FB Pixel no scriptIdentity in the AI era: An assessment of Worldcoin's iris-based biometric solution | KrASIA

Identity in the AI era: An assessment of Worldcoin’s iris-based biometric solution

Written by Gideon Ng Published on   6 mins read

Proof of personhood is a novel and intriguing idea, but should a private tech company be entrusted with its implementation?

With the rise of artificial intelligence, the unsettling prospect of job displacement looms, becoming a pressing concern in many parts of the world. According to the BBC, AI could eventually replace around 300 million jobs worldwide, with some sectors likely to be more affected than others.

Amongst the initiatives targeted at softening this impact is the Worldcoin project. One of its mandates is to ease this AI-driven transition, assisting individuals and communities that may be affected in due course.

A key feature of Worldcoin is its notion of universal basic income (UBI). This is a concept advocated by Sam Altman, co-founder of Tools For Humanity, the company behind the Worldcoin project. According to its framework, the project would distribute digital tokens to every human being in a recurring fashion. These tokens would theoretically hold financial value, serving as a safety net for those impacted by advancements in AI.

While this concept sounds alluring, having already attracted over two million participants and drawing investments from prominent venture capital firms including Andreessen Horowitz and Blockchain Capital, implementing it on a global scale is highly challenging, leading to widespread skepticism and concerns about the risks this new technology could pose.

How Worldcoin works

The Worldcoin project comprises an ecosystem made up of three components: the digital token (Worldcoin token), an identification system (World ID), and a cryptocurrency wallet (World App).

Worldcoin token (WLD)

The Worldcoin token, also known as WLD for short, is a cryptocurrency that Tools For Humanity envisions will enable the mass adoption of digital assets. Worldcoin aims to provide UBI to every individual by distributing WLD tokens. It is not made clear how these digital tokens will gain and hold financial value to achieve that purpose, but co-founders Altman and Alex Blania believe that these tokens will eventually be funded by AI.

At the moment, all users are entitled to receive 25 WLD tokens by undergoing an iris scanning process to verify their identity. According to the project’s whitepaper, verified users will be eligible to receive recurring grants of free WLD tokens, though these allocations are expected to decrease over time.

World ID: A digital passport

To ensure the fair distribution of WLD tokens, the company has developed an identification system called the World ID. The system is designed to prevent user abuse, ensuring that each individual does not receive more WLD tokens than are allowed.

To achieve this function, the World ID works like a universal digital passport, confirming the identity of users and whether they are real human beings. The need for a solution like the World ID has grown in today’s digital landscape, given the proliferation of deepfakes and bots in the online sphere.

For example, the solution can be utilized in scenarios where verifying one’s human identity is crucial, such as the identification of bot accounts on social media platforms like X (formerly known as Twitter) and preventing Sybil attacks. A notable instance of a Sybil attack occurred during the Connext airdrop, when a single wallet successfully claimed 200 allocations that were originally intended for other wallets.

The World ID system utilizes a unique process by scanning the iris of users with a device known as the Worldcoin orb. The device converts each scan result into a cryptographic string of numbers, known as a hash, which can serve as a distinctive identifier. These are stored securely on the blockchain.

World App: A universal crypto wallet

The World App is akin to a typical crypto wallet and enables users to store a variety of cryptocurrencies including bitcoins, ether, and WLD tokens. When a user creates an account on the World App, a public and private key is generated. The public key acts as an identifier stored on the blockchain, while the private key is a master password that can be used to allow access to the wallet. The private key is stored only in the user’s device.

When a user undergoes an iris scan using the Worldcoin orb, the public key of the wallet is tagged to the iris hash and recorded on the blockchain. When verification is required, such as when signing into websites, mobile apps, or decentralized applications, the public key is cross-referenced with the registry of known public keys and iris hashes.

To safeguard user privacy, Worldcoin uses zero-knowledge proof, a cryptographic method that provides proof to the verifier that a person is a verified user without needing to divulge any other information. Also, by storing identifiers on the blockchain, no centralized entity holds exclusive access to personal information.

