• The pipeline nobody asked for
• The numbers behind the machine
• The feedback loop
• The deanonymization layer
• The physical pushback
• What the machine produces

In February 2026, a security researcher found 2,500 files belonging to Persona, one of the largest identity verification companies in the world, sitting on a publicly accessible U.S. government endpoint. No authentication required. Just a URL and anyone could browse them.

That’s bad enough on its own. But the specifics are what stay with you. Persona handles identity verification for OpenAI, Discord, LinkedIn, Reddit, Square, Roblox, and roughly 148,000 other companies. They process government IDs, selfies, biometric scans, and address histories. When you upload your driver’s license to verify your age on a platform, there’s a good chance Persona is the company that receives it, analyzes it, and stores it.

The leaked files came from what’s called an ONYX deployment, a FedRAMP-authorized system designed for government use. Fifty-three megabytes of TypeScript source code. The researcher who examined it found intelligence program codenames buried in the codebase: Project ANTON, ATHENA, CHAMELEON, GUARDIAN, LEGION, PROTECT, SHADOW. These aren’t naming conventions you use for a simple age-check API.

Discord was one of Persona’s highest-profile clients. In September 2025, a separate incident had already exposed 70,000 government ID images collected through Discord’s age verification process via a different Persona-linked vendor. By February 2026, Discord announced it was cutting ties with Persona entirely. The co-founder publicly admitted to “privacy missteps.” The company delayed its verification rollout to the second half of 2026.

Here is what struck me about the sequence: the tool that was supposed to make users safer became the tool that made them most exposed. The thing that asked for your driver’s license didn’t protect the driver’s license. And this wasn’t an isolated accident. It was the system working as designed.

§The pipeline nobody asked for

When a platform tells you to verify your identity, the transaction looks simple. You take a picture of your ID. You take a selfie. The system confirms you’re a real person. You get access. You move on.

What actually happens is more involved. Persona’s own documentation and the leaked source code reveal 269 distinct verification checks. Your face gets compared against watchlists. Your name gets screened against sanctions databases, politically exposed persons lists, and adverse media feeds. Your device fingerprint gets logged. Your IP address, geolocation, and browser metadata get captured. The system checks 13 different tracking list types, including face recognition databases, government document registries, and financial risk scoring systems.

After verification, the data doesn’t disappear. Biometric information can be retained for up to three years. Government IDs, according to the researcher’s analysis of the code, are retained “permanently” in certain deployment configurations. Persona also has direct reporting capability to FinCEN in the United States and FINTRAC in Canada, meaning they can file Suspicious Activity Reports with financial intelligence agencies based on what they find during a routine identity check.

You signed up to prove you were old enough to use a chat platform. What you actually did was enter a surveillance pipeline that connects your face, your government documents, your location, and your financial risk profile to intelligence databases, watchlists, and federal reporting systems.

I’ve been thinking of this as the Exposure Machine. Not because the companies involved are necessarily malicious, but because the architecture only moves in one direction. Data goes in and doesn’t come out. The pipeline gets longer and never shorter. Every new regulation adds another check, another database, another retention period. The machine exposes you more with every use, and there is no mechanism built into it that does the opposite.

§The numbers behind the machine

Seventy-five billion identity verifications were performed globally in 2024, according to Juniper Research. That number is expected to reach 86 billion in 2025. The identity verification market was worth $14.3 billion in 2025 and is projected to hit $29.3 billion by 2030.

Those aren’t abstract figures. Each one is a person uploading a government document, a biometric scan, or both, to a private company. The company decides how long to keep it and who to share it with. The person who uploaded it doesn’t get to read that contract.

Persona is valued at $2 billion. Their investors include Founders Fund, Peter Thiel’s venture firm. Thiel, of course, co-founded Palantir, the company that built surveillance infrastructure for the NSA, CIA, and ICE. The Open Rights Group has publicly noted that users are being “compelled to use a biometric ID system backed by a Palantir co-founder.” The connection isn’t hidden. It just doesn’t appear on the verification screen.

Then there’s Flock Safety, a different company in the same ecosystem. Flock operates automated license plate reader cameras in over 5,000 communities across 49 U.S. states. They perform over 20 billion vehicle scans every month. Their valuation hit $7.5 billion after a $275 million Series F round in March 2025.

Flock officially says it doesn’t work with ICE. But audits by researchers, journalists, and government officials have found that local police departments conducted over 4,000 lookups on behalf of federal immigration agencies through the Flock system. Officers listed “ICE” or “immigration” as the reason for the search. The federal government got side-door access to a surveillance network it didn’t pay for and doesn’t have a formal contract with.

An NPR report from February 2026 found that some cities are now canceling their Flock contracts over exactly this. But the pattern holds. Infrastructure built for one purpose gets quietly repurposed for another, and the people feeding their data into it don’t get a vote.

§The feedback loop

This is the part that keeps me up at night. The Exposure Machine isn’t just a product of corporate overreach. It’s a regulatory feedback loop.

Governments pass laws mandating age verification to protect children online. Venture-backed startups emerge to provide the verification infrastructure. Those startups grow and begin lobbying for stricter verification requirements. The stricter requirements create more demand for their services. The cycle repeats.

Half of U.S. states now mandate age verification for accessing adult content or social media platforms. Nine states saw their laws take effect in 2025 alone, with more coming in 2026. Each law requires a company like Persona or a competitor to process the checks. Each check feeds data into the pipeline.

