Mastodawn

BrianKrebs

The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:

"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake

All biometric personal data is deleted immediately after processing.

All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.

No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.

The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."

Kevin Karhan

@briankrebs still means data is subject to #CloudAct = incompatible with #GDPR & #BDSG!

David Penfold

@briankrebs And what assurances do they have that Snowflake etc aren't keeping copies? You don't master a cloud supply chain.

Sebastian Zdrojewski Feb 22

@davep @briankrebs we'll know at the earliest bre... I mean: convenience.

RootWyrm 🇺🇦

@briankrebs and if you believe this from a company where the executives hide from the public, explicitly authoritarian goals of irreversibly identifying everyone online, and direct ties to outspoken Nazis and fascists through funding?

Then all you need to do is pay the $5000 processing fee in Visa gift cards, and I can transfer you $500M USD from the Euorpean lottery tomorrow.

RootWyrm 🇺🇦

@briankrebs which is to say: absofuckingloutely Persona is lying. They've lied the whole time. These are the same dipshits that left their entire system exposed which revealed that, surprise! They're storing all the biometrics permanently and just straight lying about everything top to bottom!

GunChleoc Feb 21

@briankrebs Aye right, totally trustworthy company https://youtube.com/watch?v=S-Jo-djilvo

"Right Time to Thiel" - James Bond Theme | ZDF Magazin Royale

WTF! We just wrote down what we know about Peter Thiel. Why did this become a James Bond theme?Lyrics: He knows it allWe are just pieces in his game of ches...

YouTube

Paul Hutchings Feb 21

@briankrebs this also contradicts their own privacy policy which calls out companies like OpenAI. Also don't remember it saying anything about any data being deleted after any period of time too.

(This was for a wire transfer and I politely said fuck you and got a cashiers check instead)

A-nom-nom-nom-aly BSC SSC Feb 21

The CEO of Persona... can go fuck themselves.

definitely just a musician Feb 21

In 2018 I was at a company where we had the first automated identity verification system in market

I was one four engineers on the team at the end when we finally found PMF— verifying doctors in conjunction with Duo security to allow online prescriptions

It was Ruby on Rails

We had two products

Knowledge
Photo

Knowledge was really just a pretty oauth flow wrapping a transition api

Photo was Microsoft for facial recognition between the front of an ID and a selfie

Front and back was through a provider (confirm) that had exclusive partnership with morpho trust that does all the identity verification at customs that can effectively detect the security features on IDs

NIST LOA3 SOC2 HIPPA

With three external surfaces

All this to say: WTF is LinkedIn doing and if earth needs me to rebuild a product from a decade ago, we just need a few engineers— less engineers than persona has vendors

definitely just a musician Feb 21

@briankrebs “first automated PHOTO verification”

Jumio was our primary competitor

They had people physically comparing pictures with a 60-90 second SLA

We had APIs and even figured out how to optimize image size so uploads could be as small as possible on mobile while still able to catch security details

Because of the sequencing of events, we basically had the results immediately at the end of the flow

definitely just a musician Feb 21

@briankrebs all this to say— I do feel partially to blame for the mass proliferation of photo ID products since we proved it possible to automate

The company went in a different direction, I was fired along with the rest of my team

Sequoia was the primary investor of the company, so I assume the IP proliferated across their portfolio

In very short order stripe launched photo id verification that was roughly shot for shot what I built as the front end lead

Not a bad crash course in Silicon Valley economics and the hidden network effects

Venture firms definitely encourage successful startups to run startups in their startups that benefit their other startups and they’ll win no matter what

Miss Gayle Feb 21

And everyone who believes no third party processes keep that data should stand on their heads and gargle peanut butter, because the likelihood that LinkedIn or their processing partners don't keep and sell that data is...zero.

Zero.

Everything is being sold to Palentir.

Amyone who claims otherwise is lying, or stupid.

always tired Feb 21

Persona is linked to Thiel IIRC. I guess I trust them less far than I could throw Thiel.

Ed Feb 21

@briankrebs As @aral pointed out, for goons like this "deleting data" often amounts to a "SET deleted = 'true' WHERE uid = 'customer23'" or something similar.

I trust the CEO of Persona about as far as I can throw Peter Thiel's bank account.

Bernard Quatermass Feb 21

@briankrebs and I am Marie of Romania