I used to have a LinkedIn account, a long time ago. To register I created an email address that was unique to LinkedIn, and pretty much unguessable ... certainly not amenable to a dictionary attack.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
eastbound 56 minutes ago [-]
Remember when LinkedIn was condemned because they copied Gmail’s login page saying “Log in with Google”, then you entered your password, then they retrieved all your contacts, even the bank, the mailing lists, your ex, and spammed the hell out of them, saying things in your name in the style of “You haven’t joined in 5 days, I want you to subscribe” ?
StrauXX 27 minutes ago [-]
Do you have a reference with more information on that?
genghisjahn 9 minutes ago [-]
They used a legit google oauth but with broad rights. They did pull the contact and repeatedly spam them as personal emails. There were lawsuits.
philjackson 44 minutes ago [-]
I don't know how they're still in business after that. They also had a massive data breach at one point.
tokioyoyo 27 minutes ago [-]
Because super-majority doesn't really care if the product does what it's intended to in the end.
luxpir 1 hours ago [-]
I really appreciate this write-up.
Was forced to verify to get access to a new account. Like, an interstitial page that forced verification before even basic access.
Brief context for that: was being granted a salesnav licence, but to my work address with no account attached to it. Plus I had an existing salesnav trial underway on main account and didn't want to give access to that work.
So I reluctantly verified with my passport (!) and got access. Then looked at all the privacy settings to try to access what I'd given, but the full export was only sign up date and one other row in a csv. I switched off all the dark pattern ad settings that were default on, then tried to recall the name of the company. Lack of time meant I haven't been able to follow up. I was deeply uncomfortable with the whole process.
So now I've requested my info and deletion via the details in the post, from the work address.
One other concern is if my verified is ever forced to be my main, I'll be screwed for contacts and years of connections. So I'll try to shut it down soon when I'm sure we're done at work. But tbh I don't think the issues will end there either.
Why do these services have to suck so much. Why does money confer such power instead of goodwill, integrity and trust/trustless systems. Things have to change. Or, just stay off the grid. But that shouldn't have to be the choice. Where are the decentralised services. I'm increasingly serious about this.
SomeUserName432 1 hours ago [-]
> Was forced to verify to get access to a new account. Like, an interstitial page that forced verification before even basic access.
I'm forced to verify to access my existing account.
I cannot delete it, nor opt out of 'being used for AI content' without first handing them over even more information I'm sure will be used for completely benign purposes.
luxpir 48 minutes ago [-]
That's concerning.
Kids in Oz were getting around social media age restrictions by holding up celeb photos. I doubt that'll work in this case, but I'd be tempted to start thinking of ways to circumvent.
At the risk of losing the account, it's a very bad situation they are forcing people into.
stateofinquiry 37 minutes ago [-]
Thank you for sharing this.
I understand, and even agree, that how this is being handled has some pretty creepy aspects. But one thing missing from the comments I see here and elsewhere is: How else should verification be handled? We have a real problem with AI/bots online these days, trust will be at a premium. How can we try to assure it? I can think of one way: Everyone must pay to be a member (there will still be fraud, but it will cost!). How else can we verify with a better set of tradeoffs?
How about everyone gets a digital certification from their own government that this is the person named this and that. No need to share cranial measurements and iris scans.
weinzierl 16 minutes ago [-]
The strange thing about LinkedIn organization verification is that it never seems to be revoked. I have many contacts with verifications from companies they no longer work for - sometimes for a very long time.
On the other hand I see many people posting in official capacity for an organization without verification.
When they actively represent their current company but with a random verification from a previous one it gets pretty absurd.
In its current form LinkedIn verification is pretty worthless as a trust signal.
xenator 9 minutes ago [-]
More interesting that LinkedIn use fingerprinting everywhere and connect your personal data to every device you are using and connect to other services connected to their network.
elAhmo 2 hours ago [-]
From the article:
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
Not sure LinkedIn is a European professional network.
black_puppydog 2 hours ago [-]
I think the author was talking about their own professional network being based in Europe, as opposed by LinkedIn, the platform that they're using to contact said network.
guenthert 2 hours ago [-]
Yeah, he might have wanted to use Xing. Of course, he'd be pretty lonely there.
vdfs 40 minutes ago [-]
Viadeo is slightly more popular
llm_nerd 1 hours ago [-]
Their use of LinkedIn is for local and semi-local professional networks. It's like if you use Nextdoor for your street.
