Today, we’re releasing Verified Organization status, a new way for developers to unlock access to the most advanced models and capabilities on the OpenAI Platform.
A new way to explain why you don’t have access to models besides “rolling out to {unpublished denial criteria}”. A new way to provide even more biometric data to be auctioned off when another “partner” goes bankrupt or gets hacked with little recourse.
Only one verify per 90 days per ID, regardless of organization count you administer or that are a business, LLC, or corporation with rotating principals.
Yes, it is now live and likely on your organization. Will they walk this back – if it gets as much negative feedback as the attempt at a project needing “verifications” of use-case and more details?
Your first challenge: A payment method is required, even though you have credits and removed the card to prevent unregulated abuse and billings coming from nowhere (search forum to find why this could be wise…)
And even if you were to agree to that, your next step is not to upload a document, but to stupidly need to use a camera device, clearly for the phone crowd who are not wise in personal security.
Verification unlocks access to advanced models and additional capabilities on the OpenAI platform, enabling you to utilize the latest AI advancements.
Conclusion
I hope you’ve found this walkthrough useful, of what you’ll need to do to ensure you are not left behind when using the API. (I made sure to let you know by my tone, differentiating me from the ones that came up with this, that it’s not my idea!)
Why does Persona have user-select: none on their privacy policy? (this makes it so you intentionally can’t easily cite text from the page) (https://withpersona.com/legal/privacy-policy)
TL;DR: Persona may freely disclose all personal data to service providers, who in turn we have no privacy agreement with - so they may freely use and sell that information at their discretion.
There’s authentication problems going on with OpenAI - especially if you don’t have an OpenAI account with a username/password as your login.
I just checked the verification link and it got me through using my organization, but I’ve got a non-expired Oauth2 token cached from the platform site and indeed don’t use an authentication service… so stay tuned?
Verification holdback released today on API o3 and o4-mini:
Here in Poland nobody carries physical ID cards or driver’s licences anymore everything lives in the mObywatel app on our phones. So I literally can’t send you the old “photo of the licence” you keep asking for, and my car‑insurance company keeps rejecting my paperwork because of it. I’m so fucking pissed off about the whole thing that I’d have bailed ages ago, but I really like your API ecosystem. Still, shelling out $300 and not getting access to the latest models feels absurd.
I tried it and session expired, after which I can’t retry it or regenerate a new link. I topped up credits to use and test the new o3 and o4-mini models and I’m left unable to use them. The chatbot is of no help
There was a problem that the link didn’t come out properly from the beginning because the adguard was turned on, so I turned off the adguard and refreshed the page, and it said that I couldn’t check the organization?
I don’t know who thought of this, but I think it’s a completely stupid means.
im having the same issue. the initial verification didn’t pass because license was blurry and then when I went to restart it again it keeps saying link expirted. The refresh button on openai keeps generating the same exact link
Hi Raymond,Thank you for reaching out to Persona Support!Persona handles the identity verification portion of the flow you just went through. We recommend contacting the organization that directed you to the Persona flow for questions about the verification process. They will be able to better assist in answering any questions you might have. In the meantime, here’s an article on common issues that can interfere with completing the Persona verification process: (Link) Have a great rest of your day! Thanks,Persona Team
and openai support chat hasn’t responded in days. no matter how many times i click:
I have strayed into helping people out with “Assistants” when it offered neither a great solution for beginner nor expert.
However, this is a case where OpenAI must experience the brunt of their decision. I’m not here to support you doing a dumb thing with your personally-identifiable biometric information. This ridiculous company is the one needing to earn trust, and the only ones they’ve fooled is OpenAI. The user experience can be extrapolated to the backend quality.
What they ask to do themselves would be a policy violation on OpenAI - with hundreds of tokens injected into API models to block it.
Just went to check out the image API and encountered this (id requirement).
Not sure I understand openAIs decision here, what are they actually trying to do (for future also), have they considered impact on users.
This under-communication (which seems a pattern) has me wondering, also: oddities on the API (inconsistencies in JSON schema I’ve posted about), 500 error thats been unfixed across months, need for personal crystal ball to determine where they are going (i.e. unstated deprecation of assistants API), and (BIG) recent random account blocking error where non-offenders were blocked on with a disturbing reason relating to children.
Specifically – as a solo-dev trying to bootstrap a startup, unnecessary admin really kills my time, the risk that I could be banned with no reason and my customers SOL some arbitrary Tuesday is big. I’m not a big co with leverage or a personal contact, I’m at their mercy for orderly account mgmt + support.
My reaction is to make sure I have alternatives to openAI, even if it costs me time + energy.
Not trying to rain on openAI, they are new and even though rich financially it takes time to get things right, but ** they have put me in “risk mgmt mode”. Hmmm.
This is attempting to electronically capture the full information of an ID card, including biometric information and 2D barcodes beyond a transitory in-person method. It also engages in transfer of such persistence between entities in a privately-profitable business relation. Such use is not permitted, is a violation, and unwaivable, along with denial of services or business engagement based on such.
It also breaks down any argument that a value storage account of “credits” is not bound by consumer protection laws regarding expiry and refund when you are forcing a business interaction to be individual-based using personal identity.
807.745 Findings regarding personal information contained in driver licenses, driver permits and identification cards. The Legislative Assembly finds that:
Oregon recognizes the importance of protecting the confidentiality and privacy of an individual’s personal information contained in driver licenses, driver permits and identification cards.
Machine-readable features found on driver licenses, driver permits and identification cards are intended to facilitate verification of age or identity, not to facilitate collection of personal information about individuals nor to facilitate the creation of private databases of transactional information associated with those individuals.