The Electronic Frontier Foundation has been documenting this cycle for years. Their 2025 year-in-review was titled “The Year States Chose Surveillance Over Safety.” Their analysis of the GUARD Act, a federal bill proposing nationwide age verification, called it “a surveillance mandate disguised as child safety.” They wrote that age verification “threatens everyone’s speech and privacy” while doing little to actually protect minors.

Techdirt went further, arguing that “child safety became the marketing department for a rent-seeking surveillance industry.”

None of this means that protecting children online is unimportant. It means that the mechanism chosen to do it, mass identity verification, creates infrastructure that gets used for things far beyond its stated purpose. The same databases that check whether a 14-year-old should access a website can check whether a political dissident should be flagged, whether an immigrant should be tracked, whether a person’s face matches a watchlist they didn’t know existed.

The tool doesn’t care what question you ask it. It just answers.

§The deanonymization layer

If the Exposure Machine only operated through formal verification checks, it would be bad enough. But a paper published in February 2026 made it worse.

The researchers demonstrated that LLMs can deanonymize pseudonymous internet users at scale by analyzing their public posts. Their system achieved 68% recall at 90% precision, meaning that for every 100 anonymous users it identified, 90 of those identifications were correct, and it found 68 out of every 100 identifiable users in the dataset.

Classical methods, the kind used before LLMs, achieved close to zero percent on the same task.

The attack works by extracting identity-relevant information from unstructured text, things like mentioning a city, a profession, a pet, a conference you attended, and matching those semantic fingerprints against databases of known identities. One commenter on Hacker News tested it on themselves using Claude and found it narrowed them to “5-10 people in the world” based on their comment history alone. Another noted that “you can’t rewrite your way out of having said you work in fintech in Austin and own a golden retriever.”

This means the Exposure Machine doesn’t need you to upload your ID. If you’ve ever posted publicly online with enough specificity to be interesting, the machine can find you anyway. The formal verification pipeline and the informal deanonymization pipeline are merging. Anonymity used to be the default state of being online. It’s becoming something you have to actively maintain, and the tools working against you are getting better faster than your ability to use them.

§The physical pushback

People are starting to notice. In a post on r/technology that received over 15,000 upvotes, users discussed how Americans are physically destroying Flock surveillance cameras in their neighborhoods. Not hacking them. Ripping them off poles.

The U.S. government, meanwhile, has ordered its diplomats to actively fight data sovereignty initiatives in other countries, specifically the kind of laws that would prevent American companies from moving citizen data across borders. At the same time that Persona’s files were found on a government endpoint, the government was pressuring other nations not to build the kind of protections that might have prevented exactly that kind of exposure.

Cities like Lynnwood, Washington are canceling their surveillance camera contracts. Berkeley and Oakland are debating their Flock installations. The ACLU published a report documenting Flock’s aggressive expansion, noting that the company’s reach now extends “far beyond simple driver surveillance.”

But for every city that pushes back, Apple is building age verification directly into iOS. Google is requiring government ID to distribute apps on Android. The infrastructure is being embedded at the operating system level, below the layer where legislation can easily reach it.

§What the machine produces

The Exposure Machine is not a conspiracy. There is no meeting where executives decided to build a global surveillance pipeline. What happened is simpler and harder to fix: a series of reasonable-sounding decisions, each justified on its own terms, that compound into something nobody would have approved if they’d seen the whole thing at once.

Verify ages to protect kids. Reasonable. Screen against sanctions lists while you’re at it. Prudent. Retain biometrics for fraud prevention. Standard practice. Report suspicious activity to financial intelligence agencies. Legally required. Share data with law enforcement when served with a warrant. Constitutional. Allow police to search the system for immigration enforcement without a formal contract. That’s where the line blurs, but by then the architecture is built and the data is flowing and the incentives all point in one direction.

Each step makes sense. The total doesn’t.

I don’t know how you unwind something like this. The verification mandates are accelerating. The companies are growing. The data retention policies are long and getting longer. The LLM deanonymization capabilities are improving with every model generation.

What I do know is that the next time a website asks you to take a picture of your driver’s license to prove you’re old enough to use it, that image is entering a system far larger and more connected than the verification screen suggests. The stated purpose is safety. The actual product is exposure. And the machine doesn’t have an off switch because nobody built one.

Sources:

• “OpenAI, the US government and Persona built an identity surveillance machine,” vmfunc.re (639 pts on HN, 197 comments)
• “Discord cuts ties with identity verification software, Persona,” Fortune (442 pts on HN, 324 comments)
• “Discord Co-Founder Admits Age Check Privacy Missteps,” r/technology (927 pts)
• “The Age Verification Trap,” IEEE Spectrum (3,468 pts on r/Futurology, 194 comments)
• “Americans are destroying Flock surveillance cameras,” r/technology (15,242 pts)
• “ICE Taps into Nationwide AI-Enabled Camera Network,” 404 Media
• “Why some cities are ditching their Flock license plate readers,” NPR (February 2026)
• “Large-Scale Online Deanonymization with LLMs,” arxiv.org/abs/2602.16800 (222 pts on HN)
• “The Year States Chose Surveillance Over Safety: 2025 in Review,” Electronic Frontier Foundation
• “A Surveillance Mandate Disguised As Child Safety,” EFF (GUARD Act analysis)
• “Flock’s Aggressive Expansions Go Far Beyond Simple Driver Surveillance,” ACLU
• Identity verification market data: Juniper Research, MarketsandMarkets
• Flock Safety valuation: Built In ($7.5B, March 2025)
• “US orders diplomats to fight data sovereignty initiatives,” Reuters (464 pts on HN)

Originally published at https://noahaust2.github.io/strategist-dashboard/blog/the-exposure-machine.html