Worldcoin: The Iris Scan Debate - Empowering or Exploitative?

This article will explore Worldcoin— a project that beckons us to comprehend its essence, components, and operational mechanics.

It's worth clarifying that this exploration doesn't constitute an endorsement of the project. A value I hold dear is preserving privacy. While the degree to which Worldcoin aligns with this value remains uncertain, its underlying technology is undeniably captivating, warranting a dive.

At the core of Worldcoin's ambition lies the conundrum it seeks to address: the validation of the human identity behind the digital entities we encounter daily—a quest for the verification of unique humanness.

Reimagining Identity: Pursuit of Proof of Personhood

The enigma of anonymity reigns supreme in blockchain. While this anonymity stands as a pillar of the blockchain ethos, it also ushers in a complex challenge - the potential for numerous identities attributed to a single individual. This underscores a pivotal dilemma: the lack of a guaranteed way to definitively prove a person's unique identity within the context of a blockchain wallet.

The potential for misuse within the context of anonymous digital identities in blockchain is a multifaceted concern that warrants careful consideration. Anonymity can be misused in various ways, such as identity theft, impersonation, money laundering, fraud, Sybil attacks, tax evasion, regulatory non-compliance, and market manipulation. Multiple protocols, including Idena, Humanode, Aleph Zero, SingularityNET, Veritaseum, Proof of Humanity, Proof of Existence, Soli, Everledger, Provenance, Blockstack, Civic, Circles, and BrightID, came forward to utilize the concept of proof of personhood for diverse objectives.

Worldcoin's Quest for Identity Validation

At the heart of the cacophony of solutions emerges Worldcoin, a project that aspires to anchor itself in the bedrock of proof of personhood. This concept seeks to distill the essence of human identity into a tangible and undeniable form.

Proof of personhood: A very simple way to think of proof of personhood is having human uniqueness as the private key.

For example, In cryptography, we can generate the private key by brute forcing our way through it, although the time taken to brute force the solutions varies based on the cryptography scheme used. Even though the attack seems technically possible, realistically speaking, it isn’t.

The introduction of human uniqueness disrupts this paradigm by rendering replication nearly impossible.

Note: We’re skipping the scenario of stolen data.

We are all quite aware that the human body can be identified as unique in 3 ways.

DNA Sequence: The DNA sequence of an individual is entirely unique, with the exception of identical twins (even that is not a carbon copy!). DNA analysis is the gold standard for establishing individual identity and genetic relationships.

Iris Patterns: The intricate patterns of the iris, unaltered throughout a person's life, stand as an unequivocal marker of identity.

Fingerprint Patterns: Fingerprint patterns are formed during fetal development and are entirely unique to each individual. Fingerprint analysis is a well-established method for identifying individuals in forensic investigations. However, cases persist where some individuals fail to get their fingerprints recognized because of skin diseases or because of old age factor.

Worldcoin chose to go with using biometric technology.

“Our research showed that iris scanning offers the most accurate biometrics with an acceptable user experience that has been successfully tested at scale. This is because the iris has strong fraud resistance and data richness, meaning it can be used to accurately differentiate between billions of unique humans. The more data-rich the biometric marker (e.g., the iris), the fairer and more inclusive the system.”

Source: Understanding the Orb and why Worldcoin uses biometrics

However, Worldcoin had to create custom hardware[8] to get the biometric data.

The Orb— Custom Hardware

The Orb, a cutting-edge biometric imaging device developed by Worldcoin, is a marvel of engineering, comprising various components meticulously integrated to achieve advanced identity verification capabilities while prioritizing data security and user privacy.

World coin’s Orb, which scans irises.

Clear Shell and Front Shell:

The Orb's visual appeal is matched by its structural integrity, with a 2mm thick clear shell and front shell providing protective encasements for the device's internal components. These shells not only offer aesthetic elegance but also ensure the safeguarding of the sophisticated technology within.

Optical Filter and Imaging Opening:

An integral part of the Orb's functionality, the optical filter is strategically positioned to ensure optimal image quality. Simultaneously, the imaging opening, meticulously integrated, allows for the accurate capture of iris images, forming the cornerstone of the device's identity verification capabilities. This optical filter is for keeping dust out and minimizing noise from the visible spectrum to optimize image quality.

Front Printed Circuit Boards (PCBs) and Custom Lens:

Driving the core functions of the Orb, the front printed circuit board (PCB) acts as a control center, overseeing critical operations such as multispectral illumination and advanced fraud detection. Integrating a custom lens further elevates image accuracy, capturing the intricate texture of the iris with unparalleled precision.

Mainboard and Nvidia Jetson Xavier NX:

At the heart of the Orb lies the main board, orchestrating an array of intricate tasks. The inclusion of the Nvidia Jetson Xavier NX empowers the device with exceptional processing capabilities, enabling real-time execution of neural networks for tasks ranging from image optimization to the calculation of the iris code.

