How Safe is WorldCoin’s PoP?

26 Jul 2023

Can Sam Altman's WorldCoin win over crypto skeptics or are the risks too many?

WorldCoin recently launched its Proof-of-Personhood (PoP) concept and the World ID system, aiming to revolutionize digital identity and Web3 finance. With iris-scanning orbs to verify personhood and the WLD token designed for Universal Basic Income (UBI), the WorldCoin project is set for disruption. But is WorldCoin, with its orbs and UBI token, a safe crypto solution for the masses as the team suggests?

A tweet from Sam Altman introducing WorldCoin

In this article, we delve into how WorldCoin's World ID system works while examining the security concerns it raises.

Intro to WorldCoin

On the upside, WorldCoin wants to broaden economic equality and opportunity. With AI technologies now hitting the internet like a tidal wave, the team also wants to make sure that humans online can be easily differentiated from AI bots. Sam Altman, CEO of OpenAI, leads the WorldCoin team as co-founder with a pack of venture capitalists behind him. 

But many in the Web3 community have been critical of the project’s marked lack of decentralization and question whether UBI and iris scans and a giant airdrop are the best way to go about it. Nevertheless, we are about to see where this project goes.  

How WorldCoin's World ID System Works

WorldCoin's World ID system serves as the cornerstone of its security measures, differentiating between human users and bots. The first step to using WorldCoin is to create your World ID, similar to a digital passport that verifies your humanity through biometrics. In this case, the biometrics are your eyes, an iris scan to be more specific. 

To get your iris scanned at the start of your WorldCoin adventure, you have to visit a physical location that has an hardware device called an “Orb” that performs the scan. You can find the closest Orb station on their website. 

What is an Orb?

The Orb is an imaging device that uses biometrics to prove your personhood. After having your iris scanned at an Orb location, each user gets their World ID. The idea is that the World ID will allow you to have one digital identity to use across Web2 and Web3 without having to share personal information such as email addresses or names. Backdoors ability there

a picture of a globe and a WorldCoin iris scanning Orb device

Finding an Orb near you

To access the WLD wallet, airdropped tokens, and potential UBI payments, you have to have the World ID, a unique identifier obtained by undergoing an iris scan. The project emphasizes that user data is not stored; instead, it uses zero-knowledge proofs to verify the user's humanity without compromising personal information. However, despite this approach, potential security vulnerabilities remain.

Is your biometric data safe with WorldCoin?

WorldCoin's registry of iris scans raises privacy concerns. Although the project claims that images are promptly deleted, the possibility of inadvertent data exposure remains. Additionally, the accessibility of World IDs is another potential risk. The availability of Orbs, which conduct iris scans, might be limited, hindering users from reliably obtaining a World ID.

As far as storing user data, according to GooglePlay, the app may share data including personal info with third parties.

WorldCoin app may share data with third parties

For a mobile wallet app to store cryptocurrencies of any kind, it’s preferable to use a mobile wallet like Gridlock that does not share data with 3rd parties and provides a higher level of security. 

Security Risks with WorldCoin

Vitalik Buterin highlighted security issues with WorldCoin, primarily problems around its Proof of Personhood approach. Such risks include:

  • The possibility of 3D-printed fake people
  • Bad actors potentially selling World IDs on the black market
  • Phone hacking and phishing schemes
  • The threat of government coercion to access or take control of IDs

All of these concerns highlight the complexity of ensuring foolproof user verification and protecting sensitive data. WorldCoin may have the right idea, but we must look at it as just an initial iteration. The project will likely give rise to a lot of discussion around what we want our digital identity to look and act like.

Black Market for Accounts

WorldCoin's verification of real personhood seems limited to the enrollment level, leading to the emergence of a black market for accounts. This practice undermines the integrity of the system and poses additional security risks.

While the WorldCoin team has talked up its early user base numbers, there are some reports that they may have exploited people in developing countries early on to boost initial numbers. Others suggest that a black market for accounts has already emerged. 

“Verification that you’re a real person seems to only currently be enforced at the enrollment level. This has led to the emergence of a Black Market for accounts. Currently accounts have gotten as low as $1 per account on Telegram.” Source: @ZachXBT on X

Trading Risk - Tokenomics

When looking at what coins you want to hold, knowing the risks involved helps keep you safe. Learning the tokenomics around a coin helps you determine if it has staying power. 

At the WorldCoin launch, tokenomics data was geofenced, meaning many countries could not access it. What was provided was similar to many token launches of old that were not that successful.

a tweet from tokenomic expert on WorldCoin

Source: @wmougayar on Twitter

Key points revealed in their tokenomics documentation include:

  • WLD an ERC-20 token
  • Users will receive their WLD using Optimism Layer-2
  • 1% of supply in circulation at launch (106 million WLD)
  • 1-year lock-up for team tokens
  • Max supply fixed at 10 billion WLD for first 15 years
  • Launched with fully diluted valuation of $20.6 billion

A pie chart breaking down WorldCoin

Source: WorldCoin Tokenomics

Since there is no ICO, crypto investors should steer clear of any potential fake ICO scams or websites. According to Coindesk, at launch WorldCoin increased its original WLD token allocation for insiders from 20% to 25%.🚩 

Centralization Risks

Have a centralized company like WorldCoin run a blockchain-based project at such a scale adds additional risks. 

  • If it’s a centralized entity, could your WorldCoin holdings be seized in the case of regulatory or other issues?
  • If the data isn’t stored in a decentralized manner, how do we achieve the security of decentralized blockchains?
  • Who will produce and control the Orb devices? Can WorldCoin still introduce a backdoor?

The centralized nature of the Orb hardware devices is a particular cause for concern. While the software layer may be decentralized, the presence of hardware backdoors could enable the Worldcoin Foundation to create fake human identities. This centralization undermines the core principles of many cryptocurrencies that strive for a distributed network.

Play it on the safe side with Gridlock Wallet

With all the risks with token projects like WorldCoin can introduce, isn’t it nice to know that Gridlock Wallet has your back? By employing distributed key generation and key distribution, Gridlock Wallet eliminates the risk of centralized points of failure like WorldCoin.

Gridlock logo

Gridlock uses threshold signatures, multi-party computation (MPC), and social recovery for the most robust security you will find in mobile crypto wallets. Private seeds are never stored in a single location, multiple parties are required for signing transactions, and a network of chosen Guardians helps you with distributed key share storage as well as social recovery. Gridlock’s approach significantly enhances the security of user assets and personal data.

What’s next?

While WorldCoin's World ID system appears innovative, it is crucial to examine the potential security risks it poses. Concerns surrounding privacy, accessibility, centralization, and the emergence of a black market for accounts call for robust security measures. 

Gridlock Wallet is a secure alternative that offers crypto users a decentralized and protected way to manage their digital assets. As the cryptocurrency landscape continues to evolve, prioritizing user safety and data protection will be critical in gaining regulatory respect and acceptance.

- - -

Written by Mason Winsed

a7 (1).jpg

Mason Winsed simplifies blockchain for the people. With a comp-sci background and a passion for crypto safety, he's your go-to for straight-forward crypto wisdom. In his off time, he's coding or gaming. Join Mason for a no-nonsense crypto talk.

Don't miss out on new features and special events