TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

65% Positive

Analyzed from 2733 words in the discussion.

Trending Topics

#anthropic#persona#verification#data#claude#identity#credit#account#why#card

Discussion (89 Comments)Read Original on HackerNews

pajamasam1 day ago
Anthropic says they may not train their models using your data, but apparently Persona (the service they will use for identity verification) WILL according to https://thelocalstack.eu/posts/linkedin-identity-verificatio...

Persona also might send your data to 17 different subprocessors (16 if you exclude Anthropic itself).

redbell1 day ago
> Persona also might send your data to 17 different subprocessors

You reminded me of this submission from two months ago: I verified my LinkedIn identity. Here's what I handed over (https://news.ycombinator.com/item?id=47098245)

Imustaskforhelp1 day ago
Recently a few days back, I had to verify my Linkedin identity on a new account (I am 17 for context) and I used proton mail and Linkedin immediately blocked it and asked for verification

I legally couldn't verify because persona doesn't detect aadhaar card and their support system on twitter/mail whatever was incredibly bad so much so that it felt like copy-paste and I still haven't gotten the card. I have written about my experience too.

https://smileplease.mataroa.blog/blog/linkedin/ : (Title of this is) Linkedin's "final decision", restricting my account, making me feel unheard, Persona being Persona & the time I asked Linkedin support what 351/13 is to prove if they are human or not.

dinoqqq1 day ago
It's worrying that they don't specify in which cases they require identity checks.
wheybags1 day ago
Basically the only relevant question, and it's the one they didn't answer
esperent1 day ago
An equally valid question is "does the company you use for identify verification follow the same commitments with regards user privacy and selling/processing of user data as Anthropic itself?".

And the answer to that question is:

"Hell no! We used the cheapest, shadiest company we could find for that. They'll process and sell all your data. Thank you for continuing to be a valued Anthropic customer!".

daliusd1 day ago
I can guess at least one valid:

* preventing North Korea, China, Russian, Iran and etc. actors from accessing service. They absolutely use workarounds to access AI, e.g. I bet there are companies who are proxy between Anthropic and those countries.

I imagine there will be quite some false positives while identifying those.

a21281 day ago
This will do absolutely nothing to prevent those actors from accessing Claude... they already recruit young unemployed Americans to do proxy job interviews[0][1], etc. They'll just pay young unemployed Americans to do verification for them.

[0] https://www.tradingview.com/news/cointelegraph:6192f38e3094b...

[1] https://youtube.com/watch?v=QebpXFM1ha0

Wowfunhappy1 day ago
That sounds likely to increase their costs and create new opportunities to get caught. Not a silver bullet but not "absolutely nothing". Like how anti-money laundering laws don't wipe out all crime, but are still worthwhile.
alistairmayoabout 22 hours ago
They won't even need to do that. With enough time and money, they can certainly figure out how to not trigger the ID verification system.
RobotToaster1 day ago
Also, as many teenagers know, it's trivial to get a fake ID card.
llm_nerd1 day ago
Just a few days ago, on Friday, my 15 year old son had his Claude account suspended with a demand for ID to prove he is 18 or older. He had his own Claude Max subscription (he out-earns me fairly frequently in his circle of gaming programmers), and was unaware Anthropic had a must-be-18 rule, as was I. Their email said "Our team found signals that your account was used by a child. This breaks our rules, so we paused your access to Claude." So I guess if you ever ask a question that seems to originate from a teen or less, expect to hit an ID gate.

So now he's a Codex user. OpenAI and Google both have a minimum age of 13.

EDIT: I should note that Anthropic gave him a refund for the whole month that was underway, despite him being nearing the end of it. So good on them.

nozzlegear1 day ago
> he out-earns me fairly frequently in his circle of gaming programmers

Can you expand on this? Your teenage son makes more money than you do professionally, by vibe coding video games?

llm_nerd1 day ago
Who said anything about "vibe coding"? Using coding tools like Claude Code as just another tool in the belt is something the overwhelming bulk of professional devs do now (and given that my son managed to find a number of clients paying for his work, he qualifies as professional). Pejorative "vibe coding" nonsense doesn't change this.
alistairmayoabout 22 hours ago
Yeah. I do not get the 18-years-old age gate. It's not like they're protecting anyone. AI is available so freely now anyone who wants it can get it.

Anthropic made the best models by hiring non-technical folks like philosophers to build the best training sets and evaluations. Now, it seems like their philosophers are telling people how they can and can't use their model.

progbitsabout 21 hours ago
> Anthropic gave him a refund for the whole month that was underway, despite him being nearing the end of it

I sense an opportunity for free tokens.

Ideas for prompts that reliably trigger the age check?

trollbridge1 day ago
... so let me understand this.

