The company behind Worldcoin are making fairly bold claims about the capabilities of their cryptocurrency and “proof of humanity” project. I think it is important to fully evaluate these claims and not take them on face value.
From worldcoin.org
> could drastically increase economic opportunity, scale a reliable solution for distinguishing humans from AI online while preserving privacy, enable global democratic processes, and eventually show a potential path to AI-funded UBI.
This breaks down into 3 claims:
1. Be able to identify humans from AI online in a privacy preserving manner
2. Provide a platform for global democratic processes
3. Provide a universal basic income.
If we cannot agree that these claims are Worldcoin’s main goals then I am afraid Worldcoin is going to need to update their website as I do not see how it could be interpreted any other way in the language they use.
So now that we have their claims we can begin to look at some concerns. Starting with the ones you provided:
> You don't need to walk up to an Orb to create a wallet. You can own and transact worldcoin without ever showing your iris to an orb.
If this is possible, they why is the orb necessary and how can Worldcoin provide the guarantee that everyone using their wallet and blockchain is in fact a person? If UBI and voting are to happen using this as the platform, not needing verification via their iris scanning mechanism calls into question how they can claim to prove that each world id maps to one and only one unique human. If anyone can create an account without verification and transact using Worldcoin then voting and fair distribution of UBI cannot happen the way they describe.
The second concern is something that can happen in the non-crypto space. But if this is a valid concern of the current system, replacing it with something like Worldcoin doesn’t resolve that concern. We would have that same problem. So if we are to replace the current system with a new one, why would we willingly carry over these kind of issues if it were possible to not do so?
Now on to my concerns. I am not an expert in cryptographic mathematics and the nature of zero-knowledge proofs. So I will accept the following:
1. Iris Hash generation is cryptographically unique, privacy preserving, and the database of Iris hashes will be deleted.
2. Iris Hash to World Id is generated in a sufficiently zero-knowledge proof way that makes it so an Iris Hash cannot be used to identify any one specific World Id.
3. World Id to Wallet Private Key is also generated in a sufficiently zero-knowledge proof way that makes it so an Wallet’s private key cannot be used to identify any one specific World Id.
With those assumptions, I have the following concerns:
1. Has the company behind Worldcoin allowed for 3rd party audits? Code reviews, attestation of the zero-knowledge proofs, and other standard security audits we would expect of a global biometrics hardware company?
If they haven’t, and we cannot independently verify any of their claims, they really cannot be trusted. The Worldcoin company has a financial incentive in becoming the global identity solution. Saying they are safe from any vulnerabilities, privacy issues, or flaws in implementation is not good enough for me.
2. Sybil attacks. What has Worldcoin done to prevent sybil attacks? If I can modify the appearance of my iris with the use of a contact lense, and any other biometric data they would collect, can they identify me as the same person? Are chimpanzees inhuman enough to not be allowed to verify? Can attacking the orb operator by completing a sybil attack be enough to perform a denial of service attack against Worldcoin? If my goal is to prevent people from accessing the UBI or voting process then if this attack is possible, as an attacker, I win if my fake personas go undetected and I can collect the UBI and vote fraudulently or if my attack is detected but this compromises the identities of anybody scanned using that orb thus invalidating their accounts or preventing people from accessing accounts by being scanned for the first time as a replacement orb for that area is needed.
3. Which leads to the orbs. If you or I am unable to build our own orbs and join them to the network, then any claims of decentralization is invalid. Of only official orbs are allowed, if they cannot be examined to verify behavior then we cannot trust them either (ties into the audit issues).
I could go on with more but at least based on my surface level understanding of Worldcoin and their operations, I can see several attacks that if this is widely implemented as the global ubi and voting system would be untenable.
If there is no account recovery system, the average person could easily be denied access to participating in society by a simple mistake on their part, let alone any targeted denial of service style attack. And if there is an account recovery process then that is a vector that can be attacked today.
Putting all the world’s eggs in one basket makes this system a nonstarter. Claiming that they don’t want to do that means the language on their website and rhetoric they use in interviews are lies or misinformation of some kind so why should we trust them?
