Rob Behnke
August 11th, 2023
Worldcoin is a project developed by Sam Altman, the CEO of OpenAI of ChatGPT fame. The goal of Worldcoin is to create a decentralized system that implements a universal basic income, providing a replacement for jobs and incomes lost to the evolution of AI technology.
The core of Worldcoin is a proof-of-personhood protocol designed to differentiate between real humans and the increasingly realistic bots enabled by generative AI. To enroll in the Worldcoin system, users will need to have their irises scanned by one of the project’s Orbs, creating a digital identity linked to private keys stored on a user’s personal devices.
Worldcoin is an ambitious project with noble goals. However, since it was publicly launched, it has received significant criticism from numerous sources. Many of these criticisms and concerns centered on privacy and security concerns about the project’s operations and management of sensitive and private user data.
Every blockchain and DeFi project has the potential to be hacked. Major DeFi hacks occur on a regular basis, and blockchain hackers have stolen billions of dollars worth of cryptocurrency from various protocols.
However, many of these protocols are designed to implement decentralized financial services, not economic systems on a global scale. They also don’t have access to the wealth of sensitive personal information that Worldcoin does.
Both of these factors make Worldcoin a major target for potential attackers, especially as the system gains wider adoption and holds greater value. Already, Worldcoin has made decisions that have significant implications for user privacy and security, both positively and negatively. Let’s go over some of the major security challenges in the Worldcoin project.
One of the defining features of Worldcoin is its use of biometrics for user identification. Creating a Worldcoin account requires having your iris scanned by one of Worldcoin’s Orbs, which will create a unique account for you on the blockchain. This account will be managed using private keys linked to the user’s identity and stored and managed on their personal devices.
On the positive side, the use of biometrics for user authentication is a very good thing for security. Irises are unique, making them ideal candidates for biometric authentication systems. Worldcoin’s use of them for biometric authentication creates a secure and usable system, offering better usability than private keys and better usability and security than a password-based authentication system.
However, some of the same features that make irises a good choice for biometric authentication also create some security challenges. Biometric data is highly private, making it essential for that data to be properly protected. Worldcoin attempts to manage these risks by storing only the hash of the iris data rather than the data itself. However, concerns still exist that sensitive data may be exposed in some way.
Also, unlike passwords and similar authentication mechanisms, biometrics like irises, retinas, fingerprints, etc. can’t be changed if a user’s authentication information is exposed. In the event of a data breach, there is no effective method for users to create a new iris like they would change their password.
The use of biometrics also has implications for users’ abilities to interact anonymously with online resources. While it’s possible for users to create multiple email accounts with unique passwords to create multiple or anonymous accounts with a website, the same is not true if the site uses biometric protocols for authentication.
Worldcoin’s central premise is proof of personhood. The goal is to create online accounts for users who have proved that they are humans by looking into the Orb and allowing it to scan their irises.
As part of this proof of personhood, a private key is generated for the user and linked to their identity. This private key can then be used to perform transactions and generate zero-knowledge proofs on their behalf.
The use of cryptographically secured digital identities is a positive sign for Worldcoin’s security. Many systems are moving towards passkey authentication, which biometrically authenticates a user’s identity and uses a linked private key for authentication. Worldcoin’s use of this technology provides much stronger user authentication than systems vulnerable to phishing attacks or weak user-selected secrets, such as passwords or one-time passwords (OTPs).
From a security perspective, the main limitation of this approach is shared by most modern technology. If the cryptographic algorithms that the system relies on are broken, then the whole system breaks. This includes the hash functions used to generate a World ID and the public key cryptography used to prove the user’s identity on a blockchain.
The other main criticism of cryptographically secured digital identities focuses on privacy. Proof of personhood requires users to hand over information to Worldcoin, which is currently a very centralized system. While these systems try to keep the individual identities of users secret, any errors in doing so can potentially impair peoples’ ability to use the Internet privately and anonymously.
Worldcoin is designed to be a decentralized identity system built on the blockchain. Decentralization is one of the main selling points of blockchain technology. By eliminating centralized authorities, it reduces the potential for privilege abuse, single points of failure, and similar issues.
Worldcoin takes advantage of these benefits and builds a decentralized identity management system for implementing a universal basic income. This use of decentralization — and the visibility provided by hosting Worldcoin on a blockchain’s digital ledger — eliminates some of the security and censorship risks of a centralized system.
However, despite its goal of decentralization, Worldcoin does have some centralization concerns. For example, the process of scanning users’ irises and converting them to World IDs is a completely centralized process. If the iris scanning system is vulnerable or compromised by an attacker or if the algorithms used to develop unique identifiers, then there is the potential that sensitive data may be compromised or the attacker may gain unauthorized access to or control over the system.
Additionally, decentralization, while it has its benefits, also has its potential downsides. Governance exploits have become more common in recent years, including the high-profile exploit of Tornado Cash in 2023. As Worldcoin becomes more decentralized, it may become more vulnerable to these types of attacks.
Another open question is whether a truly decentralized system can be secure. The blockchain trilemma of decentralization, security, and scalability is still a largely unsolved problem, and Vitalik Buterin points this out as one of the major concerns associated with Worldcoin and its focus on decentralization.
Worldcoin is designed to use zero-knowledge proofs to conceal sensitive information. This includes biometric data and the information needed to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.
The use of zero-knowledge proofs is a positive sign for Worldcoin’s focus on privacy and security. A zero-knowledge proof is designed to prove something or knowledge of a secret without revealing the secret itself. A well-constructed zero-knowledge proof can enable Worldcoin to meet regulatory requirements and prove certain facts while protecting the privacy of the sensitive information that it has collected from users.
The main limitation of zero-knowledge proofs is that they are cryptographic algorithms, and many zero-knowledge proofs are relatively new inventions. If these algorithms are discovered to have currently-unknown vulnerabilities, it is possible that an attacker may be able to look at past zero-knowledge proofs posted on the blockchain and extract users’ identities.
Worldcoin is implemented as a Layer 2 solution running on top of blockchains such as Polygon and Ethereum. This helps to ensure the decentralization of the system but means that critical functionality is implemented using smart contracts.
Worldcoin took the right approach to smart contract development and security by subjecting its contracts to smart contract security audits. As a result of these reviews, an estimated 92.7% of the identified issues had been remediated when Worldcoin officially launched.
However, this still means that some vulnerabilities remained unresolved, and it is possible that others were undetected during the audit or will be introduced as a result of updates to Worldcoin’s smart contracts. If this happens, it has serious potential implications for the privacy or functionality of the system.
Worldcoin is an ambitious project with lofty goals. After making significant contributions to bringing about the AI revolution, Sam Altman is also working to address the potential impacts that the technology will have on peoples’ jobs via a universal basic income.
The launch of Worldcoin — and how it went about its launch and attracting users to the platform — has sparked significant concerns about security and privacy. The project is collecting users’ sensitive information and using it to enroll users in a system with a certain lack of transparency.
On the one hand, many of the decisions made by Worldcoin bode well for the security of the protocol and are superior to the alternatives. However, others raise significant concerns about privacy and security.
At the moment, the Worldcoin project is in its infancy with a limited user base and protocols, processes, and technologies that are still evolving. It’s likely that the success of the protocol and its legacy will depend significantly on how it handles the potential security issues and concerns.