Site icon The Hack Post

Worldcoin’s Under Fire: Is It Really Safe?

Worldcoin's Under Fire Is It Really Safe?

Since launching its beta testing phase last year, Worldcoin has been highly debated, with various stakeholders raising concerns over the platform’s security and privacy protocols. Despite all the backlash, the project officially launched on July 24, 2023.

So what is Worldcoin, and what should you know before getting involved?

According to it’s official website, Worldcoin is “an open-source protocol supported by a global community of developers, individuals, economists, and technologists committed to expanding participation in and access to the global economy.”

Founded by OpenAI CEO Sam Altman, the project aims to create a global identity system from iris scans. To sign up, users are required to get their irises scanned by devices called orbs in return for Worldcoin (WLD) tokens. These orbs collect biometric data, which will then be used to create a secure and anonymous identity system that can be used to access all essential services.

Privacy advocates have criticized WorldCoin and Sam Altman, arguing that the biometric data could be used to do a lot of harm if it fell into the wrong hands.

Centralization, Privacy invasion, and Identity theft

The Worldcoin iris scan identifies the uniqueness of every user by obtaining basic personal data about them. This authentication system is called “Proof-of-Personhood” (PoP). Even without going into further details, the general idea of giving up your biometric data to a centralized entity without knowledge of how it’ll use it is chilling.

Earlier this year, WorldCoin published a blog post explaining how it intended to maintain privacy. While failing to provide any meaningful explanations on how data would be handled, the post stated that collected data would be stored on the company’s servers and deleted once they had finished training their AI models to recognize irises and detect fraud. “During our field-testing phase, we are collecting and securely storing more data than we will upon its completion. We will delete all the biometric data we have collected during field testing once our algorithms are fully-trained.”

These and many other gaps in the Worldcoin privacy protocols have led to continued backlash. Edward Snowden was among the first to criticize the project in 2021. The NSA whistleblower tweeted in response to Sam Altman’s announcement of the project, saying, “Don’t catalogue eyeballs. Don’t use biometrics for anti-fraud. In fact, don’t use biometrics for anything. The human body is not a ticket-punch.”

In July this year, days after Worldcoin went live, Ethereum co-founder Vitalik Buterin voiced his concerns about the project’s PoP in a detailed blog post.

Buterin noted that iris scan data may reveal more information than intended. “At the very least, if someone else scans your iris, they can check it against the database to determine whether or not you have a World ID.”

He went on to add that “we have no way to verify that it (the Orb) was constructed correctly and does not have backdoors.” He argued that despite the software layer being fully decentralized, Worldcoin could still introduce a backdoor into the system, opening the possibility of creating multiple fake human identities.

Buterin also noted that in the event a user’s phone got hacked, their iris scan data could get exposed.

Earlier in May, Chinese crypto outlet BlockBeats tweeted  about the existence of a black market for iris scans. Crypto users in China, where Worldcoin is not approved, were buying iris scans online for $30 or less a pop to cash in the WLD rewards once the project went live.

In the same month, TechCrunch reported that malicious actors had installed malware on the devices of multiple Worldcoin Orb operators. This gave the actors access to sensitive user data. The media site also reported that the logins of several Orb operators were being sold on dark web marketplaces.

Governments React to WorldCoin

At least six countries, including Nigeria, Argentina, Germany, France, and Kenya, have halted all WorldCoin activities pending investigations.

On Aug. 21, the Kenyan government formed a 15-member parliamentary committee to investigate the project, three weeks after issuing a public suspension. The committee will submit its report to the House after 42 days.

Conclusion

The privacy and security risks associated with the WorldCoin iris scan cannot be ignored. Signing up should be done with caution to mitigate these dangers for nations and their citizens.