It is frequently said that programming directly is obsolete, and the skill you must have now is knowing how to operate agentic AIs.

Yet you aren't allowed to do this until you're 18.

So, developing software is now 18+ only?

Kim_Bruning1 day ago
Qwen3 runs locally on reasonable hardware, and is comparable to a mid-2025 Claude Sonnet (albeit possibly rather slower) .

Local models are chasing the online frontier models pretty hard.

So worst case, that's the fallback (FWIW, YMMV)

edit: Qwen-3.5 MoE (and other local MoE models like it)

square_usual1 day ago
> It is frequently said that programming directly is obsolete

Who says this?

guzfip1 day ago
Yes, today’s kids should instead learn to be influencers.

This is genuine advice I’ve seen from high profile business types. We’re fucked in the sense our children will be made to be attention whores online.

llm_nerd1 day ago
It seems out of step and foolish, and the cynic in me says that Anthropic has a side hustle of identity harvesting and is looking for justifications, but on the flip side, there is a real risk of pearl clutching if a child ever uses AI, and maybe Anthropic just wants to steer clear of all of that. Though simply putting it in the ToS should be sufficient legal shielding, and the idea that they're chat harvesting to age fingerprint conversations seems dubious.
helsinkiandrew1 day ago
The "Why did my account get banned after verification?" section gives some reasons:

- Repeated violations of our Usage Policy

- Account creation from an unsupported location

- Terms of Service violations

- Under-18 usage

Mordisquitos1 day ago
Those are reasons for banning after verification, not reasons for requesting identity verification in the first place.
helsinkiandrew1 day ago
Wouldn't the reasons for requesting identification be the same those for banning people - the system has flagged that you might be from the wrong location/under 18/creating multiple free acounts etc - so is validating.
LoganDark1 day ago
They request ID for bans so that they can ban you personally. ID checks may as well be a sign that you've already been banned and they're fishing for ways to make the ban harder to evade. Venmo does the same thing.
throwatdem123111 day ago
Why do companies keep working with Persona even though they have proven time and time again to be untrustworthy?
timpera1 day ago
Persona is easy to implement, has all the compliance requirements, and is in line with market prices. ID verification will always be an afterthought, unfortunately.
trollbridge1 day ago
Due to zero consequences of that untrustworthiness.
duskdozer1 day ago
>untrustworthy

For the user, sure. But for companies and governments? I'm pretty sure Person is quite trustworthy.

benterix1 day ago
Identity verification to use an API?? And via Persona? I can't say if it's real. But if they really try to enforce that, I guess goodbye Anthropic forever.
finghin1 day ago
They were all the same from the beginning. Every tech company of a certain size and significance eventually begins collecting data and sharing it with state actors, as far as I can see.
cedws1 day ago
OpenAI does identity verification too. I don’t know if they use Persona but they should be considered all equally as invasive.
CER10TY1 day ago
They use Persona for their new "Trusted Access for Cyber": https://chatgpt.com/cyber, at least according to the FAQ
wewewedxfgdf1 day ago
Ugh what a disaster. This is so Anthropic can enforce bans.

The future has arrived, in which you are only allowed to program a computer in any meaningful way requires total identification and permission.

What a tragedy that the amazing capabilities of LLM assisted programming come with such disgusting and reprehensible requirements and impositions.

So they can ban you from some minor infringement of their usage policies and you'll never be allowed to program again.

"Mr Anderson, it has come to our attention that you have been programming computers under an assumed identity. As you are aware this is a felony under the computer fraud and hacking act and you will be sentenced to four years in jail and may never use a computer again.". Yes laugh it up.

FpUser1 day ago
In the old USSR one had to register a typewriter. Sweet memories. And at that time western people (deservedly) laughed at it or used facts like this to show how backwards the country was
varispeed1 day ago
It's okay when corporation does it...
pixl971 day ago
And the corporation is free to sell all that data straight to the government the second after collecting it. The communists just screwed up trying to do all the authoritarianism by themselves.
raksU1 day ago
You will be reported to DHS if you ask Claude about Maven and the bombing of girls schools in Iran.
red-iron-pine1 day ago
as they say on other sites, "pics or it didn't happen"
lagniappe1 day ago
Prove it
subscribed1 day ago
That's probably half foreshadowing, half joke.
Sol-1 day ago
I figured they already have your identity via the payment process. Not like you can do anything (risky or not) via the free tier.
varispeed1 day ago
This is deranged. Say you wanted to use AI to prepare whistleblowing submission to use regulatory language and test for any weak points. Then Claude flags it and requires you to identify yourself. It's not a stretch of imagination that before you manage to send the bundle, you find yourself in the suitcase somewhere in the woods. People explore all kinds of sensitive stuff and I see it is tempting for AI companies to see exact person behind it and then it takes one disgruntled employee to put lives in danger. WTF
Kim_Bruning1 day ago
I think minimal opsec here would suggest you not share your data with a random corporation in the usa.
HWR_141 day ago
Sharing the data with any random corporation seems like a bad idea.
duskdozer1 day ago
>Say you wanted to use AI to prepare whistleblowing submission to use regulatory language and test for any weak points.

