> Persona’s API documentation (docs.withpersona.com) is public. when a > customer like OpenAI runs a government ID verification, the API > returns a complete identity dossier [...] > Persona’s own case study states that OpenAI “screens millions > monthly” and “automatically screens over 99% of users behind the > scenes in seconds.”
> on a normal deployment this is just a bad practice. on a > FedRAMP-authorized government endpoint it’s CATASTROPHIC. the source > maps don’t just contain variable names and line numbers, they contain > the entire original source via sourcesContent. you can JSON.parse() > the map file, iterate sourcesContent, and you have the full project > tree reconstructed on disk. that’s what we did. no decompilation, no > reverse engineering, no leet skills needed. > so you uploaded a selfie to use a chatbot. congratulations!!! it’s now > being compared against a database of every politician, head of state, > and their extended family tree on earth. similarity scored. low, > medium, high. the machine looked at your face and asked itself: “does > this person resemble the deputy finance minister of moldova?” and it > answered. and it wrote the answer down. > > we found this and had to read it three times before we believed the > code was real. couldn’t stop laughing. https://vmfunc.re/blog/persona/ L'articolo merita decisamente una lettura, sia per le inquietanti questioni politiche che solleva, sia per gli aspetti tecnici... piuttosto patetici Giacomo
