How Safe is WorldCoin’s PoP?
26 Jul 2023
26 Jul 2023
WorldCoin recently launched its Proof-of-Personhood (PoP) concept and the World ID system, aiming to revolutionize digital identity and Web3 finance. With iris-scanning orbs to verify personhood and the WLD token designed for Universal Basic Income (UBI), the WorldCoin project is set for disruption. But is WorldCoin, with its orbs and UBI token, a safe crypto solution for the masses as the team suggests?
In this article, we delve into how WorldCoin's World ID system works while examining the security concerns it raises.
On the upside, WorldCoin wants to broaden economic equality and opportunity. With AI technologies now hitting the internet like a tidal wave, the team also wants to make sure that humans online can be easily differentiated from AI bots. Sam Altman, CEO of OpenAI, leads the WorldCoin team as co-founder with a pack of venture capitalists behind him.
But many in the Web3 community have been critical of the project’s marked lack of decentralization and question whether UBI and iris scans and a giant airdrop are the best way to go about it. Nevertheless, we are about to see where this project goes.
WorldCoin's World ID system serves as the cornerstone of its security measures, differentiating between human users and bots. The first step to using WorldCoin is to create your World ID, similar to a digital passport that verifies your humanity through biometrics. In this case, the biometrics are your eyes, an iris scan to be more specific.
To get your iris scanned at the start of your WorldCoin adventure, you have to visit a physical location that has an hardware device called an “Orb” that performs the scan. You can find the closest Orb station on their website.
The Orb is an imaging device that uses biometrics to prove your personhood. After having your iris scanned at an Orb location, each user gets their World ID. The idea is that the World ID will allow you to have one digital identity to use across Web2 and Web3 without having to share personal information such as email addresses or names. Backdoors ability there
To access the WLD wallet, airdropped tokens, and potential UBI payments, you have to have the World ID, a unique identifier obtained by undergoing an iris scan. The project emphasizes that user data is not stored; instead, it uses zero-knowledge proofs to verify the user's humanity without compromising personal information. However, despite this approach, potential security vulnerabilities remain.
WorldCoin's registry of iris scans raises privacy concerns. Although the project claims that images are promptly deleted, the possibility of inadvertent data exposure remains. Additionally, the accessibility of World IDs is another potential risk. The availability of Orbs, which conduct iris scans, might be limited, hindering users from reliably obtaining a World ID.
As far as storing user data, according to GooglePlay, the app may share data including personal info with third parties.
For a mobile wallet app to store cryptocurrencies of any kind, it’s preferable to use a mobile wallet like Gridlock that does not share data with 3rd parties and provides a higher level of security.
Vitalik Buterin highlighted security issues with WorldCoin, primarily problems around its Proof of Personhood approach. Such risks include:
All of these concerns highlight the complexity of ensuring foolproof user verification and protecting sensitive data. WorldCoin may have the right idea, but we must look at it as just an initial iteration. The project will likely give rise to a lot of discussion around what we want our digital identity to look and act like.
WorldCoin's verification of real personhood seems limited to the enrollment level, leading to the emergence of a black market for accounts. This practice undermines the integrity of the system and poses additional security risks.
While the WorldCoin team has talked up its early user base numbers, there are some reports that they may have exploited people in developing countries early on to boost initial numbers. Others suggest that a black market for accounts has already emerged.
“Verification that you’re a real person seems to only currently be enforced at the enrollment level. This has led to the emergence of a Black Market for accounts. Currently accounts have gotten as low as $1 per account on Telegram.” Source: @ZachXBT on X
When looking at what coins you want to hold, knowing the risks involved helps keep you safe. Learning the tokenomics around a coin helps you determine if it has staying power.
At the WorldCoin launch, tokenomics data was geofenced, meaning many countries could not access it. What was provided was similar to many token launches of old that were not that successful.
Key points revealed in their tokenomics documentation include:
Source: WorldCoin Tokenomics
Since there is no ICO, crypto investors should steer clear of any potential fake ICO scams or websites. According to Coindesk, at launch WorldCoin increased its original WLD token allocation for insiders from 20% to 25%.🚩
Have a centralized company like WorldCoin run a blockchain-based project at such a scale adds additional risks.
The centralized nature of the Orb hardware devices is a particular cause for concern. While the software layer may be decentralized, the presence of hardware backdoors could enable the Worldcoin Foundation to create fake human identities. This centralization undermines the core principles of many cryptocurrencies that strive for a distributed network.
With all the risks with token projects like WorldCoin can introduce, isn’t it nice to know that Gridlock Wallet has your back? By employing distributed key generation and key distribution, Gridlock Wallet eliminates the risk of centralized points of failure like WorldCoin.
Gridlock uses threshold signatures, multi-party computation (MPC), and social recovery for the most robust security you will find in mobile crypto wallets. Private seeds are never stored in a single location, multiple parties are required for signing transactions, and a network of chosen Guardians helps you with distributed key share storage as well as social recovery. Gridlock’s approach significantly enhances the security of user assets and personal data.
While WorldCoin's World ID system appears innovative, it is crucial to examine the potential security risks it poses. Concerns surrounding privacy, accessibility, centralization, and the emergence of a black market for accounts call for robust security measures.
Gridlock Wallet is a secure alternative that offers crypto users a decentralized and protected way to manage their digital assets. As the cryptocurrency landscape continues to evolve, prioritizing user safety and data protection will be critical in gaining regulatory respect and acceptance.
- - -
Written by Mason Winsed
Mason Winsed simplifies blockchain for the people. With a comp-sci background and a passion for crypto safety, he's your go-to for straight-forward crypto wisdom. In his off time, he's coding or gaming. Join Mason for a no-nonsense crypto talk.