LinkedIn Verification: Don't Trust. Don't Verify.
This week: LinkedIn Verification is a verified privacy disaster; The EU Parliament blocks the AI barn door after the horse has bolted; And how one error cost a crypto firm $120 million.
3 - ‘Linked Verification’ is a verified privacy disaster.
“The whole thing took three minutes. Scan, selfie, done. [And] this is what [LinkedIn’s verification partner] collected… my passport, my selfie, my facial geometry, NFC chip data, behavioural biometrics, device data, and more. For a LinkedIn badge.”
Source: The Local Stack (via Brian Krebs)
What?
The Local Stack describes the implications of verifying your LinkedIn profile.
The process involves handing over passport data, live facial images, biometric identifiers, device and location data, and behavioural signals to a third party called Persona.
Your personal data is then cross‑referenced against external databases and, under the legal basis of “legitimate interests”, it is retained and used to improve Persona’s systems, including AI training.
The verification process took 3 minutes to upload all the requested data.
But it took far longer to review 34 pages of legal documentation to figure out what happens to the data.
So what?
All of this just to obtain a visual “verified” badge.
In security, the mantra is usually “Don’t trust. Verify.”
In this case, the better mantra would be:
“Don’t trust. Don’t verify.”
2 - EU Parliament blocks AI features on its devices
“The European Parliament has disabled AI features on the work devices of [MEPs] and their staff over cybersecurity and data protection concerns”
Source: Politico
What?
The European Parliament has disabled built‑in AI features on work devices used by MEPs and staff after its IT teams concluded they could not guarantee the security and data protection of those tools.
The concern is that many AI features rely on cloud processing, exporting data off the device to external service providers.
The block applies to functions such as writing assistants, summarisation tools, enhanced virtual assistants and webpage summaries.
Core services like email, calendars and document storage remain unaffected.
So what?
This is just the latest reflection of the changing nature of Europe’s faith in its US partner (and the private companies that are subject to US laws and the demands of the US administration).
I have one niggling question though:
If they don’t trust the AI tools built into their Microsoft 365 or Google Workspace environments because “Some of these features use cloud services to carry out tasks”, do they not realise that their emails, calendars, and documents are also stored in these same cloud services already?
Are they closing the barn door after the horse has bolted?
1 - Having a bad day? Someone else is having a badder one.
“A South Korean cryptocurrency exchange accidentally gave away more than USD $40 billion worth of bitcoin to customers, briefly making them multi-millionaires.”
Source: BBC (via Goeff Kates)
What?
South Korean crypto exchange Bithumb mistakenly sent each customer a reward of 2,000 bitcoins (worth about USD $ 130,000,000) instead of 2,000 South Korean won (worth about USD $1.40).
The error briefly made its users multi‑millionaires.
Bithumb says it spotted the error within 35 minutes and successfully recovered 99.7% of the wrongly issued bitcoin.
The firm insists there was no hacking and is now planning to make some system changes to avoid a similar error in the future.
So what?
It may have recovered 99.7% of the $40 billion.
But 0.3% of $40 billion is still USD $120 million dollars.
All because someone or something selected the wrong currency.
And there was no system prompt or internal process to ask ‘Are you really sure about this?’
If you’re having a tough time at work this week, just remember:
Someone else may be having a tougher time right now!