From worldcoin.org
> could drastically increase economic opportunity, scale a reliable solution for distinguishing humans from AI online while preserving privacy, enable global democratic processes, and eventually show a potential path to AI-funded UBI.
This breaks down into 3 claims:
1. Be able to identify humans from AI online in a privacy preserving manner 2. Provide a platform for global democratic processes 3. Provide a universal basic income.
If we cannot agree that these claims are Worldcoin’s main goals then I am afraid Worldcoin is going to need to update their website as I do not see how it could be interpreted any other way in the language they use.
So now that we have their claims we can begin to look at some concerns. Starting with the ones you provided:
> You don't need to walk up to an Orb to create a wallet. You can own and transact worldcoin without ever showing your iris to an orb.
If this is possible, they why is the orb necessary and how can Worldcoin provide the guarantee that everyone using their wallet and blockchain is in fact a person? If UBI and voting are to happen using this as the platform, not needing verification via their iris scanning mechanism calls into question how they can claim to prove that each world id maps to one and only one unique human. If anyone can create an account without verification and transact using Worldcoin then voting and fair distribution of UBI cannot happen the way they describe.
The second concern is something that can happen in the non-crypto space. But if this is a valid concern of the current system, replacing it with something like Worldcoin doesn’t resolve that concern. We would have that same problem. So if we are to replace the current system with a new one, why would we willingly carry over these kind of issues if it were possible to not do so?
Now on to my concerns. I am not an expert in cryptographic mathematics and the nature of zero-knowledge proofs. So I will accept the following:
1. Iris Hash generation is cryptographically unique, privacy preserving, and the database of Iris hashes will be deleted.
2. Iris Hash to World Id is generated in a sufficiently zero-knowledge proof way that makes it so an Iris Hash cannot be used to identify any one specific World Id.
3. World Id to Wallet Private Key is also generated in a sufficiently zero-knowledge proof way that makes it so an Wallet’s private key cannot be used to identify any one specific World Id.
With those assumptions, I have the following concerns:
1. Has the company behind Worldcoin allowed for 3rd party audits? Code reviews, attestation of the zero-knowledge proofs, and other standard security audits we would expect of a global biometrics hardware company?
If they haven’t, and we cannot independently verify any of their claims, they really cannot be trusted. The Worldcoin company has a financial incentive in becoming the global identity solution. Saying they are safe from any vulnerabilities, privacy issues, or flaws in implementation is not good enough for me.
2. Sybil attacks. What has Worldcoin done to prevent sybil attacks? If I can modify the appearance of my iris with the use of a contact lense, and any other biometric data they would collect, can they identify me as the same person? Are chimpanzees inhuman enough to not be allowed to verify? Can attacking the orb operator by completing a sybil attack be enough to perform a denial of service attack against Worldcoin? If my goal is to prevent people from accessing the UBI or voting process then if this attack is possible, as an attacker, I win if my fake personas go undetected and I can collect the UBI and vote fraudulently or if my attack is detected but this compromises the identities of anybody scanned using that orb thus invalidating their accounts or preventing people from accessing accounts by being scanned for the first time as a replacement orb for that area is needed.
3. Which leads to the orbs. If you or I am unable to build our own orbs and join them to the network, then any claims of decentralization is invalid. Of only official orbs are allowed, if they cannot be examined to verify behavior then we cannot trust them either (ties into the audit issues).
I could go on with more but at least based on my surface level understanding of Worldcoin and their operations, I can see several attacks that if this is widely implemented as the global ubi and voting system would be untenable.
If there is no account recovery system, the average person could easily be denied access to participating in society by a simple mistake on their part, let alone any targeted denial of service style attack. And if there is an account recovery process then that is a vector that can be attacked today.
Putting all the world’s eggs in one basket makes this system a nonstarter. Claiming that they don’t want to do that means the language on their website and rhetoric they use in interviews are lies or misinformation of some kind so why should we trust them?