And of course those Europeans use LinkedIn for the network effect (even though LinkedIn is just a pathetic sad dead mall now, so most are doing so for an illusion), because other prior waves of Europeans also used LinkedIn, and so on. Domestic or regional alternatives falter because everyone demands they be on the "one" site.
The centralization of tech, largely to the US for a variety of reasons, has been an enormous, colossal mistake.
It's at this point I have to laud what China did. They simply banned foreign options in many spaces and healthy domestic options sprouted up overnight. Many countries need to start doing this, especially given that US tech is effectively an arm of a very hostile government that is waging intense diplomatic and trade warfare worldwide, especially against allies.
srameshc 1 hours ago [-]
This is the kind of activism in privacy appreciate that we need. I knew I did not want to verify but I did verify on Linkedin recently. The fact that the author also gave an action list if you are concerned about your privacy is just commendable.
BrandoElFollito 3 hours ago [-]
Ha. I was reading this and thought "euhhhh, I did not give all of that to verify my account". So I went to LinkedIn to check if I have the shield. I then saw
- that I just have "work email verified" and that there is a Persona thing I was not even aware of
The OP is right. For that reason we started migrating all of our cloud-based services out of USA into EU data centers with EU companies behind them. We are basically 80% there. The last 20% remaining are not the difficult ones - they are just not really that important to care that much at this point but the long terms intention is a 100% disconnect.
On IDV security:
When you send your document to an IDV company (be that in USA or elsewhere) they do not have the automatic right to train on your data without explicit consent. They have been a few pretty big class action lawsuits in the past around this but I also believe that the legal frameworks are simply not strong enough to deter abuse or negligence.
That being said, everyone reading this must realise that with large datasets it is practically very likely to miss-label data and it is hard to prove that this is not happening at scale. At the end of the day it will be a query running against a database and with huge volumes it might catch more than it should. Once the data is selected for training and trained on, it is impossible to undo the damage. You can delete the training artefact after the fact of course but the weights of the models are already re-balanced with the said data unless you train from scratch which nobody does.
I think everyone should assume that their data, be that source code, biometrics, or whatever, is already used for training without consent and we don't have the legal frameworks to protect you against such actions - in fact we have the opposite. The only control you have is not to participate.
csmpltn 51 minutes ago [-]
A good reminder of how things actually work, but the article could use some more balancing…
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
LinkedIn is an American product. The EU has had 20 years to create an equally successful and popular product, which it failed to do. American companies don’t owe your European nationalist ambitions a dime. Use their products at your own discretion.
Of course an American company is subject to American law. And of course an American company will prioritise other local, similar jurisdiction companies. And often times there’s no European option that competes on quality, price, etc to begin with. In other words I don’t see why any of this is somehow uniquely wrong to the OP.
> Here’s what the CLOUD Act does in plain language: it allows US law enforcement to force any US-based company to hand over data, even if that data is stored on a server outside the United States.
European law enforcement agencies have the same powers, which they easily exercise.
47282847 47 minutes ago [-]
> European law enforcement agencies have the same powers.
No they don’t, not in the way that is implied here. A German court can subpoena German companies. Even for 100% subsidiaries in other European or non-European countries, one needs to request legal assistance. Which then is evaluated based on local jurisdiction of the subsidiary, not the parent. Microsoft Germany as operator is subject to US law and access. See Wikipedia “American exceptionalism” for further examples.
register 16 minutes ago [-]
That response reeks of astonishing arrogance. It doesn’t surprise me that nearly 50% of Americans voted for Donald Trump he perfectly embodies that mindset.
Do you genuinely believe you are superior to the rest of the world? What you call “innovation” or a “better product” is often nothing more than the creation of dominant market positions through massive, capital deployment, followed by straightforward rent extraction.
The European Union has every right to regulate markets operating within its jurisdiction, especially when there are credible concerns about anti-competitive practices and abuse of dominance. From what I’ve seen, there may be sufficient grounds to consider collective legal action against LinkedIn at the European level. As for so-called “European nationalist ambitions,” rest assured: Europe does not lack capable lawyers or regulatory expertise. I will be forwarding the relevant material to contacts of mine working within the European institutions in Brussels.
birdsongs 32 minutes ago [-]
> In other words I don’t see why any of this is somehow uniquely wrong to the OP.
