#Persona, a Peter #Thiel of #Palantir fame funded provider of identity and age verification services for companies like #Discord and the entire #UK, left their code base open to the web. Of course they did.
Let’s look at what it does, shall we?
The platform performs 269 individual verification checks on user data, far beyond basic age verification.
#Surveillance: Persona’s system screens users against global watchlists, including those for #terrorism, #espionage, and politically exposed persons ( #PEPs), using facial recognition and risk scoring. Researchers confirmed that the government-facing and consumer-facing versions of Persona use the same underlying code, suggesting a unified surveillance infrastructure.
Data Retention: Personal data including government ID, phone numbers, names, faces, selfies, IP addresses, browser fingerprints, and device fingerprints—is collected and retained for up to three years.
(1/2) edit hashtags, new info, typo
#Persona leak continued (2/2)
Integration with Government Systems: The platform is capable of filing Suspicious Activity Reports ( #SARs) directly to #FinCEN (U.S. Treasury) and #FINTRAC (Canada), and integrates with blockchain analytics tools like #Chainalysis to monitor cryptocurrency addresses.
Suspicious Checks: Some checks, like "SelfieSuspiciousEntityDetection" and "SelfiePoseRepeatedDetection", lack clear definitions of what constitutes a "suspicious" face or repeated pose, raising concerns about bias and opacity.
This is a big deal. I’ve been telling y’all that age verification was just a way to gather intelligence.
