Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibbsavyf3iqxuptsp5iyypgnoq32rvfrehwnu5zhra43lq4jmx2ly",
    "uri": "at://did:plc:lk3jfj3zq4k4wxnk474axylu/app.bsky.feed.post/3mf76artbbkn2"
  },
  "path": "/t/openai-non-announcement-requiring-identity-card-verification-for-access-to-new-api-models-and-capabilities/1230004?page=3#post_53",
  "publishedAt": "2026-02-19T07:13:23.000Z",
  "site": "https://community.openai.com",
  "tags": [
    "vmfunc.re",
    "the watchers: how openai, the US government, and persona built an identity...",
    "withpersona-gov.com"
  ],
  "textContent": "# the watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds\n\nvmfunc.re\n\n### the watchers: how openai, the US government, and persona built an identity...\n\n53MB of source code leaked from a government endpoint. 269 verification checks. biometric face databases. SAR filings to FinCEN. and the same company that verifies your ChatGPT account.\n\nSummary by non-OpenAI AI:\n\n> ## What the Persona/OpenAI Data Exposure Actually Reveals\n>\n> ### What Was Found (Verifiable)\n>\n> Security researchers discovered 53 megabytes of unprotected TypeScript source code served publicly from a FedRAMP-authorized government endpoint (`app.onyx.withpersona-gov.com`). No hacking was involved — Vite build tooling left source maps publicly accessible, meaning anyone with a browser could download the entire codebase. The researchers used only Shodan, certificate transparency logs, DNS lookups, and HTTP requests to publicly served files.\n>\n> ### Confirmed Findings\n>\n> **The OpenAI-Persona relationship predates disclosure.** Certificate transparency logs show `openai-watchlistdb.withpersona.com` has been operational since November 2023 — roughly 18 months before OpenAI publicly announced identity verification requirements. The subdomain name “watchlistdb” is notable; typical KYC integrations don’t use that terminology.\n>\n> **The platform files government reports directly.** Source code confirms a fully functional SAR (Suspicious Activity Report) module that submits directly to FinCEN (US Treasury’s Financial Crimes Enforcement Network), including a “Send to FinCEN” button, full status lifecycle management, and electronic filing capability. It also files STRs with FINTRAC (Canada’s equivalent agency). These aren’t exports or integrations — they’re direct government filings.\n>\n> **Intelligence program codenames are embedded.** The FINTRAC STR filing form contains a dropdown to tag reports with specific intelligence program names: Project ANTON, ATHENA, CHAMELEON, GUARDIAN, LEGION, PROTECT, and SHADOW. These are real FINTRAC public-private partnership programs.\n>\n> **Facial recognition runs on selfies at scale.** The code includes `SelfieSuspiciousEntityDetection`, `SelfiePublicFigureDetection`, PEP (Politically Exposed Person) facial similarity scoring against world leaders and politicians, and explicitly experimental unnamed ML models (`SelfieExperimentalModelDetection`). Persona’s own case study states OpenAI “screens millions monthly” with “99% automated behind the scenes.”\n>\n> **269 distinct verification checks exist.** These include SSA death master file lookups, phone carrier queries, Aadhaar (India) database checks, PDF metadata analysis, browser and device fingerprinting, and biometric liveness detection — for signing up to use a chatbot.\n>\n> **Biometric face databases with 3-year retention.** The code explicitly caps face list retention at 1,095 days (3 years), while OpenAI’s privacy policy states “up to a year.” The discrepancy is unresolved.\n>\n> **A government platform (withpersona-gov.com) runs the same codebase.** FedRAMP Authorized since October 2025, this deployment serves federal agencies with the full surveillance stack: SAR filing, biometric databases, PEP facial recognition, and 13 tracking list types including faces, browser fingerprints, and geolocations.\n>\n> **The ONYX deployment appeared 12 days before publication.** A new subdomain (`onyx.withpersona-gov.com`) appeared in certificate transparency logs on February 4, 2026. ICE separately purchased a $4.2 million AI surveillance tool called Fivecast ONYX. The code itself contains no references to Fivecast or ICE — the name correlation is documented but unproven as a connection.\n>\n> ### What Is NOT Proven\n>\n> The researchers are careful to note: there is no confirmed direct data pipeline from OpenAI’s user screenings to government SAR filings. No ICE integration appears in the source code. No Clearview, Palantir, or law enforcement-specific workflows were found. The OpenAI integration in the government platform appears to be an AI chat copilot for operators, categorized alongside Slack and Zendesk.\n>\n> The concern isn’t that these connections are proven — it’s that Persona operates both the consumer-facing OpenAI verification system and a government platform capable of filing intelligence-tagged financial crime reports, using the same codebase, with no public explanation of how data flows between them.\n>\n> ### The Core Transparency Problems\n>\n> Users who verify their identity to access ChatGPT are not informed that their selfie undergoes public figure facial matching, that 269 checks run against them, that experimental ML models analyze their face, or what “suspicious entity detection” means or how it works. There is no disclosed appeal process. Data is retained after denial with no clear timeline.\n>\n> Ukraine is blocked by OpenAI alongside OFAC-sanctioned countries, despite not being subject to US sanctions — a policy choice with no legal basis disclosed.\n>\n> The Illinois BIPA issue is real: biometric data collection without prior written consent and a public retention schedule carries statutory damages of $1,000–$5,000 per violation, and Persona’s own documentation says they screen millions monthly.\n>\n> ### Bottom Line\n>\n> The verified revelations are significant on their own merits without the speculative connections: a commercial identity verification company takes biometric data from ChatGPT signups, runs it through facial recognition and 269 automated checks, maintains biometric databases, and operates a separate government platform that files intelligence-tagged financial crime reports directly with US and Canadian authorities — all while 53 megabytes of the codebase sat unprotected on a government-certified endpoint for anyone to read.",
  "title": "OpenAI Non-Announcement: Requiring identity card verification for access to new API models and capabilities"
}