I wanted the blue checkmark on LinkedIn.
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen I'd considered doing verification there, but when I saw the requirement of the passport scan, I decided there was no way in hell I'd proceed - the possibility of identity theft with third parties processing the data just seemed too high. Your digging validates that see decision. Yikes!
-
R relay@relay.infosec.exchange shared this topic
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen i lost access to my account a while ago when someones which was not me tried to login too many times with a wrong password. If i want my account back, i must go through this process to prove that i'm the actual owner of the account
Good thing i haven't been looking for customers lately, but it makes me wonder what will happen when i need to 🫣
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen The slow but complete erosion of privacy.
-
In fact, I do read all the details before signing up for anything. Everybody should, especially now, because the stakes are a lot higher than they used to be.
@EverydayMoggie @noodlemaz @Ivovanwilligen
The problem is, for most people they need the service they are registering with (or at least think they do). Not signing is not an option, so what’s the point of reading the small print?
For example, I want the security updates on my iPhone. I have to click ‘accept’ to get them. The alternative is effectively to brick my phone.
It’s a scandal, and law makers the world over are not getting a grip. -
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen this is why I don't have a blue tick
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen damn, thanks for looking into this. I naively did the verification some time ago and embarrassingly did not pay attention to the details. Time for me to get them to delete my data…
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen I'm curious to know if your deletion request and objection to the DPO were acknowledged/honored?
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen for the sake of completeness - this persona: https://vmfunc.re/blog/persona/ #privacy #security #persona
-
@EverydayMoggie @noodlemaz @Ivovanwilligen
The problem is, for most people they need the service they are registering with (or at least think they do). Not signing is not an option, so what’s the point of reading the small print?
For example, I want the security updates on my iPhone. I have to click ‘accept’ to get them. The alternative is effectively to brick my phone.
It’s a scandal, and law makers the world over are not getting a grip.@KimSJ
@EverydayMoggie @noodlemaz @Ivovanwilligen
The law does recognise this and the reality is a lot of these clickwrap "adhesion contracts" are extensively modified by consumer law. This can make interpretation difficult as I guess we see here.I don't even bother with the fine print for financial services products because the industry is heavily regulated and they can just change the terms anyway. What am I going to do, pay off my mortgage because I don't like clause 45.6.7?
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen And when Linkedin account is blocked (because you have disconnected/reconnected and made several profile modifications), you must follow the same procedure (without the selfie) to be able to regain access to your account. And when you ask for deletion of your data, they reply that compliance with deletion of data in the GDPR is not fixed, it is at their discretion depending on whether they want to keep them (even without the account having been blocked or suspended or reported).
-
R relay@relay.an.exchange shared this topic
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
OMG!
"And then there’s the weird stuff:
Hesitation detection — they tracked whether I paused during the process
Copy and paste detection — they tracked whether I was pasting information instead of typing it
Behavioral biometrics. On top of the physical biometrics. For a LinkedIn badge."
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen I started the process twice in the past year - both times my spidey-sense started tingling and I didn’t scan any documents.
Anthropic, AWS, OpenAI, Google, GrokAI… why would you need all of those as sub-processors?? Unless you’re using “subprocessor” as a means to share the data…
Thanks for confirming my gut feeling. And for posting this warning for others!
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen I deleted my profile instead. It was only a source of useless notifications and spam.
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen Wow, I quite linkedin years ago, look how smart was that. Anyway out of all the stuff on the list, the least expected and most scary seems the behavioural profiling. Hesitation detection? WT_?!
-
Wouldn't it make more sense to read those before uploading your personal documents?
@EverydayMoggie it would , but it took him an entire weekend to go through it, while the verification process is 3 minutes. @Ivovanwilligen
-
In fact, I do read all the details before signing up for anything. Everybody should, especially now, because the stakes are a lot higher than they used to be.
@EverydayMoggie @noodlemaz @Ivovanwilligen there's literally not enough time in a person's life to evaluate all the TOSs and EULAs of companies they interact with. With every business you enter and every commercial website you visit, you agree to TOS. And they get updated all the time too!
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen does anybody know, from a legal perspective, how something like this sits with GDPR saying data can't be processed outside of the EU (or I guess, GDPR respecting countries?
I suppose that's all buried in the terms and conditions somewhere.... "you consent to..."
-
I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.
So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired. I felt a tiny dopamine hit of legitimacy.
Then I did what apparently nobody does. I went and read the privacy policy and terms of service.
Not LinkedIn’s. The other company’s.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
@Ivovanwilligen at Christmas I purchased a mini bottle of Japanese cider online as a stocking filler, something similar happened, was redirected to a third party service called verifymyage, to which I was supposed to upload my documents — they also employ "age estimation" by "analysing physical features". Of course I refused to participate in this insanity, and I eventually could do it with the supplier manually. But it's insane that this was the default and I even had to ask.
-
@EverydayMoggie @noodlemaz @Ivovanwilligen
The problem is, for most people they need the service they are registering with (or at least think they do). Not signing is not an option, so what’s the point of reading the small print?
For example, I want the security updates on my iPhone. I have to click ‘accept’ to get them. The alternative is effectively to brick my phone.
It’s a scandal, and law makers the world over are not getting a grip.@KimSJ @EverydayMoggie @noodlemaz @Ivovanwilligen Not everyone has the time to read and understand the details and implications of what's written.
Governments should hold those companies accountable and protect our privacy.
-
@EverydayMoggie @noodlemaz @Ivovanwilligen
The problem is, for most people they need the service they are registering with (or at least think they do). Not signing is not an option, so what’s the point of reading the small print?
For example, I want the security updates on my iPhone. I have to click ‘accept’ to get them. The alternative is effectively to brick my phone.
It’s a scandal, and law makers the world over are not getting a grip.@KimSJ
The lawmakers do have a grip. They are part of it. Do you think it's a coincidence that "age" (identity) verification is suddenly being pushed by politicians all over the world at the same time?Something big is happening behind the scenes. Who of the lawmakers are movers and who are mere pieces is still unclear to me.
@EverydayMoggie @noodlemaz @Ivovanwilligen