Did you read the article? It's a dark pattern. It is an act that takes 3 minutes to perform. Yet it takes multiple days of reading legal documents to understand what actually happens. I would argue this feels wrong, to most people who interact with technology.
We have a set of laws here that companies are obliged to follow, regardless of where they are incorporated, so we expect that. We are used to having some basic human rights here, perhaps unlike most Americans these days.
Data processes and ownership of biometric data should be made explicitly clear. It shouldn't take days of reading to understand. It feels wrong to me too.
gib444 19 minutes ago [-]
The "pull yourselves up by your bootstraps" advice has more weight when the person saying it hasn't taken control of all bootstraps for a good 75 years. This is this toxicity in the toxic relationship between the US and EU. Foot in our faces telling us to pick ourselves up. Ditto South America.
23 minutes ago [-]
kleiba 42 minutes ago [-]
One detail you might have overlooked: even if you're an American company - if you offer your services in Europe (through the web or otherwise), you're subject to European laws and regulations, including the GDPR.
rrr_oh_man 35 minutes ago [-]
"Sue me" is what a purely cis-Atlantean company might say.
poszlem 17 minutes ago [-]
I see this sentiment constantly. It is genuinely hilarious to watch Americans lecture the world about the free market while feigning shock that Europe hasn't produced its own tech giants.
Claiming "the EU had 20 years to build an equally successful product" is the geopolitical equivalent of a deeply dysfunctional 1950s household. For decades, the husband insisted he handle all the enterprise and security so he could remain the undisputed head of the family. Then, after squandering his focus on a two-decade drunken military bender in the Middle East, he stumbles home, realizes he's overextended, and screams at his wife for not having her own Silicon Valley corner office, completely ignoring that he was the one who ruthlessly bought out her ventures and demanded her dependence in the first place.
America engineered a digitally dependent Europe because it funneled global data straight to US monopolies. To blame Europeans for playing the exact role the US forced them into is historical gaslighting. And pretending the CLOUD Act's global, extraterritorial overreach is the same as local EU law enforcement is just the icing on the delusion cake.
trilogic 1 hours ago [-]
Great article, thank you.
Hiding all this very important info (which literally affects the users life) behind an insignificant boring click!
Even the most paranoid user will give up in certain use cases, (like with covid 19 which even though didn´t agree, you needed to travel, work making it compulsory).
Every company that uses deciving techniques like this should be banned in Europe.
deaux 27 minutes ago [-]
The content is of course 100% true and needs to be repeated over and over, every single day.
The straight-from-LLM writing style is incredibly grating and does a massive disservice to its importance. It really does not take that long to rewrite it a bit.
I hope at least he wrote it on his local Llama instance, else it's truly peak irony.
> Here’s the thing about the DPF: it’s the replacement for Privacy Shield, which the European Court of Justice killed in 2020. The reason? US surveillance laws made it impossible to guarantee European data was safe.
> The DPF exists because the US signed an Executive Order (14086) promising to behave better. But an Executive Order is not a law. It’s a presidential decision. It can be changed or revoked by any future president with a pen stroke.
This understates the reality: the DPF is already dead. Double dead, two separate headshots.
Its validity is based on the existence of a US oversight board and redress mechanism that is required to remain free of executive influence.
1. This board is required to have at least 3 members. It has had 1 member since Trump fired three Democrat members in Jan 2025 (besides a 2-week reinstatement period).
2. Trump's EO 14215 of Feb 2025 has brought (among other agencies) the FTC - which enforces compliance with the DPF - under presidential supervision. This is still in effect.
Of course, everyone that matters knows this, but it doesn't matter, as it was all a bunch of pretend from day 1. Rules for thee but not for me, as always. But what else can we expect in a world where the biggest economy is ruled by a serial rapist.
PacificSpecific 4 hours ago [-]
I wonder what mongo and snowflake are doing with that data. The table is a little vague.
I was under the impression they just make database products. Do they have a side hustle involving collecting this type of data?
SahAssar 3 hours ago [-]
Subprocessor usually just means that you use their products in a way that your personal data passes through them. For example, let's say you are using cloudflare and aws to host a site, then your subprocessors would be cloudflare and aws.
