Worldcoin's plan to decentralize orb production sparks illicit data harvesting concerns
Quick Take
- Manufacturing and operating Worldcoin orbs could become decentralized through an incentive structure similar to Bitcoin mining, its co-founder claimed.
- Data security experts claim the decentralization and open-sourcing of orb design could see a proliferation of fake, data-stealing devices.
Manufacturing and operating Worldcoin's iris-scanning orbs could become decentralized and incentivized in the way that Bitcoin mining is, its co-founder claimed. But experts see potential risks in passing off production to third-parties.
In an episode of The Scoop podcast, Alex Blania, co-founder of Worldcoin and CEO of its lead developer Tools for Humanity (TfH), described how new incentives for orb-makers will be woven into Worldcoin's tokenomics.
However, the decentralization of manufacturing orbs, with design instructions open-sourced, could see the proliferation of illegitimate devices that siphon away biometric data without appropriate protections, a security expert told The Block.
Decentralized manufacture and operation
Since some details of the design of the orbs created by TfH were made public earlier this year, independent entities can in theory build their own versions of the controversial devices and operate them to enlist sign-ups for the project.
"This would be similar to bitcoin miners that mine to secure the network, where Worldcoin orb manufacturers will also earn Worldcoin with every orb they manufacture and operate," Blania said on the podcast.
He added that decentralizing orb manufacturing and operation will be a significant focus for the project over the coming year. A range of manufacturers could be involved in crafting the devices, from small companies to tech giants, he added.
"As we work towards decentralization, we are incrementally open-sourcing the Orb. Ultimately, we plan to decentralize everything involving the Orb, enabling others to develop, manufacture, and operate similar devices to issue Proof-of-Personhood credentials in a privacy-preserving manner," Worldcoin stated in a previous GitHub post.
Orb design difficulties
The orb created by TfH has an unusual origin story. Blania said on the podcast that Worldcoin, in its early days, "hired this crazy designer who worked for Kanye [West]" — and that it was he who came up with the orb's design.
Designing the orbs was tricky, Blania said, as they had to work in "adversarial" situations and there was no blueprint for creating such a device. But Worldcoin now has manufacturing lines in place and with a few month's notice could "produce essentially a limitless amount of devices," he said.
In March, Worldcoin signed a deal with Florida-based manufacturer Jabil to ramp up production of the orbs.
Worldcoin's token launched on Monday July 24, rising 88% to an all-time high of $3.30 on the day of launch. However, it has since fallen over 30% to $2.20, as of the time of writing, according to CoinGecko. The company is currently scaling up its eyeball-scanning operations in 20 countries.
Illegitimate Orbs
Worldcoin's iris-scanning registration method is already raising concerns about potential biometric data breaches among security professionals — who have homed in on the potential risks posed by counterfeit orbs.
Chief security officer and co-founder of Halborn Steven Walbroehl said fake orbs could be engineered to transfer unencrypted data into the hands of cybercriminals.
"Because it is open-sourced, people could be mistakenly using what they think are real orbs, but in actual fact they are fake orbs that can snatch biometric data," he cautioned. He advocated for Worldcoin to employ independent third-party auditors to assess the hardware and software of orb rollouts, reinforcing trust and confidence in the their global proof of personhood effort.
The iris-scanning experience
Founder of Applied Blockchain Adi Ben-Ari decided to get his iris scanned by a Wordlcoin orb. He said the app-based verification process asked him if he was happy to share his iris scan with Worldcoin for "analytics and to save being scanned again in case of an Orb upgrade." Ben-Ari pointed out this suggests the hardware doesn't technically restrict data from leaving the orb, introducing an element of trust in the device manufacturer.
"In the case of Worldcoin, they could have designed the orb's hardware and software such that not only does the device choose not to share the biometric data outside the device, but also that this is prevented by the hardware, firmware and software," Ben-Ari told The Block.
He drew parallels with Ledger's private key recovery service, that allows users to backup their private seed phrase directly to their personal identity through three different custodians.
"However, in offering an option to send your biometric iris scan image to Worldcoin's servers, outside of the Orb device, it is obvious that the Orb doesn't have hardware, firmware and software to prevent this data from ever leaving the device. It allows the biometric iris scan data to leave under certain circumstances, which means they could also, through a software / firmware update, choose to extract other data if they wished," he added.
Worldcoin told The Block, "all images captured by the Orb during the verification process to confirm uniqueness and humanness are promptly deleted."
"If an individual opts-in to data custody, biometric data is first processed locally on the Orb and then sent, via encrypted communication channels, to distributed secure data stores, where it is encrypted at rest. Once it arrives, the biometric data is permanently deleted from the Orb," Worldcoin added.
The company said that opting into its Data Custody option "will decrease the probability and frequency of the user’s need to reverify their World ID as the iris code algorithms change."
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