Why would you do this? If you can't write it yourself, you're just sabotaging your effort once the hallucinations are revealed. Secondly, a whistleblower is going to use a corporate LLM provider? Even without ID checks, that's an extremely uncompensated risk.

shevy-java1 day ago
"Being responsible with powerful technology starts with knowing who is using it."

In other words: they want to create a private web and sniff-after-people system. Today the EU also introduced an app for age verification. They also constantly say how this is ... voluntary.

Well, I guess we all know the direction. Let's have a look at this in a few years, because there may be a few ... suspicions.

With regards to Claude the question is: WHY do they want to sniff off user data exactly?

jijji1 day ago
its the same reason a pervert sniffs a girls panties
zoobab1 day ago
Time to setup my own local LLM.
Advertisement
nannal1 day ago
The under-18 detection is also error prone, seems simpler to me to initiate a gdpr data rrequest, archive it and then make a new account.
bryancoxwell1 day ago
Yeah, absolutely not.
Kim_Bruning1 day ago
This is highly problematic.

I may consider showing my ID to a company I already have a business relationship with; given demonstrable legal obligations, contractual necessities, legitimate interests etc . Eg the standard GDPR list.

I do have an existing business relationship with Anthropic, so I might under some circumstances decide to show them my id. I don't have a business relationship with Persona though.

I understand the instinct: they want to insulate themselves from holding PII. Not the worst idea. I'm not happy with it being a third party though. Especially the third party in question.

3sabout 11 hours ago
But they already have PII on nearly all users. Many user upload documents with their name, or pictures of themselves, or have a chat where home addresses are involved. All of this is information anthropic already has on their users (voluntarily provided via chats or via api) and is equivalent to what Persona gets via their verification - it’s just more convenient to use a third party SaaS product for this than vibe coding their own identity verification platform I guess
Kim_Bruningabout 4 hours ago
This might be conflating two things. What data exists somewhere, and how many different independent parties hold it. It's not the same risk.

Put this way: I sort of already trust Anthropic with some of my PII. And that's ... maybe not ok actually. But it's a single failure surface.

But that's definitely not the same thing as trusting Anthropic, AND Persona AND All Persona's partners AND their Partners ad infinitum.

And let's say Persona is actually ok; who knows, they might be? But it's still an extra surface; and if they share again, that's another extra surface again.

It's fairly common sense blast radius minimization. This is part of the actual theory behind GDPR.

"We already seem to accidentally be leaking some data through channel A" , doesn't mean it's a good idea to open channels B-Z as well. It means you might want to tighten down that channel A.

YesManNoMan1 day ago
Peter Thiel corporation.

Logged into Claude. Cancelled my max sub. That was that. Now on to migration.

qwertyuiop_1 day ago
The next level on the escalation ladder a few years later would be social credit score verification.
megous1 day ago
No. At least until there are actual KYC laws for LLM access in my country...
Scaled1 day ago
And after those laws, VPN to a free country and download local models. Never give in to the panopticon.
anonym29about 23 hours ago
Had been a happy Claude Pro subscriber since March 2025, and a happy Claude Max subscriber since May 2025. Cancelled my sub, will be deleting my account. This is disgusting coming from the same org that pretended to push back on the Pentagon over mass surveillance concerns. Complete hypocrites. Nemotron 3 Super, Qwen 3.5 122B A10B, and Minimax M2.7 running on my local hardware are more than sufficient for my needs. I'll miss newer Opus models - probably will end up trying them out a little via third party API platforms that don't abuse their users like this, but seriously, fuck Anthropic.
LoganDark1 day ago
Persona is bad news. They should not be using Persona. This is bad.

> Your ID and selfie are collected and held by Persona, not on Anthropic's systems. Anthropic can access verification records through Persona's platform when needed—for example, to review an appeal—but we don't copy or store those images ourselves.

It's unacceptable that this data is persisted at all, let alone that it's persisted by Persona.

> Persona is contractually limited in how they can use your data: only to provide and support verification and to improve their ability to prevent fraud. They're bound to protect it with industry-standard security controls and delete it in line with the retention limits we've set and applicable law.

It's good to hear that they're criminals. That means nothing for me though. Nothing.

> Why did my account get banned after verification?