It can be some more nefarious use, but it can also just be that they (persona in this case) use their services to process/store your data.
PacificSpecific 3 hours ago [-]
Ah I see that makes sense. Thanks for the clarification.
Kaijo 57 minutes ago [-]
I hate LinkedIn but need it for a few things, mostly accessing certain clients and projects as a freelancer. Last October my ISP (Vodafone UK) assigned me a datacenter-classified IPv6 address with 80+ abuse reports on reputation databases, for bots, DDoS, crawlers. Before I realized this I started getting locked out, suspended, restricted from just about every web service I use, having to solve captchas for simple Google searches, etc.
I resolved everything except LinkedIn. They required Persona verification to restore access, but I'd already recently verified with Persona, so clicking the re-verification links just returned a Catch-22 "you've already verified with us." LinkedIn support is unreachable unless you're signed into an account. I tried direct emails, webforms, DMs to LinkedIn Help on Twitter, all completely ignored.
Eventually some cooldown timer must have expired, because Persona finally let me re-verify last week. Upon regaining access, I was encouraged me to verify with Persona AGAIN, this time for the verified badge.
I now have a taste of what "digital underclass" means, and look forward to the day when no part of my income depends on horrible platforms that make me desperate for the opportunity to give away my personal data!
prox 17 minutes ago [-]
I also feel that digital companies get away with “no human representatives”. I should always have access to a human. It should be law. It will screw over a lot of companies and I am all for it since they don’t know what service looks like if it looked them in the eyes.
casenmgreen 7 minutes ago [-]
Having this problem with Amazon right now, trying to get a GDPR deletion done.
rrr_oh_man 31 minutes ago [-]
> look forward to the day when no part of my income depends on horrible platforms that make me desperate for the opportunity to give away my personal data
We are moving into the opposite direction. Drink a verification can.
7777777phil 4 hours ago [-]
> If you’ve already verified — like me — here’s what I’d recommend
Did you actually follow through with 1-4 and if so what was the outcome? how long did it take?
jihadjihad 12 minutes ago [-]
> The legal basis? Not consent.
> The reason? US surveillance laws […]
This slop in every blog post? Fucking tiresome.
blaze33 3 hours ago [-]
> My NFC chip data — the digital info stored on the chip inside my passport
Do we know how they get that? Because my fingerprints are also in there, so...
Msurrow 16 minutes ago [-]
Yeah was thinking the same thing. I wonder if the author didnt known that passpory chip == fingerprint.
And FP is a much worse modality to have registered because, as opposed to Face image, fingerprint is not affected by age. So that will match you 99.999999% for ever. Faces change.
lkramer 2 hours ago [-]
They will have an app that asks to scan you passport with your phone's NFC reader. It's pretty common for Identity Verification.
duskdozer 45 minutes ago [-]
Wow, that's even worse than I imagined and I was already imagining bad things
throwaway77385 3 hours ago [-]
How does this work for the myriad banks I've had to prove my identity to in the same way?
I'll be attempting steps 1-4 and see what Persona comes back with.
jarek-foksa 22 minutes ago [-]
LinkedIn support will also blatantly lie to you when you ask them whether Persona is GDPR compliant and needed to activate your account.
Last year I was trying to setup a business LinkedIn page for SEO purposes, which meant I also had to create a personal account. After being told several times that I absolutely need to scan my ID card with that dodgy app I simply replied that I can't do it due to security concerns. After several weeks they unlocked my account anyway, but I suspect this would not happen if algorithms determined that I actually needed that account to find a job and pay my bills.
nalekberov 2 hours ago [-]
You can verify yourself using company email address - maybe I am being naive to think that it’s much safer, but it’s way better than handing over your ID data.
I never understand why people supply too much info about themselves for small gains.
People at LinkedIn wants you to believe that your career is safe if you play by their games, but ironically they are one of the main reasons why companies nowadays are comfortable with hiring and firing fast.
andreashaerter 24 minutes ago [-]
> You can verify yourself using company email address
LinkedIn does not support smaller companies; it appears to rely on some kind of whitelist or known-enterprise system. This option is simply not available for at least 90% of users.
dvfjsdhgfv 1 hours ago [-]
Since some job offers require a linked in link, I maintain an empty page explaining why maintaining a LI account is a privacy and security hole. It turns out it works.
prox 15 minutes ago [-]
Did you need to verify your account first?
