Welcome to your Saturday morning crypto conversation. Let’s talk through the most common community reactions about the Orb, World Foundation, and the WLD token.
“You’re allowing your personal biometric data to be collected for a measly 3,500 pesos!”
This statement is probably the one I see the most often, and my short answer is always “No, you’re not.” The real answer gets a bit technical, and we’ll cover several other common questions while we dissect this whole process. When you get scanned at an Orb, it calculates an IrisCode for you based on the unique structure of both of your eyes. Assuming your IrisCode is unique and valid, a new WorldID is issued for you based on that IC, and it’s that WorldID that actually gets written to the blockchain. For easier visualization, think of this WorldID as your public key, and the IrisCode as your private key. So just like your private key, your IrisCode is not stored on-chain at any point; only your WorldID ever appears there. (It’s not a *perfect* analogy, because the WorldID is also encrypted and anonymized before getting stored on-chain, unlike a traditional public key.) As you’re standing there in front of the Orb, you are also notified as the machine deletes any images of your eyes from its memory, so your IrisCode can not be recreated by anyone else. With all that in mind, it’s inaccurate to say that your data is being collected, because that implies that there’s a permanent record of it somewhere under the control of the World Foundation. There isn’t.“How can World Foundation check if my IrisCode is unique? Doesn’t that mean they do have a copy of all the IrisCodes ever created?”
After your IrisCode is first generated, it gets broken up into fragments and sent off to separate nodes on the Worldchain. Each node will process the fragment it receives to check if it’s already been witnessed before elsewhere in the world. The technical term for this is Secure Multi-Party Computation, which is a well-understood method for verifying fragments of data without ever revealing the entire data structure to any single party. (Best-in-class crypto infrastructure providers like Fireblocks use a similar technique to secure the wallets of the world’s largest exchanges.) SMPC prevents anyone, including the verifying nodes, from reconstructing your IrisCode.“If the World Foundation is hacked, my data could be stolen!”
The World Foundation never sees any of your data, and it has no record of you other than what is on the blockchain, i.e., your WorldID. (Remember that even this piece of data is anonymized so they can’t directly link it to you.) They don’t even know your name unless you provide this information voluntarily, and giving it to them isn’t required in order to receive the WLD reward. There’s literally no centralized database to hack. There’s also no way for hackers to get to your iris data unless they take your phone, unlock it, unlock your World App, and then enable the Backup functionality. Sure, this kind of in-person attack is entirely possible, but those are the exact same risks we all accept with our mobile-based wallets everyday.“But if someone steals my phone with my WorldID in it, they can authenticate as me! That’s a lot more dangerous than them gaining access to my crypto wallet!”
This is a fundamental misunderstanding of what WorldID actually does, and it’s probably the biggest reason people overreact to the Orb. WorldID’s purpose is to prove that you’re a human, not that you’re a specific human. When I get scanned by an Orb, all I’m doing is proving that I’m a real person (because of my unique iris patterns); I am NOT proving I am Luis Buenaventura from Taguig. Your name, email, personal information, contact information … these are all extraneous bits of data that will only become part of your World profile if you voluntarily add them. If you don’t, then it is literally just a blockchain-powered checkbox that says “I am not a robot.”“If that’s all it does, then why is it such a big deal? We already have CAPTCHAs!”
We’ve known for awhile now that CAPTCHA technology is compromised, and no traditional web verification strategy is going to withstand the next wave of AI agents. World Foundation’s most high-profile partnerships include Razer and Tinder, because gaming and dating are two areas that are rife with abusive bot activity these days. Those partnership announcements sound impressive, but in reality, all WorldID really does is guarantee that the person you are competing against, or swiping right on, is in fact a real person. It doesn’t know anything else about them other than that, because the rest of that person’s information is held at Razer and Tinder, respectively. So in the scenario where your phone is stolen and is somehow unlocked, WorldID is arguably the least valuable thing there because your personal info is stored with all of the other apps on your device.“The people lining up to be scanned haven’t given their consent or don’t understand how their data is being managed!”
Everyone who goes to an Orb location here in the Philippines is asked to sit through a workshop explaining what the Orb is for and how their data is handled. Prior to being scanned, each person confirms that they are there of their own free will and are consenting to the scanning process. As they stand at the Orb, an assigned staffer talks them through everything that is happening and answers any questions they might have. Although it is entirely possible that some Filipinos may still come away from the experience without fully understanding what they’ve signed up for, it is certainly not for lack of trying. Characterizing the Orb activity as predatory or exploitative is a silly emotional argument that falls apart as soon as you see how it works in reality.“You’re giving away long-term control of your data to the same people who are giving your jobs away to AI!”
The fact that World Foundation is cofounded by Sam Altman, the cofounder of OpenAI, certainly raises eyebrows. In many ways, he’s the progenitor of the problem that World is trying to provide a solution for. My thoughts about the ethics of AI are enough to fill multiple essays, so I’ll just focus on the one aspect of this complaint that is incorrect. You aren’t giving any control over to anyone, because World App is a decentralized solution — all of your personal data is sitting on your personal device under your personal control. If you don’t want to use WorldID anymore, you can delete your IrisCode from your device, which is the conceptual equivalent of destroying the private key of your crypto wallet. This will effectively lock you out of the World ecosystem forever (and no one will ever be able to authenticate as you) which some people might prefer if they are strongly against what the Foundation is doing.“We don’t even really need technology like this, it’s just hype!”
This question is worth pondering, because I can totally imagine a future where we don’t need this at all. If AI were outlawed, banned, or somehow severely diminished by regulations, then proving you’re a human in the digital realm is probably not necessary anymore. I doubt that will actually happen though, but I do think there’s a small possibility that all the work on LLMs will prove to be a dead-end. In that scenario, we would have to start over from scratch, resetting the AGI milestone to some indefinite point in the future, and making World App temporarily unnecessary.“I don’t want to be 100% reliant on WorldID for all my transactions in the future, that sounds like a Black Mirror episode!”
It’s hard to imagine a future where World App is the only human-verifier technology available. I mean, that’s not even the case now, and World is only 3 years old. There’s already a competing project called the Humanity Protocol launching its mainnet soon and I suspect we’ll have many of the same debates about them as well. (All I know about them is that they scan hands instead of eyes, and currently have 6M verifications on their testnet.) If there’s one thing I know for sure about the crypto world, monopolies can’t really exist because the rewards for building competitors are typically better than trying to maintain the leader position. Will WorldCoin continue to lead here? Hell, I don't know. I couldn't even tell you if they'll survive all the regulatory or community backlash. What I do know is that it's way more likely that we’ll be scanning eyes, hands, ears, faces, voices, DNA, and any other uniquely identifiable body parts before you know it. Now THAT would make for an intense Black Mirror episode.Keep your eyes open, cryptofam!
I knew a little about World ID, now I know a lot more. Thanks.
Clear as eyes sans cataracts!
Thank you.