscope. Another recent report on Persona from a security researcher claims that the company performs “269 individual verification checks” on Discord users.
Further causing concern for many privacy watchdog groups? Peter Thiel, the controversial co-founder of surveillance firm Palantir, is a major investor in Persona as well.
Mashable reached out to LinkedIn and Persona for comment, and we’ll update this story if we receive a response.
