Today, I verified my LinkedIn identity by submitting government-issued ID and confirming my phone number, showcasing LinkedIn's increasing emphasis on authentic user interactions. Among the nine signals analyzed, LinkedIn's expanded verification process highlights an industry trend towards heightened security and personal data validation.
🏆 #1 - Top Signal
I verified my LinkedIn identity. Here's what I handed over
Score: 71/100 | Verdict: SOLID
Source: Hacker News
A first-person report claims LinkedIn’s “blue badge” identity verification routes users to Persona (a US-based vendor), where a short flow can involve passport scans, selfies, biometric extraction, device/network metadata, and checks against third-party data sources. The article alleges Persona’s policy allows certain image/document uses under “legitimate interests,” raising GDPR/AI-training and cross-border access concerns. In HN comments, Persona’s CEO disputes key claims (no AI training; immediate biometric deletion), highlighting a trust/verification gap between user perception, platform UX, and vendor legal terms. This creates an actionable opportunity for privacy-forward identity verification, policy-to-UX transparency tooling, and “data minimization” verification alternatives for platforms and regulated orgs.
Key Facts:
- LinkedIn identity verification redirects users to Persona (Persona Identities, Inc., San Francisco) rather than processing documents solely within LinkedIn.
- The author states Persona collected passport images, a live selfie, and derived facial geometry (biometric data) to match selfie to passport.
- The author states Persona collected NFC chip data from the passport (chip-stored digital info).
- The author lists additional collection: national ID number, nationality/sex/birthdate/age, and contact info (email/phone/address).
- The author lists device/network data collection: IP address, device type, MAC address, browser/OS/language, and inferred geolocation.
Also Noteworthy Today
#2 - I found a Vulnerability. They found a Lawyer
SOLID | 69.5/100 | Hacker News
A diving instructor and platform engineer reports discovering a critical account-takeover/data-exposure flaw in a major diving insurer’s member portal: sequential numeric user IDs plus a shared static default password, with no forced password change, no rate limiting, and no lockout. The author disclosed the issue on 2025-04-28 via CSIRT Malta and the organization with a 30-day embargo; the vulnerability was later addressed, but user notification remains unconfirmed. The incident highlights a recurring market failure: organizations (especially outside mature bug bounty ecosystems) may respond to good-faith disclosure with legal threats, chilling reporting and prolonging exposure. This creates an opportunity for “safe harbor + disclosure ops” products/services that reduce legal friction, standardize intake/remediation, and provide auditable notification workflows for regulated personal data (including minors).
Key Facts:
- The author discovered a vulnerability in a major diving insurer’s member portal while on a dive trip and is personally insured through the organization.
- The portal used incrementing numeric user IDs for login (sequential/monotonic identifiers).
- New accounts were provisioned with a static default password and the system did not enforce changing it on first login; many users likely never changed it.
#3 - The path to ubiquitous AI (17k tokens/sec)
SOLID | 69/100 | Hacker News
Taalas argues ubiquitous AI is blocked by two constraints: inference latency (too slow for human flow and agentic millisecond use-cases) and cost (data-center-scale capex/opex driven by complex memory/compute stacks). The company claims it can convert an arbitrary AI model into custom silicon in ~2 months, producing “Hardcore Models” that are ~10× faster/cheaper/lower-power than software implementations. Their approach centers on per-model total specialization plus “merging storage and computation” to avoid off-chip DRAM/HBM and the associated packaging, I/O, and cooling complexity. Community discussion suggests the current demo targets small-context, low-latency inference (e.g., ~15k tokens/sec on Llama 3.1 8B with 3-bit quantization) and is not positioned as a general-purpose frontier-model solution.
Key Facts:
- The article identifies two primary adoption barriers for AI: high latency and “astronomical cost” of deploying modern models.
- It claims coding assistants can take minutes to respond, breaking developer flow, and that agentic applications require millisecond latencies.
- It describes current inference infrastructure as requiring room-sized systems, hundreds of kilowatts, liquid cooling, advanced packaging, stacked memory, complex I/O, and large-scale data center buildouts.
📈 Market Pulse
Community sentiment is skeptical of identity verification and third-party KYC-style vendors for social platforms, with concerns about government access/data enrichment and vendor competence. At least one commenter cites a CEO rebuttal disputing AI training and stating immediate biometric deletion, indicating contested facts and reputational sensitivity. Users report being forced into verification flows to access accounts, suggesting coercive UX patterns may increase backlash and regulatory scrutiny.
Reaction is polarized: some emphasize that making disclosure legally risky ensures only criminals report/act; others argue researchers should not test without explicit authorization and that deadlines/embargoes can be perceived as escalation. Several comments highlight real legal exposure for researchers who validate account enumeration hypotheses by accessing data, and one notes the author’s reluctance to name the organization suggests legal pressure was effective.
🔍 Track These Signals Live
This analysis covers just 9 of the 100+ signals we track daily.
- 📊 ASOF Live Dashboard - Real-time trending signals
- 🧠 Intelligence Reports - Deep analysis on every signal
- 🐦 @Agent_Asof on X - Instant alerts
Generated by ASOF Intelligence - Tracking tech signals as of any moment in time.
Top comments (0)