UPDATE: they have dropped Persona!

liaizon@social.wake.st

So yeah, this really seems like they are integrating Persona directly into Open Collective. So even if the fiscal host changes directions here, this seems totally not ok.
https://github.com/opencollective/opencollective-frontend/pull/11988

havchr@mastodon.gamedev.place

@Li @liaizon @scan I think we are going to need it. Open source will be attacked by bad faith actors which can set up a bot army of "contributors" - the openness we want needs some kind of trust mechanisms. I am not saying this specific case warrants an identification system - just that there are sharks in the water ahead. Say someone wants to infiltrate the forums of KDE, and make a lot of noise and disturb development, they can already. In the future they can x1000 it in volume and distruption

liaizon@social.wake.st

Soooooo @Mastodon is using @OpenSourceCollective as their fiscal host...

https://opencollective.com/mastodon

li@tech.lgbt

@havchr @liaizon @scan

look okay we just "need" mass privacy violations, we just *need* to destroy all anominity on these projects, its super important! we just need to discriminate against people who are not 'blessed' by teh state with the privledge of being able to exist.

yeah; how about no;

i do not care how 'palletable' you try to make this dystopian bullshit

please fuck off

abekonge@venner.network

@liaizon Ok let's talk strategies for push back - we gotta stop this! @jowek @ukrudt @tak @ruben @magnus

Making an angry github issue?

Making a petition signed by a lot of collectives?

?? what else?

havchr@mastodon.gamedev.place

@Li @liaizon @scan Look, I am not rooting for any of these things, I am rooting for solutions that can proove personhood _without_ breaching privacy.
There is a whitepaper about it on the firstperson project web page. The Linux Foundation is one of the initiaters of this work. And in the case of OpenCollective and shipping ID off to Palantir-bros - hell yeah, they can fuck off.

aslakr@mastodon.social

@liaizon A botly hooray

li@tech.lgbt

@havchr @liaizon @scan "proving personhood" again please fuck off with this shit.

"proving personhood" means that someone can just decide your not a 'person', or that you are a "person" its discriminatory, and creates extreme power dynamics (which is what IDs are for, the other part is survailence)

ive been told for ages im not really a person you know, i don't actually have a magic id card that says i 'count' actually;

a person is anything that says it is, fuck you. stop trying to enforce dehumanization actually

i don't need to fucking 'prove' to fucking anyone ever; and i hope your system gets hacked to fuck; (i mean, you cant do 'privacy preserving, identify verification'' its self-contradictory)

and fuck the linux foundation for enabling this shit too actually

clayote@peoplemaking.games

@havchr @Li @scan How would proving personhood have helped against Jia Tan? That was a real person. Their loyalties weren't where they said they were.

liaizon@social.wake.st

@clayote @havchr @Li can yall stop tagging me in this tangential thread?

poohlaga@mastodon.social

@liaizon @scan Hi, Lauren here. I'm the ED of OSC and happy to chat. In this expense, the payee was presented with options that would not require a KYC with Persona; they confirmed, so we will be able to pay them through this method. KYC's are a rare edge case for us and are not issued on all expenses.
I will publish a general statement on the OSC updates page - but yes. We started using Persona before the news broke. We are currently looking for non-US providers and are open to suggestions.

liaizon@social.wake.st

@abekonge @jowek @ukrudt @tak @ruben @magnus
the chair of the board of directors of F-Droid just responded to my tag here seemingly in agreement
https://social.seabass.systems/@seabass/statuses/01KKHX2849AKSRJSVSN5C04TXP

I would say that the MAJORITY of 2714 collectives that OSC fiscal host has would be entirely opposed to being subjected to having to have their personal data sent to Persona. A large majority of them have a presence right here so tagging projects seems like it would definitly stir shit up.

liaizon@social.wake.st

@abekonge @jowek @ukrudt @tak @ruben @magnus

An open letter where people can sign their project names about their disapproval of this would probably be a good start though you are right. I wonder what the best way to host that would be?

liaizon@social.wake.st

@poohlaga hi Lauren, sorry to make your acquaintance on such an unpleasant matter. While I am glad to hear that you are using them only in "rare edge cases" it seems that their API is getting directly integrated into Open Collective's code base (https://github.com/opencollective/opencollective-frontend/pull/11988)

I think for the present moment there needs to be a very clear statement about *exactly* how you are using Persona and what data and what edge cases would end up triggering you to initiate sending *any data* to their API.

liaizon@social.wake.st

RE: https://mastodon.social/@poohlaga/116218374295960280

the Executive Director of @OpenSourceCollective replied:

betree@framapiaf.org

@opsocket @liaizon copy-pasting the reply I've made on the Github issue:

We (opencollective.com) are agnostic to the KYC provider that fiscal hosts use. Our integration was built primarily as a manual KYC tool, and you can use any backend you want - or even run your own program.

betree@framapiaf.org

@opsocket @liaizon

We're indeed adding a persona integration on the platform to help Open Source Collective manage their KYC program. It is not something we're forcing on anyone, just a bridge we're creating for fiscal hosts relying on this service.

For the rest, I'll let Open Source Collective comment.

They're aware of this thread and are preparing a reply as we speak.

liaizon@social.wake.st

RE: https://framapiaf.org/@Betree/116218444650414138

the developer who is currently adding this Persona integration into @opencollective has replied to this thread here:

opsocket@mamot.fr

@Betree @liaizon I just read it, thanks for trying to shed some light here

nextgraph@fosstodon.org

@liaizon @OpenSourceCollective another I never liked about open collective is that they store all their data on AWS in the US, unencrypted. that means all the fiscal data, invoices, payment details, of all their users, including all collectives using their online platform. as open collective is difficult to self host, everybody uses their website. when i asked for more details, they said they are a US based organisation, that they won't care, and that GDPR does not apply to them. i stop using it