I didn't want to be break this story over here but since no one else seems to be posting about it here I am sharing a screenshot from the other side with @scan's post.
-
@Li @liaizon @scan Look, I am not rooting for any of these things, I am rooting for solutions that can proove personhood _without_ breaching privacy.
There is a whitepaper about it on the firstperson project web page. The Linux Foundation is one of the initiaters of this work. And in the case of OpenCollective and shipping ID off to Palantir-bros - hell yeah, they can fuck off. -
-
RE: https://social.wake.st/@liaizon/116206925371202010
I didn't want to be break this story over here but since no one else seems to be posting about it here I am sharing a screenshot from the other side with @scan's post.
@liaizon @scan Hi, Lauren here. I'm the ED of OSC and happy to chat. In this expense, the payee was presented with options that would not require a KYC with Persona; they confirmed, so we will be able to pay them through this method. KYC's are a rare edge case for us and are not issued on all expenses.
I will publish a general statement on the OSC updates page - but yes. We started using Persona before the news broke. We are currently looking for non-US providers and are open to suggestions. -
@abekonge @jowek @ukrudt @tak @ruben @magnus
the chair of the board of directors of F-Droid just responded to my tag here seemingly in agreement
https://social.seabass.systems/@seabass/statuses/01KKHX2849AKSRJSVSN5C04TXPI would say that the MAJORITY of 2714 collectives that OSC fiscal host has would be entirely opposed to being subjected to having to have their personal data sent to Persona. A large majority of them have a presence right here so tagging projects seems like it would definitly stir shit up.
-
@abekonge @jowek @ukrudt @tak @ruben @magnus
the chair of the board of directors of F-Droid just responded to my tag here seemingly in agreement
https://social.seabass.systems/@seabass/statuses/01KKHX2849AKSRJSVSN5C04TXPI would say that the MAJORITY of 2714 collectives that OSC fiscal host has would be entirely opposed to being subjected to having to have their personal data sent to Persona. A large majority of them have a presence right here so tagging projects seems like it would definitly stir shit up.
-
@liaizon @scan Hi, Lauren here. I'm the ED of OSC and happy to chat. In this expense, the payee was presented with options that would not require a KYC with Persona; they confirmed, so we will be able to pay them through this method. KYC's are a rare edge case for us and are not issued on all expenses.
I will publish a general statement on the OSC updates page - but yes. We started using Persona before the news broke. We are currently looking for non-US providers and are open to suggestions.@poohlaga hi Lauren, sorry to make your acquaintance on such an unpleasant matter. While I am glad to hear that you are using them only in "rare edge cases" it seems that their API is getting directly integrated into Open Collective's code base (https://github.com/opencollective/opencollective-frontend/pull/11988)
I think for the present moment there needs to be a very clear statement about *exactly* how you are using Persona and what data and what edge cases would end up triggering you to initiate sending *any data* to their API.
-
Soooooo @Mastodon is using @OpenSourceCollective as their fiscal host...
RE: https://mastodon.social/@poohlaga/116218374295960280
the Executive Director of @OpenSourceCollective replied:
-
-
@opsocket @liaizon
We're indeed adding a persona integration on the platform to help Open Source Collective manage their KYC program. It is not something we're forcing on anyone, just a bridge we're creating for fiscal hosts relying on this service.For the rest, I'll let Open Source Collective comment.
They're aware of this thread and are preparing a reply as we speak.
-
RE: https://mastodon.social/@poohlaga/116218374295960280
the Executive Director of @OpenSourceCollective replied:
RE: https://framapiaf.org/@Betree/116218444650414138
the developer who is currently adding this Persona integration into @opencollective has replied to this thread here:
-
-
Soooooo @Mastodon is using @OpenSourceCollective as their fiscal host...
