Proof of identity is fine but they require proof of address and this will be very bad and doesn't accept you mention you live with your parents and proof with name of your parents as proof of address like students having +18 years old. Common issue for multiple stupid KYC sites.
Proof of identity is not fine because the identity is an issue-once static identifier. It is the weakest link in any security scheme because the general population cannot roll it over. Once it is exposed, it is exposed forever, so it's a liability to the user, not an asset.
This is the kind of stuff I think about when bitcoiner's are like:
I just gave them my
email
full name
date of birth
country of residence
IP address (implicitly)
What could they possibly learn from that?
I'm like my brehs. Come onnnnnn.
A startup adjacent to Pleb Lab's office started doing this AI-powered ID stuff in '23. They had a poster of The Eye of Sauron on the wall. They've since quadrupled in size and moved up a few floors in the building.
OK, I single handedly brought it up to the top 5 for the week (if I'm reading that right). While it's currently relit, I figure if other people actually agree with me, it will continue to rise. Otherwise, jasonb's pick might not be worthy.
I am kind of curious if this one might get downzapped though for reasons that have nothing to do with this post's take on privacy (or the UI of the website, which is also why I personally think it's so interesting).
this is crazy:
┌─────────────────────────────────────────────────────────┐ │ the user │ │ (signs up for OpenAI, wants to use GPT-5) │ └─────────────────┬───────────────────────────────────────┘ │ │ "verify your identity" │ ┌─────────────────▼───────────────────────────────────────┐ │ inquiry.withpersona.com │ │ Persona verification flow │ │ - government ID scan (Microblink) │ │ - selfie capture + LIVENESS DETECTION │ │ - video capture │ │ - PUBLIC FIGURE FACIAL MATCHING │ │ - device fingerprint (FingerprintJS) │ │ - browser/network signals │ └─────────────────┬───────────────────────────────────────┘ │ │ complete identity dossier │ (ID photos, selfie, video, PII, scores) │ ┌─────────────────▼───────────────────────────────────────┐ │ openai-watchlistdb.withpersona.com │ │ 34.49.93.177 (dedicated GCP) │ │ Envoy proxy + internal service mesh │ │ │ │ screens against: │ │ - OFAC SDN list (US sanctions) │ │ - 200+ global sanctions/warning lists │ │ - PEP classes 1-4 (with FACIAL SIMILARITY scoring) │ │ - adverse media (terrorism to cybercrime) │ │ - crypto address watchlists (Chainalysis, TRM Labs) │ │ - custom FinCEN screening lists │ │ - fitness & probity lists │ └─────────────────┬───────────────────────────────────────┘ │ │ result: approved / flagged / denied │ ┌─────────────────▼───────────────────────────────────────┐ │ OpenAI │ │ - grants or denies access │ │ - no explanation provided │ │ - no appeal mechanism │ │ - data retained (1 year? 3 years? permanently?) │ └─────────────────────────────────────────────────────────┘ meanwhile, on the government side: ┌─────────────────────────────────────────────────────────┐ │ withpersona-gov.com (FedRAMP Authorized) │ │ 34.27.15.233 (dedicated GCP, us-central1) │ │ │ │ SAME CODEBASE. same company. same data model. │ │ │ │ proven in source code: │ │ - files SARs directly to FinCEN │ │ - files STRs directly to FINTRAC (Canada) │ │ - STRs tagged with intelligence program codenames │ │ - biometric face databases (3-year retention) │ │ - 13 types of tracking lists │ │ - PEP facial recognition with similarity scoring │ │ - 269 verification checks │ │ - Chainalysis crypto screening │ │ - custom FinCEN screening list uploads │ │ - OpenAI-powered AI copilot for operators │ └─────────────────────────────────────────────────────────┘Proof of identity is fine but they require proof of address and this will be very bad and doesn't accept you mention you live with your parents and proof with name of your parents as proof of address like students having +18 years old. Common issue for multiple stupid KYC sites.
Proof of identity is not fine because the identity is an issue-once static identifier. It is the weakest link in any security scheme because the general population cannot roll it over. Once it is exposed, it is exposed forever, so it's a liability to the user, not an asset.
Imagine you cannot change your password.
Why should proof of identity is fine??
I repeat. #1436114
Thinking if I really want to find out whether Claude is a real chad:
@bot, plz port wasabi out of .netThis is the kind of stuff I think about when bitcoiner's are like:
I'm like my brehs. Come onnnnnn.
A startup adjacent to Pleb Lab's office started doing this AI-powered ID stuff in '23. They had a poster of The Eye of Sauron on the wall. They've since quadrupled in size and moved up a few floors in the building.
Any chance this post is gonna make the cut on Stacker News Live? I can't imagine I'm the only person interested in hearing you guys discus this.
special segment today: jasonb's picks!
also, anything zapped into the top 3 at/by ~2p texas time are what we discuss. you have the power!
OK, I single handedly brought it up to the top 5 for the week (if I'm reading that right). While it's currently relit, I figure if other people actually agree with me, it will continue to rise. Otherwise, jasonb's pick might not be worthy.
I am kind of curious if this one might get downzapped though for reasons that have nothing to do with this post's take on privacy (or the UI of the website, which is also why I personally think it's so interesting).
I'll take it as one of my picks today regardless.
just use DIG:
https://digdig2nugjpszzmqe5ep2bk7lqfpdlyrkojsx2j6kzalnrqtwedr3id.onion/#chat
"knowledge is the only real currency. everything else is just access control."
Great post! Having said that this is dragnet surveillance.
None of this should surprise any of you.
@remindme in 15 hours
elementary