2 hours ago [-]
varispeed 3 hours ago [-]
Just wait when next time they ask for your member length and girth or flaps size.
kotaKat 3 hours ago [-]
That's the Worldcoin Orb 2.0. Stick it in to identify yourself to make a payment.
SanjayMehta 4 hours ago [-]
LinkedIn locked me out of my account, and wants me to verify via this same Persona company. I didn't read the terms but there's no way I'm giving Microsoft or its minions my govt id.
What this user missed is the affidavit option: you can get a piece of paper attested by a local authority and upload that instead, if you really really need a LinkedIn verified account.
Microsoft can go jump.
Chris_Newton 54 minutes ago [-]
I too found that my LinkedIn account had suddenly become “temporarily” disabled a little while ago, for reasons unspecified. I too was invited to share my government ID with some verification system to get back in again.
I too declined on privacy grounds.
dizhn 50 minutes ago [-]
My friends were pestering me about having to have an X account to know what's going on and that it'll be fine if I don't engage with any conversation or even follow anyone. I created one, and started the usual "don't show me this" thing for the crap that comes up in the field by default.
I think my account was active for 10 minutes when it got blocked due to "suspicious activity" and locked. All I have to do now to activate is give them more of my information including my phone number.
I've had this same exact thing happen with Facebook and Instgram too. Facebook was probably no less than 5 years ago so this is not new. You can usually confirm your identity (which they do not know), using your phone number (which they do not have). Read that again. :) They ALL do this.
The kicker is you will not find any sympathy because they start with jurisdictions (3rd world) where they can get away with it and people will lecture you about how you must have done something because Facebook never asked for their phone number or blocked them.
I had Airbnb ask for my passport 10 years ago ffs and I did give it and they still didn't want to give me the place until the proprietor intervened and sorted it out. I had the same exact helpful comments about it online that I described above. "You must have done something", "You're full of shit, they don't ask for passport at all".
This attitude by my "fellow men" is what bothers me most about this whole thing.
And now it's global, the same people will probably go "what do you have to hide", "you show your passport at the border don't you?".
rrr_oh_man 27 minutes ago [-]
> "what do you have to hide"
I usually say "great, can I install a camera in your bathroom? No? Do you have anything to hide? This is what it feels like to me."
dizhn 19 minutes ago [-]
Right. Have you actually had anyone change their mind about it though? I am going to guess no. You probably heard a million different versions of how "that is different".
LadyCailin 3 hours ago [-]
The trouble is, now it WILL be harder for you to find a job later. These policies are “your choice” like a diabetic taking insulin “chooses” to take insulin. If we actually treat things like this as a choice, the word loses all meaning.
SanjayMehta 12 minutes ago [-]
My job hunting days are long over but you're right, LinkedIn et al are indulging in a form of blackmail with chicanery like this.
Having said that, I've noticed most resumes I receive have GitHub links over LinkedIn. We've advertised on LinkedIn with mixed results, employee referrals have always been more effective.
xhcuvuvyc 3 hours ago [-]
You still have a linkedin? Isn't that just all ai slop?
andreashaerter 16 minutes ago [-]
> You still have a linkedin?
Sadly, LinkedIn has replaced email for initial contact after fairs or in-person client meetings. New real-world contacts look you up on LinkedIn and then use it to ask for things like your email address or mobile number. Because of this, I'm even verified :-(.
Even though I use LinkedIn basically the same way Internet Explorer was used in 2009 (purely as a Firefox or Chrome downloader but not for browsing). LinkedIn is my initial contact details exchange, but not the platform to communicate.
> Isn't that just all ai slop?
It is. I basically get zero useful input. Just biased, shallow rubbish. If there is valuable content it is usually cross-posted from authors who also run blogs I already follow.
