The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:

"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake

All biometric personal data is deleted immediately after processing.

All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.

No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.

The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."

@briankrebs

In 2018 I was at a company where we had the first automated identity verification system in market

I was one four engineers on the team at the end when we finally found PMF— verifying doctors in conjunction with Duo security to allow online prescriptions

It was Ruby on Rails

We had two products

Knowledge
Photo

Knowledge was really just a pretty oauth flow wrapping a transition api

Photo was Microsoft for facial recognition between the front of an ID and a selfie

Front and back was through a provider (confirm) that had exclusive partnership with morpho trust that does all the identity verification at customs that can effectively detect the security features on IDs

NIST LOA3 SOC2 HIPPA

With three external surfaces

All this to say: WTF is LinkedIn doing and if earth needs me to rebuild a product from a decade ago, we just need a few engineers— less engineers than persona has vendors