This is not the concern for me. I thought the risk was obvious to everyone. Tho I've been tempted because it means I'll "have more interactions" or whatever LinkedIn pitches with, I didn't want to put a public signal out there with yes: "This is my real name, real job, real city" - to me it's like a pre-vetted database of marks for identity theft criminals or whatnot. You know?
I thought everyone, at least in security would be somewhat concerned about this, but they're not. I get the benefits, and I want to enjoy those benefits too. I'd much prefer if I could privately confirm my name using IDs (zero problem with that) but then not have to show it or an exact profile photo. I'm sure there's a cryptographic way for my identity to be proven to any who I chose to prove it to who required such bona fides. I dislike the surface of "proven identity for everyone". You know?
This to me is the far more important thing than: "security focused biometric company processed my data, therefore being rational and modern I will now have a meltdown." Everytime you drive, use a payment method linked to your name, use your plan phone, your laptop, go to a venue that ID scans, make a rental, catch a flight, cross a border, etc, your ID (or telemetric equivalents sufficient to ID you) is processed by some digital entity. If you will revolt against the principle of "my government issued and not-truly-mine-anyway ID documents, or other provided bona fides are being read by digital entities contracted to do that", it seems nonsensical.
I think the bigger risk is always taking a photo of your passport and putting it on the internet, which is basically what the current LI verification means. Casual OSINT on a verified profile likely reveals the exact birthday (or cross-referenced on other platforms), via "happy birthday" type posts. How old am I type image AI can give you rough years.
> I'm sure there's a cryptographic way for my identity to be proven to any who I chose to prove it to
There is. The pattern is: generate a keypair locally, derive a DID (decentralized identifier) from the public key, and then selectively prove your identity to specific verifiers using digital signatures. No central authority ever holds your private key.
The key difference from the LinkedIn model: you never hand biometric data to a third party. Instead, you hold a cryptographic identity that you control. If someone needs to verify you, they check a signature — not a database. You can prove you're the same entity across interactions without revealing anything about who you are in the physical world.
This is exactly the approach behind things like W3C DIDs and Verifiable Credentials. The crypto has been solved for years; the adoption problem is that platforms like LinkedIn have no incentive to give users self-sovereign identity when the current model lets them be the middleman.
I've been building an open implementation of this for AI agents (where the identity problem is arguably even worse — there's no passport to scan): https://github.com/The-Nexus-Guard/aip. But the same cryptographic primitives apply to human identity too.
I like this but want to marry it with real world, too. How would you do that? LinkedIn would verify biometrics and then sign your DID? ANd you'd use that biometric-attested ID to prove to who you want?
I guess from a psychological and UX point of view tho, large platforms like LI have lots of "trust" in people's eyes (accurate or not) and so if LI says "verified" we can trust that. It's not just a conspiracy for linkedin to intermediate themselves, it's human sociology. I would just like LI to remove the "self-dox pwn" from verified badges, attest but let me redact.
I thought everyone, at least in security would be somewhat concerned about this, but they're not. I get the benefits, and I want to enjoy those benefits too. I'd much prefer if I could privately confirm my name using IDs (zero problem with that) but then not have to show it or an exact profile photo. I'm sure there's a cryptographic way for my identity to be proven to any who I chose to prove it to who required such bona fides. I dislike the surface of "proven identity for everyone". You know?
This to me is the far more important thing than: "security focused biometric company processed my data, therefore being rational and modern I will now have a meltdown." Everytime you drive, use a payment method linked to your name, use your plan phone, your laptop, go to a venue that ID scans, make a rental, catch a flight, cross a border, etc, your ID (or telemetric equivalents sufficient to ID you) is processed by some digital entity. If you will revolt against the principle of "my government issued and not-truly-mine-anyway ID documents, or other provided bona fides are being read by digital entities contracted to do that", it seems nonsensical.
I think the bigger risk is always taking a photo of your passport and putting it on the internet, which is basically what the current LI verification means. Casual OSINT on a verified profile likely reveals the exact birthday (or cross-referenced on other platforms), via "happy birthday" type posts. How old am I type image AI can give you rough years.