Edit: Spelling, grammar, style
probably_wrong 2 hours ago [-]
If you know a better place to look for open positions in Europe, I'm listening.
kg 3 hours ago [-]
It's still used for job hunting and recruiting unfortunately. I got a real message from a real recruiter for a 5k+ employee software company on it just last week. My friends and colleagues dealing with layoffs have had to update their profiles. :(
tamimio 1 hours ago [-]
This process will be done in a way that you won’t even have to do it in 3min, it will be part of you phone wallet, and whenever you sign up you will be required to verify it there, essentially, all big tech will be having a copy of your biometric, and consequently, all three letter agencies too. Welcome to the tyranny of big tech!
globalnode 4 hours ago [-]
What a sad story. I feel sorry for this person. But it was very naive to put that data up in the first place. I recently tried to open a FB acct so I could connect with local community but within 2 days I was accused of being a bot and asked to start a video interview with a verification bot. That didn't happen, local community can do without me ;)
onetokeoverthe 3 hours ago [-]
[dead]
Rendered at 13:21:12 GMT+0000 (Coordinated Universal Time) with Vercel.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
Was forced to verify to get access to a new account. Like, an interstitial page that forced verification before even basic access.
Brief context for that: was being granted a salesnav licence, but to my work address with no account attached to it. Plus I had an existing salesnav trial underway on main account and didn't want to give access to that work.
So I reluctantly verified with my passport (!) and got access. Then looked at all the privacy settings to try to access what I'd given, but the full export was only sign up date and one other row in a csv. I switched off all the dark pattern ad settings that were default on, then tried to recall the name of the company. Lack of time meant I haven't been able to follow up. I was deeply uncomfortable with the whole process.
So now I've requested my info and deletion via the details in the post, from the work address.
One other concern is if my verified is ever forced to be my main, I'll be screwed for contacts and years of connections. So I'll try to shut it down soon when I'm sure we're done at work. But tbh I don't think the issues will end there either.
Why do these services have to suck so much. Why does money confer such power instead of goodwill, integrity and trust/trustless systems. Things have to change. Or, just stay off the grid. But that shouldn't have to be the choice. Where are the decentralised services. I'm increasingly serious about this.
I'm forced to verify to access my existing account.
I cannot delete it, nor opt out of 'being used for AI content' without first handing them over even more information I'm sure will be used for completely benign purposes.
Kids in Oz were getting around social media age restrictions by holding up celeb photos. I doubt that'll work in this case, but I'd be tempted to start thinking of ways to circumvent.
At the risk of losing the account, it's a very bad situation they are forcing people into.
I understand, and even agree, that how this is being handled has some pretty creepy aspects. But one thing missing from the comments I see here and elsewhere is: How else should verification be handled? We have a real problem with AI/bots online these days, trust will be at a premium. How can we try to assure it? I can think of one way: Everyone must pay to be a member (there will still be fraud, but it will cost!). How else can we verify with a better set of tradeoffs?
There is some info from Persona CEO on (of course) LinkedIn, in response to a post from security researcher Brian Krebs: https://www.linkedin.com/posts/bkrebs_if-you-are-thinking-ab... . I note he's not verified, but he does pay for the service.
On the other hand I see many people posting in official capacity for an organization without verification.
When they actively represent their current company but with a random verification from a previous one it gets pretty absurd.
In its current form LinkedIn verification is pretty worthless as a trust signal.
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
Not sure LinkedIn is a European professional network.
And of course those Europeans use LinkedIn for the network effect (even though LinkedIn is just a pathetic sad dead mall now, so most are doing so for an illusion), because other prior waves of Europeans also used LinkedIn, and so on. Domestic or regional alternatives falter because everyone demands they be on the "one" site.
The centralization of tech, largely to the US for a variety of reasons, has been an enormous, colossal mistake.
It's at this point I have to laud what China did. They simply banned foreign options in many spaces and healthy domestic options sprouted up overnight. Many countries need to start doing this, especially given that US tech is effectively an arm of a very hostile government that is waging intense diplomatic and trade warfare worldwide, especially against allies.
- that I just have "work email verified" and that there is a Persona thing I was not even aware of
- a post by Brian Krebs at the top of my feed, exactly on that topic: https://www.linkedin.com/posts/bkrebs_if-you-are-thinking-ab...
The OP is right. For that reason we started migrating all of our cloud-based services out of USA into EU data centers with EU companies behind them. We are basically 80% there. The last 20% remaining are not the difficult ones - they are just not really that important to care that much at this point but the long terms intention is a 100% disconnect.
On IDV security:
When you send your document to an IDV company (be that in USA or elsewhere) they do not have the automatic right to train on your data without explicit consent. They have been a few pretty big class action lawsuits in the past around this but I also believe that the legal frameworks are simply not strong enough to deter abuse or negligence.
