Post · Bonfire social

Post

#Persona, a Peter #Thiel of #Palantir fame funded provider of identity and age verification services for companies like #Discord and the entire #UK, left their code base open to the web. Of course they did.

Let’s look at what it does, shall we?

The platform performs 269 individual verification checks on user data, far beyond basic age verification.

#Surveillance: Persona’s system screens users against global watchlists, including those for #terrorism, #espionage, and politically exposed persons (#PEPs), using facial recognition and risk scoring. Researchers confirmed that the government-facing and consumer-facing versions of Persona use the same underlying code, suggesting a unified surveillance infrastructure.

Data Retention: Personal data including government ID, phone numbers, names, faces, selfies, IP addresses, browser fingerprints, and device fingerprints—is collected and retained for up to three years.
(1/2) edit hashtags, new info, typo

e_es

@e_es@chaos.social replied · 16 hours ago

@MissConstrue from Wikipedia: "Also in 2025, the popular game creation platform Roblox chose Persona to estimate player ages via a facial scan ... The scan was enforced to all users worldwide in 2026, stirring up extreme controversy with the playerbase."

Target Audience for Roblox are 10-year old!?

Spicy but not too Flamey

@PopTarts@gaygeek.social replied · 15 hours ago

@e_es @MissConstrue I'm surprised no one has rolled out #Fursona as a parody ID verification xD

MissConstrue

@MissConstrue@mefi.social replied · 14 hours ago

@PopTarts @e_es

I mean...what are we waiting for? #furries rule the #infosec world, if anyone can slap the code together it's that community. 😊

The front end is easy: page: Are you a furry? Do you have a name for your fursona? What is that name? <text entry field>

The backend is even easier, just a form response that says "Yep, that's who you say you are. Well done <insert fursona name>.

And then links to why Persona and all ID verification for online presence is bad. Fursona.tech is available, just sayin'. ;)

MissConstrue

@MissConstrue@mefi.social replied · 16 hours ago

@e_es Gotta start their files early, makes it easier to spot pre-crime, concha know.

Lord HeeHaw II

@hoare_spitall@mastodon.world replied · yesterday

@MissConstrue Surely that should be #thiel, or was it intentionally written that way?

MissConstrue

@MissConstrue@mefi.social replied · 19 hours ago

@hoare_spitall No, you’re correct. I get I and e backwards on so many names. I’ll fix. Thank you!

MissConstrue

@MissConstrue@mefi.social replied · yesterday

#Persona leak continued (2/2)

Integration with Government Systems: The platform is capable of filing Suspicious Activity Reports (#SARs) directly to #FinCEN (U.S. Treasury) and #FINTRAC (Canada), and integrates with blockchain analytics tools like #Chainalysis to monitor cryptocurrency addresses.

Suspicious Checks: Some checks, like "SelfieSuspiciousEntityDetection" and "SelfiePoseRepeatedDetection", lack clear definitions of what constitutes a "suspicious" face or repeated pose, raising concerns about bias and opacity.

This is a big deal. I’ve been telling y’all that age verification was just a way to gather intelligence.

https://www.therage.co/persona-age-verification/