@liaizon @OpenSourceCollective another I never liked about open collective is that they store all their data on AWS in the US, unencrypted. that means all the fiscal data, invoices, payment details, of all their users, including all collectives using their online platform. as open collective is difficult to self host, everybody uses their website. when i asked for more details, they said they are a US based organisation, that they won't care, and that GDPR does not apply to them. i stop using it
-
RE: https://framapiaf.org/@Betree/116218444650414138
the developer who is currently adding this Persona integration into @opencollective has replied to this thread here:
@liaizon @opencollective i don't understand any of this. is this one second away from them implementing a persona *killswitch*, and debating what "persona" actually *means*?
-
@poohlaga hi Lauren, sorry to make your acquaintance on such an unpleasant matter. While I am glad to hear that you are using them only in "rare edge cases" it seems that their API is getting directly integrated into Open Collective's code base (https://github.com/opencollective/opencollective-frontend/pull/11988)
I think for the present moment there needs to be a very clear statement about *exactly* how you are using Persona and what data and what edge cases would end up triggering you to initiate sending *any data* to their API.
@liaizon Yes, I have a draft response on how we intend to use the platform connection, but I'd like the engineers to review it for accuracy, as the feature is still in development.
I will say it was fundamental for us that any personal data entered in Persona remain in Persona and any user information on the platform remain on the platform. We are not passing any user data from the platform to Persona. And if a user elects not to do our KYC with Persona, then we do our best to find another way. -
@liaizon @opencollective i don't understand any of this. is this one second away from them implementing a persona *killswitch*, and debating what "persona" actually *means*?
@malte which part don't you get? why they are shooting them selves in the foot?
-
@malte which part don't you get? why they are shooting them selves in the foot?
@liaizon what this "bridge" is, and who the hosts are that potentially need a kyc-persona. i'm lost when people start using abbreviations, and i'm doubly lost when they shroud those abbreviations in vague abstractions.
-
@poohlaga hi Lauren, sorry to make your acquaintance on such an unpleasant matter. While I am glad to hear that you are using them only in "rare edge cases" it seems that their API is getting directly integrated into Open Collective's code base (https://github.com/opencollective/opencollective-frontend/pull/11988)
I think for the present moment there needs to be a very clear statement about *exactly* how you are using Persona and what data and what edge cases would end up triggering you to initiate sending *any data* to their API.
@liaizon Regarding edge cases, the most common are when we are unable to verify the payee's identity or when they are in a jurisdiction flagged by US sanctions. Roughly .005% of expenses each month are flagged. Additionally, for each flagged expense, we communicate what is blocking us from moving the payment forward and offer alternatives so we can resolve the issue in a way the payee also feels comfortable with.
-
@liaizon @scan Hi, Lauren here. I'm the ED of OSC and happy to chat. In this expense, the payee was presented with options that would not require a KYC with Persona; they confirmed, so we will be able to pay them through this method. KYC's are a rare edge case for us and are not issued on all expenses.
I will publish a general statement on the OSC updates page - but yes. We started using Persona before the news broke. We are currently looking for non-US providers and are open to suggestions. -
@liaizon Yes, I have a draft response on how we intend to use the platform connection, but I'd like the engineers to review it for accuracy, as the feature is still in development.
I will say it was fundamental for us that any personal data entered in Persona remain in Persona and any user information on the platform remain on the platform. We are not passing any user data from the platform to Persona. And if a user elects not to do our KYC with Persona, then we do our best to find another way.@poohlaga the statement "We are not passing any user data from the platform to Persona" makes no sense in this context. You are integrating Persona's API into the platform. You are paying money to Persona to process the personal data of people on Open Collective. Why are you even considering using Persona at all? Using them is antithetical to every point that Open Source Collective lists in your "Values"
-
Because of Open Collective's belief in transparency, you can see directly how much @OpenSourceCollective is paying to use Persona and when those payments started:
https://opencollective.com/opensource/transactions?searchTerm=persona&kind=ALL
hey @Wtebbens have you seen this thread? seeing as you just set up a fiscal host on Open Collective and have been talking about the need to move away from Big Tech I would think chiming in, in this situation would be useful