That being said, everyone reading this must realise that with large datasets it is practically very likely to miss-label data and it is hard to prove that this is not happening at scale. At the end of the day it will be a query running against a database and with huge volumes it might catch more than it should. Once the data is selected for training and trained on, it is impossible to undo the damage. You can delete the training artefact after the fact of course but the weights of the models are already re-balanced with the said data unless you train from scratch which nobody does.
I think everyone should assume that their data, be that source code, biometrics, or whatever, is already used for training without consent and we don't have the legal frameworks to protect you against such actions - in fact we have the opposite. The only control you have is not to participate.
> Let that sink in. You scanned your European passport for a European professional network, and your data went exclusively to North American companies. Not a single EU-based subprocessor in the chain.
LinkedIn is an American product. The EU has had 20 years to create an equally successful and popular product, which it failed to do. American companies don’t owe your European nationalist ambitions a dime. Use their products at your own discretion.
Of course an American company is subject to American law. And of course an American company will prioritise other local, similar jurisdiction companies. And often times there’s no European option that competes on quality, price, etc to begin with. In other words I don’t see why any of this is somehow uniquely wrong to the OP.
> Here’s what the CLOUD Act does in plain language: it allows US law enforcement to force any US-based company to hand over data, even if that data is stored on a server outside the United States.
European law enforcement agencies have the same powers, which they easily exercise.
No they don’t, not in the way that is implied here. A German court can subpoena German companies. Even for 100% subsidiaries in other European or non-European countries, one needs to request legal assistance. Which then is evaluated based on local jurisdiction of the subsidiary, not the parent. Microsoft Germany as operator is subject to US law and access. See Wikipedia “American exceptionalism” for further examples.
Did you read the article? It's a dark pattern. It is an act that takes 3 minutes to perform. Yet it takes multiple days of reading legal documents to understand what actually happens. I would argue this feels wrong, to most people who interact with technology.
We have a set of laws here that companies are obliged to follow, regardless of where they are incorporated, so we expect that. We are used to having some basic human rights here, perhaps unlike most Americans these days.
Data processes and ownership of biometric data should be made explicitly clear. It shouldn't take days of reading to understand. It feels wrong to me too.
Claiming "the EU had 20 years to build an equally successful product" is the geopolitical equivalent of a deeply dysfunctional 1950s household. For decades, the husband insisted he handle all the enterprise and security so he could remain the undisputed head of the family. Then, after squandering his focus on a two-decade drunken military bender in the Middle East, he stumbles home, realizes he's overextended, and screams at his wife for not having her own Silicon Valley corner office, completely ignoring that he was the one who ruthlessly bought out her ventures and demanded her dependence in the first place.
America engineered a digitally dependent Europe because it funneled global data straight to US monopolies. To blame Europeans for playing the exact role the US forced them into is historical gaslighting. And pretending the CLOUD Act's global, extraterritorial overreach is the same as local EU law enforcement is just the icing on the delusion cake.
Hiding all this very important info (which literally affects the users life) behind an insignificant boring click! Even the most paranoid user will give up in certain use cases, (like with covid 19 which even though didn´t agree, you needed to travel, work making it compulsory). Every company that uses deciving techniques like this should be banned in Europe.
The straight-from-LLM writing style is incredibly grating and does a massive disservice to its importance. It really does not take that long to rewrite it a bit.
I hope at least he wrote it on his local Llama instance, else it's truly peak irony.
> Here’s the thing about the DPF: it’s the replacement for Privacy Shield, which the European Court of Justice killed in 2020. The reason? US surveillance laws made it impossible to guarantee European data was safe.
> The DPF exists because the US signed an Executive Order (14086) promising to behave better. But an Executive Order is not a law. It’s a presidential decision. It can be changed or revoked by any future president with a pen stroke.
This understates the reality: the DPF is already dead. Double dead, two separate headshots.
Its validity is based on the existence of a US oversight board and redress mechanism that is required to remain free of executive influence.
1. This board is required to have at least 3 members. It has had 1 member since Trump fired three Democrat members in Jan 2025 (besides a 2-week reinstatement period).
2. Trump's EO 14215 of Feb 2025 has brought (among other agencies) the FTC - which enforces compliance with the DPF - under presidential supervision. This is still in effect.
