| ▲ | bri3d 9 hours ago |
| The referenced write-up based on the Persona front end code is here: https://vmfunc.re/blog/persona I definitely recommend reading this primary source before drawing conclusions about the code as most of the secondary reporting is quite low quality. |
|
| ▲ | cloverich 7 hours ago | parent | next [-] |
| Note also there's a direct response from Persona's security team here[1], and a lot of back and forth from Rick on Twitter[2]. [1]: https://withpersona.com/blog/post-incident-review-source-map... [2]: https://x.com/Persona_IDV/status/2025048195773198385?s=20 |
| |
| ▲ | nailer 4 hours ago | parent | next [-] | | > About the name: The subdomain was called onyx, a reference to the Pokémon Onix (a Pokémon made of multiple boulders, fitting for a multi-node architecture). It was an informal codename chosen by the engineer. It had no connection whatsoever to Fivecast ONYX, an unrelated 3rd party commercial product previously used by ICE. We understand this coincidence caused confusion, and we address it further below. | | |
| ▲ | UqWBcuFx6NV4r 11 minutes ago | parent [-] | | The fact that this is even being discussed is truly a bad smell of bad-faith “dig up anything that sounds bad” “reporting” |
| |
| ▲ | dvfjsdhgfv 3 hours ago | parent | prev [-] | | Twitter requires login to view the replies, might use an alternative: https://nitter.net/Persona_IDV/status/2025048195773198385 | | |
|
|
| ▲ | bondarchuk 9 hours ago | parent | prev | next [-] |
| Submitted 6 days ago but flagged https://news.ycombinator.com/item?id=47059129 @dang can this get a second chance? |
|
| ▲ | nebezb 7 hours ago | parent | prev | next [-] |
| I read it and, maybe it’s because I’ve spent too much time in fintech, I don’t share most of the concerns. The differences in proclaimed data retention periods is concerning though. The rest is par for the course for KYC/AML. |
| |
| ▲ | bri3d an hour ago | parent | next [-] | | I agree; I didn't want to editorialize too much as I think the writeup stands on its own. My takeaway was that in this case, even an author with a clear and extreme bias against this sort of thing could find only unfortunately-common bad practices rather than deeply nefarious intent. Of course, this is just the front-end code, but this just looks like a KYC platform to me. Most of the secondary reports on this write-up seem to completely ignore section 0x13 and jump to the specific conclusions the author does not draw. The fact that we've created a system where Discord need and want a KYC platform is a different and quite strange thing, but the KYC platform itself just looks like what it says on the tin. | |
| ▲ | boppo1 4 hours ago | parent | prev [-] | | Tell me more before I doom about this too much. |
|
|
| ▲ | dgxyz 8 hours ago | parent | prev | next [-] |
| Good article but the web site gave me eye and ear cancer. Please make it actually readable and don't steal my audio! |
| |
| ▲ | BoredPositron 8 hours ago | parent [-] | | [flagged] | | |
| ▲ | righthand 8 hours ago | parent | next [-] | | There is more than “unique web design” that cause reading issues with that article. For one the lowercase and as well as arcane keywords and organization. Not mention the autoplay music. I have communicated this to the author and they shrugged it off. | | |
| ▲ | BoredPositron 8 hours ago | parent [-] | | >> Please don't complain about tangential annoyances—e.g. article or website formats, name collisions, or back-button breakage. They're too common to be interesting. | | |
| ▲ | dgxyz 8 hours ago | parent | next [-] | | It's all of those, many more and does the content injustice. Don't talk about the bad things does no one any good. | |
| ▲ | righthand 8 hours ago | parent | prev [-] | | Yes most of us have read the rule. And I wasnt complaining in my comment I was directing the author as to why their submission was getting complaints and flagged. Stomping your feet that it doesn’t matter when people are telling your article is slightly unreadable really doesn’t make you or your article worthwhile to invest time in. No matter how good it is. Have a quirky website fine, but if you have important information you want to be taken seriously for, maybe consolidate that information into a more accessible format. Otherwise people will tell you AND do otherwise. |
|
| |
| ▲ | dgxyz 8 hours ago | parent | prev [-] | | Reading mode doesn't work on Safari for me... I get a paragraph and sod all else. So respectfully, do not make assumptions. And if you want someone to read the content, don't surround it with shite. | | |
|
|
|
| ▲ | dunder_cat 9 hours ago | parent | prev | next [-] |
| Seems to be down for me. https://web.archive.org/web/20260220192124/https://vmfunc.re... |
| |
|
| ▲ | tofuahdude 7 hours ago | parent | prev | next [-] |
| That was a great read, very interesting! |
| |
|
| ▲ | vincnetas 9 hours ago | parent | prev [-] |
| damn. why did the website stole my audio? |
| |
| ▲ | pavel_lishin 9 hours ago | parent | next [-] | | Some of the most interesting authors in tech on the internet have just absolute awful websites. Blinking animations everywhere, weird sounds, "cute" little javascript animations like it's 1999 again. | | |
| ▲ | john_strinlai 9 hours ago | parent [-] | | the last time the website was submitted, over half the comments talked about website design instead of the actual content. we can probably skip doing it again. different people have different tastes. people complain about boring websites, people complain about websites with animations or colors. the only guarantee is that the conversation isnt interesting. if you are on the side that doesnt like music, animations, whatever, i recommend a combination of noscript and using reader mode. | | |
| ▲ | Larrikin 8 hours ago | parent | next [-] | | The layout and design is a matter of taste. I actually find websites like OP refreshing to see. Blasting music or sound on auto play when you aren't directly navigating to audio or video content is just rude. It's the same as playing your speaker on the subway. | | |
| ▲ | rezonant 3 hours ago | parent [-] | | This is my problem with it. Put in a mute button if you're going to do this, otherwise it's just user hostile. No problem with stylized websites and fun animations. |
| |
| ▲ | rezonant 3 hours ago | parent | prev [-] | | Why not use your main account to post this, unless you mean it was submitted less than 4 days ago when your account was created? Genuinely curious what benefit a fresh account gives you here? | | |
| ▲ | john_strinlai 3 hours ago | parent [-] | | >unless you mean it was submitted less than 4 days ago maybe you are unaware, but you can browse HN without an account, and you can browse previous submissions (years back, even!). its not like i can only see posts made in the last 4 days. second, i saw the original post because it was posted in this very comment chain we are on, 5 hours ago, by bondarchuk (https://news.ycombinator.com/item?id=47137961). my turn! what is your comment trying to accomplish by cross-examining me about something completely unrelated? what point are you trying to make? if you think my comment is wrong, you should talk about the contents of the comment, not the age of my account. | | |
| ▲ | Larrikin 3 hours ago | parent [-] | | [flagged] | | |
| ▲ | john_strinlai 2 hours ago | parent [-] | | amazing comment from a 13 year old account. really embodying the spirit of the HN guidelines. thanks for the warm welcome. so, what exactly, are you basing your accusation on? was it me saying "use noscript and reader mode" or maybe "people have different opinions"? or just by nature of having created an account after you created yours? this sort of accusation is what will drive HN to be a shit community to participate in. just accuse anyone you slightly disagree with as being a bot/ai im not even sure what your issue, or rezonants issue with me even is! all i said was different people have different opinions, and you two are crawling up my ass about it. lets hope we never have to talk to each other about anything slightly important. |
|
|
|
|
| |
| ▲ | fuddle 6 hours ago | parent | prev [-] | | Yeah, come on! I'm trying to watch a video and read the article! | | |
| ▲ | vincnetas 5 hours ago | parent [-] | | yeah no. i was listening to background music of my choice while browsing the internet. |
|
|
