Worldcoin is redefining how digital identity is developed by centering on the human iris as its primary biometric. However, in doing so, Sam Altman’s company, which now goes by simply as World, has drawn scrutiny from individuals and governments alike.
According to Shady El Damaty, CEO of Holonym and expert in zero-knowledge cryptography, the World Network’s centralized infrastructure makes it particularly vulnerable to data leaks and exploitation. Given the project’s global reach, the consequences of such breaches can prove catastrophic.
A Universal Digital Identity
With artificial intelligence continually blurring the lines between humanity and technology, Altman’s most recent project has taken the concept to the next level.
World, an initiative the OpenAI CEO launched in July 2023, has a bold objective: to scan every eye on Earth and forge a universal digital identity for humanity.
At its heart lies the World ID, a privacy-preserving digital identity generated through a unique biometric scan of a user’s iris, referred to as “the Orb.”
“Worldcoin is the very first example of a company… that has the explicit mission of documenting every single person in the world with a cryptographically immutable link between a cryptographic hash of your eye and… your biometrics,” El Damaty told BeInCrypto.
In exchange for this biometric verification, users receive WLD tokens, World’s native cryptocurrency. These tokens serve as both an incentive and a fundamental component of participating in this global network.
The initiative is undoubtedly innovative. However, it’s also tremendously risky.
Why the Iris? Unpacking World Network’s Biometric Choice
Unsurprisingly, World’s launch has been received with skepticism.
While users have generally grown comfortable with biometric authentication, such as fingerprints for passport scans or Face ID to unlock smartphones, the prospect of having one’s eyeballs scanned to create a digital identity has elevated the feeling of living in a simulated reality.
“[World] settled on… the iris, which has enough entropy within it that it’s really difficult to brute force. They could have gone with fingerprints, but they didn’t because these can be very easily modified; they can be burnt off, or you could use different fingerprints. Whereas for eyes, they are very difficult to change,” El Damaty explained.
The reason behind World’s decision to use such a specific biometric is in line with its stated purpose.
As artificial intelligence continues to develop at a rapid pace, this initiative is a way to provide a trust layer for the world post-AI.
This mission is often framed as creating “proof of personhood” in an era when distinguishing real humans from AI bots will become increasingly complicated.
“In the future, it might be really difficult to know who you’re interacting with, maybe both in the digital world as well as the physical world as robotics and automation continues to improve,” El Damaty added, noting, “With OpenAI, I think they really quickly realized that the most valuable commodity in the world isn’t going to be a currency or some hard asset, but it’s going to be authenticity.”
Though the cause may seem noble enough, the way World Network has decided to go about it has drawn scrutiny. Part of it stems from a fundamental disagreement on what digital identity should entail, leading to a philosophical divide.
Monolithic vs. Pluralistic Identity Systems
Worldcoin’s “one iris scan belongs to one identity” system embodies a monolithic identity. Experts often criticize such an approach for heightened security risks.
In a recent blog post, Ethereum co-founder Vitalik Buterin warned that such a singular, universally linked identity risks online privacy and individual freedom. He expressed concern that even with advanced privacy tools, a one-identity-per-person property brings several security risks.
“That’s the real risk. If someone takes a picture of your eyes, can they use all publicly available information, or maybe even dark web information, to identify who you are and what you’ve done on-chain,” El Damaty told BeInCrypto.
This approach also contrasts with the cypherpunk ethos that birthed Bitcoin, which emphasizes anonymity. Critics argue that World represents a significant philosophical shift away from this privacy-first tradition by permanently labeling individuals.
A specific point of concern for Buterin and others is World’s nullifier. This cryptographic mechanism ensures that each person signs up only once. However, its very function also presents a significant vulnerability.
“As soon as your nullifier is given up… all of the accounts that you have linked to that nullifier are also given up… it could be the foundation of a really massive data leak,” El Damaty warned.
In response to these risks, El Damaty advocates for pluralistic identity systems with multiple online identities for different purposes. This protects sensitive real-world information from being inextricably linked to a single, globally unique ID.
“Those iris codes shouldn’t be linked to the same amount of information that can be used to access your voting record or your social security benefits or other really critical information that, if ever given up, would undermine your status as a person in the real world,” he added.
This tension also forms the backdrop for World’s direct conflict with national governments.
Could Worldcoin Data Become a Government Honeypot?
World Network’s global scope directly challenges national sovereignty, especially a state’s right to define its citizens’ identity. This raises a critical question: What if foreign governments demand access to their citizens’ biometric data collected by this company?
Tools for Humanity, World’s parent company, might use its distributed infrastructure as a defense, claiming data resides in various nations. However, El Damaty believes this defense is precarious.
“[World] also ha[s] infrastructure in the United States that’s going to be beholden to the US government’s authority. The US can come in and say, ‘hey, we’re going to pull the plug and put your executives in jail if you don’t hand over all of the logs that are coming from this central server that’s responsible for coordinating the entire network.’”
This vulnerability transforms World’s vast biometric database into a potential honeypot for governments. El Damaty pointed to precedents like the 2018 CLOUD Act, which allows US law enforcement to compel US-based tech companies to provide data, even if stored overseas.
Many nations have not waited for such hypothetical scenarios to play out, leading to immediate and forceful regulatory action.
Why Nations Are Banning Worldcoin
The international community’s response to Worldcoin’s initiative has been overwhelmingly hostile.
Countries like Spain, Portugal, Kenya, and Indonesia have either imposed bans or initiated investigations into World’s operations, citing concerns over data handling, transparency, and age verification.
El Damaty highlighted a crucial transparency issue. As a private company, World’s financial and operational details aren’t fully open for public scrutiny. This, he suggested, enables them to strategically control how they present their activities to the world.
This opaqueness contributes to existing global skepticism.
“I don’t think governments are going to suddenly turn overnight and say, ‘okay, well, we’re going to let this American company [from] Silicon Valley run by one of the world’s most powerful people to track all of our citizens and give them their crypto tokens,’” El Damaty said.
Without detailed clarity, many nations remain wary of entrusting such fundamental identity information to a private entity perceived to be operating outside established legal and ethical norms.
The post Worldcoin’s Global Identity System: A Step Toward the Future or a Privacy Nightmare? appeared first on BeInCrypto.