Heatsink and Fan:

To ensure sustained performance, the Orb implements a robust thermal management system. The heatsink and fan collaborate seamlessly, maintaining optimal operating conditions even in demanding scenarios, thus upholding the device's reliability and longevity.

Antenna Field and Back Shell:

With an eye on connectivity, the Orb integrates an antenna field, augmenting its capabilities. A protective back shell encapsulates internal components, shielding them from external influences. This thoughtful design element ensures durability while providing insight into the intricate engineering marvel within.

Back Clear Shell:

The Orb's comprehensive design is realized by including a clear back shell. This element completes the device's robust construction and offers a tantalizing glimpse into the intricate details of its engineering ingenuity.

So far – so good?

Now we have an idea of

1. Why Worldcoin— for addressing proof of personhood
2. What they require to kickstart— human uniqueness as ID
3. How they get it— via the Orb

The Orb scans the user's eyes and uses complicated hardware scanning and machine-learned classifiers to verify that:

1. Affirming Human Authenticity: With each scan, The Orb affirms whether the iris is of a real human being. This verification acts as a cornerstone, upholding the sanctity of identity validation.
2. Iris Is Unique and hasn't been in the system before: The user's iris does not match the iris of any other user that has previously used the system

If both scans pass, The Orb signs a message approving a specialized hash of the user's iris scan, creating an iris code—a numerical representation of the intricate iris texture. Worldcoin does not store the original data of iris scans by default; however, they can by getting approval from users.

The Iris Code: A Numerical Representation of Iris Texture

The iris code concept, pioneered by John Daugman, forms the foundation of Worldcoin's technology. Daugman's methodology involves intricate 2D Gabor filters and quantization, creating a compact yet standardized representation of iris features that's efficient for comparison and recognition. This technological innovation has been widely embraced in various biometric authentication systems.

Phase Information and Quantization

Generating an iris code involves a a blend of cutting-edge technology with intricate biological features. It commences by applying a series of 2D Gabor filters across the iris texture at multiple points. These filters evoke complex-valued responses, from which only the vital phase information is retained. This phase information serves as a silent observer, capturing the iris texture's fundamental structure and defining features while adeptly minimizing the influences of external factors such as varying lighting conditions and angles.

Following this, the phase information is subjected to quantization into a compact format using a minimal number of bits.

Quantization— a process that reduces the vast amount of data contained in the iris texture to a concise and standardized representation that can be efficiently compared.

It's important to note that during the quantization process, there is a level of permanent information loss. While it remains theoretically possible to generate an iris image from its code, the irreversible nature of information loss precludes the exact replication of the original iris image. The iris code becomes an encoded reflection, a testament to the unique balance between preservation and efficiency [6]

Verifiable Identity: The Intricate Interplay of ZKP and the Merkle Tree

Worldcoin's verifiable identity weaves an intricate tapestry, incorporating cryptographic techniques and blockchain principles. Using a combination of the current Merkle root— stores the list of user identities on-chain, the context— comprising the app ID and additional data, and the user's signal— any data the user commits to, a zero-knowledge proof (ZKP) is generated within the World App. This proof is constructed using the user's private key and the inclusion proof, attesting to four crucial aspects:

1. Proving knowledge of the private key associated with the World ID.
2. Demonstrating inclusion in the Merkle tree.
3. Correctly computing the nullifier from the context and private key.
4. Ensuring the signal for the proof remains unchanged during verification.

The ZKP and the nullifier are relayed to the verifying application, which can be a smart contract or backend. The verification process involves cross-referencing the proof with on-chain data. Verification in a web2 backend can rely on the Developer Portal or a chain relayer service for validation using on-chain data.

Note: The nullifier serves as a unique user identifier for each context. It is deterministic, meaning the same user will always generate the same nullifier for the same context.

Although we touched upon the iris recognition technology, how accurate it is, or the failure and success rate or the iris feature extraction[5] of the tech is outside the scope of this article.

Blockchain Ecosystem’s Transformation through Proof of Personhood

Proof of personhood isn't just about identity verification; it unlocks a new era of products and services across various sectors:

• Social Networks: Curbing bot activities, enhancing community moderation, and ensuring content attribution.
• Voting Systems: Introducing fraud-resistant mechanisms in DAO governance, elections, and online polls.
• Financial Services: Strengthening undercollateralized lending, combating card fraud, and ensuring compliance.
• Customer Incentives: Revolutionizing loyalty programs, referrals, coupons, and free trials.
• Marketplaces: Safeguard reputation, prevent fake reviews and transactions, and counter scalpers.
• Money Distribution: Enabling secure social programs, disaster relief, development assistance, and UBI.

The proof of personhood technology is in its initial stages, and it will definitely take years before a reliable and efficient system is released.

Stop! Think.

The Intersection of AI and Blockchain Integration

Worldcoin's integration of AI and blockchain is a symbiotic relationship. The precise biometric process of iris scanning, backed by AI and complex hardware, provides a foundation for the blockchain's immutable ledger. Anchoring verified identities to the blockchain ensures tamper-proof records, contributing to secure and auditable identity verification.