This is bad. Why do they wait to ban until after they have your personal info? Venmo did the same thing to me: They didn't tell me I was banned until they had my ID. Absolutely despicable practice.

---

Anthropic is one of my favorite AI companies because they get LLMs more right than anyone else I've seen. But unfortunately this also means they can be swindled by social manipulation in lieu of technical excellence; the same type of brain results in both, I've seen it.

Persona is a bout of sociopaths, and it shows: they're worming their way into everything despite the well-documented conspiracy. They're doing it out in the open with zero consequences.

pixl971 day ago
It sounds like if Anthro suddenly asks for verification you should immediately delete your account.
LoganDarkabout 23 hours ago
Unfortunately usually whenever an account enters an unverified state it becomes impossible to delete because whatever company usually wants to have a record that you refused to complete the verification.
areoform1 day ago
Why is this necessary if I'm paying Anthropic with a credit card? A credit card requires a) credit worthiness, b) a line of credit from a bank based on the individual's identity, and c) regular payments. Why isn't a credit card enough? Why can't certain features be paywalled?

If someone is doing something deeply unethical with Claude, let's say they're using a clade of Claudes to launch cyberattacks, then doesn't Anthropic have fine grained telemetry, payment history, API usage / prompting / requests, and other details necessary to investigate? What does a government photo ID provide Anthropic that these data points don't?

At this point, people usually ask "what if they use stolen credit cards?" or are "state backed?" then well... if they're state backed / using stolen credit cards, then they're also capable of using stolen IDs or state-sponsored "legitimate" IDs.

It doesn't make much of a difference to organized crime / state backed assets. Or, Anthropic. But it makes A HUGE difference for entrepreneurs, founders, and just plain old consumers who use the service.

It's an asymmetric risk.

It's one thing for your credit card to leak, you can get a new one. It's harder for lower-tier / dumber criminals to socially engineer into your personal information for impersonation / ID theft with just a credit card number. But it becomes a lot easier with your scans of your ID.

Unless you're connected with an org of interest, have b/millions in crypto, most better organized groups / state actors won't usually (no guarantees) steal your identity. Identity theft is very much a SME operation in cybercrime.

So when Persona inevitably gets compromised and everyone's personal IDs inevitably gets leaked, the threat posed to entrepreneurs, founders and consumers is higher than the inverse.

I don't understand why Anthropic would expose themselves to the liability; when arguably they have all the tools baked right in.

I don't use their tool for writing. Perhaps it's ego, but I think I'm a better writer. But I shared the above text and asked Claude Opus 4.6 on Max thinking, "What would you say about the argument that the Anthropic has the best tool for threat prevention baked right in?"

    Claude is the threat prevention. It's sitting between every user and every potential misuse, in real-time, at every interaction. It refuses harmful requests. It detects prompt injection. It flags dangerous patterns. Anthropic has built the most sophisticated content-aware security layer in history — and it operates at the interaction level, where misuse actually happens.                                                                                                          
                                                                                                                             
  A JPEG of someone's driver's license sitting in a Persona database does exactly nothing at the moment someone tries to use Claude for harm. Claude's own refusal system does everything.                                                              
                                                                                                                             
  So the full argument stacks:                                                                                               
  
  1. Credit cards already verify identity (bank KYC)                                                                         
  2. Anthropic's telemetry already detects misuse patterns better than any static document                                 
  3. The AI itself is the security layer — real-time, context-aware, at the exact point of interaction                       
  4. Photo ID adds zero marginal security — while concentrating breach risk on users                                         
                                                                                                                             
  Three layers of existing protection, all superior to a photo ID. The ID is the weakest link in the security model and the highest-risk data asset in the system. It's the only component that, when breached, harms the user more than the company.  
                                                                                                                             
  You should write this up.
(I did.)
duskdozer1 day ago
Persona collects far more info on you than a name and credit card number. There are also some obfuscation services for cards (will it reject a prepaid debit card?), which would require them to go through extra steps to get your actual identity.

>I don't understand why Anthropic would expose themselves to the liability; when arguably they have all the tools baked right in.

What liability? When has a company ever faced any significant penalty for irresponsibly handling people's private data?

Mashimo1 day ago
> Why is this necessary if I'm paying Anthropic with a credit card?

You can have a CC / Visa / MasterCard when you are under 18 years old, but you need to be 18 or older for Claude. That would be one reasons why CC does not work.

Or maybe they suspect you opened a second account after your first got banned for whatever reason. Like you said it's easy to get a new card.

subscribed1 day ago
Incidentally I checked my local laws and it's not possible in any of the banks (UK) to add the underage person to my CC account due to their ToS and perhaps regulations.

Debit? Sure, some banks will issue them to 11-12 year olds. Credit? Apparently not.