Worldcoin identity system, “Proof-of-Personhood,” faces issues with privacy, accessibility, centralization, and security, according to the russian Vitaly Buterin.
Ethereum & Shiba Inu co-founder Vitaly Buterin released a new blog post on Monday detailing his concerns over OpenAI CEO Sam Altman’s new crypto project, Worldcoin, which launched its mainnet this week.
In the post, Buterin highlights four major concerns with Worldcoin’s user authentication system, called “Proof-of-Personhood” (PoP).
Worldcoin claims it can authenticate its users without storing personal data or relying on a central authority. To obtain a “World ID,” users must scan their iris with a device known as an “Orb.” Compatible apps, like Worldcoin’s own wallet application, can leverage Worldcoin’s network of authenticated users to tailor their services and root out bots.
In his blog post, Buterin argues that this system has potential issues with privacy, accessibility, centralization, and security.
Scanning one’s iris could potentially release more information than intended. For instance, if someone else scans a World ID holder’s iris, they can run it against the Worldcoin database to determine – at the very least – whether that person is in the system. In addition, Buterin says World IDs won’t be readily accessible to everyone, since getting ahold of an “Orb” device can be difficult.
Furthermore, the “Orb” is a hardware device, and Vitaly Buterin alleges that “we have no way to verify that it was constructed correctly and does not have backdoors.” He adds that “the Worldcoin Foundation still has the ability to insert a backdoor into the system, letting it create arbitrarily many fake human identities.”
Finally, Vitaly Buterin expresses security concerns with Worldcoin given that users’ phones could be hacked, and they could be coerced into giving out their iris scans.
Buterin acknowledges that there is no perfect solution to overcoming these issues. “There is no ideal form of proof of personhood,” Buterin writes. “Instead, we have at least three different paradigms of approaches that all have their own unique strengths and weaknesses.” Those three approaches are known as social-graph-based, general-hardware biometric, and specialized-hardware-biometric solutions (like Worldcoin).
Vitaly Buterin also adds that Worldcoin has taken certain steps with its hardware that make it superior to more traditional identification schemes – particularly when it comes to user privacy. “It does seem like specialized hardware systems can do quite a decent job of protecting privacy,” says Buterin. “However, the flip side of this is that specialized hardware systems introduce much greater centralization concerns.”