Easy access to the information found on driver licenses, driver permits and identification cards facilitates the crime of identity theft, which is a major concern in Oregon. [2009 c.546 §1]
Note: 807.745 and 807.750 were enacted into law by the Legislative Assembly but were not added to or made a part of the Oregon Vehicle Code or any chapter or series therein by legislative action. See Preface to Oregon Revised Statutes for further explanation.
807.750 Restrictions on swiping driver licenses or identification cards.
(1) As used in this section:
a) “Driver license” means a license or permit issued by this state or any other jurisdiction as evidence of a grant of driving privileges.
b) “Financial institution” has the meaning given that term in ORS 706.008.
c) “Identification card” means the card issued under ORS 807.400 or a comparable provision in another state.
d) “Personal information” means an individual’s name, address, date of birth, photograph, fingerprint, biometric data, driver license number, identification card number or any other unique personal identifier or number.
e) “Private entity” means any nongovernmental entity, such as a corporation, partnership, company or nonprofit organization, any other legal entity or any natural person.
f) “Swipe” means the act of passing a driver license or identification card through a device that is capable of deciphering, in an electronically readable format, the information electronically encoded in a magnetic strip or bar code on the driver license or identification card.
Except as provided in subsection (6) of this section, a private entity may not swipe an individual’s driver license or identification card, except for the following purposes:
a) To verify the authenticity of a driver license or identification card or to verify the identity of the individual if the individual pays for a good or service with a method other than cash, returns an item or requests a refund.
b) To verify the individual’s age when providing an age-restricted good or service to any person about whom there is any reasonable doubt of the person’s having reached 21 years of age.
c) To prevent fraud or other criminal activity if an individual returns an item or requests a refund and the private entity uses a fraud prevention service company or system.
d) To transmit information to a check services company for the purpose of approving negotiable instruments, electronic funds transfers or similar methods of payment.
e) To collect information about the individual for the purpose of processing an application for a deposit account or loan for the individual, if the private entity is a financial institution.
f) To enable a pharmacist, pharmacy technician or intern, as those terms are defined in ORS 689.005, to submit information to the electronic system described in ORS 475.230 for the purpose of transferring a drug containing pseudoephedrine or ephedrine or a salt, isomer or salt of an isomer of pseudoephedrine or ephedrine without a prescription from a practitioner to a person who is 18 years of age or older.
A private entity that swipes an individual’s driver license or identification card under subsection (2)(a) or (b) of this section may not store, sell or share personal information collected from swiping the driver license or identification card.
A private entity that swipes an individual’s driver license or identification card under subsection (2)(c) or (d) of this section may store or share the following information collected from swiping an individual’s driver license or identification card for the purpose of preventing fraud or other criminal activity against the private entity:
a) Name;
b) Address;
c) Date of birth; and
d) Driver license number or identification card number.
5)(a) A person other than an entity regulated by the federal Fair Credit Reporting Act, 15 U.S.C. 1681 et seq., who receives personal information from a private entity under subsection (4) of this section may use the personal information received only to prevent fraud or other criminal activity against the private entity that provided the personal information.
b) A person who is regulated by the federal Fair Credit Reporting Act and who receives personal information from a private entity under subsection (4) of this section may use or provide the personal information received only to effect, administer or enforce a transaction or prevent fraud or other criminal activity, if the person provides or receives personal information under contract from the private entity.
6)(a) Subject to the provisions of this subsection, a private entity that is a commercial radio service provider that provides service nationally and that is subject to the Telephone Records and Privacy Protection Act of 2006 (18 U.S.C. 1039) may swipe an individual’s driver license or identification card if the entity obtains permission from the individual to swipe the individual’s driver license or identification card.
b) The private entity may swipe the individual’s driver license or identification card only for the purpose of establishing or maintaining a contract between the private entity and the individual. Information collected by swiping an individual’s driver license or identification card for the establishment or maintenance of a contract shall be limited to the following information from the individual:
A) Name;
B) Address;
C) Date of birth; and
D) Driver license number or identification card number.
c) If the individual does not want the private entity to swipe the individual’s driver license or identification card, the private entity may manually collect the following information from the individual:
A) Name;
B) Address;
C) Date of birth; and
D) Driver license number or identification card number.
d) The private entity may not withhold the provision of goods or services solely as a result of the individual requesting the collection of the following information from the individual through manual means:
A) Name;
B) Address;
C) Date of birth; and
D) Driver license number or identification card number.
A governmental entity may swipe an individual’s driver license or identification card only if:
a) The individual knowingly makes the driver license or identification card available to the governmental entity;
b) The governmental entity lawfully confiscates the driver license or identification card;
c) The governmental entity is providing emergency assistance to the individual who is unconscious or otherwise unable to make the driver license or identification card available; or
d) A court rule requires swiping of the driver license or identification card to facilitate accurate linking of court records pertaining to the individual.
In addition to any other remedy provided by law, an individual may bring an action to recover actual damages or $1,000, whichever is greater, and to obtain equitable relief, if equitable relief is available, against an entity that swipes, stores, shares, sells or otherwise uses the individual’s personal information in violation of this section. A court shall award a prevailing plaintiff reasonable costs and attorney fees. If a court finds that a violation of this section was willful or knowing, the court may increase the amount of the award to no more than three times the amount otherwise available.
Any waiver of a provision of this section is contrary to public policy and is void and unenforceable. [2009 c.546 §2; 2021 c.126 §1; 2022 c.45 §2]
Consider this posting to be the “knowing” part of section 8.
