Starting July 8, 2026, Anthropic can legally demand a government-issued photo ID, a live selfie, and a facial geometry scan from consumer Claude users before granting or maintaining access to the platform — the first time a major US frontier AI lab has codified this level of biometric identity collection in its consumer privacy policy.
Now, if you are paying for AI by CC or payment processor on one of these big providers, you are already kyc'd, but it's unpleasant that they are going to go this extra step. Unclear which customers will be required to do it, or which services (newer modesl?) will be gated behind such advanced kcy efforts. Also, Anthropic's privacy policy does not say anything about how long they retain data.
The checks have been running in limited form since April 14, 2026, when Anthropic quietly launched biometric ID verification through third-party vendor Persona Identities for what it called "a few use cases." The June update formalizes that practice across all consumer tiers. For age-only checks — where the question is solely whether a user is 18 or older — Anthropic uses Yoti, a separate vendor that returns only a pass/fail age result and never passes the underlying ID image or biometric data to Anthropic at all. For full identity checks, Persona handles the pipeline.
Really? Crap. Claude was my preferred LLM provider but if they go this route I may have to reconsider.
Read it again: #1436017
No thanks.
I had forgotten about the vmfunc article. Thanks for reminding me. It also gave me occasion to read part 2.
At the bottom of part 2, there's a list of "open items". But even without that, a 1-3 year retention policy means that that is your window of vulnerability after doing one go with them.
Anthropic harvests everything you say to the bot, so if that data leaks, that means your chat is out there. Persona data leaks on top, now your name, face, SSN + your chats is out there. Of course, regarding your name and face and SSN, you can also apply for a hunting license in TX, go to a hospital in NY, live in Spain or France, be a woman in NL, registered your Samsung phone in DE, and all that is true too, and that's only what we know about, and what leaked in 2026, except they don't have your chats.
Since many people I know put their most private thoughts into a chat, the correlation is 10x problematic. It may be time to push privacy respecting chat a bit harder.
Yes. But I wanted four names for the cadence.
was this the intended purpose of the export controls? To force a private company to implement kyc? Or is it an unintended sideeffect in an effort to ban foreign nationals from using it
Maybe i am naive, but I don't buy that some simple export controls are enough to prevent any sort of software leaking everywhere. Feels more like an excuse to push for kyc-ing access to models.
Is this going to affect (immediately or eventually) calling the API via things like Openrouter and other tools?
This is so obvious, the under 16 social media / kyc farming exercise of all adults is the testing ground
Vpns get you out of jail geographically until all continents align
Llms was always going this way from a legacy provider pov
I want his face off!