This is one way AI and Blockchain could collaborate, there must be more things out there.

Balancing Technology and Humanity

Worldcoin's idea to fuse technology with human identity embodies a delicate balance. While the project showcases the impressive potential of innovations, it also navigates ethical considerations and the intricate intersection between technological progress and human values.

Until the system is fully decentralized, the World will most likely challenge and question Worldcoin on this matter.

Challenges on the Horizon

As with any pioneering initiative, Worldcoin faces challenges. The initial adoption hurdles in regions needing more cryptocurrency awareness raise valid concerns. Furthermore, to be part of the system, you must sign up using special hardware, which is unavailable everywhere.

I seem to question how the whole process of scanning irises for World IDs [7] started. Why in Indonesia, Kenya, Sudan, Ghana, Chile, and Norway?. The orb operator found it hard to explain to people what cryptocurrencies are when they don't even have emails. Naturally, the question comes to mind: Why target this geographical area rather than the areas that are working towards cryptocurrency adoption? In Sudan, they ran an airpod giveaway content to encourage registration.

There will always be individuals who will not register for Worldcoin or any such project; hence, they’ll be excluded.

Irreplaceability and Data Compromise

The notion of irreplaceability within Worldcoin's proof of personhood system hinges on the irrevocable uniqueness of each individual's iris pattern. If an iris scan is lost or compromised, there's no way to replicate that exact pattern, setting it apart from traditional passwords or even  other biometric features like fingerprints. This characteristic could be both an advantage and a challenge. While it enhances security, it also underscores the importance of stringent data protection measures to prevent data loss or breaches.

Can we truly safeguard our digital identity if it's tied to a one-of-a-kind feature?

Ensuring Inclusivity

As Worldcoin's proof of personhood system gains attention for its utilization of iris patterns, it's essential to consider the potential limitations and the need for inclusivity. The project must grapple with the fact that just as some humans don’t possess fingerprints, while some lose it, the same applies for iris, some may not posess iris and other may end up losing theirs (A nod to Aemon Targerian).

In such cases, an approach that relies solely on iris patterns might inadvertently exclude a portion of the population from participating in the system.

Government Intervention

The deployment of orbs by Worldcoin in strategic locations introduces a significant concern: the potential for government intervention and data manipulation. In a scenario where a government aims to collect iris data, the crucial issue is how individuals can distinguish between legitimate Worldcoin orbs and government-installed look-alike devices. If governments deploy seemingly identical orbs that could capture iris images for surveillance purposes. Preventing such data breaches requires robust mechanisms to verify the authenticity of orbs, protecting users from unknowingly exposing their biometric information.

Furthermore, we have spoofing attacks — Spoofing operates in the shadows, allowing unauthorized actors to manipulate data or intercept communication without leaving visible traces. In this case, the normal users won't even be able to know, let alone do anything about it.

Amidst orbs' allure, can we truly discern sentinels from snares, or are we but unwitting players in the shadows of manipulation?

Worldcoin as a Deep state

Worldcoin's identity verification process ignites crucial inquiries into the potential implications of centralized control, akin to a hypothetical deep-state entity. While the project's technical façade may seem robust, the shadows of transparency, accountability, and manipulation loom large.

Several questions arise:

• Do concealed backdoors compromise system integrity?
• Assuming Worldcoin holds the power to govern arbitrarily, what prevents misuse?
• As a custodian of digital identities, can Worldcoin wield power for both good and ill?
• Deciphering Worldcoin's allegiance in matters of censorship is intricate.

Worldcoin claims that the project will move towards decentralization in the future. But we have challenges on the DAO front as well.

• How many successful DAOs are around? If any?
• Proof of Stake DAOs remain susceptible to influential stakeholders.
• If we imagine a DAO where IDs are unique, and everyone holds an equal stake, manipulative avenues will persist in the system.

Can power's shadow truly be decentralized, or will echoes of control persist even in hidden corridors?

References:

1. Worldcoin Whitepaper: Worldcoin, Retrieved from https://whitepaper.worldcoin.org/ 
2. Vitalik Buterin, What do I think about biometric proof of personhood? Retrieved from https://vitalik.ca/general/2023/07/24/biometric.html 
3. Privacy Aa Worldcoin: A Technical Deep Dive - Part I, Retrieved from https://worldcoin.org/blog/developers/privacy-deep-dive 
4. Opening the orb: A look inside Worldcoin’s biometric imaging device, Retrieved from https://worldcoin.org/blog/engineering/opening-orb-look-inside-worldcoin-biometric-imaging-device
5. Iris feature extraction with 2D Gabor wavelets, Retrieved from https://worldcoin.org/blog/engineering/iris-feature-extraction 
6. Iris recognition inference system, Retrieved from https://worldcoin.org/blog/engineering/iris-recognition-inference-system 
7. Worldcoin's GitHub Repository for World ID Contracts: https://github.com/worldcoin/world-id-contracts 
8. Worldcoin's GitHub Repository for Orb Hardware: https://github.com/worldcoin/orb-hardware