I deleted TikTok last month when it got taken over by tech oligarchs in the US. I abandoned Twitter a couple of years ago—not without some grief, since I had nearly 20,000 followers I just walked away from. Facebook and Instagram are still on my phone, but I barely open them. At this point, LinkedIn is pretty much the only social platform I actually use.
LinkedIn has evolved well past its roots as a digital resume. It’s become a place where real professional conversations happen, and where the authenticity of the people you’re dealing with actually matters. And the authenticity problem is real. The people pushing disinformation, running scams, or sliding into my DMs with suspiciously good job opportunities (and an equal number of truly terrible job opportunities, to be fair) are almost always third-degree connections or lower. That’s not random.
AI is making it worse. And LinkedIn has been working on a solution. But a controversy that broke in February 2026 around its identity verification partner raises some questions.
The Problem Verification Is Trying to Solve
Oscar Rodriguez leads product for trust at LinkedIn, overseeing the work to keep the platform safe, authentic, and professional. In a recent conversation for the TechSpective Podcast, he laid out the challenge plainly.
“This new technology is making it cheaper and easier to pretend to be someone that you’re not,” Rodriguez said. “That is true on video calls, that is true on email, and basically every form of digital communication. With a 15-second sample of your voice, AI can clone your voice.”
The real-world examples aren’t hard to find. Deepfake CEOs have been used to authorize fraudulent wire transfers. AI-generated candidates have gotten remote jobs at legitimate companies. Fraud and scams cost an estimated $60 billion annually. LinkedIn has more than a billion members, most of whom are strangers to each other, which means the scale of the problem tracks with the scale of the platform.
LinkedIn’s response has been to build out verification—free verification tied to actual credentials. Government ID, work email, and confirmed employer. Rodriguez stressed that the cost piece was intentional: the company didn’t want verification to be something you could buy your way into.
That is a crucial element. When Twitter opened up its checkmark program to anyone willing to pay, the signal stopped meaning anything. LinkedIn went the other way, and it seems to be working. Verified members get about 60% more profile views, 30% more connection requests, and 50% more post engagement—not because LinkedIn engineered those outcomes, according to Rodriquez, but because members respond to the badge.
When “Get Verified” Means More Than You Think
LinkedIn doesn’t run ID verification itself. It works with third-party identity services—one of which is a company called Persona. In February 2026, security researchers found approximately 53 megabytes of Persona’s internal source code sitting unprotected on a publicly accessible, FedRAMP-authorized U.S. government server. No hacking required. Anyone with a browser could pull the files.
What was inside went further than most users would expect from an identity check. According to the analysis, Persona’s platform runs 269 distinct verification checks on people who submit credentials. Your selfie gets run through facial recognition against watchlists of politically exposed persons. Your name gets screened against 14 categories of what the code calls “adverse media”—terrorism, espionage, money laundering, drug trafficking, and others. The system includes built-in infrastructure to file Suspicious Activity Reports directly with FinCEN, the U.S. Treasury’s Financial Crimes Enforcement Network.
Per Persona’s own privacy policy, facial geometry can be retained for up to three years. Unlike a password, you can’t change your face if it’s compromised.
Persona CEO Rick Song responded publicly on LinkedIn, stating that the company processes user data only to confirm identity, that biometrics are deleted immediately after processing, and that the subprocessor list cited in the research is misleading because clients choose which Persona products they enable.
Those are fair points. But the capabilities that the exposed code documents exist in the platform regardless. Persona is backed by Peter Thiel’s Founders Fund, the same fund behind Palantir, which provides ICE with its ELITE targeting system. Persona’s COO has said the company has no current contracts with DHS or ICE, while also confirming it’s actively negotiating potential government contracts.
Discord, which was piloting Persona for age verification when the research broke, cut ties with the company shortly after.
The Third-Degree Problem
Beyond the challenges of verification, but tangentially related, is the issue of bots and trolls. I’ve been on LinkedIn long enough to notice a pretty consistent pattern. Almost all of my interactions with first and second-degree connections are reasonable, professional, good-faith, and worth having. The aggressive stuff, the bad-faith comments, the hyperbolic red herrings designed to derail a conversation—those come almost exclusively from third-degree connections or beyond. And a disproportionate number of those accounts list their occupation as “retired.”
To be clear: there are plenty of real, legitimate retired professionals on LinkedIn, and I’m not questioning them. But there’s also a category of accounts that uses “retired” as a catch-all cover for what appears to be either coordinated trolling or bot activity aimed at spreading disinformation. They show up, drop an inflammatory non-sequitur, and disappear. It happens often enough that I’ve started treating it as a pattern rather than a coincidence.
LinkedIn does give you a way to limit who can comment on a post—but it’s a manual toggle you have to set individually for each post, after you’ve already written it. There’s no default setting that applies across all your posts automatically. That’s a pretty significant gap. If I want to restrict comments to my direct connections—which, based on my experience, would eliminate the vast majority of bad-faith engagement while keeping the conversations that actually matter—I have to remember to do it every single time, and the only option is to restrict engagement to only first-level connections.
A global setting to configure comment permissions by default, scoped to first and second-degree connections, would meaningfully improve the day-to-day experience for a lot of LinkedIn users. It’s a reasonable ask, and it would be consistent with the platform’s own stated values around professional, good-faith engagement.
The Bigger Picture
I’m already verified on LinkedIn—that ship sailed before the Persona story broke. And I understand why Rodriguez and his team are building what they’re building. The verification problem is real, the portability idea—carrying verified credentials to other platforms like Adobe and Zoom—is worth watching, and the jobs data backs up the broader trend: background investigator is the 15th fastest-growing role in the U.S., with nearly 25% growth over three years. Organizations are investing in this problem because it’s real.
But LinkedIn’s members deserve a clearer picture of what they’re agreeing to when they verify. The Persona situation is a reminder that “trust” isn’t just about confirming who someone is—it also depends on what happens to the data you hand over to prove it. LinkedIn needs to answer those questions directly and publicly, not leave users to piece it together from a security researcher’s blog post.