Worldcoin: A Potential Privacy Nightmare
Linking a scan of your iris to your money and overall your financial activities might be a bad idea.
Lately, only a handful of cryptocurrency initiatives have managed to capture global user attention, leading to divisions among enthusiasts and critics, extensive coverage by mass media, and scrutiny from regulators.
‘Worldcoin’, as it is called, wants to build a ‘more human economic system’ and become ‘the world’s largest human identity and financial network’. It envisions facilitating emerging technologies such as AI and digital IDs; it doesn’t take a genius to see the potential forthcoming privacy concerns.
The project, co-founded by Sam Altman (OpenAI), got massive attention through their rollout of ‘orbs’. These shiny devices are designed to take photographs of a person’s iris, a process through which users are integrated into the Worldcoin system. In exchange, users are compensated with a nominal amount of their token.
In this article we want to provide deeper insights into the Worldcoin project, including potential privacy issues and ongoing investigations by regulators from different countries worldwide.
What is Worldcoin?
The Worldcoin whitepaper states that ‘proof of personhood’ is one of the main ideas behind the project, meaning the proof that somebody is a real, unique person. According to Worldcoin, the best way to create a scalable and inclusive proof of personhood in times of ‘increasingly powerful AI’ is through custom biometric hardware. That said, the main devices of this biometric hardware are currently their ‘orbs’, which take photographs of one’s iris.
Worldcoin Statistics; https://worldcoin.org
Among the features offered by Worldcoin are the ‘World ID,’ which utilizes iris scans, the ‘World App’ aimed at granting access to a global decentralized financial infrastructure, and the issuance of the ‘Worldcoin Token’ to all participants within the network.
Why Are There Privacy Concerns?
According to Worldcoin, the privacy of the World IDs is maintained through zero-knowledge proofs. However, relying solely on this approach is not the answer, as highlighted by blockworks.co as well:
“Zero-knowledge proofs can generate impressive privacy guarantees. But in the case of Worldcoin marketing, they’re more theater than substance. Taking off your shoes at the airport makes it look like important precautions are being taken (but doesn’t actually make you any safer); and long blog posts about zero-knowledge proofs distract from, but don’t in fact address, the problem of Worldcoin asking for users’ trust.” — https://blockworks.co/news/worldcoin-privacy-concerns
Nonetheless, it is questionable what will happen with the iris scans collected by the orbs.
Privacy experts worldwide are concerned that these scans could potentially be repurposed, or worse, accessed by malicious actors, similar to data thefts observed in other companies.
Quotes from the Worldcoin blog are not very reassuring either, in short they merely state ‘trust us!’. Yet, as anyone should have learned by now, is ‘Don’t trust, verify!’ is more than just a phrase:
“During our field-testing phase, we are collecting and securely storing more data than we will upon its completion… We will delete all the biometric data we have collected during field testing once our algorithms are fully-trained.” — https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/
Also questionable is the rationale behind Worldcoin’s initial deployment of these orbs in economically disadvantaged nations like Kenya. A lot of Kenyans went to great lengths just to get their iris scanned, all for the sake of getting 25 World tokens valued at approximately $50. And to add to that, many of them remained unaware of the underlying purpose behind the iris scans they underwent.
Reactions of Regulators Worldwide
It comes as no surprise then, that Worldcoin got the attention from government bodies worldwide, including the likes of the Bavarian state in Germany, the United Kingdom, France, Argentina, and notably Kenya, where masses of people attended the iris-scan-ceremony.
A 15-member kenyan committee was formed in order to investigate the project, three weeks after the African country had stopped Worldcoin’s operations:
“The Interior Cabinet Secretary Kithure Kindiki, who has played a key role in suspending Worldcoin operations, told the House committee that the government is concerned by Worldcoin’s activities registering citizens and collecting iris data, all of which he claims pose serious security risks.” — https://cointelegraph.com/news/kenya-investigate-worldcoin
It is to be expected that more countries will start with their own investigations, making it unclear if the Worldcoin project will ever be able to reach a significant user base.
Adding to the concern is the involvement of (alleged) former Worldcoin employees, who state that they have already been in contact with authorities due to their witness of ‘sloppy and/or illegal things’. As Cointelegraph reported two days ago, this alleged ex-employee asserterd that he and others ‘had seen red flags since day one’.
Conclusion: Linking Money to Biometric Information is Not a Good Idea
In essence, linking a scan of your iris to your money and overall your financial activities is a bad idea. Worldcoin asking its users to ‘trust’ them alone is a red flag. It’s essential to remember that the Federal Trade Commission (FTC) is currently investigating OpenAI, one of the main forces behind Worldcoin, due to violations of consumer protection laws and the usage of specific big data sets.
We do not see Worldcoin becoming a ‘new financial system’, nor do we see it providing substantial privacy infrastructure. For true privacy preservation, one will likely need to turn to PriFi solutions like ours in the years to come.
Don’t trust. Verify!