The controversies plaguing Worldcoin

While the Worldcoin project presents an intriguing concept, there are several controversies that have cast a shadow over its potential benefits.

Data collection methods

A notable point of contention revolves around Worldcoin’s methods of data collection, particularly in developing regions like Uganda and Kenya. Worldcoin was allegedly being marketed as “free money” in these countries where technology literacy is low and data protection regulations are less stringent. Individuals who reside in such countries could therefore not fully grasp the implications of biometric identification—such as undergoing an iris scan—and may solely be motivated to participate due to the financial incentive they stand to gain. This was the scenario in Kenya, with Kenyans queuing up in masses to scan their irises for the reward of 25 WLD tokens. These tokens could potentially convert to USD 50 for each individual, which is a substantial sum for those living in poverty.

Eventually, the Communications Authority of Kenya intervened and ordered Worldcoin to stop signing up new users, citing data privacy concerns.

Meanwhile, in countries with stricter data protection laws like France, Germany, and the UK, Worldcoin faces scrutiny over its data collection methods, pseudonymization of personal data, transparency, and the fairness of user consent.

Noting the difference in privacy laws among countries, it will be challenging for the Worldcoin project to achieve its mission of onboarding every single individual in the world. For a project of such scale and ambition, it is, perhaps, better off managed by national governments, rather than entrusted to a centralized tech entity to administer what essentially is a global ledger of personal information, especially when it entails dealing with biometric information.

Privacy concerns

One of the contentious aspects of Worldcoin pertains to its claim that biometric data is deleted from the orb device after it has generated the identifier. This claim is not entirely accurate as users have the option to store their biometric data in encrypted data stores. Worldcoin states that this option exists “because the algorithm that computes the iris code is still evolving to make sure it can support signing up everyone”.

According to Forbes, Worldcoin’s orb device initially faced challenges when scanning the eyes of Asians, potentially due to insufficient training data, as the system was primarily trained on the eyes of white and Black individuals.

While Worldcoin stated that users would be able to back up their iris code self-custodially, it has acknowledged that “different avenues to increase privacy are being researched”. Given that privacy is the backbone of its entire operation, Worldcoin seemingly lacked the prudence to conduct thorough research on privacy-preserving methods and to implement them before launching the project.

Worldcoin’s privacy policy also pales in comparison with that of Apple’s Face ID. The latter’s privacy policy explicitly states that biometric data collected never exits the user’s device. Apple’s reputation as a company has been built on the foundation of emphasizing privacy, and Worldcoin must similarly prioritize this aspect if it hopes to earn the trust of the public.

The potential for abuse

In August this year, Forbes reported that there are some exploits allowing a single individual to create multiple Worldcoin accounts. Furthermore, black markets for iris data are emerging. When probed by Gizmodo, Worldcoin rebuffed concerns by suggesting that the problem was confined to “a few hundred instances” of fraudulent activity.

While the full extent of these exploits remains uncertain, they could potentially undermine the project’s original purpose.

Moreover, the security of the World App, despite claims of decentralization, remains reliant on cloud backups, phone numbers, and traditional passwords. If a hacker gains access to these credentials, recovery is difficult, if not impossible. This opens the door for hackers to misuse stolen credentials in various ways, including selling or leasing them to others or even gaining access to specific services that could otherwise be inaccessible.

Future outlook

While the Worldcoin project was initially aimed at facilitating fair distribution of cryptocurrencies to all individuals, it is shifting its focus towards verifying personhood, which places the project under a lot of scrutiny due to privacy and security concerns.

Although proof of personhood is an intriguing concept, it remains challenging to implement despite recent advancements in AI. Furthermore, questions loom over whether a private tech entity (Tools For Humanity) is the most suitable candidate to establish a system that is meant to facilitate a private and secure method of identification. After all, technology companies do not have the best track record when it comes to privacy and security.


Auto loading next article...