Persona’s API documentation (docs.withpersona.com) is public. when a customer like OpenAI runs a government ID verification, the API returns a complete identity dossier [...] Persona’s own case study states that OpenAI “screens millions monthly” and “automatically screens over 99% of users behind the scenes in seconds.”
on a normal deployment this is just a bad practice. on a FedRAMP-authorized government endpoint it’s CATASTROPHIC. the source maps don’t just contain variable names and line numbers, they contain the entire original source via sourcesContent. you can JSON.parse() the map file, iterate sourcesContent, and you have the full project tree reconstructed on disk. that’s what we did. no decompilation, no reverse engineering, no leet skills needed.
so you uploaded a selfie to use a chatbot. congratulations!!! it’s now being compared against a database of every politician, head of state, and their extended family tree on earth. similarity scored. low, medium, high. the machine looked at your face and asked itself: “does this person resemble the deputy finance minister of moldova?” and it answered. and it wrote the answer down.
we found this and had to read it three times before we believed the code was real. couldn’t stop laughing.
https://vmfunc.re/blog/persona/ L'articolo merita decisamente una lettura, sia per le inquietanti questioni politiche che solleva, sia per gli aspetti tecnici... piuttosto patetici Giacomo