I Verified My LinkedIn Identity. Here’s What I Actually Handed Over. | THE LOCAL STACK I Verified My LinkedIn Identity. Here’s What I Actually Handed Over. Feb 16, 2026 10 min read privacy, linkedin, biometrics, gdpr, cloud-act, identity I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do. So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy. Then I did what apparently nobody does. I went and read the privacy policy and terms of service. Not LinkedIn’s. The other company’s. Wait, What Other Company? When you click “verify” on LinkedIn, you’re not giving your passport to LinkedIn. You get redirected to a company called Persona . Full name: Persona Identities, Inc. Based in San Francisco, California. LinkedIn is their client. You are the face being scanned. I had never heard of Persona before this. Most people haven’t. That’s kind of the point — they sit invisibly between you and the platforms you trust. So I downloaded their privacy policy (18 pages) and their terms of service (16 pages). Here’s what I found. Everything I Gave Them For a three-minute identity check, this is what Persona collected: My full name — first, middle, last My passport photo — the full document, both sides, all data on the face of it My selfie — a photo of my face taken in real-time My facial geometry — biometric data extracted from both images, used to match the selfie to the passport My NFC chip data — the digital info stored on the chip inside my passport My national ID number My nationality, sex, birthdate, age My email, phone number, postal address My IP address, device type, MAC address, browser, OS version, language My geolocation — inferred from my IP And then there’s the weird stuff: Hesitation detection — they tracked whether I paused during the process Copy and paste detection — they tracked whether I was pasting information instead of typing it Behavioral biometrics. On top of the physical biometrics. For a LinkedIn badge. They Also Called Their Friends Persona didn’t just use what I gave them. They went and cross-referenced me against what they call their “global network of trusted third-party data sources”: Government databases National ID registries Consumer credit agencies Utility companies Mobile network providers Postal address databases I scanned my passport for a checkmark. They ran a background check. My Face Is Training Data Here’s something I almost missed. Buried in a table on page 6 of the privacy policy, under “legitimate interests”: They use uploaded images of identity documents — that’s my passport — to train their AI . They’re teaching their system to recognize what passports look like in different countries. They also use your selfie to “identify improvements in the Service.” The legal basis? Not consent. Legitimate i

Source: Hacker News | Original Link