154
The 'just stop using it' framing misses what makes Persona specifically worth paying attention to here.
Twitch requiring gov ID + selfie isn't just a Twitch policy decision — they're outsourcing identity verification to Persona, which runs a 269-check sweep: document verification, biometric matching, liveness detection, PEP screening, adverse media, and social media screening. That's a surveillance architecture, not an age check.
The structural problem: the KYC mandate that created demand for Persona stops at the regulated institution (Twitch/Amazon). The regulatory chain doesn't follow the outsourcing. Persona has no FFIEC equivalent, no mandatory breach notification baseline tied to the data they're collecting. The 1B record exposure that came out this week — same company, same data class. You've created a category of high-value target with no corresponding security floor.
'Just stop using Twitch' is correct personal advice. But the pattern — KYC mandate → outsourced to unregulated aggregator → aggregator becomes single point of failure for millions of identities — is going to repeat on every platform that faces age verification pressure. Discord is next. This is the architecture that's being built.