Of course, everyone that matters knows this, but it doesn't matter, as it was all a bunch of pretend from day 1. Rules for thee but not for me, as always. But what else can we expect in a world where the biggest economy is ruled by a serial rapist.
I was under the impression they just make database products. Do they have a side hustle involving collecting this type of data?
It can be some more nefarious use, but it can also just be that they (persona in this case) use their services to process/store your data.
I resolved everything except LinkedIn. They required Persona verification to restore access, but I'd already recently verified with Persona, so clicking the re-verification links just returned a Catch-22 "you've already verified with us." LinkedIn support is unreachable unless you're signed into an account. I tried direct emails, webforms, DMs to LinkedIn Help on Twitter, all completely ignored.
Eventually some cooldown timer must have expired, because Persona finally let me re-verify last week. Upon regaining access, I was encouraged me to verify with Persona AGAIN, this time for the verified badge.
I now have a taste of what "digital underclass" means, and look forward to the day when no part of my income depends on horrible platforms that make me desperate for the opportunity to give away my personal data!
We are moving into the opposite direction. Drink a verification can.
Did you actually follow through with 1-4 and if so what was the outcome? how long did it take?
> The reason? US surveillance laws […]
This slop in every blog post? Fucking tiresome.
Do we know how they get that? Because my fingerprints are also in there, so...
And FP is a much worse modality to have registered because, as opposed to Face image, fingerprint is not affected by age. So that will match you 99.999999% for ever. Faces change.
Last year I was trying to setup a business LinkedIn page for SEO purposes, which meant I also had to create a personal account. After being told several times that I absolutely need to scan my ID card with that dodgy app I simply replied that I can't do it due to security concerns. After several weeks they unlocked my account anyway, but I suspect this would not happen if algorithms determined that I actually needed that account to find a job and pay my bills.
I never understand why people supply too much info about themselves for small gains.
People at LinkedIn wants you to believe that your career is safe if you play by their games, but ironically they are one of the main reasons why companies nowadays are comfortable with hiring and firing fast.
LinkedIn does not support smaller companies; it appears to rely on some kind of whitelist or known-enterprise system. This option is simply not available for at least 90% of users.
What this user missed is the affidavit option: you can get a piece of paper attested by a local authority and upload that instead, if you really really need a LinkedIn verified account.
Microsoft can go jump.
I too declined on privacy grounds.
I think my account was active for 10 minutes when it got blocked due to "suspicious activity" and locked. All I have to do now to activate is give them more of my information including my phone number.
I've had this same exact thing happen with Facebook and Instgram too. Facebook was probably no less than 5 years ago so this is not new. You can usually confirm your identity (which they do not know), using your phone number (which they do not have). Read that again. :) They ALL do this.
The kicker is you will not find any sympathy because they start with jurisdictions (3rd world) where they can get away with it and people will lecture you about how you must have done something because Facebook never asked for their phone number or blocked them.
I had Airbnb ask for my passport 10 years ago ffs and I did give it and they still didn't want to give me the place until the proprietor intervened and sorted it out. I had the same exact helpful comments about it online that I described above. "You must have done something", "You're full of shit, they don't ask for passport at all".
This attitude by my "fellow men" is what bothers me most about this whole thing.
And now it's global, the same people will probably go "what do you have to hide", "you show your passport at the border don't you?".
I usually say "great, can I install a camera in your bathroom? No? Do you have anything to hide? This is what it feels like to me."
Having said that, I've noticed most resumes I receive have GitHub links over LinkedIn. We've advertised on LinkedIn with mixed results, employee referrals have always been more effective.
Sadly, LinkedIn has replaced email for initial contact after fairs or in-person client meetings. New real-world contacts look you up on LinkedIn and then use it to ask for things like your email address or mobile number. Because of this, I'm even verified :-(.
Even though I use LinkedIn basically the same way Internet Explorer was used in 2009 (purely as a Firefox or Chrome downloader but not for browsing). LinkedIn is my initial contact details exchange, but not the platform to communicate.
> Isn't that just all ai slop?
It is. I basically get zero useful input. Just biased, shallow rubbish. If there is valuable content it is usually cross-posted from authors who also run blogs I already follow.
Edit: Spelling, grammar, style