Verified LinkedIn users data is shared in shocking ways, report claims

Source: Mashable Tech

Overview

Thinking of verifying your LinkedIn account to get the coveted blue checkmark badge? You may want to hear this first.

Background

An observant anonymous user warned that LinkedIn—owned by Microsoft—uses a third‑party verification service that shares users’ data with other companies. The verification process is carried out by a vendor called Persona.

Inc highlighted a story posted on The Local Stack, a blog that covers “surveillance capitalism” from an individual who goes by the name “rogi.”

What Persona Collects

According to rogi’s investigation, Persona accessed the following data during the LinkedIn verification process:

• Full name
• Passport photo
• Selfie and facial biometric data
• NFC chip data (information stored on the passport chip)
• Nationality, sex, birthday, age
• Email and phone number
• Physical address
• IP address and geolocation
• Device type, MAC address, browser, OS version, language

Persona also reportedly utilized “hesitation detection,” tracking how long it took rogi to complete the process, where he paused, and detecting copy‑and‑paste actions.

Data Sharing and Sub‑Processors

Rogi claimed that the collected data is shared not only with LinkedIn and Persona but also with Persona’s global network of data partners, which includes third‑party vendors (sub‑processors). If requested, Persona may hand over data to law enforcement, according to its terms of service.

Listed sub‑processors include:

• Amazon Web Services (AWS)
• Google Cloud Platform
• AI companies such as OpenAI and Anthropic

Response from Persona

After the post went viral, Persona’s co‑founder and CEO Rick Song addressed the report in a LinkedIn comment:

“No personal data processed is used for AI/model training. Data is exclusively used to confirm your identity.”

Song also stated:

• All biometric data is deleted right after processing.
• All other personal data is deleted within 30 days.
• The inclusion of AI companies on Persona’s sub‑processor page is a superset of all possible sub‑processors across customers; individual customers select which products (and thus which sub‑processors) are used.

“We are adding a clarification to this list to make this clearer in the future.”

In other words, a company’s presence on the sub‑processor list does not automatically mean that LinkedIn user data is shared with it.

Additional Concerns

Persona’s growing usage among popular platforms has drawn scrutiny:

• A recent security researcher report highlighted that Persona performed “269 individual verification checks” on Discord users. (Source: VMFUNC blog and PC Gamer).
• Privacy watchdogs have expressed concern over biometric ID systems backed by investors such as Peter Thiel, co‑founder of Palantir and a major investor in Persona. (Source: Open Rights Group press release).

Conclusion

LinkedIn’s verification process, powered by Persona, collects extensive personal and biometric data and may share it with a broad network of third‑party partners. While Persona asserts that data is deleted promptly and not used for AI training, the presence of numerous sub‑processors—including major cloud and AI providers—raises privacy concerns. Mashable has reached out to LinkedIn and Persona for comment and will update the story if a response is received.